The novel coronavirus outbreak is creating electronic communication and data privacy concerns on a number of fronts. One immediate effect is a significant increase in phishing scams, used by threat actors to launch malware through infected links embedded in emails or to conduct wire payment misdirection schemes. Security vendors have already seen an uptick in emails purporting to contain “important health information” about the coronavirus or detailed instructions on a company’s coronavirus response plan, which can trick employees anxious for news to click on infected links. Companies should implement controls to identify external phishing emails and remind employees about the potential for phishing scams.
Another concern is managing cybersecurity risks in the event of mandatory office closures. Many companies will have to start or quickly expand work-from-home programs. This requires careful planning to manage the risks that arise from remote access. Companies should ensure they have implemented controls, such as multifactor authentication and password limitations, to protect their networks during a period of expanded remote access. Companies should also take steps to ensure that employees working from home continue to adhere to acceptable use policies designed to reduce security risks. Employees working from home are more likely to email sensitive documents or store them on insecure laptops or flash drives, increasing the risk of a breach or accidental exposure.
Companies must be mindful of applicable privacy laws when collecting information about employees or clients they might not have previously collected, such as health information and travel itineraries.
