It’s a sad fact that criminals thrive in times of uncertainty and fear, and there’s already been a spike in cyber attacks related to the coronavirus outbreak. With so many employees now working at home, often using new unfamiliar apps, companies need to be especially vigilant regarding cyber threats. So here is a quick reminder of some basic good practices and some useful resources to share with staff.
Spike in new cyber attacks
The National Cyber Security Centre (NCSC) have reported an increase in phishing attempts which refer directly to the coronavirus. These emails often encourage users to click on links to fake websites, leading to malware of some kind being downloaded by the users.
For example, there was a wave of emails which purported to come from the World Health Organisation related to coronavirus. There are also reports of an increase in emails pretending to come from IT service desks about remote working or access, which again encourage users to click on links or provide authentication information to criminals. Specific sectors are being targeted. There were attacks reported on the US healthcare agency last week, with sectors such as healthcare under particular attack.
At the same time as these new attacks, many organisations have opened up new vulnerabilities in their sudden switch to home working. Staff may be using unfamiliar apps and bypassing controls in order to be able to work effectively. They are also likely to be stressed and worried and may not think about cyber security.
Get the basics right
There are lots of simple guides to help small and medium sized organisations focus on the most important steps, including ICAEW;s 10 steps to cyber security for smaller firms and the NCSC’s Small Business Guide to Cyber Security.
Some of the key points to focus on at this point are:
Help users to be vigilant
At the moment, staff should be vigilant when looking at emails and clicking on links. Phishing emails can be very convincing and professional-looking but there are some key things to look out for. The NCSC guidance gives the following general tips around phishing emails:
It is also useful to hover over a link to see the actual hyperlink address that you are being directed to, not just the text in the email. Finally, if in any doubt, double check any claims made in the email, for example call colleagues or banks to check whether they have sent the email in question.
The NCSC has a wealth of resources to help businesses of all sizes. As well as the Small Business Guide, they provide a free cyber security training course for staff that can be watched online. The NCSC also sends out a weekly threat report which highlights new or particular important threats or attacks.
ICAEW has a wide range of support for members on cyber which can be found at icaew.com/cyber. Free resources from the Tech Faculty include a short video giving an overview of the topic, as well as the 10 steps guide. We also have over twenty evergreen cyber security tips of the week on Tech News.