The Increasing Threats to Data Privacy and Security During the Pandemic
More people than ever are being duped, and organizations are left more vulnerable to attacks as threats to data privacy and security noticeably continue to increase. Here are some of the emerging challenges in the cybersecurity landscape and tips on how to avoid them.
June 09, 2020 at 07:00 AM
6 minute read
A high-profile entertainment law firm was hit in May by a ransomware attack, with the hackers demanding $42 million under a threat to expose documents on the firm's clients, which include AC/DC, Lady Gaga and Robert De Niro. Law firm client data, particularly personal and financial information about celebrities, has a very high value to hackers.
As the current pandemic has forced much of the world into virtual workforce mode, cybercriminals have seized on the uncertainty of the current times to launch new and creative offensives. Fears surrounding COVID-19 are high, conspiracy theories are running rampant, and cyberattackers are counting on stress and distraction to decrease our vigilance against intrusions.
Unfortunately, their strategy is working. More people than ever are being duped, and organizations are left more vulnerable to attacks as threats to data privacy and security noticeably continue to increase. The uptick in attacks has been compounded by the fact that some organizations deployed remote work solutions as a short-term fix, with ad hoc and untested methods for protecting data, leaving remote employees less secure against threats.
Here are some of the emerging challenges in the cybersecurity landscape and tips on how to avoid them.
|IoT Attacks
Internet-connected devices are ubiquitous these days. Each of these devices, from video doorbells to virtual assistants, from smart cameras to multifunction printers and scanners, offers hackers an access point for infiltrating your network from afar. Consumer products are vulnerable as well. Home security products provider Ring was hit by a class-action lawsuit in the U.S. for reports of multiple hacking incidents on its security cameras.
Hackers recently took over a smart home in Milwaukee by compromising the connected devices. The attackers played disturbing music from the video system at high volume while talking to the residents via a camera in the kitchen and also changed the room temperature to 90 degrees Fahrenheit by exploiting the thermostat.
When adding a new smart device to your network, research the product's security and always change the default password. Cybercriminals have used the most unexpected objects to perpetrate their attacks, causing manufacturers to strengthen security features.
|Smishing
As communications increasingly move away from traditional email systems and into new apps and tools, attempts to infiltrate those communications are evolving accordingly. Just like phishing schemes target emails, smishing attacks target text-based communications in other platforms such as WhatsApp, Slack, LinkedIn or Signal.
With the increase in remote work and use of virtual meeting platforms, "Zoom-bombing" has also become a thing. Bad actors get access to a Zoom meeting, posting pornographic, racist or other inappropriate content for everyone on the call to see.
Historically, these platforms were used more often for personal communications than for business, meaning vigilance about security might not have been as high. Now, though, when everyone is working from home and incorporating all available tools into the new virtual workplace, all communications methods need to meet the same rigid security standards that you apply to more traditional technologies.
|Synthetic Identities
Identity theft is nothing new, but today's cybercriminals are employing more sophisticated identity fraud schemes that combine real and fabricated credentials to create highly realistic illusions of actual people. With personally identifiable information and subject data rights playing such a major role in current privacy regulations, realistic identity impersonation presents a significant risk.
Identity fraud hackers also employ social engineering tactics, collecting personal data on an individual from social media and convincing unwitting businesses to provide personal information on a target.
Organizations that collect and store things like consumer data or health data can be particularly vulnerable to these attacks. As attackers continue to advance their identity fraud methods, businesses need to redouble their focus on data protection and make sure they're enforcing the most stringent identity verification procedures possible.
|5G Threats
The shift to 5G technology has spurred significant debate in the past year, including among technology experts, who warn that 5G will create additional cybersecurity risks for businesses and governments. In a 2019 study by Information Risk Management, 83% of cybersecurity and risk management decision-makers thought that 5G would create new cybersecurity challenges, particularly a greater risk of attacks on IoT networks. With 5G's increased bandwidth (Internet speed), more data will be collected, sent and received on mobile devices.
Because 5G technologies reportedly create a wider attack surface and lack security by design, organizations switching to 5G might need to increase their security efforts. Particularly at a time when attacks are on the rise, any security shortcomings in new technologies will need to be accounted for through increased vigilance and greater investment in security on the organization's end.
|CCPA Enforcement Increases the Pressure
A cyberattack can result in financial penalties, costly litigation and loss of reputation. Moreover, a breach involving the personal data of California consumers brings with it the risk of litigation under the California Consumer Privacy Act.
Despite the upheaval caused by the COVID-19 pandemic, the state of California has not relented on its timeline for enforcing the CCPA, so organizations should expect the July 1, 2020, start date to stand. A few class-action lawsuits have already been filed under the regulation, and the outcomes of those cases will help paint a picture of the enforcement landscape going forward.
Many organizations have put significant effort into preparing for CCPA compliance, but those efforts should be reviewed and strengthened now that enforcement is imminent. Particularly in light of the new wave of cybersecurity threats that have emerged during COVID-19, organizations need to revisit their data security requirements and address holes in their processes, data storage methods and security measures.
Cybercriminals aren't backing down because of COVID-19, so neither can you. It's crucial to not let the new wave of threats to data privacy and security that have emerged during the pandemic undo the compliance work you've already done and open your organization to disruptive litigation and expensive compliance penalties.
Tomas Suros is a technology advocate working at the intersection of IT and client consulting. With AbacusNext since 2004, he currently serves as chief solutions architect, guiding firms through the process of identifying forward-facing technology options and ensuring the successful implementation of a tailored solution. Reach him at [email protected]
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View AllTrending Stories
- 1'Largest Retail Data Breach in History'? Hot Topic and Affiliated Brands Sued for Alleged Failure to Prevent Data Breach Linked to Snowflake Software
- 2Former President of New York State Bar, and the New York Bar Foundation, Dies As He Entered 70th Year as Attorney
- 3Legal Advocates in Uproar Upon Release of Footage Showing CO's Beat Black Inmate Before His Death
- 4Longtime Baker & Hostetler Partner, Former White House Counsel David Rivkin Dies at 68
- 5Court System Seeks Public Comment on E-Filing for Annual Report
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250