The Honorable Shira Scheindlin once opined against allowing custodians of ESI to collect their data stating “[s]earching for an answer on Google (or Westlaw or Lexis) is very different from searching for all responsive documents in the FOIA or e-discovery context…” and “most custodians cannot be ‘trusted’” to effectuate a legally sufficient collection.  National Day Laborer Org. Network v US Immigration and Customs Enf. Agency, (10 Civ. 3488 [SAS] [SDNY 2012]) (See The Perils of Self-Collection).  Recently, another federal Court also cautioned counsel about the dangers of self-collecting albeit this caution was predicated upon the substantial risks attorneys may face when clients self-collect data. Equal Employment Opportunity Commission v. M1 5100 Corp., 2020 WL 3581372 (S.D. Fla. July 2, 2020).  These two cases, coupled with counsel’s obligation to be technologically competent,* serve as good reminders of what not to allow.   

Background

In M1 5100 Corp., Plaintiff filed a motion to compel “better discovery responses.”  In connection with that motion, Plaintiff sought the opportunity to inspect how Defendant’s electronically stored information (“ESI”) was searched, collected and produced based upon (1) a mere 22 page production; and (2) defense counsel’s concession that he did not manage or oversee his clients’ collection efforts.  Critically, the individuals responsible for collecting the potentially relevant data were two self-interested employees of the Defendant, who operated without any supervision by, or involvement of, Defendant’s counsel.

In reaching its decision to grant, in part, Plaintiff’s motion, the Court devoted significant effort to the importance and effect under Federal Rule of Civil Procedure 26 (g), of an attorney’s signature on a discovery response.  Specifically:

A party’s discovery obligations also include the duty to use reasonable efforts to locate and produce ESI responsive to the opposing party’s requests and within the scope of discovery.  To enforce these responsibilities, the attorney’s signature on a discovery response certifies that the lawyer has made a reasonable effort to assure that the client has provided all the information…responsive to the discovery demand and has made reasonable inquiry into the factual basis of his response.

Id.

According to the Court, because counsel cloaked Defendant and its employees with unfettered discretion in determining (i) custodians, (ii) search terms, (iii) ESI sources, and (iv) what documents to collect, counsel failed to exercise the requisite supervision.  The Court further identified as “very problematic” counsel “sign[ing] off on the completeness and correctness of his client’s discovery responses” when, in actuality, the attorney exercised neither supervision nor involvement in the process.  According to the Court, such discovery practices are rife with concerns including incomplete discovery productions and the destruction of responsive information.

In spite of these discovery failures, the Court acknowledged that “[i]inspection of an opposing party’s computer system under [FRCP] Rule 34 and state equivalents is the exception and not the rule for discovery of ESI.”  Therefore, and in part due to the parties being ahead of the discovery deadlines, the Court gave Defendant’s counsel an opportunity to comply with its discovery obligations and directed “Defendant’s attorneys [to] counsel and supervise Defendant and Defendant’s employees during the discovery search, collection, and production process and become knowledgeable of that process.”  In conclusion, the Court advised that it “intend[ed] to closely supervise the discovery process” to ensure counsel complies with all discovery obligations.

Conclusion

This case is a good reminder to counsel that we cannot simply delegate discovery to clients.  Rather, we must actively participate in and supervise all aspects of discovery.  Moreover, a counsel who delegates discovery as here likely cannot comply with his/her obligations to participate meaningfully in a 26(f) conference, which should be embraced as an opportunity to reach agreement and engage in a cooperative discovery process that will promote proportionality.**

Have questions?  Please contact me at kcole@farrellfritz.com.

 

*See previous blog post series discussing counsel’s obligation to be technologically competent below:

A Lawyer’s Obligation to be Technologically Competent – Part I

A Lawyer’s Obligation to be Technologically Competent – Part 2

A Lawyer’s Obligation to be Technologically Competent – Part 3

A Lawyer’s Obligation to be Technologically Competent – Part 4

**See previous blog post discussing FRCP 26(f) below:

Rule 26 and How It Applies to Electronically Stored Information

***Thank you to first year associate, James Maguire in the Firm’s Uniondale office, for his research assistance related to today’s blog.

