We recently wrote about a number of things that businesses should be considering if their employees are working from home during the COVID-19 crisis, one of which was the importance of managing cyber security. There is good reason for that.
Cyber criminals are using the growing uncertainty and fear surrounding Coronavirus and the sudden shift to working from home for the majority of workers as an opportunity to attack. The scams are increasing in numbers and changing each day; however, phishing attempts remain a popular option for fraudsters.
Some examples include:
- Fraudulent websites claiming to sell masks, medical supplies and other high-demand items, designed to take payment from victims for items that are never actually delivered.
- Emails impersonating the World Health Organisation (WHO) asking people to click to verify their email addresses in order to download safety measures. They are directed to the genuine WHO website, but their details are sent straight to the phisher.
- Fake charitable donation campaigns which claim to support individuals and communities affected by COVID-19, only for donations to be sent to fraudulent accounts.
- Fraudsters impersonating airline and travel companies either to obtain sensitive information or install malware on the computers of its victims.
What do the numbers say?
According to a recent survey, almost half of UK employees who are working from home during the pandemic have been victims of cybercrime. 42% of people working remotely have received suspicious emails and 18% have had a cyber security breach since the beginning of lockdown.
The National Cyber Security Centre (NCSC) has reported an increase in the registration of webpages relating to Coronavirus and suggest that this is likely because cyber criminals are taking advantage of the outbreak. The NCSC has set up a suspicious email reporting service, designed to check for scam emails and immediately remove criminal sites. It was launched after they removed more than 2,000 online scams in the last month, including:
- 200 phishing sites seeking to obtain personal information, such as passwords and card details.
- 471 fake online shops claiming to sell Coronavirus-related items.
- 555 websites designed to distribute malware and cause significant damage to visitors.
- 832 advance-fee frauds, where a large amount of money is promised in return for a set-up payment.
Other researchers identified a 560% growth in malicious domain name registrations from February to March 2020, including malware and phishing, and a 780% growth in ‘high-risk’ registrations, such as scams and domains that are associated with suspicious URLs.
What does this mean for businesses?
Many employers and employees are seeing the advantages of working from home for the first time, whether that’s the improved work-life balance it provides or the positive affect not having to commute can have on the environment. With that being said, it’s possible that remote working, although once quite alien to the majority of businesses, could be adopted in some form for the long-term.
The problem is, working away from the office and without access to a secure local network increases the risk of devices being hacked. Weak security settings, such as security software that hasn’t been updated, can expose sensitive company information to cyber criminals.
We would advise businesses to review their current cyber security policies to make sure that your employees’ devices are adequately protected for them to work safely from home. Whilst there are many precautions you can take to safeguard your business from a cyber-attack, from educating your employees about fraudulent scams to practical actions, such as ensuring devices are protected with antivirus solutions, cyber insurance will cover you for any losses you experience should the worst happen.
Can we help?
If you have any questions or would like further advice on how to protect your business from cybercrime, please contact our cyber specialist, Emma Francis today on 01792 704317 or at firstname.lastname@example.org.