Protecting against cyber-attacks during the lockdown

With a coronavirus ‘lockdown’ in effect across the UK, various countries in Europe and around the wider world, many of us now find ourselves working from home. This change has no doubt had a profound effect on businesses. Beyond the economic impact to businesses, we’re also beginning to see an increase in cyber-attacks aimed at employees working remotely, which can have devastating effects.

Phishing

One form of cyber-attack in particular is phishing, where attacks have increased 667% since February. Scammers often create these scam emails and texts after global phenomena occur; the most common of these topical attacks currently include: scam emails and texts from organisations such as the CDC and WHO containing; malicious links or attachments, requests for charity donations, communications which purport to have information on coronavirus cases in your area containing dangerous links. To protect against such attacks, we recommend the following:

  • Never click links or download attachments from an unexpected email or text.
  • If you receive a suspicious email from an official organisation i.e. the WHO or CDC, report this to the organisation via their website.
  • If you would like to make a charity donation, type the organisation’s web address into your browser rather than following an email link.

For more information the National Cyber Security Centre have written some extensive guidance here.

Protection from cyber-attack

Last week, the Cybersecurity and Infrastructure Security Agency (CISA) warned that, by allowing employees to work remotely, businesses are opening themselves up to vulnerabilities that hackers can abuse. To access an organisation’s IT systems, employees working remotely are using private WiFi networks and are typically required to use a virtual private network (VPN), which makes them targets to cyber-attackers seeking access to these networks
Video conferencing tools have also become popular to keep in contact with colleagues, some however are reported not to be end-to-end encrypted, and may inadvertently leak data.

To protect against this, here are some key cybersecurity tips for businesses:

  • Ensure VPNs, infrastructure network devices, and devices used to work remotely are updated regularly.
  • Use strong passwords.
  • Use Multi-Factor Authentication (MFA) for your private accounts, if possible.
  • Protect your private WiFi and be extra careful using public WiFi
  • Be vigilant – Distrust LinkedIn requests from profiles you don’t know, a supposed Microsoft employee that contacts you, and unexpected e-mails. Question any unrecognized or suspicious sender, don’t click on a link carelessly, and ask yourself why you received the email if it’s not work-related.
  • Make your employees aware of the increased volume of phishing attacks.
  • Don’t use tools or software which haven’t been security approved by your IT department.
  • Make sure your IT personnel are prepared to increase tasks including log review, attack detection, incident response and recovery.

For UK-based businesses who require information, read Insurance Business UK’s recent article or the National Cyber Security Centre’s guidance here.

Education

At NMU, we are actively trying to raise awareness of cyber risks by providing real life examples where data breaches and cyber-attacks have been suffered.

Cyber crime is on the increase, and insurance brokers are at as much risk of falling victim as any other type of business. As an example of where this has happened, a broker’s email account was hacked and they were subsequently impersonated by a fraudster, who then tricked their client into making a payment into a fraudulent bank account. We go into the detail of Customer Payment Fraud in our recent blog here.

AI has been used as a tool to both identify and prevent fraud, but it seems that the tide is turning – with AI mimicry being used to fool our eyes and ears in the form of DeepFake. Our blog explores the growing threat being used to scam businesses out of thousands, which you can read here.

Addressing the issues, our Cyber & Financial Lines Underwriting Manager, Matt Drinkwater said.

“During these unusual times, businesses must take steps to reduce the risk of opportunistic cyber-attackers penetrating their networks and ensure employees are aware of scams.”

For more information about our CyberSafe Insurance or our e-trade solution, contact your local NMU Development Underwriter or our CyberSafe team.


16/11/20

News: War & Strikes | 16th November 2020

Our War and Strikes risk update for 16th November is now online and can be found by... read more

05/11/20

News: Cyber Security Awareness Month Review: Keeping cyber perils at the forefront of your mind all year round  

Cyber Security Awareness Month may now be over, but if there is one key message to take... read more

03/11/20

News: Flood Response Planning

For business and commercial premises, it would be unthinkable not to have considered the threat from fire... read more