Corporate and Securities Practice

Re-Opening Your Business After New York Pause

Posted on: May 22, 2020

By: Kyle Lawrence

On Friday, May 15, New York State commenced with its Phase One business re-openings, one day after officials released guidelines for the re-opening of all businesses (both essential and non-essential) within the state, containing both mandatory measures and best-practices.  In order to commence with Phase One re-opening, the particular region must have satisfied all 7 of the following metrics[1]:

  • Decline in Total Hospitalizations. The region must show either (i) a sustained decline in the 3-day rolling average of total net hospitalizations (defined as the total number of people in the hospital on a given day) over the course of a 14-day period, or (ii) that the daily net increase in total hospitalizations (measured on a 3-day rolling average basis) does not exceed 15.
  • Decline in Deaths. The region must show either (i) a sustained decline in the three-day rolling average of daily hospital deaths over the course of a 14-day period, or (ii) that the 3-day rolling average of daily new hospital deaths does not exceed 5.
  • New Hospitalizations. The region must experience fewer than 2 new hospitalizations per 100,000 residents, measured on a 3-day rolling average. New hospitalizations include both new admissions and prior admissions subsequently confirmed as positive COVID cases.
  • Hospital Bed Capacity. The region must have at least 30% of their hospital beds available.
  • ICU Bed Capacity. The region must have at least 30% of their ICU beds available.
  • Diagnostic Testing Capacity. Average daily diagnostic testing over the past 7 days must be sufficient to conduct 30 tests per 1,000 residents per month.
  • Contact Tracing Capacity. Number of contact tracers in each region must meet thresholds set by the Department of Health, in collaboration with the Johns Hopkins University School of Public Health and Vital Strategies.

As of the date of this article, 7 regions in New York State had satisfied all 7 of these criteria and were able to commence with Phase One re-opening – Capital Region, Central New York, Finger Lakes, Mohawk Valley, North Country, Western New York and Southern Tier. Long Island has met 5 of the criteria to date, New York City has met 4 of the criteria to date. 

Upon the satisfaction of all of these factors, the region will be deemed “ready” to re-open, and the businesses and industries in the approved region will be permitted to re-open in the following phases:

1. Phase One: Construction, manufacturing, select retail (limited to those shops with curbside or in-store pickup or drop-off only) and wholesale trade.

2. Phase Two: Professional services (e.g., law, accounting and architecture firms), banks, real estate/rental leasing office and retail shops.

3. Phase Three: Restaurants, food services and hotels.

4. Phase Four: Arts, entertainment, recreation and education.

In these unsettled times as a business owner, your primary concern should be the health and safety of your employees and customers.  Here are some suggestions (note – these are not necessarily requirements) as you develop your new safety policies in the post-coronavirus workplace:

Social Distancing:

  • If your business cannot be operated remotely, consider how your current office setup can be reconfigured to encourage social distancing with a minimum of 6 feet between work stations.
  • The CDC recommends installing physical barriers, changing layouts to accommodate the 6-feet of space suggestion, closing communal spaces (such as kitchens and conference rooms), staggering shifts and breaks and refraining from large events.
  • You may wish to consider limiting the number of employees in the workplace and alternating teams to further encourage social distancing.
  • Try to limit the number of persons within an elevator to one person, where feasible.

Employee Health Monitoring:

  • Develop a plan for monitoring your employees’ health, with a particular focus on COVID-19 symptoms.
  • Before you re-open, put together a plan for how you will handle a positive case of COVID-19 in your workplace after you reopen. OSHA’s guidelines[2] give specific steps on how to manage and isolate employees displaying COVID-19 symptoms, but try to remember that you don’t want to ostracize any of your employees who may be showing symptoms but do not have COVID-19.
  • Remind your staff of your company’s sick time and paid time off policies to employees and discourage them from coming to work if they feel ill.

General Hygiene Practices:

  • Think about how you can best reiterate and enforce the CDC’s guidelines[3] for proper, frequent handwashing and general best practices.
  • Assess your company’s current cleaning and sanitation practices against the CDC’s recently released recommendations[4].
  • What procedures can you implement or upgrade to reduce the spread of the virus, and how can your staff help maintain those practices? This may include sourcing and stocking up on cleaning products and sanitizers for employee use during work hours.

