Data Security Concerns Regarding COVID-19

March 31, 2020Client Alert

The unprecedented events surrounding the outbreak of COVID-19 have also created concerns regarding the security of computer systems. The heightened fears surrounding the pandemic, along with the surge of individuals working from home, have created significant security challenges. The number of such security attacks have risen dramatically since the beginning of March, and the FBI on March 20, 2020, issued an alert about fraud schemes related to the pandemic. 

The COVID-19 outbreak unfortunately provides an opportunity for hackers to exploit the fears and uncertainties engendered in the public by the emergency to launch malicious attacks for personal gain. In such “phishing” e-mails, hackers masquerade as public health authorities (such as the Centers for Disease Control (CDC) or World Health Organization (WHO)) in order to lure individuals to click on links so that they can implant malicious code on the user’s computer. Such “ransomware” encrypts the victim’s computer to force the victim to pay a substantial ransom (usually in cryptocurrency such as Bitcoin) for decryption of the files. Additional COVID-19 related attacks involve scams such as coronavirus cures or diagnosis, brand impersonations (for fake organizations like the “World Health Community”), fake e-mails relating to coronavirus stimulus payments, requests for donations to fake charities or blackmail. The current attacks also take advantage of the fact that unprecedented numbers of individuals are working from home and may thus not be strictly following their employer’s security practices.

In light of these attacks, federal and state authorities, including the FBI and the California Attorney General, caution that organizations and their workforces remain vigilant and practice accepted cybersecurity hygiene during the COVID-19 crisis, particularly if working remotely: 

  • Do not click on links in e-mails from unknown senders and be wary of emails that request opening of an attachment or clicking a link, particularly if they purport to come from a government agency (such as the CDC) or relate to coronavirus stimulus payments;
  • Be wary of e-mails that convey a sense of urgency or exploit fear and uncertainty, such as those purporting to provide cures or diagnosis for COVID-19;
  • Follow the guidelines of the California Attorney General to investigate requests from charities seeking contributions to make sure such requests are legitimate;
  • Do not install unauthorized programs on computers;
  • Keep anti-virus software up-to-date;
  • Beware of e-mails purporting to come from your contacts or supervisors that do not follow normal procedures (such as requests for wire transfers);
  • When working remotely, follow your firm’s procedures and use virtual private networks (VPN) and two-factor authentication (2FA) for accessing your firm’s system; and
  • Check the security settings on home networks to make sure that they are not on default settings.