On August 12, 2020, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) reported an unknown malicious cyber actor sending phishing emails purporting to be from the Small Business Administration (SBA) concerning COVID-19 loan relief and containing a malicious link to a spoofed SBA website that is being used for re-directs and credentials harvesting. The report includes some recommended mitigation measures that businesses, organizations and government agencies should consider. While the report only focuses on one specific phishing scheme, it serves as an important reminder to all businesses, organizations and agencies that malicious actors see the same developments the rest of us see on the business and political fronts, and they’ll work tirelessly to take advantage of the “opportunities” created by those developments. It’s also an important reminder for businesses, organizations and agencies to stay informed of the ever-changing cyber threat environment, to regularly train employees on potential threats and how to handle them, and to foster a security-minded culture where employees understand that “security is everyone’s responsibility.”
The lawyers in Sands Anderson’s Cybersecurity and Technology Team help clients understand the threats and risks to their systems and data, and advise them concerning steps they should take to meet their legal data security obligations and improve their overall cybersecurity posture. Please contact any member of our team if you have questions about data security compliance, data privacy, data breach response, data strategy or technology contracts and licensing.