A new report found that one-third of companies who are hit with ransomware and pay the hackers to unlock their systems, are often likely to be targeted a second time.

And after they pay, they are often faced with significant consequences, including system rebuilding costs, their data still being leaked and financial consequences, according to the “2022 Cyber Readiness Report” by Hiscox. The eye-opening results of the study come as the number of businesses hit by cyber attacks continues growing.

Considering the potential damage to your organization if your systems are compromised in the aftermath of a ransomware attack, even if you have cyber insurance to pay recovery costs, it’s best to take steps to thwart attacks in the first place.

More than ransom

It’s clear that paying a ransom often doesn’t mean the recovery for an affected business will be smooth, according to the report, which covers the poll results of 5,000 organizations.

The risk

Nearly half (47%) of firms reported that they had been hit by a cyber attack during the past 12 months, up from 40% in 2021. Of those who were attacked, 17% were ransomware victims.
The median cost of an attack has risen 29% to just under $17,000.
Small firms can no longer expect to fly under the radar as the criminals increasingly have them in their sights.

 

What you can do

Some firms have little exposure to a cyber attack, particularly if they don’t handle customer data or are not techdriven operations. Each firm has a different exposure level.
For companies that have cyber exposure, protecting their organization requires a multi-pronged approach that includes cyber insurance and strong data security protocols.
Cyber insurance may cover the cost of a paid ransom as well as recovery and rebuilding costs. If your organization has exposure, please give us a call to review your risk and see if cyber insurance is right for your business.

Besides that, Hiscox recommends taking a number of steps to protect against an attack and be able to recover from one faster:

1. Keep all of your software up to date to include the installation of all the latest security patches.
2. Frequently back up your data on a server that is not hooked up to the cloud.
3. Train workers on how to recognize and avoid common social engineering attacks that criminals use to trick them into revealing sensitive information about themselves or their company.
4. Teach your staff how to detect potentially dangerous e-mails that try to get them to click on a malicious link that can unleash ransomware or other malware.

A slew of new laws and regulations that will affect California businesses are taking effect for 2023.

Last year was a busy one, with ground-breaking new laws on employee pay disclosures, a law prohibiting discrimination against cannabis-using employees and another expanding the circumstances when employees can take leave to care for a loved one. The following are the top 10 laws and regulations that employers in the Golden State need to stay on top of.

1.  Pay disclosure

This sweeping law in part requires more disclosure of pay information by employers. Under current law, employers are required to provide the pay scale for a position upon reasonable request by a job applicant. SB 1162 goes a step further by:

• Requiring employers, upon request by a current employee, to provide the pay scale of the position they are employed in.
• Requiring employers with 15 or more workers to include pay scale in any job postings for open positions.
• Requiring employers to maintain records of job titles and wage rate history for each employee while employed for the company, as well as three years after their employment ceases.

Note: The law defines “pay scale” as the salary or hourly wage range that the employer “reasonably expects” to pay for the position. Penalties range from $100 to $10,000 per violation. This law took effect Jan. 1, 2023.

 

 2.  State of emergency and staff

This new law, SB 1044, bars an employer, in the event of a state of emergency or emergency condition, from taking or threatening adverse action against workers who refuse to report to, or leave, a workplace because they feel unsafe. “Emergency condition” is defined as:

• Conditions of disaster or extreme peril to the safety of persons or property caused by natural forces or a criminal act.
• An order to evacuate a workplace, worksite or worker’s home, or the school of a worker’s child due to a natural disaster or a criminal act.

SB 1044 also bars employers from preventing employees from using their mobile phones to seek emergency assistance, assess the safety of the situation or communicate with another person to confirm their safety. The law, which took effect Jan. 1, 2023, does not cover first responders and health care workers.

 

3. Cannabis use and discrimination

This law bars employers from discriminating in hiring, termination or other conditions of employment based on employees using cannabis while off duty. The bill’s author says the legislation is necessary because THC (tetrahydrocannabinol), the active ingredient in marijuana, can stay in a person’s system after they are no longer impaired. As a result, drug testing may detect THC in an employee’s system even if they used it weeks earlier and it is having no effect on their job performance. AB 2188 does not require employers to permit employees to be high while working. The bill would exempt construction trade employees and would not preempt state or federal laws that require employees to submit to drug testing. This law takes effect Jan. 1, 2024.

4.  Leaves of absence

The California Family Rights Act and the state’s paid sick leave law allow employees to take leave to care for a family member, defined as a spouse, registered domestic partner, child, parent, parent-in-law, grandparent, grandchild or sibling. The definition has been expanded to include “any individual related by blood or whose association with the employee is equivalent of a family relationship.”

5.  Contractor workers’ comp

Starting July 1, the following contractors must carry workers’ compensation coverage regardless of if they have employees or not:

• Concrete (C-8 license)
• Heating and air conditioning (C-20)
• Asbestos abatement (C-22), and
• Tree service (D-49).

Starting Jan. 1, 2026, all licensed contractors must have coverage.

6.  OSHA citation postings

Under current law, employers that receive citations and orders from OSHA are required to post them in or near the place the violation occurred, in order to warn employees about a potential hazard. Starting Jan. 1, 2023, they must post the notice not only in English, but also: Spanish, Chinese (Cantonese, Mandarin), Vietnamese, Tagalog, Korean, Armenian and Punjabi.

7.  Permanent COVID standard

Cal/OSHA has a permanent COVID-19 prevention standard that will sunset in 2024. The new standard, which replaces the temporary emergency standard the agency had implemented, should provide more certainty for prevention procedures and practices. Here are the main takeaways:

• Employers are no longer required to pay employees while they are excluded from work due to COVID-19, or to screen employees daily.
• Employers must still notify and provide paid testing to employees who had a close contact in the workplace.
• Employers can now incorporate written COVID-19 procedures into their Injury and Illness Prevention Programs.

8.  CalSavers expanded

SB 1126 requires any person or entity with at least one employee to either provide them with access to a retirement program like a 401(k) plan or enroll them in the state-run CalSavers program. Prior to this new law only companies with five or more employees that do not offer a retirement plan are required to enroll their workers in CalSavers.

9.  Bereavement leave

Employers with five or more workers are required to provide up to five days of bereavement leave upon the death of a family member, under a new law starting in 2023. This leave may be unpaid, but the law allows workers to use existing paid leave available to them, such as accrued vacation days, paid time off or sick leave. Employers are authorized to require documentation to support the request for leave.

10.  PFL wage replacement

This law was passed last year but does not take effect until 2025. Existing California law allows employees to apply for Paid Family Leave and State Disability Insurance, both of which provide partial wage replacement benefits when employees take time off work for various reasons under the California Family Rights Act. Starting in 2025, low-wage earners (those who earn up to 70% of the state average quarterly wage) will be eligible for a higher percentage of their regular wages under the state’s PFL and SDI benefit programs.

