Cybersecurity Resource Center

“Emerging cyber threats require engagement from the entire American community to create a safer cyber environment—from government and law enforcement to the private sector and, most importantly, members of the public.”

– the Cybersecurity and Infrastructure Security Agency (“CISA”)

There’s no question that the pandemic has increased companies’ vulnerability to cyberattacks. More companies’ employees are working remotely, and thieves are leveraging that change—as well as public fear—to conduct hacking campaigns. Some of the more common attack methods include:

• Business email compromises: Email compromises trick employees into making fraudulent business payments, often by compromising the account of and impersonating a colleague or vendor.
• Malicious apps: People working from home tend to jump among personal and company-owned devices. Meanwhile, more and more fraudulent mobile applications are being added to app stores, where they can be downloaded and compromise users’ devices.
• Videoconference bombing: Because employees have been working remotely and have not been able to meet in person, the use of videoconferences has risen significantly. So too has the disruption of videoconferences with pornographic, hateful, or threatening images and content.
• Scams and fraud targeting individuals: The FBI warns of social media messages, emails, and phone calls that seek to scam people for money, or to phish account access, under the guise of purported COVID-19 testing, financial relief efforts, or medical equipment.

Morrison & Foerster is uniquely positioned to provide insight and counsel on the various facets of cyberattack preparedness and response. Our market-leading Global Privacy + Data Security team has decades of collective experience helping clients navigate these and other pressing issues. Visit our new Privacy + Data Security Litigation practice page to learn how our team can help your company with potential litigation arising from a breach.

Client Alert

Another Court Decision Underscores the Importance of Preserving Attorney-Client Privilege and Protecting Work Product for Incident Response Work

The decision from the U.S. District Court for the Middle District of Pennsylvania joined Capital One and Guo Wengui in rejecting a company’s argument that “an investigative report which was created after Defendant was notified of a potential data breach” was protected from disclosure by either the attorney-client privilege or the attorney work product doctrine.

Client Alert

U.S. Congress Introduces Bill that Would Require Mandatory 24 Hour Cyber Breach Notification for Government Agencies, Contractors, and Operators of Critical Infrastructure

The U.S. Congress introduces a new bill in response to incidents like the SolarWinds and Colonial Pipeline hacks, which have put a fresh spotlight on the national security implications of cyber incidents and the need for greater information sharing.

Video

Board Table Top Exercise: A Realistic Ransom-Scenario-Driven Discussion

View the exercise from MoFo’s Privacy and Data Security team, Miriam Wugmeister, Alex Iftimie, Mark David McPherson, Melissa Crespo, Peter Carey, and Mary Race. The panel’s presentation provides a cybersecurity exposure preparedness overview for board members.

Article

Member Spotlight: A conversation with Guillermo Christensen and Alex Iftimie

In this first-of-its-kind Member Spotlight, Christensen and Iftimie spoke with IAPP Staff Writer Joe Duball on all things ransomware, specifically highlighting how personal data can be leveraged and how companies can better equip themselves to face attacks.

Webinar

What Really Happens When You Call the FBI: An Inside Look at Law Enforcement Interactions During a Breach

Ever wonder what really happens when companies go to the FBI during a breach? Join a discussion with the FBI, Mandiant, and Morrison & Foerster on how the private sector interacts with law enforcement during a breach.

Article

Executive Order on Cybersecurity Expands Mandatory Breach Notification and Supply Chain Security Requirements for Government Contractors

MoFo counsel discusses latest EO in response to increased concerns about cyber threats following the SolarWinds, Microsoft Exchange, and Colonial Pipeline incidents.

Article

What Should Boards Think About After a Breach?

It’s about employing systems and processes, not placing blame.

Podcast

Cyberattacks in the Time of Remote Work

Miriam Wugmeister speaks on the Smart Women, Smart Power podcast about some of the digital challenges that the COVID-19 pandemic has brought to light.

Client Alert

U.S. Government Responds to SolarWinds Hack, Seeks to Establish New Norms for Cyber Espionage

MoFo partners discuss the US government’s recent changes to its protocols regarding cyber threats in response to the SolarWinds attack.