 

In New York, it is widely recognized that the duty to preserve documents arises once a party “reasonably anticipates litigation” (see Voom HD Holdings LLC v EchoStar Satellite, 93 AD3d 33, 41-42 [1st Dept 2012]).  And so, issuing timely a litigation hold notice is critical for preserving information relevant or potentially relevant to an actual or threatened litigation.

But, what happens to that litigation hold notice during discovery?  Is it a document that one produces?  Is it privileged?  Ordinarily, hold notices are protected from disclosure by the attorney-client privilege and the attorney work product doctrine.  However, a recent New York case illustrates that when there are allegations of spoliation, the privilege a litigation hold normally enjoys may be undermined.

In Radiation Oncology Services of Central New York, P.C., v Our Lady of Lourdes Memorial Hospital, Inc., 2020 WL 3246747 (Sup Ct, Cortland County 2020), involving a contentious contract dispute, the parties engaged in nearly five years of discovery, including countless discovery disputes.  In one instance, Plaintiffs identified two emails that Defendants produced in hardcopy but failed to produce electronically. These emails were sent after Plaintiffs informed Defendants that it intended to pursue litigation; and thus, after a litigation hold should have been issued.  Believing Defendants spoliated evidence, Plaintiffs filed a motion to compel the production of Defendants’ litigation hold, including all related electronically stored information (“ESI”).  In response, Defendants contended there was no spoliation of evidence in either instance because they were able to produce the hard copies of the emails.

The Court was not persuaded by Defendants’ paper production of the emails.  Rather, the Court found that “printing paper copies of the emails and permanently deleting the associated ESI potentially deprived the emails of significant evidentiary value.”  Moreover, the Court held that Defendants failed to prove, as a matter of law, that its litigation hold should be protected from disclosure.  Specifically, (i) Defendants did not dispute its duty to preserve the emails at the time they were destroyed; (ii) Defendants failed to show there was no culpable conduct involved in the deletion of the emails; and (iii) the emails were potentially related to claims in the matter.  And so, the Court granted Plaintiffs’ motion to compel.*

This decision reminds us of a few lessons.  First, preserving paper copies of ESI that has been deleted will not necessarily defeat a claim of spoliation.  Second, within one’s hold notice it is advisable to include a provision outlining the consequences of failing to preserve documents related to the matter and, language that the obligation to preserve includes documents in existence and yet to be created.

Have questions?  Please contact me at kcole@farrellfritz.com.

*The Court permitted further submissions on the issue of whether Defendants’ conduct warranted sanctions.

**Thank you to first year associate, James Maguire in the Firm’s Uniondale office, for his research assistance related to today’s blog.

***See previous blog posts discussing legal holds below:

Failure to Implement a Proper and Timely Legal Hold Notice Results in Plaintiff Being Sanctioned

Practical Tips for an Effective Litigation Hold Notice 

Your Litigation Hold Must be Generally Broad and Specifically Tailored

E-Discovery Best Practices to Avoid Discovery Sanctions

Sanctions in Two New York Courts for Party’s Failures to Preserve

Aldinger v. Alden State Bank is a good reminder of counsel’s obligation to be cooperative in the discovery process.

Aldinger, an employment discrimination case pending in the United States District Court for the Western District of New York, involved a series of discovery disputes including Plaintiff’s motion to compel Defendant to respond to her First Request for the Production of Documents and First Set of Interrogatories (Docket 21).  A second similar motion was filed four months later (Docket 31), which the Court eventually granted, directing Defendant to fully respond to Plaintiff’s interrogatories and requests for production (“Order”) (Docket 32).  Thereafter, Defendant sought to depose Plaintiff and sent her several letters requesting dates for a deposition.