Personal Protective Equipment (“PPE”):

  • If your business was subject to the Occupational Health and Safety Administration’s general requirements for employee PPE use[5], make sure you continue to adhere to those guidelines when you reopen.
  • Provide PPE to employees if at all possible, including masks and gloves. Otherwise, you may wish to encourage employees wear their own cloth face coverings in the workplace, per the CDC’s official recommendation.

These are highly unusual times and it seems as though new information and recommendations are being released on a daily basis.  We are continually monitoring the situation and we are happy to discuss the requirements discussed above, or any other situations that may affect your business, at your convenience.

[1] These metrics have been established based on guidance from the Center for Disease Control and Prevention, the World Health Organization, the U.S. Department of State, and other public health experts.





Watch Out! Scams on the Rise During COVID-19

Posted on: April 15, 2020

Fraudsters are nothing if not clever and opportunistic.  As the country tries to adapt to a remote working environment and companies adjust to a constantly evolving world, criminals are seeking to take advantage of the situation by impersonating people looking to conduct legitimate business deals. While people are working from home and aren’t necessarily able to bounce ideas and workflow off of colleagues as easily, the potential for decreased diligence increases. 

In particular, banks and the FBI are reporting a sharp rise in “phishing” and “man in the middle” scams as the world deals with the COVID-19 crisis.  Phishing scams can take many forms, but typically a perpetrator will contact you via email by pretending to be a real person from a real company and seeking your help to conduct a transaction.  You may speak with this person on the phone and they will be sufficiently fluent in the language of the transaction or the underlying business to be convincing. 

These perpetrators may also appear as clients or insert themselves into transactions by attempting to send malware to a specific party, often by posing as someone you know through the use of email spoofing. Using a spoofed account, they’ll ask you to open an attachment in order to gain credentials or access to a system. The spoofed account might look something like, replacing the “n” in “John” with an “m,” a change one would normally never spot in the ordinary course of email communications.

In “man in the middle” scams, a third party inserts himself into the middle of the communications by posing as one of the transaction parties, and attempts to divert one or more payments to a beneficiary bank never identified in prior communications. Once payments are successfully diverted, the same third party empties the account, and disappears. The counterparties are often unaware of the fraud until days, weeks, or even months later, depending on the attack’s sophistication.

In other words, phishing and man-in-the-middle attacks prey on trust and on the shortcuts that the human mind may take on a regular basis. It is a kind of “social engineering” attack: attackers assume that the people engaging in transactions over email trust each other, and that the counterparties won’t check email addresses in the “From” line carefully. That assumption is often correct, especially when a transaction is near completion and the emails are rapidly moving back and forth.

How can you protect yourself against these attacks?

  • Conduct periodic risk assessments of your internal financial controls and use the results of those assessments to identify possible problem areas.  Encourage management to identify those controls that are specifically designed to address the risk of fraud.
  • Scrutinize your company’s bank and credit card accounts on a daily basis.
  • Try to segregate as many accounting and financial functions across multiple people to increase the number of eyes reviewing each transaction.
  • Carefully check the email address of anyone who sends you an email, especially when it contains wire instructions, bank information or other financial information.
  • Check the format of any emails you receive and watch for odd, or out-of-character, grammar.
  • A simple phone call to the person you believe is the sender is oftentimes the easiest way to ward off one of these scams.  As a general rule, you should always confirm wire instructions over the phone.
  • Check your insurance policies to make sure that you have coverage in the event of losses due to these types of crimes.
  • Make sure your entire staff is properly trained to spot these types of scams.  The more people are aware of how these types of scams work, the more likely you will be to thwart them.
  • Ensure that your computer operating systems contain the most up-to-date software that is equipped with the latest anti-phishing filters.
  • Don’t click on links contained within emails, even if it is from someone you know.  Instead, open a new browser and type in the address that you intend to visit.
  • Trust your gut.  If something seems off about the way a person is acting, chances are there is something amiss. 

If you have any questions about possible internet or email-based scams, or any other questions as to how better shield your company from these attacks by implementing stronger internal controls, please feel free to contact me at