EVERY YEAR starts with a flurry of new laws and regulations that California employers have to contend with.
And 2022 is no different as the California legislature had a busy year and the stresses of the COVID-19 pandemic resulted in more activity. The end result is another round of new laws that employers need to stay on top of so they don’t run afoul of them.
With no further ado, here are the top regulations and laws affecting California businesses.

 

1. Big change to Cal/OSHA citations

SB 606 adds two new Cal/OSHA violation categories for purposes of citations and abatement orders: “enterprisewide” and “egregious” violations. Cal/OSHA can issue an enterprise-wide citation that would require abating the violation at all locations. And the employer can face a maximum penalty of $124,709 per violation.
The law also authorizes the agency to issue a citation for an egregious violation if it believes that an employer has “willfully and egregiously” violated a standard or order. Each instance of employee exposure to that violation will be considered a separate violation and fined accordingly.

 

2. Permanent COVID standard

On Sept. 17, 2021, Cal/OSHA released a draft text for proposed permanent COVID-19 regulations, which if adopted would be subject to renewal or expiration after two years and would replace the current emergency temporary standard, which is set to expire Jan. 14, 2022.
Adoption is expected in the spring of 2022. Here’s some of what the draft standard would do:

CDPH rules – It would require that employers follow California Department of Public Health COVID-19 prevention orders.
Masks for unvaxxed staff – Unvaccinated staff must wear masks. Employers must provide masks when the CDPH requires them.
Outbreak rules – During an outbreak in the workplace, all staff would be required to wear face coverings regardless of vaccination status. Employers would need to provide respirators during major outbreaks to all employees.

 

3. COVID exposure notification

On Oct. 5, 2021, AB 654 took effect, updating requirements for what an employer must do if there is an outbreak of COVID-19 cases at its worksites.
This law somewhat curtailed earlier outbreak-reporting requirements as well as other required notifications for certain employers, and updated several provisions of the 2020 outbreak notification law, AB 685.
Here are some highlights:

• Employers have one business day or 48 hours, whichever is later, to report a workplace COVID-19 outbreak to Cal/OSHA and local health authorities.
• Employers do not need to issue these notices on weekends and holidays.
• When an employer has multiple worksites, it only needs to notify employees who work at the same worksite as an employee who tests positive for  coronavirus.
• The new definition of “worksites” for the purposes of the law has been changed to exclude telework.

 

4. Expansion of the California Family Rights Act

AB 1033 expands the CFRA to allow employees to take family and medical leave to care for a parent-in-law with a serious health condition.
More importantly, it adds a requirement that mediation is a prerequisite if a small employer (one with between five and 19 workers) is the subject of a civil complaint filed by one of its employees.

 

5. Workplace settlement agreements and NDCs

A new law took effect Jan. 1 that bars employers from requiring non-disclosure clauses in settlement agreements involving workplace harassment or discrimination claims of all types. This builds on prior law that barred NDCs only in cases of sex discrimination or sexual harassment.
The new law expands that prohibition to all protected classes, such as: race, religion, disability, gender, age, and more.
One important note: While employees can’t be prohibited from discussing the facts of the case, employers can still use clauses that prohibit the disclosure of the amount paid to settle a claim.

 

6. OSHA vaccine mandate

As of this writing, Fed-OSHA’s new emergency COVID-19 standard was set to take effect on Jan. 1, with the most contentious part of the rule mandating that employees who work for employers with 100 or more staff be vaccinated or submit to weekly testing.
Unvaccinated workers would also be required to wear masks while on the job under the new rules, which have faced fierce challenges in courts.
The U.S. Court of Appeals for the Sixth District recently reversed a stay of the order as challenges to it are litigated, meaning the order can take effect as scheduled as the legal process challenging the rule proceeds.
The U.S. Supreme Court will hear expedited arguments Jan. 8 on the U.S. Court of Appeals for the Sixth Circuit’s decision to lift the Fifth Circuit’s stay.

 

7. Wage theft penalties

AB 1003, which took effect Jan. 1, added a new penalty to the California Penal Code: Grand Theft of Wages. The new law makes an employer’s intentional theft of wages (including tips) of more than $950 from one employee, or $2,350 for two or more workers, punishable as grand theft.
The law, which also applies to wage theft from independent contractors, allows for recovery of wages through a civil action.
As a result, employers (and potentially managers and business owners) would be exposed to both criminal and civil liability for wage and hour violations like failing to pay staff accurately and in a timely manner.
Review your compensation policies and practices to make sure you are in compliance with current wage and hour laws.

 

8. COVID cases may be included in X-Mods

The Workers’ Compensation Insurance Rating Bureau of California has proposed plans to start requiring COVID-19 claims to be included when calculating employers’ X-Mods.
The proposal, which would have to be approved by the state insurance commissioner, would bring to an end current rules that exclude the impact of COVID-19 workers’ compensation claims on X-Mods.
If approved, the new rule would take effect on Sept. 1, 2022. That means that employers will be held accountable for COVID19-related workers’ compensation claims and, if any employee needs treatment or dies from the coronavirus, it could result in higher premiums in the future.

 

9. Notices can be e-mailed

A new state law authorizes employers to distribute required posters and notices to employees via e-mail. SB 657 adds e-mail as a delivery option to the list of acceptable notification methods, which also includes mail.
Required posters and notices will still need to be physically posted in the workplace.

 

10. Warehouse quota rules

A new law that took effect Jan. 1 makes California the first (and only) state to regulate quotas used by warehouse employers.
While the bill was written with Amazon Inc. in mind, it affects all warehouses with 100 or more workers, and violations of the new law can be costly for an employer.
Under AB 701, warehouse employees must be provided with a written description of the quotas to which they are subject within 30 days of hire. Common quotas include the number of tasks the employee is required to perform, the materials to be produced or handled, and any adverse employment action that may result from a failure to meet the quota.

 

While employers may still implement quotas, employees are not required to meet a quota if it:

• Prevents them from taking required meal or rest periods,
• Prevents them from using the bathroom (including the time it takes to walk to and from the toilet), or
• Contravenes occupational health and safety laws. The law also bars employers from discriminating, retaliating or taking other adverse action against an employee who:
• Initiates a request for information about a quota or personal work-speed data, or
• Files a complaint alleging a quota violated the Labor Code.

 

AS THE CONSTRUCTION industry booms, contractors face evolving risks that, left unchecked, can leave their operation exposed to new liabilities.
If you already operate a construction firm, you know that there is a labor shortage that has made it difficult to find experienced workers and that hiring entities are asking builders to take on more of the design function, as well.
Your liability picture has also likely changed with the increasing use of wrap-ups and, if you’re using technology in your operation, you now have rising cyber-security risks, too.

