The COVID-19 situation has been developing quickly, and A&M is closely monitoring the ongoing status and guidance as issued by the government and health authorities. The World Health Organization (WHO) declared a global pandemic with regards to the coronavirus. The health, security, and well-being of our employees, families, and customers are our top priority now as always. Our hearts and thoughts go out to the people who have been affected by this unprecedented event, and we appreciate the healthcare workers, local communities, and governments around the world who are on the front line working to contain this coronavirus.

We are continually aligning the measures taken with the guidance issued by the government, health authorities, and the Center for Disease Control (CDC). We started preparing for the potential disruption early. While our executive leadership team enforced a mandatory work from home policy for our employees globally, our firm is still fully operational and we are committed to supporting our clients.

Malicious actors thrive on times like these and seek to take advantage of such disruption. A&M’s Global Cyber Risk Advisory and Incident Response team is well equipped and focused on helping our clients prepare for and respond to cyberattacks. Our professionals are already accustomed to working remotely and have adopted best practices. Please feel free to reach out to us at CyberResponse@alvarezandmarsal.com if you have questions.

While we are all going through this unprecedented crisis, A&M would like to extend some high-level cybersecurity best practices and cyber-hygiene steps companies, organizations, and individuals can take.

• Endpoint Security: With many organizations enacting work from home policy, the organization data is at risk if the employee's network is compromised. Ensure the employee endpoints are monitored, and transmission between the endpoint and the organization network is encrypted and secure at all times.
   
• Unsecure personal email and Cloud drives: With everyone moving to a virtual workspace, getting work done is on top of everybody's mind, and employees may start sending sensitive work documents to their personal email or sync it with their personal drives for the ease of use. As with personal email, employers should monitor network activity, and employees should be advised to search these accounts for any work-related data on the personal cloud accounts and permanently delete it.
   
• Phishing, Vishing, and Social Engineering: Educate and remind your employees to be wary of any potential phishing and social engineering attacks to phish credentials and data out of them. With phone, email, and chat becoming the primary mode of communication, inform them to be vigilant on any vishing campaigns. Educate them to disconnect and dial the known good phone number to confirm any advice/request that they receive from the potential scam call.
   
• Financial / Wire Fraud: With Accounts Payable teams becoming virtual, email will become the primary authorization mechanism for wire transfer requests/vendor payment requests. Advise your Accounts Payable to verify by calling the person/vendor by dialing the known good number available in records if they receive a payment request or request to change the wire transfer bank information.

Please find the a link to the National Institute of Standards and Technology (NIST)’s NIST 800-46 Best practices for Remote Workers document for your reference.