Protecting against cyber-attacks during the lockdown3rd April 2020
With a coronavirus ‘lockdown’ in effect across the UK, various countries in Europe and around the wider world, many of us now find ourselves working from home. This change has no doubt had a profound effect on businesses. Beyond the economic impact to businesses, we’re also beginning to see an increase in cyber-attacks aimed at employees working remotely, which can have devastating effects.
One form of cyber-attack in particular is phishing, where attacks have increased 667% since February. Scammers often create these scam emails and texts after global phenomena occur; the most common of these topical attacks currently include: scam emails and texts from organisations such as the CDC and WHO containing; malicious links or attachments, requests for charity donations, communications which purport to have information on coronavirus cases in your area containing dangerous links. To protect against such attacks, we recommend the following:
- Never click links or download attachments from an unexpected email or text.
- If you receive a suspicious email from an official organisation i.e. the WHO or CDC, report this to the organisation via their website.
- If you would like to make a charity donation, type the organisation’s web address into your browser rather than following an email link.
For more information the National Cyber Security Centre have written some extensive guidance here.
Protection from cyber-attack
Last week, the Cybersecurity and Infrastructure Security Agency (CISA) warned that, by allowing employees to work remotely, businesses are opening themselves up to vulnerabilities that hackers can abuse. To access an organisation’s IT systems, employees working remotely are using private WiFi networks and are typically required to use a virtual private network (VPN), which makes them targets to cyber-attackers seeking access to these networks
Video conferencing tools have also become popular to keep in contact with colleagues, some however are reported not to be end-to-end encrypted, and may inadvertently leak data.
To protect against this, here are some key cybersecurity tips for businesses:
- Ensure VPNs, infrastructure network devices, and devices used to work remotely are updated regularly.
- Use strong passwords.
- Use Multi-Factor Authentication (MFA) for your private accounts, if possible.
- Protect your private WiFi and be extra careful using public WiFi
- Be vigilant – Distrust LinkedIn requests from profiles you don’t know, a supposed Microsoft employee that contacts you, and unexpected e-mails. Question any unrecognized or suspicious sender, don’t click on a link carelessly, and ask yourself why you received the email if it’s not work-related.
- Make your employees aware of the increased volume of phishing attacks.
- Don’t use tools or software which haven’t been security approved by your IT department.
- Make sure your IT personnel are prepared to increase tasks including log review, attack detection, incident response and recovery.
At NMU, we are actively trying to raise awareness of cyber risks by providing real life examples where data breaches and cyber-attacks have been suffered.
Cyber crime is on the increase, and insurance brokers are at as much risk of falling victim as any other type of business. As an example of where this has happened, a broker’s email account was hacked and they were subsequently impersonated by a fraudster, who then tricked their client into making a payment into a fraudulent bank account. We go into the detail of Customer Payment Fraud in our recent blog here.
AI has been used as a tool to both identify and prevent fraud, but it seems that the tide is turning – with AI mimicry being used to fool our eyes and ears in the form of DeepFake. Our blog explores the growing threat being used to scam businesses out of thousands, which you can read here.
Addressing the issues, our Cyber & Financial Lines Underwriting Manager, Matt Drinkwater said.
“During these unusual times, businesses must take steps to reduce the risk of opportunistic cyber-attackers penetrating their networks and ensure employees are aware of scams.”