The novel coronavirus outbreak is creating electronic communication and data privacy concerns on a number of fronts. One immediate effect is a significant increase in phishing scams, used by threat actors to launch malware through infected links embedded in emails or to conduct wire payment misdirection schemes. Security vendors have already seen an uptick in emails purporting to contain “important health information” about the coronavirus or detailed instructions on a company’s coronavirus response plan, which can trick employees anxious for news to click on infected links. Companies should implement controls to identify external phishing emails and remind employees about the potential for phishing scams.
Another concern is managing cybersecurity risks in the event of mandatory office closures. Many companies will have to start or quickly expand work-from-home programs. This requires careful planning to manage the risks that arise from remote access. Companies should ensure they have implemented controls, such as multifactor authentication and password limitations, to protect their networks during a period of expanded remote access. Companies should also take steps to ensure that employees working from home continue to adhere to acceptable use policies designed to reduce security risks. Employees working from home are more likely to email sensitive documents or store them on insecure laptops or flash drives, increasing the risk of a breach or accidental exposure.
Companies must be mindful of applicable privacy laws when collecting information about employees or clients they might not have previously collected, such as health information and travel itineraries.
Attorneys in our Privacy and Data Security Group can provide comprehensive guidance on policy considerations, information risk management, and regulatory compliance.
Copyright © 2020 by Ballard Spahr LLP.
www.ballardspahr.com
(No claim to original U.S. government material.)
All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, including electronic, mechanical, photocopying, recording, or otherwise, without prior written permission of the author and publisher.
This alert is a periodic publication of Ballard Spahr LLP and is intended to notify recipients of new developments in the law. It should not be construed as legal advice or legal opinion on any specific facts or circumstances. The contents are intended for general informational purposes only, and you are urged to consult your own attorney concerning your situation and specific legal questions you have.