Plaintiff, however, unsatisfied with Defendant’s disclosure pursuant to the Court’s Order, refused to schedule depositions until Defendant fully complied with its discovery obligations.  Frustrated with Plaintiff’s refusal, Defendant moved for an order compelling Plaintiff’s deposition.  And, Plaintiff cross-moved to compel Defendant to comply with the Court’s prior Order.

The Motions to Compel:

In deciding the two motions to compel, the Court reminded counsel of their obligation to engage one another in good faith and to act cooperatively during discovery.  First, the Court directed the parties had thirty days to agree on a date certain for Plaintiff’s deposition and concluded that even if Plaintiff was correct in alleging Defendant failed to comply with the Order, Plaintiff “cannot unilaterally refuse to fulfill its discovery obligations as retaliation for another party’s discovery violations.” (quoting John Wiley & Sons, Inc. v. Book Dog Books, LLC, 298 F.R.D. 145, 148 [S.D.N.Y. 2014]).

Second, in resolving Plaintiff’s cross-motion to compel the Court was guided by the principles set forth in Federal Rule of Civil Procedure 26(b)(1) regarding relevance and one’s obligation to produce not only documents in their physical possession, but also documents the party has the “right, authority, or practical ability to obtain,…including from…former outside counsel” (quoting  Woodward v Holtzman, 16 cv 1023A(F), 2018, WL 5112406, at *8 [WDNY October 18, 2018]).  The Court further concluded that if any documents requested by Plaintiff do not exist, then Defendant is required to make “a direct, individualized response” stating that to be the case.

Having granted both motions, the Court refused to grant either party’s request for attorneys’ fees.  Although the Court observed that Rule 37 obligated the Court to require a party who failed to provide information in discovery to “pay the reasonable expenses, including attorney’s fees, caused by the failure…” the Court concluded “[b]oth attorneys in this case have failed to be cooperative in the discovery process.”  The Court went on to conclude it was their collective “absence of good faith and collegial understanding of one another’s discovery needs” that has greatly increased  “the duration and expense of this litigation.”  In conclusion, the Court “warned” the parties that the “next discovery dispute will be resolved in a court hearing at which both parties and their attorneys will be present.”

Conclusion:

This decision serves as a good reminder that courts expect parties and counsel to proceed cooperatively and professionally during discovery, with an emphasis on good faith and efficiency.  As attorneys, we should strive to be known as one who resolves discovery issues rather than one who creates unnecessarily discovery issues.

Have questions?  Please contact me at kcole@farrellfritz.com.

In the span of a few short months, the number of phishing attacks targeting smartphones as the entry point to enterprise networks has risen by more than a third.  Indeed, one cybersecurity company found a 37% increase in mobile phishing attacks worldwide between November 2019 and early 2020.*

As previous blog posts have observed,** phishing emails have long been an issue for desktop/laptop users.   Typically, these attacks – to the extent they target desktop/laptop email applications – can be avoided because they often come with observable indicia that something may not be right.  For example, the email purportedly from “Katy Cole,” originates from an email address that is noticeably not one belonging to Katy Cole or the URL is palpably suspicious.

Now, however, people are using with increased frequency their mobile devices to respond to emails where the tell-tale signs of a phishing scam are harder to spot due, in part, to smaller screens. That smaller screen, coupled with a growing trend of cybercriminals to replicate login pages so as to resemble one’s organization (especially with so many businesses relying on cloud platforms like Office 365), is cause for concern.  If, under such circumstances, a user enters their username and password into a phishing page, the device user effectively gives the attacker potential access to their corporate accounts.  And so, as we all multitask, work remotely, and rely more upon our mobile devises, we must be mindful of these risks when accessing content from our mobile devices.

Have questions?  Please contact me at kcole@farrellfritz.com.

*https://www.lookout.com/phishing-spotlight-report-lp

**See previous blog posts discussing phishing below:

Phishing Risks Associated with Social Media

What do Lady Gaga, LeBron James and the Texas Courts Have in Common?

