We have been talking for weeks about the rise in cyber attacks during the Covid 19 pandemic. This week the Government discussed the rise in cyber attacks in its daily briefing and highlighted the joint warning that the UK’s National Cyber Security Centre and USA’s Cyber security & Infrastructure Security’s agency had released, warning of such activities targeting businesses, in particular healthcare, pharmaceutical organisations and local government. The World Health Organisation, for example, has reported 5 fold increase in cyber attacks, directed at both staff and the public.
Even though your business may not be in the Government or Healthcare sector, cyber criminals and malicious groups are still exploiting businesses through Covid 19 in various ways.
Action fraud have identified the 4 most common scams targeting business:
1. Government grant/tax refund
Cyber criminals are disguising themselves as Government officials suggesting the business may qualify for a special COVID-19 grant or tax refund, and asking for confidential business details such as bank details and employee information.
2. Invoice/mandate Scams
A business is contacted by a cyber criminal spoofing themselves as a supplier, but saying that their bank details have changed and can all future payments be sent to a new bank account.
3. CEO Impersonation Scams
This scam is when cyber criminals spoof company email accounts and impersonate executives/senior leaders to try and fool an employee into executing unauthorised payments or sending out confidential information.
This is particularly exploiting the homeworking environment when senior and junior staff are not in the same building so thorough checks cannot be made.
4. Tech support scams
Criminals are impersonating themselves as your IT company, and are trying to gain access to passwords and login details with the view to get access to company data.
There are also a range of coronavirus scams targeting individuals in the form of emails and texts, for example an email saying that protective items are for sale. This is a fake advert and once paid, the goods never arrive. Santander have produced a video highlighting common coronavirus scams, which is worth a watch.
You can find out more about “spotting email scams – what to look out for?” in our previous blog.
As a business are you aware of the increased cyber threat?
Have you taken steps to protect yourself and your business?
Have you put processes in place to mitigate any harm to your business if you are subject to an attack?
As a starting point we would recommend that you advise all colleagues to:
- Think before you act on an email or text giving out personal information & bank details
- Verify the person/organisation is who they say they are. For example if it’s your IT provider, say you will ring back on the number that you have for IT support.
- Never share passwords or pins. No organisation would ask you to do this.
- Ring a senior member of staff if you think anything is suspicious.
There are also a range of other resources to help you on the NCSC website including passwords,phishing and personal data.
As Dominic Raab said this week “preventative action is often the best way to deny attackers the opportunity to get what they are looking for”.
We couldn’t agree more.
As IT Security specialists we put cyber security at the heart of everything we do with our customers. As a business we are cyber essentials certified and we ensure the 5 controls of cyber essentials are carried out with all of our clients. Cyber essentials is a Government backed preventative standard which has shown can reduce your business’ risk of a cyber attack by up to 88%.
If you want to discuss what measures you can put in place to secure your business and prevent an attack, please contact us.