The Police Action Fraud team announced an increase by 400% during March for Coronavirus related frauds taking place and Google are reporting as many as 18 million hoax emails around the subject every day worldwide.
Irrespective of size, cyber insurance should not be an option. It is something that every sensible company owner should include as part of their business plans, in addition to having systems, software, processes, and procedures in place. Since May 2018, businesses can be fined up to 4% of annual global turnover, or €20m (whichever is greater), yet according to the ABI only 11% of UK businesses buy cyber insurance cover.
Most common information security risks are the result of human error or someone ignoring or not knowing about processes and procedures, offering an easy route for accidental or malicious activities. Home networks are far less secure because there is no expert employed to configure and maintain security systems. In the past, an organisation’s IT infrastructure was the most likely weak point. Today, it is more likely to be you or your colleagues! Criminals often see individual employees as gateways to gain access to personal and organisational data.
Within cybercrime, there are five likely areas of attack:
Phishing: An attempt to acquire data such as passwords or banking details by masquerading as a trustworthy email sender. With more people working from home there has been a rise in phishing attempts so watch out for emails trying to tap into fears related to coronavirus such as charity, investment or product scams. In 2019, The National Cyber Security Centre (NCSC) removed over 177,000 UK-based phishing websites from the internet.
Malware attacks: Short for malicious software, this can be any software designed to cause damage or harm to a computer. Research carried out by BitSight on behalf of Hiscox, found that home networks are three and a half times more likely to have a piece of malware operating on them than corporate networks and more likely to have at least five types of malware present.
Ransomware: A type of malware that prevents or limits users from accessing their system, either by locking the systems screen or the user’s files unless a ransom is paid. During the current pandemic, Interpol's cybercrime team have said it has detected a "significant increase", noting a rise in the number of attempted ransomware attacks against key organisations around the world, including hospitals.
Weak passwords: Obvious, but too many people use the same password on multiple sites, include personal data or use very simple, easy to crack ones. SplashData compile a yearly list of the 25 most used passwords and in 2018 they were: 1st: 123456, 2nd: password, 3rd: 123456789, 4th 12345678, 5th: 12345.
Insider threats: A person or group of persons within a company who pose a potential to risk through violating security policies, either maliciously or negligently. The nature of insider threats means that that traditional preventative security measures are often ineffective.
Industry experts suggest it is not IF, but WHEN, you will be a victim, so what can you do?
It is a good idea to understand what it is you are trying to protect and then develop a plan that focuses on security/prevention, education, and insurance. Below are a few basic and well documented tips on cyber security:
- On security and prevention, ensure all devices have suitable protection in place (such as firewalls) and that anti-virus software is kept fully up-to-date. Use strong passwords and set up two-factor authentication, install updates regularly, and back up your data, in fact back-up your back-up! If you do not have IT departments within your organisation, engage with a good local IT company who can work with you and provide support, help and guidance.
- Educate and train you and your staff on how, what, why and when. We can provide training guides and checklists to support you and your business.*
- Insurance will not stop it happening, but it will be there to help put it right. Vizion deal with a panel of insurers who offer stand-alone policy cover or can include as part of your business insurance policy. Cover varies between products but will usually include:
- Immediate support and incident management by a team of experts
- Costs of investigation
- Repairing, restoring, and replacing your website, networks, and data
- Business disruption and loss of income
- Legal fees, fines, and compensation costs
- Cyber extortion and ransom
- PR costs to manage reputational damage
If you would like to review your business insurance and cyber cover please get in contact.
*Training material provided to Vizion by Zywave.