The news is of course filled with the Coronavirus pandemic at this current time. And unfortunately, that stretches to cybercrime.
There have been many reports that cyber criminals are exploiting the Coronavirus crisis – targeting individuals, businesses and busy hospitals.
Here we look at the issues surrounding Coronavirus cyber risk and how you and your business can look to manage the risk.
Why are cyber criminals targeting businesses during Coronavirus?
There has been much talk of an increase in cybercrime during the coronavirus pandemic. What is known is that cyber criminals are opportunistic and will exploit situations to their advantage.
Many factors may be at play including:
- An increased demand for information relating to the Coronavirus. This creates the opportunity for cyber criminals to set up fake websites/send phishing emails
- An increase in people ‘online’ – use of video conferencing apps through to more people using streaming services
- More people working from home – out of the normal confines of office-based security. Home working equipment may also have been set up at haste to enable home working following the coronavirus lockdown preventing possible security flaws
Some of the cybercrime techniques reportedly being used and creating the coronavirus cyber risk include:
- Phishing emails – At this time, cyber criminals may be looking to take advantage of people’s fears and anxieties regarding the coronavirus. Communications from banks, HMRC etc could be vulnerable to impersonation. Likewise, cyber criminals could be sending fictitious emails which look to have important updates about the virus.
- Malicious websites – those sites which appear to show information about the Coronavirus, but which subsequently contain malware
What are the risks of more people working from home?
With more people working from home there are increased risks. Particularly if your employees are new to working from home. Or you have had to set up laptops etc at speed.
Security will be the key issue here. So, make sure that your IT strategy is focussed on ensuring strong security in the set-up of equipment to be used for home working.
There is also the risk that IT policies and procedures take a back seat. Employees may be switching between personal and work equipment. This poses the risk of making use of personal equipment for business use. Such as personal email addresses. Likewise, a home has more connected equipment and there is a blurring of lines between secured and non-secured and business approved equipment. From printers to home internet service providers.
So, it is vital that employees working from home only use company equipment, that they are fully aware of your home working policy and that everyone across your business takes responsibility for maintaining cyber security.
What steps can businesses take to minimise the risk of cyber-crime at this time?
As a business and an individual it is important that you are always vigilant with regards to the risk of cybercrime.
We have blogged many times about steps to take in a bid to minimise the risk of cybercrime. And many of these still stand and apply to the coronavirus cyber risk. Yet, at times of increased stress, such as now, and with new requirements to work from home it is possible for mistakes to happen.
So, make sure you do not overlook the basics at this time:
- Make sure you use strong password. And different passwords for all accounts. Activate two factor authentications wherever possible.
- Update default passwords set by manufacturers
- Ensure employees do not share passwords
- Ensure that you have an anti-virus software in place
- Ensure that your systems are fully patched and up to date with any updates provided by software developers. Not doing so can create vulnerabilities which cyber criminals can exploit
- Be aware – be aware that cyber criminals are viewing Coronavirus as an opportunity. And of the types of cybercrime techniques which are being used at this current time
- Train and inform your staff – many cyber-attacks are the result of human error. Clicking on a link in a phishing email or providing details to someone posing as an employee. So, you must ensure that your staff are aware of the risk of cybercrime. That they know what to look for and that they are confident to challenge requests if they don’t seem right.
For businesses with people working from home also think about the following:
- If you have people working from home, then ensure that the level of security you have in place meets the standards you would normally adhere to. This article from the National Cyber Security Centre (NCSC) gives a useful guide to the areas you will need to consider for home working.
- Remind staff of your IT policies and procedures – e.g. not making use of removable storage devices (USB sticks etc). And that personal email addresses shouldn’t be used for work related purposes. Not only can this be a risk from a security perspective but also a GDPR compliance issue. Make sure employees know only to use software approved by your business and not to download anything different
At Anthony Jones we appreciate that this is an unprecedented time for businesses and individuals. We are still working (adhering to government guidelines) and are here to help. If you have any questions about insurance or risk management at this time, please don’t hesitate to get in touch with us.