Tag Archives: covid19 resources

More Tips On Protecting Your Virtual Meetings to Avoid a Cybersecurity Breach: An Update

top view photo of girl watching through imac

Photo by Julia M Cameron on Pexels.com

At this point, many of us are well into our fourth or fifth week of quarantine due to the outbreak of COVID-19. Even for those of us who are fortunate enough to be able to work remotely from our homes, this comes with certain challenges, including potential security issues with virtual conferencing. In our first installment about virtual meetings, and their unintended vulnerabilities, we provided some guidance on how you and your staff might implement certain strategies to keep your virtual conferences as safe as possible from hackers and trolls. In this new installment, we will provide further guidance on staying safe amidst emerging privacy and security concerns associated with virtual meeting platforms.

Zoom Announces Updates to its Data Privacy and Security Measures

On April 1, 2020, the Chief Operating Officer of Zoom, Eric Yuan, announced certain changes that Zoom is making to enhance its virtual meeting spaces. On April 14th, the Chief Product Officer of Zoom, Oded Gal, provided clarification on those enhancements to those of us who are using Zoom during quarantine.

  • Have a plan and be prepared for interference in your virtual meetings. Zoom has encouraged its users to have a plan in place for their virtual meetings and to be prepared should any unwanted interference arise. This includes ensuring that the application has been updated to include the latest security features, co-hosting meetings whenever possible, and utilizing preexisting and new security tools built into the application. To check for updates to the app, click on the main menu, then click on “Check for Updates,” and then “Begin Upgrade” if any new updates are available. We recommend doing this every week or so to ensure that you and your staff are up to speed on all available cybersecurity protections.
  • Co-host and record your virtual meetings whenever possible. A meeting creator can choose to co-host a meeting while creating the meeting invitation or in the actual Zoom meeting itself. A co-host can monitor the virtual waiting room or assist with any disruptions. Furthermore, record your Zoom meetings whenever possible because recording meetings creates a forensic trail of the meetings, as well as any bad actors that interfere with them, as soon as the meetings begin. The more data that virtual meeting platforms are able to collect about bad actors, the better able they are to stop the threat of further disruption.
  • Zoom has increased access to its security features. Zoom has made its pre-existing security features easier to find. A “Security” button has been added to the bottom banner of virtual meetings and is now easily accessible to meeting hosts. By clicking on this new security feature, meeting hosts are able to enable a waiting room or lock the meeting. Moreover, a meeting host can also remove a participant from a virtual meeting. Once that participant has been removed, he or she cannot reenter the meeting, even if using a different username. This is because as a part of Zoom’s new security rollouts, Zoom has started to collect IP addresses, among other data, to be able to better respond to security threats. While removing a participant from a meeting will only remove the participant from that particular meeting, you have other tools available to permanently block that user.

For example, right now Zoom recommends recording your meetings whenever practicable to ensure a forensic trail is created, as stated above. In addition, Zoom recommends taking a screenshot whenever a bad actor enters your virtual meeting. Then, you can report this intruder on Zoom’s website. And starting this coming weekend, Zoom will be releasing a new security feature built into the app, which will allow users to send a report to Zoom right from the security button should any unwanted interference arise.

Other Noteworthy Developments

Zoom announced that as of April 1, 2020, it would freeze all future product development except for data privacy and security updates for the following 90 days. Moreover, beginning April 18, 2020, every paid Zoom customer will be able to customize which data center regions their account can use for its real-time meeting traffic. By default, however, there will be no connection to any data centers in China beginning April 18, 2020 for all users. Additionally, users with an “.edu” registered email address are automatically given the highest level of security in their meetings, and this will continue. Zoom has begun to address user demands for a “kid-friendly” interface, but it has not yet launched any such interface.

Other virtual meeting platforms, such as GoToMeeting, have also enacted enhanced security protections in their respective applications. For example, GoToMeeting gathers cyber threat intel through partnerships including external intelligence communities, personal and professional sharing groups, and its own internal research to collect Indicators of Compromise or IoC data. IoC can include forensic data such as IP addresses, domains, hashes, and pulls them into its threat intelligence platform to reduce the risk of cyber threats.

Still though, platforms like Zoom and GoToMeeting urge users to utilize additional security measures as outlined in our previous blog post, and above, to provide the greatest level of privacy and data security for your virtual meetings.

