COVID-19 is increasingly being used in a variety of malicious email phishing spams and attacks in countries such as the United States, Japan, Russia and China. These updates purport to be from official government agencies and organizations or purport to be providing an update on shipping or supply issues. Like many such attacks, these emails include malicious attachments intended to infect a computer network with malware. Companies are recommended to stay increasingly diligent on carefully scrutinizing email correspondence that purports to provide information or updates about the ongoing COVID-19 situation. A recent article about these attempts, titled “Yes, even your IT systems are susceptible to COVID-19,” may be found here.
Companies should carefully consider what information they use to permit access to their remote work force. The use of biometric data or government-issued identifications for permission to log-in and work remotely, if compromised in a cybersecurity event, is very likely to trigger notice obligations under pertinent data breach laws and may create liability for the potential loss or exfiltration of sensitive personal information. As a result, companies should consider the use of non-governmental identifications such as an assigned company identification that does not directly correlate to sensitive personal information.