Lack of qualified workers

The bottom fell out of the construction industry in the U.S. during the first few months of the COVID-19 pandemic, and many worksites were idled. Now that the industry has found its footing, it’s been dealing with a severe labor shortage.
As construction firms struggle to find workers, the ones who are on the job are having to take on larger workloads, which can put them at risk of injury or making mistakes.
Also, many contractors are having to take on younger, less-seasoned laborers, who may lack the experience to identify and avoid hazards, which puts them and others at risk of injury. Those injuries in turn affect your workers’ comp
premiums.
A lack of workers coupled with inexperienced new ones on sites can also end up drawing out projects, forcing contractors to miss deadlines.

Professional liability risks

As more project owners want an all-in-one job with the lead contractor designing and building the project, contractors now face a new type of risk: professional liability.

But the typical contractor’s insurance policy doesn’t provide protection for any design work you take on.
Courts have ruled that:

• Designers who perform “builder activities” lose limitation of liability typically enjoyed by design professionals.
• Builders who perform “design activities” assume responsibility for design deficiencies.

Wrap-ups more prevalent

Many construction projects are now covered under one general liability policy to cover the work of the general contractor, as well as of all the subs. More lenders are requiring that liability is set up in one all-encompassing policy.
A properly assembled general liability wrap-up should provide coverage not only during the construction period, but also up to 10 years after the work is completed.  These policies often reduce the cost of coverage.

More cyber-security risks

Like all industries, the construction sector has grown increasingly reliant on technology to get the job done. That exposes contractors to a variety of cyber risks, including keeping project designs, client records and employee records confidential.
Many building contracts today include clauses requiring the contractor to be responsible for potential cyber breaches.
Given the increasing popularity of practices such as “building information modeling,” “integrated project delivery,” and file-sharing between participants in a construction project, contractors may be at increased risk of liability in the event of a data breach.

MORE BUSINESSES in wildfire-prone areas are facing a difficult commercial property insurance market as insurers reduce their exposure and some have left the market altogether.

Many businesses in areas that have already been ravaged by fires in the past, or those located in areas that are near forests and large grassy areas are seeing their premiums increase – sometimes substantially by 300% or 400%.
Also, more businesses are finding few insurers that are willing to cover their properties.

According to a new report by insurance rating firm AM Best, California wildfires have caused over $4 billion in commercial property losses for insurers in three of the past four years.

It’s expected that 2021 fire losses could be even greater than those of the prior four years.

The fallout

• Some insurers have stopped writing property insurance in high-risk areas.
• Most insurers are increasing their rates substantially in high-risk areas.
• Insurers are requiring policyholders to have mitigation measures like defensible space (see below).
• Many policies have worse terms. One winery owner interviewed by the Los  Angeles Times said that his premium was typically $200,000 with a $25,000 deductible. His new policy costs $800,000 and includes a $500,000  deductible, and would only cover 20% of the value of his buildings.

The new playbook

Many insurers are applying three metrics in evaluating exposure to fire:
Brush mapping – This is a map of the tinder and brush, nearby trees, and other items that could contribute to your building(s) catching fire.
Wildland-urban interface – The closer that a building is to nature, the more at risk it is. A wildland-urban interface is defined by the Forest Services as a place where “humans and their development meet or intermix with wildland fuel.”
Concentration of properties an insurer covers in your area – If your carrier has a high concentration of policies for other properties in your area, they may opt to non-renew policies in order to reduce their exposure.

 

 

 

 

 

 

PROTECTING YOUR COMMERCIAL PROPERTY

• Zone 1 (0-5 feet): Concrete, gravel mulch, and low-growing plants or lawns are good choices for this zone. Avoid combustible materials.
• Zone 2 (5-30 feet): Vegetation island. Prune low tree branches. Remove shrubs.
• Zone 3 (30-100 feet): Thin out vegetation between trees. Don’t let tree canopies touch.

The California FAIR Plan Is the Market of Last Resort 

Coverage options

If all insurers have rejected a property, we have two options:

– The non-admitted market – These insurers, which include Lloyd’s of London, are usually willing to write buildings in higher-risk areas, but they too have increased their underwriting criteria.

– The California FAIR Plan – If we cannot find an insurer in the non-admitted market, the last choice is the FAIR Plan, which is the market of last resort for property owners that cannot get coverage elsewhere.

Policies cover losses from fire, lightning, and explosion only.
Also, policies are limited in what they will payout, so if you have millions of dollars tied up in equipment and/or inventory, the policy may not be enough to cover all the damage you incur from a wildfire.

The maximum limit for commercial properties is $3 million for structures and $1.5 million for all other coverages, for a combined $4.5 million limit for all commercial properties at one location. But there are some exceptions.

Your options if you go to the FAIR Plan

If the FAIR Plan coverage is not enough for your needs, we can find another insurer that provides excess coverage that
would kick in at a certain dollar amount of damage.

And for risks that are not covered, we would have to also find you a “differences in conditions” policy. Combined with FAIR Plan coverage, adding such a policy can nearly mimic the coverage of a commercial policy.

 

SOME BUSINESSES are finding fewer insurers willing to write their policies for certain types of coverage that are seeing rapidly rising claims costs, particularly in liability lines as well as property insurance in areas with exposure to natural catastrophes.
When no insurers that are licensed in California are willing to write a policy, we as your agent have to go to another market made up of insurance companies that are not licensed or regulated by the state.
It’s called the surplus lines (or “non-admitted”) market, and it can be a valuable alternative for insurance buyers.
As insurers get more selective writing some risks, it’s important for you as an insurance buyer to understand this market.

Why use a non-admitted carrier?

The most well-known non-admitted insurer is Lloyd’s of London, famous for insuring insurance companies and celebrities’ or sports figures’ body parts and global sporting events. Often non-admitted insurance companies are located in other states or domiciled abroad, like Bermuda or another tax-haven country.
Unlike licensed insurance companies, non-admitted companies do not have to obtain approval from state regulators for the policy forms they use or the rates they charge.

 

 

Since they are not regulated by the state, non-admitted insurers can offer creative coverage options and they can quickly and easily introduce new types of insurance that businesses need.
Some types of policies that are standard today, such as cyber insurance and employment practices liability insurance, got their start in the non-admitted market.
State laws typically permit a broker to obtain coverage from a non-admitted insurer only if at least a few standard insurance companies refuse to offer coverage. However, most also have coverage options that are not available in the standard market.
When someone needs one of the latter coverages, no rejections from licensed companies are required. An example might be liability insurance for contractors who demolish buildings.

