How are criminals taking advantage of the Coronavirus pandemic?
With the abrupt changes and uncertainties facing businesses due to COVID-19, cybercriminals have found themselves with an abundance of opportunities to exploit areas of weakness in those undertaking rapid and unprecedented transformation.
One vulnerability that impacts both businesses and individuals, is the thirst for knowledge and information at a time of uncertainty. This demand for information, which has grown faster than the ability of official sources to give verified information, has made anyone with access to the internet a prime target for misinformation.
Data shows us that criminals identified weak spots early on, with the first coronavirus-related cyber attack reports in the UK dating back to January 2020 - around the same time that Google Trends shows search volume for ‘Coronavirus’ began to increase. It didn't come as a surprise as cyber crime spikes in times of vulnerability - around political campaigns, for example - and this "has undoubtedly been the case with the Coronavirus outbreak", according to the National Cyber Security Centre.
What are the top 3 cyber threats?
Phishing, a form of social engineering, is one of the most popular ways for attackers to reach a high number of victims. This technique involves the criminal posing as a trustworthy person (for example, a trusted company or charity) with the objective of stealing your personal information and/or money.
Recently, phishing attacks have ranged from fraudulent email campaigns purporting to be from the NHS, the World Health Organisation and charities, to false cures and tests for the disease. These emails sometimes contain malicious software hidden behind links, illegitimately for donations, or collect sensitive personal data which can be used to commit fraud or ransom the victim.
2. False information sharing
Taking advantage of our need for information and lack of knowledge in the face of this new disease, criminals have also taken to an activity labelled as 'infodemic' by the World Health Organisation.
While receiving a WhatsApp containing a false story may seem annoying, at the rate and scale false stories are spreading, real damage can be done. To combat this, some social media sites and messaging platforms are taking measures to stop the spreading of fake news. WhatsApp, for example, has announced limits on forwarding messages. An organisation called Full Fact is fact-checking coronavirus stories.
3. Supply scams
As panic has led to shelves in pharmacies and supermarkets being emptied and online stores unable to cope with the demand for their delivery services, the temporary shortage of certain products has affected many who did not stockpile.
This has led to some insalubrious individuals to take advantage of the situation, selling in-demand products, such as face masks, hand sanitiser and even toilet paper, at a huge premium - or even selling stock that they do not have. With this in mind, it’s a good idea to check the authenticity of any business you are buying from online, by visiting Companies House and also checking the URL of the website you’re on to be sure that it’s the official site rather than a fraudulent one.
5 top tips for preventing cyber attacks against your business
Tip 1. While everyone in your business is working remotely, it may become harder to detect a cyberattack within the multitude of unsecured home WiFi networks. Consider moving to a cloud-based system, centralising server security.
Tip 2. When onboarding new employees or setting up access to systems and creating new accounts, be sure to create secure passwords. Where possible, it’s good practice to set up two-factor authentication for every user.
Tip 3. When setting up video conferencing calls, ensure that access information, such as meeting IDs, is shared on a need-to-know basis. Video conferencing tools such as Zoom have experienced skyrocketing numbers of users - great for coming together when working remotely - but it has also fallen victim to webcam crashers, compromising user privacy, leading to exposure of sensitive content.
"Sharing your private Zoom information with someone can also be quite dangerous as they can monitor your communication in the chat." - says Ben Davis, Insurance Lead in Emerging Technologies at Superscript.
Tip 4. Empower your employees to recognise cyber threats and common hacking techniques. While many cyber threats are too sophisticated for the untrained eye to detect, many are less sophisticated - a poorly worded email, or a strangely personal request from a distant friend or colleague. Sharing tips on how to question the authenticity of a website or email can potentially save you trouble down the line. The National Cyber Security Centre (NCSC) offers interactive e-learning tutorials aimed at helping those who work for small and medium sized businesses. But it’s a good idea to foster a culture of openness - if an employee thinks they may have fallen prey to an attack, it’s important that they feel comfortable disclosing it so that the repercussions can be dealt with.
Tip 5. When receiving an email from a financial services company, check the authenticity of the sender through the Financial Services Register and scam Warning List. Never open attachments in unexpected emails, as they may carry malware designed to steal your sensitive data. The rule also applies to emails coming from within your business. Always double-check for confirmation with the sender - if in doubt, call them up - and ensure you do not share any information with a third party. You can also check out the NCSC’s guide to mitigating malware and ransomware.
The bottom line is, as advised by Take Five to Stop Fraud, the key things to bear in mind before making any kind of online transaction are to: stop, challenge and protect. So this means taking a moment to think about your interaction with a website or email, challenge the source for authenticity, and report any possible scams to Action Fraud as soon as possible.
To help businesses to understand the way cyber criminals are exploiting vulnerabilities during this time Europol has released a report on pandemic profiteering. Keeping informed of trends is a good way to minimise the risk of your business falling victim to online attacks.
How can cyber insurance help?
Insurance Lead, Ben Davis, stresses the significance of an extensive cyber policy during the forced transformation of your business. "Think of a cyber policy as more of a crisis management and mitigation policy that protects you from the rapidly changing online environment. With phishing attacks using Coronavirus as an extra hook forcing employees to click on dangerous links, companies now more than ever need to be vigilant and look to mitigate their cyber exposure."
With the very real threat of cyber crime, it’s important to be able to protect yourself, your business and customers. A cyber insurance policy can help mitigate against risks that come with cyber attacks. Want to find out more about our cyber liability insurance? Read our guide to cyber insurance.
Stay safe (at home and online)!