Industry Forecast for Data Breaches 2020: What All Smartphone Users Should Know

The Department of Homeland Security Reminds us of the Importance of Cybersecurity

Some Cyber-Musts for Maximizing Security

 

Smart speakers – like Google Home and Amazon Echo – have changed the way our homes/offices function.  Indeed, these voice-activated speakers execute simple commands provided by voice or smartphone application.  With nothing more than a question, one can direct the smart speaker to, among other things, play music and podcasts, provide a weather forecast, or set an alarm.

The technology is straight forward.  For example, Google Assistant—the voice-activated software associated with the Google Home—“listens” for a hotword. When the smart speaker hears the hotword, the device switches to “active listening” mode, records and analyzes the provided audio, and executes the command provided.  While the audio is used to effectuate the user’s commands, the recorded data is also used to (1) target personalized advertising to end-users, and (2) improve the voice recognition capabilities of the device.

Given these competing uses, it should come as no surprise that privacy concerns may be implicated by the use of smart speakers.  Recently, certain privacy concerns received attention in a class action lawsuit filed in California.** At issue in that lawsuit was the smart speakers’ recording and storing of users’ private conversations without the knowledge or consent of the specific user, potentially violating privacy rights and expectations.***

Smart speakers, while fun and convenient, are not without risk.  Users should consider the following:

Devices with Cameras – Certain smart speakers include cameras that can be used to video-conference or chat with friends and family.  Just as the device can listen without one’s knowledge or consent, with a camera, it may secure visual recordings as well.  And so, to avoid unintended data collection, it may be a good practice to deactivate the camera when not in use.

Vulnerability to Hackers – Like any other computer/smart device, smart speakers and their software are susceptible to hackers.  Deactivating the camera and microphone when not in use is good practice to minimize vulnerability to hackers.  For those who desire additional safeguards, consider covering the camera or unplugging the device when not in use.  Although these protective measures take away from the convenience of the technology, it may be a precaution worth considering.

Personal Information – Some smart speakers and voice activated software can be used to pay bills, transfer money, check balances, etc.  However, this functionality requires users to provide the smart speaker access to their confidential banking information.  Due to the various privacy issues mentioned above and discussed in the California class action, using the speakers for banking and similar tasks introduced an additional layer of potential risk because now, your financial information (not just your kitchen conversations) may be accessible to hackers who infiltrate the software on the device.

Many of us welcome new technology to make our daily lives more convenient.  In seeking this convenience, however, we must also be mindful of the attendant privacy risks.  And so, before you enter your kitchen and ask, “Hey Google, what time is it?” understand people may be watching and listening.

* The “hotwords” or “wake words” that call Google Assistant to attention are commonly “Okay Google” or “Hey Google.” And, for the Amazon Echo, the wake word is usually, “Alexa.”

** In In re Google Assistant Privacy Litigation, the class, consisting of purchasers of any Google Assistant-enabled device, brought various privacy violation claims under both federal and California state law.

*** For a full recitation of the facts at issue in the lawsuit, consult In re Google Assistant Privacy Litigation,  Briefly stated, however, the class brought suit because the various smart speakers were recording and storing audio when it “heard” what it thought was (but actually was not) a “hotword” or “wake word.”  And so, unintended activations, known as “false accepts,” were resulting in recordings and transcripts that the end-user never intended to be recorded.  And, rather than delete the recordings and transcripts generated by “false accept” activations, Google used them for its own purposes, as if it were an authorized recording.  Additionally, plaintiffs alleged that many of the recordings obtained by Google contained conversations of children who could not consent to being recorded.  Amazon has been the subject of similar lawsuits concerning its Amazon Echo device (see https://nypost.com/2019/06/13/amazon-sued-for-recording-childrens-voices-via-alexa/).

Have questions?  Please contact me at kcole@farrellfritz.com.

