Client Alert: Remote Work, Data Breaches and Cybersecurity Considerations during COVID-19

March 20, 2020

Ransomware and phishing attacks are on the rise, as are the significant legal and economic considerations that follow. In 2019, a number of municipalities across Canada faced malicious online attacks that effectively shut-down city operations unless a ransom was paid.1  A recent Carbon Black survey of 250 Canadian CIOs, CTOs and CISOs found that 88% of businesses had suffered a data breach over the past 12 months, largely due to phishing attacks.2

As businesses adapt to the “new normal” of extreme uncertainty caused by the COVID-19 pandemic, countless employees are faced with the prospect of working remotely in a variety of new (and sometimes less-than-secure) environments. Cybercriminals have taken notice.

Phishing attacks related to COVID-19 began in January and have exploded online since, with some reports pointing to thousands of new sites and scams created every day. For example, regulators in the UK have identified a rise in the registration of webpages relating to coronavirus,  which is suspected to be the work of online threat actors looking to exploit the outbreak.3

Perhaps in a bid for self-preservation, a number of hackers have made clear they will not resort to ransomware and other health-related cyberattacks during the pandemic. However, businesses should be wary of these overtures and continue to maintain vigilance across their workforces, especially in light of the recent (and significant) attack on the U.S. Health and Human Services Department earlier in March.4

The minute-to-minute evolution of the pandemic can feel overwhelming and even surreal. However, organizations can consider a number of straightforward best practices when attempting to reduce the risk of phishing and other cyber incidents arising from COVID-19:

1) Implement a clear and consistent process for communicating to employees over the course of the pandemic – to address how the outbreak may impact employees long-term,5  to provide updates on IT and other policy issues, and also to ensure everyone remains connected, even if virtually, during this public health emergency.

2) Specifically, IT teams and resources should keep in touch with remote workers to ensure program updates and patches continue to be installed when available, and to quickly deal with any data incidents taking place outside of the traditional office.

3) Speak to employees frankly about using work technology for work purposes only, and reinforce the need to keep devices secure from their own online activities at home (e.g., limit online shopping or other activities that increase the risk of their clicking fake ads). Employees may also consider having these conversations with other family members/close contacts (e.g., to reduce the possibility of the use of vulnerable remote drives).

4) Continue to reinforce online IT security training while employees are working remotely so they stay abreast of the latest phishing and ransomware scams during the pandemic. Of late, these attacks have involved emails with information claiming to be from government-related health agencies offering pandemic advice or fake workplace correspondence seeking sensitive personal information and/or requesting password verification.

5) Employees should also ensure they are maintaining good cybersecurity practices at home by confirming their Wi-Fi is secure, remembering to constantly save and back-up work, and locking their screens when leaving workspaces if in a shared environment.

We are dealing with an unprecedented global event. Cox & Palmer remains available and committed to providing quality advice to all businesses faced with navigating these uncharted waters.

Please contact our legal team regarding any issue affecting your business.  We are here to help.


Articles referenced in the article above:

1 ‘Definite uptick’: Global wave of ransomware attacks hitting Canadian organizations – CBC, Oct 14, 2019


3 Coronavirus-themed phishing attacks and hacking campaigns are on the rise – ZD Net, March 16, 2020

4 Cyber-Attack Hits U.S. Health Agency Amid Covid-19 Outbreak – Bloomberg, March 16, 2020

5 COVID-19 – How Employers Can Manage the Workplace in These Uncertain Times – Cox & Palmer, March 18,2020

Related Articles

National COVID-19 App Available in Nova Scotia; Potential for Public Health Gains while Privacy Questions Remain

Nova Scotia recently became the eighth province to onboard the federal government’s COVID-19 exposure notification application. Public health officials believe that if it is widely used across Canada, COVID Alert has the potential to provide an efficient way of tracing the virus. However, the introduction of this tracking technology into the national COVID-19 response presents new privacy issues for Canadians to consider.

read more

Canada’s valuable COVID-19 research vulnerable to Russian, Chinese hacks

In late March, Canada’s Communications Security Establishment warned researchers across the country to secure their COVID-19 data because “sophisticated threat actors” were exploiting the chaos of the pandemic in an effort to steal critical vaccine research. However, there has been little to no discussion beyond the CSE’s repeated warnings as to just what is being done to protect the important work of our local health and science experts.

read more
view all
Cox & Palmer publications are intended to provide information of a general nature only and not legal advice. The information presented is current to the date of publication and may be subject to change following the publication date.