The rapid acceleration of the digital transformation triggered by the Covid-19 pandemic has revealed numerous vulnerabilities which cybercriminals have been quick to exploit. Both businesses and individuals need to take steps to mitigate the potentially catastrophic consequences of a data breach. How safe are your systems?
Remote working became the new normal at the height of the pandemic and led to a precipitous and highly concerning increase in cyber incidents. Here are some stats:
- In April 2020 cyberattacks in Switzerland soared from a norm of 100-150 attacks per month to 300.
- 47% of individuals working in the tech industry have clicked on a phishing email at work
- In July 2020 Action Fraud in the UK reported a total of £11,316,266 lost by 2,866 victims of coronavirus-related scams
- In April 2020 Google saw more than 18 million daily email scams related to Covid-19 in a single week
Different methods of cyberattack
- Phishing – when cybercriminals extract sensitive information like passwords and credit card numbers which can then be used fraudulently.
- Fraudulent websites – these include simple scams which trick people into purchasing non-existent or substandard goods (during the pandemic, particularly items such as masks and hand sanitizer) to sites which mimic genuine websites with the intention of stealing data and committing fraud
- Videoconferencing data breaches – hackers gain access to meetings on platforms such as Zoom to steal important data
- Ransomware – malware which is installed on the victim’s device and employs encryption to prevent access to the information on it until a ransom is paid
- Spyware – malware which is installed on a computer without its owner’s knowledge to monitor their activity and transmit the information to a third party
This is not an exhaustive list and cybercrime is constantly evolving which makes it extremely difficult for large companies to keep up with the scammers, let alone small and medium sized businesses who may lack the budget or expertise to sufficiently protect themselves. In addition, as companies had to pivot to increase home working capacity extremely fast, cybersecurity may not have been prioritized as much as it should have been.
It is clearly important that individuals and businesses take steps to reinforce security measures protect against cybercrime. There are lots of ways to do this. Here are some of them:
How individuals can protect themselves against Covid-related cybercrime
- Run regular antivirus and anti-malware scans and update software regularly
- Be vigilant when receiving emails – always check the authenticity of the sender’s address
- If in doubt, seek advice before clicking on any links or attachments
- Ensure that the wifi connection has a strong password
- Do not use the same password for numerous websites and social media accounts
- Never respond to unsolicited messages requesting personal or financial details
- Be alert for scam web pages – sophisticated and convincing copies of government and official websites exist so always check the URL
- Beware of fake adverts offering items for sale and asking for deposit payments up front
- Use credit cards when shopping online as they offer stronger protection
- Check your bank account regularly for suspicious activity
- Never send money upfront to someone you don’t know
How businesses can protect themselves against Covid-related cybercrime
- Issue company laptops, phones and tablets to avoid employees using their personal devices to access work information
- Provide all employees working from home with a licence for antivirus software and update regularly
- Secure teleworking equipment with measures such as privacy screens, inactivity timeouts, strong authentication and hard disk encryption
- Establish clear corporate policies on teleworking and ensure that these are communicated to all employees
- Educate all employees on best practice with regard to data protection and cloud storage
- Set up a virtual private network (VPN) with multi-factor authentication to add a further layer of protection for your employees who are working from home
- Review your systems regularly for weak spots and vulnerabilities
- Ensure that you have a business continuity plan in place in case of a serious data breach
Remote working is here to stay for many companies and employees, at least on a part-time basis so it is crucial that we all focus on making our systems and working practices resilient to cyberattacks.
For more information on cybersecurity measures check out the Europol website.
I have over 20 years of experience in the financial services industry and hold a Chartered FCSI qualification. I ensure that our operations are fully compliant with the rules of our most stringent regulators.