Thank you to Kyle Gruder, a commercial litigation associate in the Firm’s Water Mill office, for his research assistance related to today’s blog.

 

Give up?  Each recently made headlines in connection with ransomware — a form of malware that encrypts a victim’s electronic files.  The attacker then demands a ransom – typically payable in bitcoin – from the victim to restore access to the data upon payment.*

In fact, in the span of one week, the Texas Office of Court Administration announced that the online Court network had fallen victim to ransomware, which caused the Court website and case management system to be disabled temporarily** and a prominent New York law firm, Grubman Shire Meiselas & Sacks, was also the victim of a ransomware attack.  The cybercriminals who attacked Grubman Shire claim they stole highly confidential information of the firm’s high profile clients; they also threatened to release that information unless paid $42 million in ransom.***

These cyberattacks come at an inopportune time, as courts and law firms have become increasingly reliant on virtual and electronic means of conducting business during the current pandemic.  Although no evidence suggests these attacks were the result of the recent increase in a remote work environment, the attacks serve as a good reminder that we all must remain vigilant and implement as many defensive steps as possible to prevent ransomware infection.

Below are some helpful ways to protect yourself and your employer from cyberattacks:

  • Keep your operating system patched and up to date to ensure you have fewer vulnerabilities to exploit.
  • Exercise caution when opening emails, even if you believe it is from a known source.  And, if you receive an email that seems unusual or is from an unfamiliar sender, consider deleting it, or reporting it to your information technology department.  Under no circumstances should you click any links or open any attachments in the email.
  • Install antivirus software, which detects malicious programs like ransomware, and whitelisting software, which prevents unauthorized applications from executing.
  • And, back up your files frequently!  While this will not prevent a malware attack, it can minimize the damage that results from an attack.

In addition to the tips above, prior posts provide more detailed information:

Have questions?  Please contact me at kcole@farrellfritz.com.

*There are a number of ways in which ransomware can access a computer.  One of the more common delivery systems is phishing spam – an email or attachment that masquerades as a file the email recipient should trust.

**See https://www.washingtonpost.com/national/texas-high-courts-hit-by-ransomware-attack-refuse-to-pay/2020/05/12/f4d35fa4-948f-11ea-87a3-22d324235636_story.html.

***The firm, which specializes in entertainment and media law, represents many high profile celebrities, including Lady Gaga, Madonna, and LeBron James.

As we continue to conduct business virtually, non-traditional means of document execution are becoming increasingly popular. It is critical, however, to understand the laws and requirements associated with these non-traditional means so that a document that is electronically signed, or remotely notarized enjoys the same legal validity and effect as if signed, or attested to in person.

In New York, electronic signature laws have long been in place.  The current realities of remote business, however, has required more frequent electronic execution of documents.   Because electronic execution requirements vary among states and differ from their federal counterpart, it is important to consult the laws of the jurisdictions that may govern the document, especially when the parties sign the same document in different jurisdictions.

The operative law in New York is the Electronic Signatures and Records Act (“ESRA”), which permits electronic signatures on various legal documents, with limited exceptions.  The federal counterpart to ESRA is the Electronic Signature in Global and National Commerce Act (ESIGN).   Generally speaking, provided that the signer(s) demonstrate a proper intent and no other defect exists, the electronic signature gives the document the same legal validity and effect as if it were signed by hand.

Less common among states are laws allowing for the remote and electronic notarization of documents.*  Prior to the COVID-19 pandemic, only a handful of states permitted remote notarization of documents.  Many states, including New York, required the signer and notary to be physically present together when the document was signed, as well as the notary’s hand-written signature on the document.  This changed when New York Governor Andrew Cuomo issued Executive Order Number 202.7 (“E.O. 202.7”).  Recently extended through June 6, 2020, E.O. 202.7 temporarily permits the remote notarization of documents subject to various conditions set forth therein.  For example, the virtual meeting must allow for direct interaction between the signer and the notary, the signer must be physically present within the State of New York, and the notary must notarize the original signed document within thirty days of its execution.  Notably, E.O. 202.7 does not permit a notary to electronically sign a document (see Footnote *).  Rather, after the signatory transmits an electronic copy of the executed document to the notary, the notary must sign that copy by hand and transmit a notarized copy back to the signatory.  Like the laws governing electronic signatures, the temporary measures allowing for remote notarization also vary by state.  And so, it is critical to understand the laws of your jurisdiction before remotely notarizing a document.

