In December 2020, the Attorneys General from New Jersey, New York, and five other states reached a $2 million deal with CafePress to resolve claims relating to a data breach that exposed the personal information of 22 million consumers. Yesterday, six current or former Canon U.S.A. employees filed a class action against the camera manufacturer in New York federal court after a data breach exposed their personal information, including bank account numbers utilized for payroll.
Data breach class actions are expected to skyrocket in 2021.
The United States Cybersecurity and Infrastructure Security Agency and Federal Trade Commission warn that cyber criminals are employing a growing number of COVID-19-related cyber-attacks and scams in an effort to profit during the pandemic. Numerous industries are falling prey. Many data breaches occur through phishing emails that introduce a malware that encrypts the company's systems files when opened or clicked on by the unsuspecting employee.
Phishing emails may direct employees to phony COVID-19 websites or purport to contain COVID-19 statistics or vaccine information. Phishing emails may appear to come from someone inside the organization (such as IT Security or Payroll) or a trusted outside source, such as the CDC or World Health Organization.
With millions of nonexempt employees suddenly teleworking from their living rooms, companies are significantly more vulnerable to phishing attacks.
What countermeasures can you take?
- Have the proper policies and procedures in place. We have created a Work at Home Manual that outlines the safety and security requirements every teleworker must follow.
- Know where and how your employees are working. Employees should not be accessing your systems from public internet networks that may be accessible to another network-user.
- Train employees on the red flags of phishing and vishing (voice phishing).
- Invest in detection and self-learning technology that will protect your company and its customers.
- Test employees' alertness by implementing bait-phishing exercises where employees receive simulated phishing emails.
- Implement an effective layered defense system including firewalls to block attacks, filtration systems to prevent access to bad websites, endpoint protection to protect users' computers from malware, and email filtration to prevent incoming links or attachments that may be malicious.
- Require passwords and use the "waiting room" for teleconference participants. Countless Zoom and GoToMeeting work-related teleconferences have been hijacked by cyber criminals during the pandemic.
- Utilize multi-factor authentication (two or more methods of identity authentication) for network access.
Taking proactive steps protects your company from cyber-terrorists and helps prevent extremely costly data breach litigation from consumers and employees. Need a Work at Home Manual, anti-phishing technology platform, or additional information about how to protect your company from cyber-attacks? Don't worry, we're here to help!