Risks

There are risks to purchasing insurance in the non-admitted market. Policies may provide less coverage than do standard policies, or there may be restrictions on when coverage applies. Policies should be reviewed carefully. Also, because the insurers can charge whatever they feel is appropriate, premiums can be higher than you may expect. The policies may also be exempt from state laws regarding notices of cancellation and non-renewal.
Also, in every state but one (New Jersey), non-admitted policies are not backed by a guaranty fund. Guaranty funds cover claims left unpaid when an insurer is unable to pay for them. If a non-admitted company becomes insolvent, the policyholder has no recourse.

The takeaway

Despite the risks, the non-admitted market serves an important function, giving buyers a place to get needed coverage that would be otherwise unavailable.
Those who think they may need to tap this market should consult with us to find the right coverage at an acceptable price.

BUSINESS COMPROMISE scams that use both technology and a human touch to steal funds from businesses are growing as criminals engage in social engineering tactics to dupe unsuspecting employees.

Businesses have lost millions of dollars to social engineering scams, where attackers impersonate a company president or executive who is authorized to approve wire transfers to trick employees into transferring funds into a fake client or vendor account.

According to the FBI’s Internet Crime Complaint Center, in 2019 U.S. businesses were hit with an estimated 23,775 e-mail compromise scams that
resulted in aggregate losses of $1.7 billion. Figures for 2020 are not yet available.

Vishing – or voice phishing – attacks have been growing. The FBI in January warned of an increase in vishing attacks targeting employees working remotely in the COVID-19 pandemic, and of the heightened risks companies face when network access and broadening of online privileges may not be fully monitored.

 

How to train employees

Providing practical employee phishing training is key to keeping your company safe. The following are activities and tips to help you train employees to stay vigilant.

Remote workers should be vigilant in checking internet addresses, more suspicious of unsolicited phone calls, and more assertive in verifying the caller’s identity with the company, the FBI recommends.

When training staff, you should:

• Explain what vishing and phishing is, how it happens, and what risks it poses on a personal and company level.
• Explain the different types of phishing attacks.
• Train your workers in identifying signs of phishing attacks, like e-mails with poor spelling and grammar, incorrect e-mail addresses (for example BobS@ Startbucks.com), and fraudulent URLs.
• Train your staff in recognizing phishing links, phishing attachments, and spoofed e-mails. Additionally, your employees should know what steps to take after they identify a threat.
• Conduct simulations that send employees fake phishing e-mails. The results should be shared with them to show how they fell for the scam and the damage that being duped into clicking on a malicious link can cause.

 

Insurance

As vishing and business e-mail compromise scams increase, more employers are seeking to add coverage in their commercial crime policies.
Typically, these policies have been used to cover losses for internal theft, but lately, about 50% of claims are for losses related to phishing and fishing scams.
The price of social engineering coverage varies by risk and limit, but it can often be added to a crime policy as a rider.
One thing though: social engineering coverage will often have lower limits than a typical commercial crime policy. This is because of the risk of much larger financial losses than a company could expect from internal theft or white-collar crime perpetrated by an employee.

 

ADVICE FROM THE FBI

• Consider instituting a formal process for validating the identity of employees who call each other.
• Restrict VPN connections to managed devices only (meaning not on employees’ personal devices).
• Restrict VPN access hours.
• Employ domain monitoring to track the creation of or changes to corporate brand-name domains.

CYBER INSURANCE rates are going to increase dramatically in 2021, driven by more frequent and more severe insured losses, according to a recent industry study.

The report by global insurance firm Aon plc predicted that rates would jump by 20% to 50% this year due to two main factors:

 

1. Cyber attacks are becoming more frequent

While publicly disclosed data breach/privacy incidents are actually occurring less often, ransomware attacks are exploding in frequency.

Ransomware incident rates rose 486% from the first quarter of 2018 to the fourth quarter of 2020. The comparable rate for data breach incidents fell 57% during the same period. The incident rates for the two types of events combined rose 300% over the trailing two years.

 

2. The costs of these attacks are growing

The average dollar loss increased in every quarter of 2020. Ransomware attacks were particularly severe – many of them resulted in eight-figure losses. Others may grow to that level as business interruption losses are adjusted and lawsuits against insured organizations proceed.

The combination of more frequent and more costly losses is a
recipe for higher rates.

Cyber insurance rates continued increasing in 2020, with rises of between 6% and 16% in the last four months of the year. In January 2021, most of the top 12 cyber insurance companies told Aon they were planning more drastic rate hikes. Nearly 60% reported that they would be seeking rate increases of 30% or more during the second quarter. None of them expected increases less than 10%.

 

New underwriting criteria

When insurers evaluate cyber insurance applicants, they will be particularly concerned with the organization’s overall cyber risk profile, its cyber governance and access control practices, and its network and data security. Prior loss history will be less important because the frequency of attacks is growing so quickly.

Some insurers may also cap how much they will pay for ransomware losses, or even exclude them entirely. They may also increase the waiting periods before coverage begins to apply.

 

WHAT BUSINESSES CAN DO

To improve your chances of getting more favorable pricing and coverage, the report recommends that you focus on:

• Reducing the risk of cyber losses.
• Measures to keep data private.
• Building an internal culture of cybersecurity.
• Preparing for ransomware attacks and disaster recovery planning.
• How your contracts and insurance will respond to a supply chain security breach.
• Understanding primary and excess coverage terms and
  communicating primary terms to excess insurers.

On March 19, 2020, Governor Newsom issued Executive Order N-33-20 directing all residents immediately to heed current State public health directives to stay home, except as needed to maintain continuity of operations of essential critical infrastructure sectors and additional sectors as the State Public Health Officer may designate as critical to protect health and well-being of all Californians.
In accordance with this order, the State Public Health Officer has designated the following list of “Essential Critical Infrastructure Workers” to help state, local, tribal, and industry partners as they work to protect communities while ensuring continuity of functions critical to public health and safety, as well as economic and national security.

Note:  Employees have 14 days to file and the employer has 30 days to respond.  The new rules apply to workers who tested positive for COVID-19 within 14 days of performing work, or those who received a diagnosis within 14 days that was confirmed by a positive test no more than 30 days later. Employers have 30 days to rebut a claim.

 

HEALTHCARE / PUBLIC HEALTH
Sector Profile
The Healthcare and Public Health (HPH) Sector is large, diverse, and open, spanning both the public and private sectors. It includes publicly accessible healthcare facilities, research centers, suppliers, manufacturers, and other physical assets and vast, complex public-private information technology systems required for care delivery and to support the rapid, secure transmission and storage of large amounts of HPH data.

