The effect of Covid-19 and Government Lockdown has asserted business to make employees work from home, many of whom will not have done so regularly before. This may make many businesses more vulnerable to attack or other cybersecurity issues.
Business needs to consider the risks involved specially IT arrangements for remote working may not be as secure; employees may be unfamiliar with new IT arrangements for working from home; employees judgement to scams and suspicious communications during this pandemic.
We have seen reports of increase cybercrime during this pandemic. Action Fraud (the UK’s National Fraud and Cyber Crime Reporting Centre) reported a 400 per cent increase in coronavirus-related fraud reports in March. These figures relate to a variety of new scams, including:
A wide range of phishing scams including:
- Emails purporting to be from HM Government asking for donations to the NHS during the COVID-19 outbreak
- Emails purporting to be from a research group that mimic the Centre for Disease Control and Prevention (CDC) and World Health Organisation (WHO), requesting donations
- Communications containing investment scheme and trading advice encouraging people to take advantage of the coronavirus downturn
- Malware, spyware and Trojans have been found embedded in interactive coronavirus maps and websites. Spam emails are also tricking users into clicking on links which download malware to their computers or mobile devices
- Online shopping scams for products which have never been delivered (e.g. protective face-masks, hand-sanitiser).
What practical steps can businesses take to limit the risk/effect of cybercrime?
The fundamental preliminary step which all businesses should take in order to prevent a cyber-attack, is to consider and develop a strategy to prevent cyber-attack and how to respond if affected. Key elements of any such strategy are likely to include:
- Understanding the cyber security risk in relation to the individual business and its critical business operations
- Integration across information assurance and personnel, technical and physical security arrangements
- Establishing protective monitoring to prevent and deter the ‘insider’ threat from an organisation’s own employees
- Accepting that some attacks will breach defences, and planning on that basis.
There are a number of practical measures which businesses should consider as part of any such strategy to help protect against risks of cybercrime and to mitigate against the impact of any breaches of IT security:
- Protocol for outward payments
- Encryption of all devices
- Back up key files
- Necessary updates
- Use work devices if possible
- Paper documents
- Communication and training
When deciding how to proceed, businesses should consider both their short-term need and their longer term strategic interest to cyber security. A solution that works right now may not be best for those wishing to stay in the market long-term, and the need for an efficient stopgap needs to be balanced against the strategic benefits of negotiating a longer lasting solution.
If you have any issues with cyber security and data protection or any other aspects intellectual property you want to discuss, we at Briffa advises on all aspects of intellectual property law and practice and offers free 30-minute consultations to all new clients. If you would like to book a call or a meeting with one of our specialist IP lawyers, please contact firstname.lastname@example.org or 020 7288 6003.
Written by Hasnath Ahmed, Solicitor