As governments seek to contain the spread of the coronavirus, more than 20% of the global workforce is now operating remotely. This in turn has given rise to an increase in the number of phishing attacks. This places organisations throughout the world at high risk of a data breach and other IT security issues.
This last week, Crowdstrike has reported a sharp uptick in the number of COVID-19 malware, and malware associated with that in emails. While CNBC reported that 1in 3 executives had seen a spike in cyber threats – and a reported 40% in one organisation.
Most commonly, these attacks are coming in the form of COVID-19 themed text messages or emails. These contain a fake link that, if accessed, installs malware on your system or steals your credentials. The types found and detected have been designed to specifically access banking details or financial information.
Malware is opportunistic
Marcus Evans, Nutbourne’s Managing Director says ‘Malware is an opportunistic form of attack and works best when people don’t have good systems to repel it. As time has gone on, there’s been a kind of arms race with normal malware to get prepared for it. The Coronavirus has thrown all of this out of sync. People are working from home at very short notice and the new systems aren’t well set up. Additionally, people are reading as much as they can and so users are now more likely to click on links and access content. It’s a good time for malware to hit the mark. So the people who make money out of that are using it more. The whole situation has thrown many a company’s IT security London, out of kilter. ‘
‘So really, the malware is more extensive now for two main reasons. One is that people are worried, and it’s easy to target things at them. The other is that people are working from home, in some cases with hastily set up systems, causing them issues. ‘
What to look out for
Though the current scenario we find ourselves in is different. The tactics employed by the attackers are the same – so the message is to remain vigilant and wary. The general advice is that if an email or message sounds too good to be true, it probably is. The government is highly unlikely to be offering you COVID 19 treatment or financial help over an email or SMS. Equally, be aware of correspondence from people you know that sounds unlike them or asks you to do something that you wouldn’t normally be asked to do over email – the chances are it will be fake.
“We have seen instances in the past where the Managing Director of a company has had their email hacked and the hacker has sent a fake invoice to the accounts department asking for immediate payment,” says Patrick. “These are actually surprisingly common, so everyone ought to be aware. Equally, if that’s the way your company normally works – and many do – I would suggest putting a new procedure in place and taking steps to secure emails. That procedure could be something simple like the verification of an invoice through another medium of communication – SMS for example.
IT Security London Advice
“Right now we are facing unprecedented circumstances and a lot of organisations are adapting to new ways of working for the first time,” Patrick adds. “To that end, there’s a lot of communication from organisations and the government. Scammers are aware of this and are preying on fear and the need for information. Most scams are coming via email and are disguised as legitimate communication. For example telling offices workers about office closures or ways of working. At the end of the day, these emails are usually after two things – credential capture for network access or malware to infect it.”
The best, and most simple advice is to not click on any link if you’re not sure it’s legitimate. If there’s even the slightest doubt you’re being scammed, there’s a few simple, common sense measures that you can take. The easiest is to check the sender’s email address so that you can confirm they are who they claim to be and that their contact name and email address tally.
“There are usual tell-tale signs like poor grammar, poor design and the way you are addressed,” Patrick adds. “If it’s addressing you as ‘valued customer or valued colleague then be suspicious. Be wary of someone trying to mimic someone you know as well. A usual sign of this is urgency i.e. pay X amount in the next 24 hours. Always verify with that person. These are all simple additional IT security measures that your employees can take that will help you immeasurably.”
So, with a dispersed workforce, what steps can you take to protect against phishing attacks? Patrick advises basic cybersecurity solutions, an IT hygiene code, if you like! This includes patching servers, good quality spam & virus solutions and maintaining awareness of likely threats. Because the workforce is fragmented, it’s also a good idea to set up a knowledge base as well as a chain of command to ensure that everyone in the workforce is aware of potential threats that are circulating.
“I’ll reiterate this because it’s worth repeating – don’t click on anything you’re not sure of. The last thing any company needs in the current situation is to have their files encrypted and to have to pay a huge ransom to get them back. Always check if you’re not sure. For a long time, this has been one of the most effective IT security London measures you can take, and it remains so.
“Business will obviously need to communicate with their teams – and this is crucial. Establishing intranet pages to post information on is a safe and simple way to do this. Encouraging employees to check this daily or alerting them to updates through the chain of command keeps everyone informed and reduces the likelihood of malicious email links being opened and infecting the network.
“I would also ensure that everyone is using secured Wi-Fi at home and that Multi Factor Authentication is being used for email logins. The latter is now a minimum I would recommend anyway, so make sure that is in place.
With threats lurking around every corner, especially during the pandemic, IT Security London is vital. So, if you’d like to find out more about Nutbourne’s IT security tips and tricks, then get in touch. Call one of London’s leading IT project consultants today on 0203 137 7273.