Essential Workforce
• Workers providing COVID-19 testing; Workers that perform critical clinical research needed for COVID-19 response.
• Health care providers and caregivers (e.g., physicians, dentists, psychologists, mid-level practitioners, nurses and assistants, infection control and quality assurance personnel, pharmacists, physical and occupational therapists and assistants, social workers, speech pathologists and diagnostic and therapeutic technicians and technologists).
• Hospital and laboratory personnel (including accounting, administrative, admitting and discharge, engineering, epidemiological, source plasma and blood donation, food service, housekeeping, medical records, information technology and operational technology, nutritionists, sanitarians, respiratory therapists, etc.).
• Workers in other medical facilities (including Ambulatory Health and Surgical, Blood Banks, Clinics, Community Mental Health, Comprehensive Outpatient rehabilitation, End Stage Renal Disease, Health Departments, Home Health care, Hospices, Hospitals, Long Term Care, Organ Pharmacies, Procurement Organizations, Psychiatric, Residential, Rural Health Clinics and Federally Qualified Health Centers, cannabis retailers).
• Manufacturers, technicians, logistics and warehouse operators, and distributors of medical equipment, personal protective equipment (PPE), medical gases, pharmaceuticals, blood and blood products, vaccines, testing materials, laboratory supplies, cleaning, sanitizing, disinfecting or sterilization supplies, personal care/hygiene products, and tissue and paper towel products.

• Public health/community health workers, including those who compile, model, analyze, and communicate public health information.
• Behavioral health workers (including mental and substance use disorder) responsible for coordination, outreach, engagement, and treatment to individuals in need of mental health and/or substance use disorder services.
• Blood and plasma donors and the employees of the organizations that operate and manage related activities.
• Workers that manage health plans, billing, and health information, who cannot practically work remotely.
• Workers who conduct community-based public health functions, conducting epidemiologic surveillance, compiling, analyzing and communicating public health information, who cannot practically work remotely.
• Workers who provide support to vulnerable populations to ensure their health and well-being including family care providers
• Workers performing cybersecurity functions at healthcare and public health facilities, who cannot practically work remotely.
• Workers conducting research critical to COVID-19 response.
• Workers performing security, incident management, and emergency operations functions at or on behalf of healthcare entities including healthcare coalitions, who cannot practically work remotely.
• Workers who support food, shelter, and social services, and other necessities of life for economically disadvantaged or otherwise needy individuals, such as those residing in shelters.
• Pharmacy employees necessary for filling prescriptions.
• Workers performing mortuary services, including funeral homes, crematoriums, and cemetery workers.
• Workers who coordinate with other organizations to ensure the proper recovery, handling, identification, transportation, tracking, storage, and disposal of human remains and personal effects; certify the cause of death; and facilitate access to behavioral health services to the family members, responders, and survivors of an incident.
• Workers supporting veterinary hospitals and clinics

EMERGENCY SERVICES SECTOR
Sector Profile
The Emergency Services Sector (ESS) is a community of highly-skilled, trained personnel, along with the physical and cyber resources, that provide a wide range of prevention, preparedness, response, and recovery services during both day-to-day operations and incident response. The ESS includes geographically distributed facilities and equipment in both paid and volunteer capacities organized primarily at the federal, state, local, tribal, and territorial levels of government, such as city police departments and fire stations, county sheriff’s offices, Department of Defense police and fire departments, and town public works departments. The ESS also includes private sector resources, such as industrial fire departments, private security organizations, and private emergency medical services providers.

Essential Workforce – Law Enforcement, Public Safety, and First Responders
• Including front line and management, personnel include emergency management, law enforcement, Emergency Management Systems, fire, and corrections, search and rescue, tactical teams including maritime, aviation, and canine units.
• Emergency Medical Technicians
• Public Safety Answering Points and 911 call center employees
• Fusion Center employees
• Fire Mitigation Activities
• Hazardous material responders and hazardous devices teams, from government and the private sector.
• Workers – including contracted vendors — who maintain digital systems infrastructure supporting law enforcement and emergency service operations.
• Private security, private fire departments, and private emergency medical services personnel.
• County workers responding to abuse and neglect of children, elders, and dependent adults.
• Animal control officers and humane officers

Essential Workforce – Public Works
• Workers who support the operation, inspection, and maintenance of essential dams, locks, and levees
• Workers who support the operation, inspection, and maintenance of essential public works facilities and operations, including bridges, water and sewer main breaks, fleet maintenance personnel, construction of critical or strategic infrastructure, construction material suppliers, traffic signal maintenance, emergency location services for buried utilities, maintenance of digital systems infrastructure supporting public works operations, and other emergent issues
• Workers such as plumbers, electricians, exterminators, and other service providers who provide services that are necessary to maintain the safety, sanitation, and essential operation of residences.
• Support, such as road and line clearing, to ensure the availability of needed facilities, transportation, energy, and communications support to ensure the effective removal, storage, and disposal of residential and commercial solid waste and hazardous waste.

FOOD AND AGRICULTURE
Sector Profile
The Food and Agricultural (FA) Sector is composed of complex production, processing, and delivery systems and has the capacity to feed people and animals both within and beyond the boundaries of the United States. Beyond domestic food production, the FA Sector also imports many ingredients and finished products, leading to a complex web of growers, processors, suppliers, transporters, distributors, and consumers. This sector is critical to maintaining and securing our food supply.

Essential Workforce
• Workers supporting groceries, pharmacies, and other retail that sells food and beverage products, including but not limited to Grocery stores, Corner stores and convenience stores, including liquor stores that sell food, Farmers’ markets, Food banks, Farm and produce stands, Supermarkets, Similar food retail establishments, Big box stores that sell groceries and essentials
• Restaurant carry-out and quick-serve food operations – including food preparation, carry-out, and delivery food employees
• Food manufacturer employees and their supplier employees—to include those employed in food processing (packers, meat processing, cheese plants, milk plants, produce, etc.) facilities; livestock, poultry, seafood slaughter facilities; pet and animal feed processing facilities; human food facilities producing by-products for animal food; beverage production facilities; and the production of food packaging
• Farmworkers to include those employed in animal food, feed, and ingredient production, packaging, and distribution; manufacturing, packaging, and distribution of veterinary drugs; truck delivery and transport; farm and fishery labor needed to produce our food supply domestically
• Farmworkers and support service workers to include those who field crops; commodity inspection; fuel ethanol facilities; storage facilities; and other agricultural inputs
• Employees and firms supporting food, feed, and beverage distribution (including curbside distribution and deliveries), including warehouse workers, vendor-managed inventory controllers, blockchain managers, distribution
• Workers supporting the sanitation of all food manufacturing processes and operations from wholesale to retail
• Company cafeterias – in-plant cafeterias used to feed employees
• Workers in food testing labs in private industries and in institutions of higher education
• Workers essential for assistance programs and government payments
• Workers supporting cannabis retail and dietary supplement retail
• Employees of companies engaged in the production of chemicals, medicines, vaccines, and other substances used by the food and agriculture industry, including pesticides, herbicides, fertilizers, minerals, enrichments, and other agricultural production aids
• Animal agriculture workers to include those employed in veterinary health; manufacturing and distribution of animal medical materials, animal vaccines, animal drugs, feed ingredients, feed, and bedding, etc.; transportation of live animals, animal medical materials; transportation of deceased animals for disposal; raising of animals for food; animal production operations; slaughter and packing plants and associated regulatory and government workforce
• Workers who support the manufacture and distribution of forest products, including, but not limited to timber, paper, and other wood products
• Employees engaged in the manufacture and maintenance of equipment and other infrastructure necessary to agricultural production and distribution

