Covid-19 blog; Cyber security and fraud

It’s the view of many that the COVID-19 outbreak poses the greatest ever cyber security threat to businesses and individuals alike. Working from home practices are being swiftly implemented like never before, immediately presenting unprepared businesses with cyber security challenges and a multitude of unfamiliar risks. Cyber criminals are cruelly yet inevitably taking advantage of this situation, and managing this risk should be imperative for businesses.

The risks

The most common risk that cyber criminals pose is the attempt to lure home workers to click on malicious files or links. This type of attacking, known as phishing, has risen by an unprecedented 667% in the UK over the last month, whilst government statistics show that 75% of large firms suffered some form of hacking last year.

Such scams are emerging every day. A startling example includes the impersonation of the World Health Organization (WHO). The emails ask victims to “click on the button below to download Safety Measure”. Users are then asked to verify their email by entering their credentials, redirecting those who fall for the scam to the legitimate WHO page, and delivering their credentials straight to the phisher.

As individuals are now working across a range of environments, the risk of not spotting fraudulent activity is heightened. There isn’t the regular human interaction or quick access to IT support for employees, which may otherwise help spot unusual communications. Remote working may leave certain employees feeling vulnerable, and susceptible to this risk.

The risks associated to hacking a software system are equally prevalent, particularly as individuals may utlilise public or insecure WiFi networks. The use of personal devices increases this risk, particularly because those devices may not be configured with identical security protections that a business has.

How to mitigate against these risks

  1. Provide employees with straight-forward access to IT support during working hours, and clear advice following official guidance
  2. If possible, provide training to employees on how to spot a phishing email
  3. Be clear around what communication channels are to be used, to limit the spread of company data
  4. Instruct employees to use strong and unique passwords, considering two-factor authentication (a second piece of evidence needed to log in)
  5. Ensure that all devices being used by employees have sufficient software protection installed, and remains updated
  6. Ban the use of public WiFi networks without sufficient security controls and limit the work in public spaces where possible
  7. Finally, remain vigilant. Don’t click on links if you’re in any doubt, and don’t give out any personal data

Useful links

Guidance on phishing emails can be found on the National Cyber Security Centre (NCSC) website, providing clear and concise advice on how to manage these risks.

One of the leading Cyber insurers, CFC Underwriting, has also provided guidance on how to mitigate against the risks discussed.