In the midst of the coronavirus pandemic, hackers are capitalizing on fears surrounding the outbreak by crafting COVID-19-themed attacks aimed to infect computers with malware or obtain sensitive, personal information.

For example, readers may be familiar with a popular interactive dashboard created by Johns Hopkins University using real-time data from the World Health Organization to track the spread of the virus. It has become a go-to source for many wishing to stay up to date on the virus. Recently hackers have circulated links via social media, email attachments and online advertisements to malicious websites that are disguised as the university’s COVID-19 map. However, the deceptive links open an applet that, when installed, infect the device with malware designed to steal personal data such as login credentials, banking information and other sensitive data. To ensure you are accessing the “real” COVID-19 map, directly access it through Johns Hopkins’ official home page, rather than clicking any unidentified links or searching the internet.

In addition, news recently broke that the Department of Health and Human Services (HHS), the federal agency tasked with fighting the coronavirus, experienced a cyberattack. Although there was no actual penetration or data involved, a distributed denial of service – or DDOS – attack occurred in which bots attempted to overwhelm the department’s system to slow or shut it down. Officials are satisfied that the attack was unsuccessful and are working on determining the origin of the activity.

Even as the government and the public are focused on the public health crisis, the security and intelligence community is also monitoring threats from foreign adversaries and other malicious actors who may take advantage of the attention on COVID-19 to launch cyber-attacks on susceptible networks.

In times of crisis and uncertainty like these, businesses and their employees should be more vigilant than ever of malicious attacks, malware, and scams, especially those relating to the diagnosis, prevention or treatment of COVID-19. Implementation of security best practices will reduce the risk of losing sensitive personal and corporate information and minimize damage and disruption to systems and networks. Among other preventative measures, businesses should revisit (and, if appropriate, enhance) their remote working policies and procedures, require (or reinforce) anti-phishing training, and use email and multifactor authentication. Employees and customers should not click on links without scrutinizing the URL (i.e., ensuring secured websites begin with “https://”), never respond to emails requesting login credentials, payment information, or other sensitive information, and be wary of opening suspicious attachments. Visiting websites directly, rather than clicking on embedded links to those sites in emails, is always a good practice.

Just as people should be careful about what they touch in the physical world, they are also well advised to be careful about how they conduct themselves in the digital world.

McGuireWoods has published additional thought leadership related to how companies across various industries can address crucial COVID-19-related business and legal issues.

Print:
EmailTweetLikeLinkedIn
Photo of Janet P. Peyton Janet P. Peyton

Janet practices in the areas of intellectual property and data privacy and security. Janet provides worldwide brand protection, enforcement, licensing and transactional IP services, and she assists clients with preventive data security as well as compliance issues in the aftermath of a data…

Janet practices in the areas of intellectual property and data privacy and security. Janet provides worldwide brand protection, enforcement, licensing and transactional IP services, and she assists clients with preventive data security as well as compliance issues in the aftermath of a data breach.

Photo of Alicia A. Baiardo Alicia A. Baiardo

Ali has more than a decade of experience handling complex commercial cases and financial services litigation. She represents clients ranging from individuals to manufacturers, financial services providers, and large financial institutions. She successfully advocates for her clients at all stages of litigation, depending…

Ali has more than a decade of experience handling complex commercial cases and financial services litigation. She represents clients ranging from individuals to manufacturers, financial services providers, and large financial institutions. She successfully advocates for her clients at all stages of litigation, depending on their goals, by obtaining awards, dismissals and beneficial settlements.

Photo of Justin T. Yedor Justin T. Yedor

Justin specializes in creative solutions to clients’ problems, with a particular emphasis on data privacy. He is one of the firm’s thought leaders on California privacy law, and a go-to advisor on the California Consumer Privacy Act and the California Privacy Rights Act.…

Justin specializes in creative solutions to clients’ problems, with a particular emphasis on data privacy. He is one of the firm’s thought leaders on California privacy law, and a go-to advisor on the California Consumer Privacy Act and the California Privacy Rights Act.

Justin holds the CIPP/US credential as a Certified Information Privacy Professional from the International Association of Privacy Professionals (IAPP). He also serves on the Executive Committee of the Privacy and Cybersecurity Section of the Los Angeles County Bar Association, and is a frequent contributor to the McGuireWoods data privacy blog, Password Protected.

In addition to his data privacy work, Justin maintains a robust litigation practice, advocating for clients in state and federal court. He has successfully argued dozens of motions, and taken and defended dozens of depositions in cases spanning a broad array of subject areas.

Photo of Anthony Q. Le Anthony Q. Le

Anthony has a broad array of experiences assisting with compliance issues, regulatory and enforcement matters, internal investigations, and individual and class litigation. His diverse practice helps him achieve the most efficient and practical results for his clients spanning the financial services, technology, automobile…

Anthony has a broad array of experiences assisting with compliance issues, regulatory and enforcement matters, internal investigations, and individual and class litigation. His diverse practice helps him achieve the most efficient and practical results for his clients spanning the financial services, technology, automobile, and retail sectors.