ENERGY
Sector Profile
The Energy Sector consists of widely-diverse and geographically-dispersed critical assets and systems that are often interdependent of one another. This critical infrastructure is divided into three interrelated segments or subsectors—electricity, oil, and natural gas—to include the production, refining, storage, and distribution of oil, gas, and electric power, except for hydroelectric and commercial nuclear power facilities and pipelines. The Energy Sector supplies fuels to the transportation industry, electricity to households and businesses, and other sources of energy that are integral to growth and production across the Nation. In turn, it depends on the Nation’s transportation, information technology, communications, finance, water, and government infrastructures.

Essential Workforce – Electricity industry:
• Workers who maintain, ensure, or restore the generation, transmission, and distribution of electric power, including call centers, utility workers, reliability engineers and fleet maintenance technicians
• Workers needed for safe and secure operations at nuclear generation
• Workers at generation, transmission, and electric blackstart facilities
• Workers at Reliability Coordinator (RC), Balancing Authorities (BA), and primary and backup Control Centers (CC), including but not limited to independent system operators, regional transmission organizations, and balancing authorities
• Mutual assistance personnel
• IT and OT technology staff – for EMS (Energy Management Systems) and Supervisory Control and Data
• Acquisition (SCADA) systems, and utility data centers; Cybersecurity engineers; cybersecurity risk management
• Vegetation management crews and traffic workers who support
• Environmental remediation/monitoring technicians
• Instrumentation, protection, and control technicians

Essential Workforce – Petroleum workers:
• Petroleum product storage, pipeline, marine transport, terminals, rail transport, road transport
• Crude oil storage facilities, pipeline, and marine transport
• Petroleum refinery facilities
• Petroleum security operations center employees and workers who support emergency response services
• Petroleum operations control rooms/centers
• Petroleum drilling, extraction, production, processing, refining, terminal operations, transporting, and retail for use as end-use fuels or feedstocks for chemical manufacturing
• Onshore and offshore operations for maintenance and emergency response
• Retail fuel centers such as gas stations and truck stops, and the distribution systems that support them.

Essential Workforce – Natural and propane gas workers:
• Natural gas transmission and distribution pipelines, including compressor stations
• Underground storage of natural gas
• Natural gas processing plants, and those that deal with natural gas liquids
• Liquefied Natural Gas (LNG) facilities
• Natural gas security operations center, natural gas operations dispatch and control rooms/centers natural gas emergency response and customer emergencies, including natural gas leak calls
• Drilling, production, processing, refining, and transporting natural gas for use as end-use fuels, feedstocks for chemical manufacturing, or use in electricity generation
• Propane gas dispatch and control rooms and emergency response and customer emergencies, including propane leak calls
• Propane gas service maintenance and restoration, including call centers
• Processing, refining, and transporting natural liquids, including propane gas, for use as end-use fuels or feedstocks for chemical manufacturing
• Propane gas storage, transmission, and distribution centers

WATER AND WASTEWATER
Sector Profile
The Water and Wastewater Sector is a complex sector composed of drinking water and wastewater infrastructure of varying sizes and ownership types. Multiple governing authorities pertaining to the Water and Wastewater Sector provide for public health, environmental protection, and security measures, among others.

Essential Workforce
Employees needed to operate and maintain drinking water and wastewater/drainage infrastructure, including:
• Operational staff at water authorities
• Operational staff at community water systems
• Operational staff at wastewater treatment facilities
• Workers repairing water and wastewater conveyances and performing required sampling or monitoring
• Operational staff for water distribution and testing
• Operational staff at wastewater collection facilities
• Operational staff and technical support for SCADA Control systems
• Chemical disinfectant suppliers for wastewater and personnel protection
• Workers that maintain digital systems infrastructure supporting water and wastewater operations

TRANSPORTATION AND LOGISTICS
Sector Profile
The Transportation Systems Sector consists of seven key subsectors, or modes:
– Aviation includes aircraft, air traffic control systems, and airports, heliports, and landing strips. Commercial aviation services at civil and joint-use military airports, heliports, and seaplane bases. In addition, the aviation mode includes commercial and recreational aircraft (manned and unmanned) and a wide variety of support services, such as aircraft repair stations, fueling facilities, navigation aids, and flight schools.
– Highway and Motor Carrier encompasses roadway, bridges, and tunnels. Vehicles include trucks, including those carrying hazardous materials; other commercial vehicles, including commercial motorcoaches and school buses; vehicle and driver licensing systems; taxis, transportation services including Transportation Network Companies, and delivery services including Delivery Network Companies; traffic management systems; AND cyber systems used for operational management.
– Maritime Transportation System consists of coastline, ports, waterways, and intermodal landside connections that allow the various modes of transportation to move people and goods to, from, and on the water.
– Mass Transit and Passenger Rail includes terminals, operational systems, and supporting infrastructure for passenger services by transit buses, trolleybuses, monorail, heavy rail—also known as subways or metros—light rail, passenger rail, and vanpool/rideshare.
– Pipeline Systems consist of pipelines carrying natural gas hazardous liquids, as well as various chemicals. Above-ground assets, such as compressor stations and pumping stations, are also included.
– Freight Rail consists of major carriers, smaller railroads, active railroad, freight cars, and locomotives.
– Postal and Shipping includes large integrated carriers, regional and local courier services, mail services, mail management firms, and chartered and delivery services.