As we move forward into reopening and the new realities attendant thereto it will be important to remain aware of the laws associated with these remote /electronic methods including whether EO 202.7 is further extended.

Have questions?  Please contact me at kcole@farrellfritz.com.**

*Do not confuse remote notarization with electronic notarization.  Remote notarization involves notarizing a document when the signatory and notary are not physically present in the same location.  Electronic notarization is the use of a notary’s electronic, rather than hand-written, signature on the document.

**Thank you to Kyle Gruder, a commercial litigation associate in the Firm’s Water Mill office, for his research assistance related to today’s blog.

A recent federal district court decision, Lawson et al. v Love’s Travel Stops & Country Stores, Inc., US Dist Ct, MD Pa, 1:17-CV-1266, Carlson, J., 2019, reminds litigants of the need to tailor discovery requests for electronically stored information (“ESI”).

Before the Court was plaintiffs’ motion to compel defendants’ production of “all” text messages on approximately 100 company-owned cell phones.  The underlying discovery demand, “not bound or defined by any considerations of factual relevance to the issues in this litigation” (Lawson at *1), was deemed not relevant and overly broad.  And so, the motion was denied by the Court.

In reaching its conclusion the Court referenced the scope of discovery under the Federal Rules, observing that discovery is limited to that which “is relevant to any party’s claim or defense and proportional to the needs of the case” (Fed Rules Civ Pro rule 26 [b] [1]).  Relying upon this standard the Court noted that “no party would be entitled to all text messages contained on an opposing party’s cellphones, [but only to] those messages that were relevant to the issues in th[e] litigation” (Lawson at *1).  The Court further noted that the “element of pervasiveness that characterizes cell phones,” coupled with the fact that many people maintain “the most personal and intimate facts of their lives … in their personal electronic devices” (id. at *2, quoting Riley v California, 573 US 373, 395 [2014]), makes compliance with plaintiff’s demand, as written, significantly burdensome for defendant and steeped in issues that implicate privacy concerns.

Ultimately, the Court declined to order disclosure.  The Court, however, noted that “a more narrowly tailored request, supported by a more specific showing of relevance, might be appropriate” (id. at *5).

While this case serves as a reminder to all litigants that discovery demands must be specifically tailored, a few helpful tips for avoiding a dispute similar to the one in Lawson include:

  • Know the Facts – Once you appreciate fully the facts and issues relevant to your lawsuit, it will be easier to craft discovery demands that seek information that is relevant.
  • Tailor Your Demands – The goal is to draft Demands that encompass all information relevant to the litigation, while avoiding over breadth.
  • Be Prepared to Justify Your Demands – Discovery disputes often involve the issue of relevance.  In the event of a dispute, be prepared to educate the Court as to why a specific demand is relevant and tailored.

A special thanks to Kyle Gruder, a commercial litigation associate in Farrell Fritz’s Water Mill office, for his contributions to today’s blog.

Have questions?  Please contact me at kcole@farrellfritz.com.

 

With much of the American workforce (and educational systems) working remotely, reliance upon videoconferencing software for workplace and educational collaboration has increased significantly. One of the more widely embraced platforms during the pandemic is Zoom Video Communications, Inc. (“Zoom”). According to the New York Times, around 600,000 people downloaded the Zoom application on March 15, 2020. And, for anyone who has used Zoom, you’re probably not surprised by its growth because Zoom is, after all, user-friendly; effective and convenient; and easy to share documents and screens among many participants for collaboration.

