A group of Cybersecurity experts have been voicing some recent concerns that people will be returning to work only to find malware on their office PCs. The general theme is, “Now is the time to get ahead of the game.”
Warnings over a spate of attacks as people return to offices have added to a big list of cyber-security professionals who say literally thousands of businesses are now potentially at risk when they reopen.
The UK’s most senior police officer for cyber-crime, & tax & advisory firm Blick Rothenberg pointed to a ‘toxic’ mix of pressures on business – to claw back revenue, while employees are still navigating a route back to normal office life.
Covid-19 specific scams
There is also a growing number of Covid-19 specific scams, as cyber-security firm CySure felt moved to issue some guidance on what SMEs can do to help protect their business & data.
David Hough, a Technology Specialist at Blick Rothenberg, commented “Businesses are facing huge pressures at the moment to get back to work & start getting money back in. They have lost income & for many who have furloughed staff they have still had bills to pay like rates, insurance & building maintenance.”
Working from Home
For those who have staff working from home, IT costs have been huge in providing laptops & other devices such as screens and scanners.
“For many, it is now crunch time and many businesses that may not pick up quickly like those in retail and hospitality will be thinking about redundancies if they cannot foresee bringing their income levels up to close to normal levels quickly.
“That pressure on generating income could cause businesses to overlook vital IT updates, malware scans or training that could leave them more susceptible to cyber-security breaches. These companies cannot afford the financial and reputational damage of a security breach on re-opening, so it is vital that an IT health check is performed in advance of reopening.”
Hough touched on evidence that revealed the “threat from cyber-criminals is rife & that they will take advantage of re-opening businesses where they can.”
He further commented that businesses need to be wary as they can as they go back to work & get their systems up & running.
Many businesses have reported phishing scams. These range from e-mails telling taxpayers they can claim tax refunds, to help in protecting themselves from the Coronavirus, Hough cautioned.
There are also emails about claiming that a person is eligible for a tax refund before then requesting a user to click on a link to ‘make a claim’.
Calvin Gan, Manager of the Tactical Defence Unit at cyber-security firm F-Secure commented that businesses must assume that there will be extra security risks as companies go back to the office or go back to work.
Gan explained “Effective cyber-security defence should be turned into a real-time, proactive, & adaptable process instead of a reactive one. Without this, we would expect to see companies shifting their cyber-security posture ad-hoc or in a hasty manner when a need arises again.
We already saw this as companies have to adapt to having remote work-forces. Now is the time to get ahead of the game.”
Account accesses, policy & security procedure changes made to facilitate remote work should be reassessed & readjusted periodically to determine if they are still relevant, he observed.
“It’s an important reminder that these actions & risk assessments are by no means a guaranteed way to expect 100% security. The consensus is to have organisations make risk-informed decisions that help them to be more resilient during this time of fast pace and constant changes.”
Cyber-security firm CySure has suggested a 3-point plan to combat criminals using concerns over Coronavirus to pursue cyber-attacks.
Guy Lloyd at CySure observed “The Coronavirus pandemic has taught us the importance of hand hygiene and now there is a need for greater cyber hygiene. As our day-to-day lives have changed, so too has the security threat landscape.
“With many workers remotely accessing vital business applications from home, security risks have inevitably increased. Cyber-criminals have no morals or ethics and do not stop their activities even for a global pandemic. In fact, attacks have stepped up as the bad guys find ways to exploit our fears to perpetrate cyber-attacks.”
3 steps SMEs can take to protect themselves include:-
Educating employees on exactly what to look out for to prevent various breaches, the most common is phishing scams.
2nd – becoming certified with a properly accredited scheme which provides a practical framework for an SME to assess its current cyber-security & compliance levels.
3rd – making themselves a harder target to attack by being fully Cyber Essentials compliant is designed to mitigate many of the attacks faced by businesses.