Essential Workforce
• Employees supporting or enabling transportation functions, including dispatchers, maintenance and repair technicians, warehouse workers, truck stop and rest area workers, and workers that maintain and inspect infrastructure (including those that require cross-border travel)
• Employees of firms providing services that enable logistics operations, including cooling, storing, packaging, and distributing products for wholesale or retail sale or use.
• Mass transit workers
• Taxis, transportation services including Transportation Network Companies, and delivery services including Delivery Network Companies
• Workers responsible for operating dispatching passenger, commuter and freight trains and maintaining rail infrastructure and equipment
• Maritime transportation workers – port workers, mariners, equipment operators
• Truck drivers who haul hazardous and waste materials to support critical infrastructure, capabilities, functions, and services
• Automotive repair and maintenance facilities
• Manufacturers and distributors (to include service centers and related operations) of packaging materials, pallets, crates, containers, and other supplies needed to support manufacturing, packaging staging, and distribution operations
• Postal and shipping workers, to include private companies
• Employees who repair and maintain vehicles, aircraft, rail equipment, marine vessels, and the equipment and infrastructure that enables operations that encompass the movement of cargo and passengers
• Air transportation employees, including air traffic controllers, ramp personnel, aviation security, and aviation management
• Workers who support the maintenance and operation of cargo by air transportation, including flight crews, maintenance, airport operations, and other on- and off-airport facilities workers

COMMUNICATIONS AND INFORMATION TECHNOLOGY
Sector Profile
The Communications Sector provides products and services that support the efficient operation of today’s global information-based society. Communication networks enable people around the world to contact one another, access information instantly, and communicate from remote areas. This involves creating a link between a sender (including voice signals) and one or more recipients using technology (e.g., a telephone system or the Internet) to transmit information from one location to another. Technologies are changing at a rapid pace, increasing the number of products, services, service providers, and communication options. The national communications architecture is a complex collection of networks that are owned and operated by individual service providers. Many of this sector’s products and services are foundational or necessary for the operations and services provided by other critical infrastructure sectors. The nature of communication networks involve both physical infrastructure (buildings, switches, towers, antennas, etc.) and cyberinfrastructure (routing and switching software, operational support systems, user applications, etc.), representing a holistic challenge to address the entire physical-cyber infrastructure.
The IT sector provides products and services that support the efficient operation of today’s global information-based society and are integral to the operations and services provided by other critical infrastructure Sectors. The IT Sector is comprised of small and medium businesses, as well as large multinational companies. Unlike many critical infrastructure Sectors composed of finite and easily identifiable physical assets, the IT Sector is a function-based Sector that comprises not only physical assets but also virtual systems and networks that enable key capabilities and services in both the public and private sectors.

Essential Workforce – Communications:
• Maintenance of communications infrastructure- including privately owned and maintained communication systems- supported by technicians, operators, call-centers, wireline and wireless providers, cable service providers, satellite operations, undersea cable landing stations, Internet Exchange Points, and manufacturers and distributors of communications equipment
• Workers who support radio, television, and media service, including, but not limited to front line news reporters, studio, and technicians for newsgathering and reporting
• Workers at Independent System Operators and Regional Transmission Organizations, and Network Operations staff, engineers and/or technicians to manage the network or operate facilities
• Engineers, technicians and associated personnel responsible for infrastructure construction and restoration, including contractors for construction and engineering of fiber optic cables
• Installation, maintenance and repair technicians that establish, support or repair service as needed
• Central office personnel to maintain and operate central office, data centers, and other network office facilities
• Customer service and support staff, including managed and professional services as well as remote providers of support to transitioning employees to set up and maintain home offices, who interface with customers to manage or support service environments and security issues, including payroll, billing, fraud, and troubleshooting
• Dispatchers involved with service repair and restoration

Essential Workforce – Information Technology:
• Workers who support command centers, including, but not limited to Network Operations Command Center, Broadcast Operations Control Center and Security Operations Command Center
• Data center operators, including system administrators, HVAC & electrical engineers, security personnel, IT managers, data transfer solutions engineers, software and hardware engineers, and database administrators
• Client service centers, field engineers, and other technicians supporting critical infrastructure, as well as manufacturers and supply chain vendors that provide hardware and software, and information technology equipment (to include microelectronics and semiconductors) for critical infrastructure
• Workers responding to cyber incidents involving critical infrastructure, including medical facilities, SLTT governments and federal facilities, energy and utilities, and banks and financial institutions, and other critical infrastructure categories and personnel
• Workers supporting the provision of essential global, national and local infrastructure for computing services (incl. cloud computing services), business infrastructure, web-based services, and critical manufacturing
• Workers supporting communications systems and information technology used by law enforcement, public safety, medical, energy and other critical industries
• Support required for continuity of services, including janitorial/cleaning personnel

OTHER COMMUNITY-BASED GOVERNMENT OPERATIONS AND ESSENTIAL FUNCTIONS
Essential Workforce
• Critical government workers, as defined by the employer and consistent with Continuity of Operations Plans and Continuity of Government plans.
• County workers responsible for determining eligibility for safety net benefits
• The Courts, consistent with guidance released by the California Chief Justice
• Workers to ensure continuity of building functions
• Security staff to maintain building access control and physical security measures
• Elections personnel
• Federal, State, and Local, Tribal, and Territorial employees who support Mission Essential Functions and communications networks
• Trade Officials (FTA negotiators; international data flow administrators)
• Weather forecasters
• Workers that maintain digital systems infrastructure supporting other critical government operations
• Workers at operations centers necessary to maintain other essential functions
• Workers who support necessary credentialing, vetting and licensing operations for transportation workers
• Workers who are critical to facilitating trade in support of the national, state, and local emergency response supply chain
• Workers supporting public and private childcare establishments, pre-K establishments, K-12 schools, colleges, and universities for purposes of distance learning, provision of school meals, or care and supervision of minors to support essential workforce across all sectors
• Workers and instructors supporting academies and training facilities and courses for the purpose of graduating students and cadets that comprise the essential workforce for all identified critical sectors
• Hotel Workers where hotels are used for COVID-19 mitigation and containment measures, including measures to protect homeless populations.
• Construction Workers who support the construction, operation, inspection, and maintenance of construction sites and construction projects (including housing construction)
• Workers such as plumbers, electricians, exterminators, and other service providers who provide services that are necessary to maintaining the safety, sanitation, construction material sources, and essential operation of construction sites and construction projects (including those that support such projects to ensure the availability of needed facilities, transportation, energy and communications; and support to ensure the effective removal, storage, and disposal of solid waste and hazardous waste)
• Commercial Retail Stores, that supply essential sectors, including convenience stores, pet supply stores, auto supplies and repair, hardware and home improvement, and home appliance retailers • Workers supporting the entertainment industries, studios, and other related establishments, provided they follow covid-19 public health guidance around social distancing. • Workers critical to operating Rental Car companies that facilitate continuity of operations for essential workforces, and other essential travel
• Workers that provide or determine eligibility for food, shelter, in-home supportive services, child welfare, adult protective services and social services, and other necessities of life for economically disadvantaged or otherwise needy individuals (including family members)
• Professional services, such as legal or accounting services, when necessary to assist in compliance with legally mandated activities and critical sector services
• Faith-based services that are provided through streaming or other technology • Laundromats and laundry services
• Workers at animal care facilities that provide food, shelter, veterinary and/or routine care and other necessities of life for animals.

CRITICAL MANUFACTURING
Sector Profile
The Critical Manufacturing Sector identifies several industries to serve as the core of the sector: Primary Metals Manufacturing, Machinery Manufacturing, Electrical Equipment, Appliance, and Component Manufacturing, Transportation Equipment Manufacturing Products made by these manufacturing industries are essential to many other critical infrastructure sectors.

