With a coronavirus ‘lockdown’ in effect across the UK, various countries in Europe and around the wider world, many of us now find ourselves working from home. This change has no doubt had a profound effect on businesses. Beyond the economic impact to businesses, we’re also beginning to see an increase in cyber-attacks aimed at employees working remotely, which can have devastating effects
One form of cyber-attack in particular is ‘Phishing’, where attacks have increased 667% since February. Scammers often create these scam emails and texts after global phenomena occur; the most common of these topical attacks currently include: scam emails and texts from organisations such as the CDC and WHO containing; malicious links or attachments, requests for charity donations, communications which purport to have information on coronavirus cases in your area containing dangerous links. To protect against such attacks, we recommend the following:
- Never click links or download attachments from an unexpected email or text.
- If you receive a suspicious email from an official organisation i.e. the WHO or CDC, report this to the organisation via their website.
- If you would like to make a charity donation, type the organisation’s web address into your browser rather than following an email link.
Protection from cyber-attack
Last week, the Cybersecurity and Infrastructure Security Agency (CISA) warned that, by allowing employees to work remotely, businesses are opening themselves up to vulnerabilities that hackers can abuse. To access an organisation’s IT systems, employees working remotely are using private WiFi networks and are typically required to use a virtual private network (VPN), which makes them targets to cyber-attackers seeking access to these networks. Video conferencing tools have also become popular to keep in contact with colleagues, some however are reported not to be end-to-end encrypted, and may inadvertently leak data.
To protect against this, here are some key cybersecurity tips for businesses:
- Ensure VPNs, infrastructure network devices, and devices used to work remotely are updated regularly.
- Use strong passwords.
- Use Multi-Factor Authentication (MFA) for your private accounts, if possible.
- Protect your private WiFi and be extra careful using public WiFi
- Be vigilant – Distrust LinkedIn requests from profiles you don’t know, a supposed Microsoft employee that contacts you, and unexpected e-mails. Question any unrecognized or suspicious sender, don’t click on a link carelessly, and ask yourself why you received the email if it’s not work-related.
- Make your employees aware of the increased volume of phishing attacks.
- Don’t use tools or software which haven’t been security approved by your IT department.
- Make sure your IT personnel are prepared to increase tasks including log review, attack detection, incident response and recovery.
Protecting your Business
Nearly three-quarters of small and medium-sized businesses have suffered a security breach, and a report from the Federation of Small Business (FSB) says cybercrime targeting small and medium-sized businesses costs the UK an estimated £5.26bn a year. The report also notes that it costs small businesses disproportionately more than big businesses, when adjusted for organisational size.
It’s not just stolen funds that Organisations have to worry about. There’s also the cost of loss of data and damage to IT systems and networks as well as replacing any stolen or infected devices. In addition to this, in the event of a breach, there are further costs involved in notifying those affected, providing Credit Monitoring, dealing with regulatory bodies, and in some cases paying compensation, as well as re-building brand confidence through public relations advice and campaigns.
Cyber risk is now widely accepted as being one of the top emerging risks. As the pace of technological change continues unabated, organisations’ reliance on computer networks and the information they hold has become critical to their ability to offer products and services, interact with customers and employees, as well as ultimately generate revenue.
Davies as official Insurance Partners to the WSA, work with a number of
leading Cyber & Data Insurance providers, to ensure that we can put into
place a comprehensive policy to protect you against Cyber risks but also
support you with risk management and crisis containment.
Daniel Abbott, Sales & Development Director – Daniel.Abbott@watkindavies.com
T– 02920 626 226 M- 07808 641 438
Oliver Watkins, Director – Oliver.Watkins@watkindavies.com
T – 02920 626 226 M- 07734 236 052