Updates on Regulatory Guidance

On April 8th, Senator Edward Markey, whose priorities include telecommunications, technology, and privacy policy, urged the Federal Trade Commission (FTC) to publish industry cybersecurity guidelines “for companies that provide online conferencing services, as well as best practices for users that will help protect online safety and privacy during this pandemic and beyond.”

In Senator Markey’s letter, he urges that the guidance cover, at a minimum, the following topics:

  • Implementing secure authentication and other safeguards against unauthorized access;
  • Enacting limits on data collection and recording;
  • Employing encryption and other security protocols for securing data; and
  • Providing clear and conspicuous privacy policies for users.

Senator Markey also requests that the FTC develop best practices for online conferencing users, so that they can make informed, safe decisions when choosing and using these platforms. He requests that these best practices cover at least the following topics:

  • Identifying and preventing cyber threats such as phishing and malware;
  • Sharing links to online meetings without compromising security;
  • Restricting access to meetings via software settings; and
  • Recognizing that different versions of a company’s service may provide varying levels of privacy protection.

To date, the FTC has not published new guidelines.

Remember to have a plan and be prepared. Stay safe, everyone!

If you have any questions, please feel free to reach out to Donna UrbanKrishna Jani, or any member of Flaster Greenberg’s Telecommunications or Privacy & Data Security Groups.  

Donna T. Urban is a member of Flaster Greenberg’s Commercial Litigation and Environmental Law Departments concentrating her practice in telecommunications law, environmental regulation and litigation, and privacy and data security. She is a seasoned litigator, and for more than 20 years has successfully represented business clients in contract disputes, regulatory matters, and complex negotiations. She can be reached at donna.urban@flastergreenberg.com or 856.661.2285.

Krishna A. Jani is a member of Flaster Greenberg’s Litigation Department focusing her practice on complex commercial litigation. She is also a member of the firm’s cybersecurity and data privacy law practice groups. She can be reached at 215.279.9907 or krishna.jani@flastergreenberg.com.

To serve as a central repository of information and contributions from Flaster Greenberg attorneys on legal developments during the COVID-19 crisis, we have launched a COVID-19 Resource Page on our website.  Feel free to check back frequently for Flaster Greenberg’s ongoing analyses of important legal updates that may affect you or your business. 

  

CARES Act to Provide Needed Aid to Small Businesses Dealing with Uncertainty and Disruption

Shopping Mall

The “Coronavirus Aid, Relief, and Economic Security Act” was signed into law by the President on March 27th in an attempt to curtail the massive economic fallout that is likely to result from the near complete shutdown of American commerce amid the COVID-19 pandemic. This comprehensive bill provides financial resources that augment the individual states’ responses. This alert will explain some of the relief provided by the CARES Act that affect businesses grappling with these difficult times. It provides only a summary of the highlights of the Act and should generally apprise you of the programs available.

The CARES Act allocates an additional $349 billion to loans and grants through the Small Business Administration (SBA). For small and midsize businesses, the most significant result of the Act is to amend Section 7(a) of the Small Business Act to create the Paycheck Protection Program (PPP).  The PPP provides loans of up to two and a half times a borrower’s average monthly payroll expenses (over the last twelve months) in order to pay employee wages, benefits, insurance premiums, mortgage, rent, and utility payments. “Payroll expenses” include employee pay, leave (vacation, sick, parental, family, etc.), and health insurance and premiums, but is subject to limitations for high earning employees. This program is designed to encourage and incentivize businesses with less than 500 employees to retain their labor force. Eligibility standards focus on whether the business was operational before the crises, not its ability to repay. The CARES Act also waives the “credit elsewhere” test and no longer requires a personal guarantee for PPP loans. All PPP loans have a maximum interest rate of 4%, but as shown below, some or all of these loans may be forgiven. Furthermore, the CARES Act provides that the SBA will pay principal and interest on existing and new SBA loans for six months.