In a word, Zoom makes remote work and studies significantly less inconvenient. But, it is important to remember the convenience is not without risk.  Indeed, recent articles have detailed the myriad security issues posed by Zoom including the undisclosed way in which Zoom share(s) user data with LinkedIn and Facebook, for example; the company does not support end-to-end encryption; and a growing trend in which internet trolls jump onto public Zoom conferences and utilize the screen-sharing feature to project inappropriate, graphic content.*  According to security experts, there is an “automated Zoom meeting discover tool called ‘zWarDial’ ” that disrupters are using to find non-password protected Zoom meetings that could be “bombed.” This prompted the FBI to issue a warning to Zoom users.  In addition to the disruption caused by a “bomber,” once a Zoom meeting is infiltrated, any private, sensitive or confidential information may be at risk of compromise.

Because reliance on videoconferencing software is likely to continue for the foreseeable future, it is important for everyone hosting and participating in videoconference meetings to be cognizant of the risks and take necessary precautions including:**

  • Keep Your Meetings Private – Be sure that all business meetings are set as “private” and not “public” and do not post links to meetings on public forums or social media websites.
  • Set a Password – There is no good reason not to set a password to require participants to enter a meeting. Further, use a different password for every meeting. This is a simple and easy, yet effective, way to make your meetings more secure.
  • Manage Screen Sharing – The meeting host has the option to prevent participants from sharing their screens. If possible, consider this measure to prevent hackers from displaying inappropriate content.
  • Know Your Participants – If you notice that someone unfamiliar has joined the meeting, remove them. You can always allow them to rejoin later. Further, once you see that all invited participants have joined, lock the meeting. This prevents others from joining.
  • Be Cautious – While taking these precautions will decrease your vulnerability to hackers, be aware that hackers still may find their way into your private meetings. You should always be aware of this. To the extent possible, refrain from discussing highly confidential personal or business information that may put you, other employees, or your company at risk.

Have questions? Please contact me at kcole@farrellfritz.com.

*Even before the current pandemic, Zoom was addressing security issues that allowed its users to be vulnerable to hackers. (See Forbes article from January 2020).

**Zoom has offered its own guidance with respect to these concerns, accessible here 

***A special thanks to Commercial Litigation Associate, Kyle Gruder, for his assistance in researching this shareworthy topic.

As the coronavirus (“COVID-19”) causes countless companies and employers to implement remote working environments, millions of Americans will be working from home.  It is, therefore, critically important to remain vigilant about cybersecurity best practices.

As observed in recent news alerts, cybersecurity threats, perpetuated by opportunistic cyber-criminals preying on a vulnerable virtual workforce, are on the rise.   In fact, hackers around the globe are latching on to news items and exploiting interest in the global epidemic to spread malicious activity. Consider, for example, that more than 4,000 coronavirus-related domains were registered globally since January. These domains are 50% more likely to be malicious than other domains registered during that same time period.  See https://www.cybertalk.org/2020/03/06/coronavirus-themed-domains-50-more-likely-to-be-malicious-than-other-domains/

An additional malware campaign involved disseminating real-time, accurate information about global infection rates tied to the COVID-19 pandemic in a bid to infect computers with malicious software. In one scheme, the interactive dashboard of virus infections and death produced by Johns Hopkins University was used in malicious Web sites (and possibly spam emails) to spread password-stealing malware. https://krebsonsecurity.com/2020/03/live-coronavirus-map-used-to-spread-malware/

And so, there is no time like the present to review the critical, minimal steps you can take to protect yourself from falling victim to a cyber-threat.

See these prior posts for a summary of those steps:

“The Department of Homeland Security Reminds us of the Importance of Cybersecurity,”

“Some Cyber-Musts For Maximizing Security,” and

“Seven Simple (Cyber) Security Suggestions for September”

Have questions?  Please contact me at kcole@farrellfritz.com.