COVID-19, Fake News and Cyber Threats: The Top Five Focuses You Need to Know for Cybersecurity and Privacy in Your Business

In these extremely challenging times, leaders are adapting. You are adapting quickly to business needs, controlling what you can, and preventing more risks from occurring in your business. As companies are gearing up for the “new normal”, there have been privacy and security questions that have continued to come up. Whether it is about working remotely, making payroll, deciding to close your restaurant, printing confidential documents, wondering how to implement business continuity or crisis management, or how to address cyber threats or new COVID-19 phishing emails, the list seems endless on how to respond to the current needs. There are so many things to consider right now in this pandemic including financial risk and staffing risk as employees potentially get sick.

Nonetheless, the constant threat to your business remains the same even in the most challenging circumstances. Here are responses to the top concerns companies and individuals should be considering:

1. Regulatory Filing deadlines: The NY Department of Financial Services annual cybersecurity filing deadline has been moved from April 15th to June 1st. This can give some of you some good relief, but the expectation remains of keeping data and systems secure through this pandemic. It would be a dangerous risk to allow this extended deadline to be perceived as permission to not take the proper actions to control cyber and data risk at this time while staff are transiting to working remotely.

2. Privacy of staff: Privacy continues to gain more focus from regulators and citizens alike. During this time, thinking about the privacy and security of employee health information and data is important. If someone is exposed to the coronavirus, are they required to tell the workplace? Or if they do share the information who is required to know? Respecting employees’ privacy and their right to choose to share information can be a debatable topic in the case of a pandemic, but there are laws that provide guidance. It’s something to keep in mind as you navigate through this crisis. The U.S. Secretary of Health and Human Services (HHS) Alex Azar stated beginning on March 15th 2020, specific HIPPA provisions will be waived. Partnering with a privacy leader, human resources leader or legal counsel is the best approach for the unique challenges your business is facing and to see how this impacts you.

3. Overwhelmed IT & technical support staff: Preparing staff to work remotely for an extended period of time on short notice is not easy. To say some IT teams are overwhelmed is an understatement. There is not always an easy way to solve this problem, but simply listening, helping them to do what you need them to do, and encouraging a positive response by other staff is a place to start. Nonetheless, this is how cybersecurity incidents are detected late in small businesses or not at all.

4. Current cyber threats: Phishing emails are not new. In fact, you may have fallen victim to one or two of the phishing tests your company has done. There are currently several COVID-19 phishing emails in play from a batch of emails sent to students posing as official communication from the University staff, to an email from the World Health Organization, to emails going to employees from their leadership teams. Hackers will continue to innovate their approach especially in times of crisis. Reminding your team to validate the sender before clicking on a link is critical to reducing a cyberattack. With emotions running high, this is a good reminder for all teams to validate verbally any large transfers of money at the direction of an executive to confirm it was sent by that leader.

5. Fake news: Fake news continues to soar during the pandemic. This includes The Stafford Act hoax that the US president would order a two-week mandatory quarantine. A separate social media post that went viral claimed stomach acid will kill the coronavirus if you drink enough water. Validating information you receive that impacts the way you think about a situation or changes your behavior about a situation is always good to adhere to before passing it on to others.

Lastly, so many companies and industries have been impacted by the pandemic, especially restaurants, retail, service businesses, nonprofits, entertainment, travel and hospitality among others. It clearly is impacting how we work remotely and how we will work in the future. Though it is not clear the role insurance will play, if any, with the pandemic, however, counting on insurance to assist is unlikely.

Jessica Robinson, is CEO of PurePoint International, and works as a Virtual/Outsourced CISO to middle market businesses in financial services and insurance. You can reach her at jessica@purepoint-international.com.