Essential Workforce
• Workers necessary for the manufacturing of materials and products needed for medical supply chains, transportation, energy, communications, food and agriculture, chemical manufacturing, nuclear facilities, the operation of dams, water and wastewater treatment, emergency services, and the defense industrial base.

HAZARDOUS MATERIALS
Essential Workforce
• Workers at nuclear facilities, workers managing medical waste, workers managing waste from pharmaceuticals and medical material production, and workers at laboratories processing test kits
• Workers who support hazardous materials response and cleanup
• Workers who maintain digital systems infrastructure supporting hazardous materials management operations

FINANCIAL SERVICES
Sector Profile
The Financial Services Sector includes thousands of depository institutions, providers of investment products, insurance companies, other credit and financing organizations, and the providers of the critical financial utilities and services that support these functions. Financial institutions vary widely in size and presence, ranging from some of the world’s largest global companies with thousands of employees and many billions of dollars in assets to community banks and credit unions with a small number of employees serving individual communities. Whether an individual savings account, financial derivatives, credit extended to a large organization, or investments made to a foreign country, these products allow customers to: Deposit funds and make payments to other parties; Provide credit and liquidity to customers; Invest funds for both long and short periods; Transfer financial risks between customers.

Essential Workforce
• Workers who are needed to process and maintain systems for processing financial transactions and services (e.g., payment, clearing, and settlement; wholesale funding; insurance services; and capital markets activities)
• Workers who are needed to provide consumer access to banking and lending services, including ATMs, and to move currency and payments (e.g., armored cash carriers)
• Workers who support financial operations, such as those staffing data and security operations centers

CHEMICAL
Sector Profile
The Chemical Sector—composed of a complex, global supply chain—converts various raw materials into diverse products that are essential to modern life. Based on the end product produced, the sector can be divided into five main segments, each of which has distinct characteristics, growth dynamics, markets, new developments, and issues: Basic chemicals; Specialty chemicals; Agricultural chemicals; Pharmaceuticals; Consumer products

Essential Workforce
• Workers supporting the chemical and industrial gas supply chains, including workers at chemical manufacturing plants, workers in laboratories, workers at distribution facilities, workers who transport basic raw chemical materials to the producers of industrial and consumer goods, including hand sanitizers, food and food additives, pharmaceuticals, textiles, and paper products.
• Workers supporting the safe transportation of chemicals, including those supporting tank truck cleaning facilities and workers who manufacture packaging items
• Workers supporting the production of protective cleaning and medical solutions, personal protective equipment, and packaging that prevents the contamination of food, water, medicine, among others essential products
• Workers supporting the operation and maintenance of facilities (particularly those with high risk chemicals and/ or sites that cannot be shut down) whose work cannot be done remotely and requires the presence of highly trained personnel to ensure safe operations, including plant contract workers who provide inspections
• Workers who support the production and transportation of chlorine and alkali manufacturing, single-use plastics, and packaging that prevents the contamination or supports the continued manufacture of food, water, medicine, and other essential products, including glass container manufacturing

DEFENSE INDUSTRIAL BASE
Sector Profile
The Defense Industrial Base Sector is the worldwide industrial complex that enables research and development, as well as design, production, delivery, and maintenance of military weapons systems, subsystems, and components or parts, to meet U.S. military requirements. The Defense Industrial Base partnership consists of Department of Defense components, Defense Industrial Base companies and their subcontractors who perform under contract to the Department of Defense, companies providing incidental materials and services to the Department of Defense, and government-owned/contractor-operated and government-owned/government-operated facilities. Defense Industrial Base companies include domestic and foreign entities, with production assets located in many countries. The sector provides products and services that are essential to mobilize, deploy, and sustain military operations.

Essential Workforce
• Workers who support the essential services required to meet national security commitments to the federal government and U.S. Military. These individuals include but are not limited to, aerospace; mechanical and software engineers, manufacturing/production workers; IT support; security staff; security personnel; intelligence support, aircraft and weapon system mechanics and maintainers
• Personnel working for companies, and their subcontractors, who perform under contract to the Department of Defense providing materials and services to the Department of Defense, and government-owned/contractor-operated and government-owned/government-operated facilities

Download a pdf

AS IF BUSINESSES didn’t have enough to worry about, online scammers have started sending out malicious e-mails to organizations about coronavirus that appear to be from business partners or public institutions. The criminals send these to rank and file employees in the hope that at least one of them will click on a link or attachment in the e-mail, which unleashes malware or tries to trick them into wiring money for supplies purportedly to protect the organization’s workers.

The number of malicious e-mails mentioning the coronavirus has increased significantly since the end of January, according to cybersecurity firm Proofpoint Inc. The company noted that this wasn’t the first time they had seen such widespread cyber attacks associated with some type of disaster. But because this is global in nature, it decided to track the new threat. This practice of launching cyber attacks that are centered around global news and outbreaks (like the current COVID-19 coronavirus) isn’t anything new. Cybercriminals have long employed these tactics to take advantage of users’ desires to keep as up to date with any new information as possible or to evoke powerful emotions (like fear) in the hope that their sentiments will get the better of them and they will not pause to check for the legitimacy of these e-mails.

The cybercriminals are using the public’s ignorance about coronavirus, as well as the conflicting claims of how to protect against it, to lure people into clicking on their malicious links or get them to wire money. Because people are afraid, their guards may be down and they may not be as careful about identifying the e-mail as dangerous.

Some real-life examples

• Japanese workers were targeted in January and February with e-mails that looked like they came from local hospitals. The messages even included legitimate contact information for key personnel. The e-mails were focused on employees of various companies and came in a message that would look like it’s a reply to something or a warning that people are getting from the government. But when they clicked, it was malware. E-mails were sent to companies in the transportation sector that looked like they came from an employee of the World Health Organization.
They included the WHO logo and instructions about how to monitor crews aboard ships for coronavirus symptoms, and they included an attachment with instructions. This phishing e-mail attack was
intended to lure individuals into providing sensitive data, such as personally identifiable information and passwords.
• Companies in the US and Australia have been receiving malicious e-mails that use a display name of “Dr. Li Wei” and are titled “CORONA-VIRUS AFFECTED COMPANY STAFF.”

What you can do

All that it takes to break into your business is a cleverly worded e-mail message. If scammers can trick one person in your company into clicking on a malicious link, they can gain access
to your data. It’s important to train your staff to identify suspicious e-mails. They should avoid clicking links in e-mails that:
• Are not addressed to them by name, have poor English, or omit personal details that a legitimate sender would include.
• Are from businesses they are not expecting to hear from.
• Ask you to download any files.
• Take you to a landing page or website that does not have the legitimate URL of the company the e-mail is purporting to be sent from.
• Include attachments purportedly with advice for what to do. Do not open them even if they come from relatives or friends.