April 2, 2020

Cybersecurity and COVID-19

Businesses are turning to online solutions as they struggle to adapt to the unprecedented disruption caused by COVID-19.  Many people are now working from home, and may be new to the technologies they are using to do their jobs.  Unfortunately, these changes have created near-perfect conditions for hackers, who are trying to take advantage of our increased reliance on online technologies.

COVID-19-related scams, in particular, have surged.  The Washington Post reports that, according to IBM’s X-Force research division, coronavirus email scams have increased by 14,000 percent in just the past two weeks.  Such emails often try to get the recipient to divulge sensitive information, such as usernames and passwords.  Phony websites claiming to sell PPE and COVID-19 “cures” have proliferated.   “Zoombombing” – interrupting zoom calls to spread racist, pornographic, or vulgar content – is becoming commonplace.  Fake texts, asking people to click on harmful links, have increased.

Franchise systems may be particularly vulnerable to these kind of cyber-attacks.  By their very nature, franchise systems are decentralized.  Often, many different people have access to a franchise system’s computers and electronic information, including franchisors, franchisees, their respective employees, suppliers, and other third parties.  In the wake of the global pandemic, many more people may now have access to these online systems.  This decentralization and increased access poses certain challenges at the best of times.  During a crisis, it is even more difficult to ensure compliance with cybersecurity best practices.

What can you do to keep your franchise systems safe online?  Education is your first line of defence.  Here are some basic tips that you can circulate to everyone who has access to your online systems:

  • Exercise caution in opening attachments/clicking on links – be especially on guard if the link/attachment relates to COVID-19. Be cautious of messages with a sense of urgency to them, or those that include deadlines.  If the link or attachment is available from a reputable and recognized website (for instance, the Government of Canada), you may wish to access the article/link directly from the website, rather than through the attachment or link.
  • For emails, double check the sender’s information – if an email address looks suspicious, don’t respond and delete it. In particular, scrutinize emails inviting you to join a videoconference or chat.  Look for spelling errors in names and websites – these can be a red flag that the invitation is not legitimate. When in doubt, contact the sender via another means, such as by phone or text, to confirm the invitation is actually from them.
  • Be wary of texts – particularly those relating to coronavirus or COVID-19, or relating to “your” subscriptions/accounts. We’ve seen suspicious texts claiming to be from the government, major banks, and “Netflix”, among others.  Many of these texts are actually phishing scams, trying to get you to click on a harmful link.
  • Videoconference best practices – change your videoconference settings so that only the meeting host can share their screen, make calls private, and consider requiring participants to enter a password to join the meeting.
  • Family/household members – if you’re sharing a device with anyone, including children, take the time to educate them about good online practices. Device security is only as strong as the weakest link.

Adrienne is a partner with Sotos LLP in Toronto, Canada’s largest franchise law firm.  She provides counsel to many franchised businesses.  Adrienne can be reached directly at 416-572-7321 or aboudreau@sotosllp.com.