As millions of employees are now working from home, many companies have been forced to actively tackle the excess strain on their VPNs and other systems.
This inadvertent ‘stress testing’ has revealed both minor and much more significant vulnerabilities across countless businesses’ IT systems worldwide. From being unable to perform regular maintenance updates and forensic tests to using tools that were not designed to work offsite, while we’re adapting to this learning curve, cybercriminals are looking to take advantage.
To counteract this risk, ensure that your staff are all aware of cyber risk and know what they can personally do to help keep your business safe. This includes setting up secure passwords, not opening suspicious emails and reporting anything untoward to your IT team.
In order to remain vigilant against cybercrime, it helps to be conscious of the type of attacks conducted by cybercriminals at present. We take a look at the way these emerge, who has been affected in recent times, and the measures you can take to protect both yourself and your business.
Bogus important updates
During these unprecedented times, many of us are following our government-led coronavirus updates but amongst them, fake news is being spread far and wide. The National Cyber Security Centre has recently warned of “bogus emails with links claiming to have important updates, which once clicked on lead to devices being infected.” Many of these emails offer paid-for access to a live map of local COVID-19 cases. To avoid getting caught out, seek out news from legitimate sites and avoid clicking on emails that seem suspicious.
To get a quick indication of a scam sender, if you right-click on the email before opening it and click ‘Forward’, you will see the email sender in the ‘From’ box. Should this appear as a lot of jumbled up letters or includes suspicious wording – it’s probably not legitimate.
Are they WHO they say they are?
Recently, the World Health Organisation (WHO) warned of criminals disguising themselves as the WHO to steal money or sensitive information. As well as digital methods such as emails and fake websites, they also target people through phone calls, text messages and even via fax machines. If you are contacted by the WHO, there are several red flags to look out for including asking for sensitive information, provoking a sense of urgency and requesting donations.
The WHO clarified on their website:
“The World Health Organization will:
- never ask for your username or password to access safety information
- never email attachments you didn’t ask for
- never ask you to visit a link outside of www.who.int
- never charge money to apply for a job, register for a conference, or reserve a hotel
- never conduct lotteries or offer prizes, grants, certificates or funding through email.”
To ensure your information doesn’t get into the wrong hands, never rush into any action, regardless of the sense of urgency the communication tries to evoke.
Attacks against hospitals
With increasing pressure to treat those affected by the coronavirus, hospitals and medical centres globally are also having to contend with the ongoing threat of cyberattacks. The overwhelming majority of these are ‘ransomware’ attacks, which typically act by encrypting vital medical data and consequentially demanding large sums of money to put it right. Not only does this distract the centre from their already overwhelming workload, but it also puts patients at risk and can result in the loss of life.
The Spanish Law Enforcement recently announced that malicious software was attempting to break the IT systems of their medical facilities, urging health workers to be vigilant in opening suspicious emails.
Online shopping scams
Due to a rise in demand for hygiene and protection products such as facemasks, hand sanitiser and other products, dodgy dealers have spotted an opportunity for their latest scam. The majority of reports reveal that shoppers have bought these products online, only for them never to arrive. Alongside this, there are a worrying amount of cases where products are being sold online which contain dangerous or banned ingredients. In the murky world of the darknet, cybercriminals are working together to distribute these far and wide using COVID-19 discounts and specials.
To protect yourself, consider the source of the product, is it a trusted site you’ve visited before? Do they have positive customer reviews? In this current situation, these types of products are difficult to come by, so if the offer seems too good to be true then it probably is.
In these worrying and uncertain times, we understand that the last thing you need is having to deal with the repercussions of a cyberattack. For businesses with cyber insurance, we’re happy to run through the terms of your policy with you to ensure you understand what you’re covered for.
For those not covered, or if you want to discuss any other insurance matter in the meantime please feel free to contact the team at EIC Insurance either by calling the office on 01442 286910 or via email.