The COVID-19 pandemic poses heightened cybersecurity and data privacy risks for businesses. With the rapid deployment of remote-working solutions, malicious actors already are attempting to exploit weaknesses due to reduced IT staffing and the use of personal devices and insecure public and home networks. Businesses also are experiencing an uptick in social engineering schemes aimed at inducing employees to open coronavirus-related messages infected with malware. Meanwhile, many businesses are facing data privacy questions regarding the collection and disclosure of personal information as they monitor the virus's impact on their organizations.
Animated by these concerns, U.S. and international authorities are taking action to guard against possible disruptions to the nation's critical infrastructure and to help businesses manage the cybersecurity and data privacy risks posed by the pandemic.
U.S. and international authorities are warning businesses of increased cybersecurity threats from actors seeking to exploit the pandemic. They also have provided guidance on mitigating cybersecurity risks and, in some instances, imposed reporting obligations on regulated entities. Examples include:
U.S. and international authorities have issued COVID-19 specific guidance to assist organizations as they navigate novel data privacy issues.