PPP loans are eligible for forgiveness upon meeting certain standards and this canceled indebtedness will not be recognized as income. The SBA will forgive the amount that the borrower spent during the first eight weeks after receiving funds on: (i) payroll costs as defined above; (ii) interest on existing mortgages (iii) payments of existing rents; and, (iv) payments of existing utility service. Since the CARES Act is attempting to prevent job losses, a borrower’s eligibility to have its loan forgiven is proportionally reduced by any reduction in employees compared to the prior year. A borrower’s loan forgiveness is also reduced if an employee’s pay is decreased beyond 25% of his or her previous year’s pay. However, if an employer has already laid off or reduced an employee’s pay, it can reinstate that employee prior to June 30, 2020 without suffering a reduction in forgiveness.

In addition to the PPP, the CARES Act expands the availability of Economic Injury Disaster Loans (EIDLs) and expands the business entities eligible to receive them.  The CARES Act waives the need for personal guarantees for EIDLs less than $200,000 and approval is based strictly on the applicant’s credit score. Any applicant for an EIDL can also request up to $10,000 in an Emergency Grant that the SBA must distribute within three days. The advance payment through the Emergency Grant may not need to repaid but must be used to: (i) pay sick leave to employees; (ii) maintain payroll; (iii) meet increased costs to obtain materials; (iv) make rent or mortgage payments; or (v) repay obligations that cannot be paid due to revenue losses. Emergency funds or EIDLs that convert to SBA loans through the PPP can be forgiven as stated above.

The Act also provides valuable tax credits of 50% of the first $10,000 of wages paid by employers to each employee during the crisis. To be eligible, an employer must have had its operations fully or partially suspended due to a shut-down order or had its gross receipts decline by more than 50% compared to the same quarter last year. There are different rules concerning what wages are qualified depending on the number of employees a particular business employs. In addition to the tax credit, an employer or self-employed individual can defer payment of the employer share of Social Security tax and allows such payments to be made over two years with half due by the end of 2021 and other half due at the end of 2022. Additionally, the CARES Act expands the ability of businesses to offset operating losses and retroactively apply them to previous years (carry-back NOLs).

In addition, the CARES Act provides for tax credits for employers who pay the required enhanced leave for employees affected by COVID-19. Employers can receive tax credits for up to $511 per day per employee when they pay employees under sick leave. Much more information regarding paid leave can be found in Adam Gersh’s three part employer’s guide: Part 1 | Part 2 | Part 3.

The CARES Act requires the SBA to promulgate rules promptly that should provide some more details on the available funds, process, and administration of these loans. Interested borrowers should contact the SBA here.  Additionally, funds are available at the state and local level and will be the topic of another Flaster Greenberg post in the near future.

Finally, the CARES Act expanded the number of businesses that can seek Chapter 11 bankruptcy relief under the recently enacted Small Business Reorganization Act of 2019 (SBRA). For the next year, the SBRA is available to businesses that owe less than $7.5 million in total debt, which is nearly three times higher than the original SBRA limitation. The SBRA, like a more traditional chapter 11 bankruptcy, allows a debtor to reorganize its balance sheet with the intention of setting forth a bankruptcy plan that will allow the company to operate profitably in the future. The advantage of the SBRA is that it is designed to provide a streamlined process, reduce costs, and provider a quicker exit from bankruptcy as compared to the traditional Chapter 11 bankruptcy where its cost can be a significant barrier to entry. Although businesses rarely want to consider bankruptcy, it can prove to a significant step toward regaining solvency and emerging from this crisis.

If your company is one of the millions struggling with this disruption, it should consider whether it can utilize the funds available in order to meet the short-term liquidity crunch. As always, Flaster Greenberg’s attorneys are available to assist you and we are here to help your company through this difficult time. The next section contains important links that can provide assistance to businesses.

COVID-19 Resources

tancredi_damien_0082_f_web
Damien Nicholas Tancredi
 is a member of Flaster Greenberg’s Bankruptcy, Financial Restructuring and Risk Management Department focusing his practice on bankruptcy, specifically representing unsecured creditors and creditors’ committees, chapter 7 trustees and chapter 11 debtors. He also represents businesses in commercial litigation and corporate matters in Delaware, Philadelphia and South Jersey. He is admitted to practice law in Pennsylvania, Delaware and New Jersey as well as the United States District Court for the districts of Eastern Pennsylvania, Delaware, and New Jersey. He can be reached at damien.tancredi@flastergreenberg.com or 215.587.5675.

 

%d bloggers like this: