The current COVID-19 pandemic is creating numerous problems for businesses regardless of size or sector, but especially small businesses. Businesses are fighting hard every day to stay alive with many being impacted economically by the virus. On top of this many are now having to face an increased cyber threat.
As businesses deal with the fall out of COVID-19, the criminal fraternity are gearing up to take advantage of the situation. We have seen a considerable increase in the number of cyber-attacks over the last few weeks. Barracuda Networks recently revealed there has been a 667% increase in Phishing emails related to Coronavirus since the end of February.
Specifically, criminals are targeting employees unused to working from home, and exploiting their uncertainty in this unprecedented situation.
Understand the risks
The main threats for most aren’t from nation states. Criminal gangs are the main cause for concern and regularly cause the most damage. Phishing scams are the criminals attack of choice as it is simple, cheap and effective - over 80% of cyber-attacks are confirmed as starting with a phishing scam.
Trust the experts
Follow the Government’s guidelines on phishing, and cyber security in general - the National Cyber Security Centre (NCSC) website has guidance and resources covering all aspects of cyber security, for further information visit www.ncsc.gov.uk.
Here are some tips direct from the NCSC on spotting phishing emails:
Many phishing emails have poor grammar, punctuation and spelling.
Is the design and overall quality what you'd expect from the organisation the email is supposed to come from?
Is it addressed to you by name, or does it refer to 'valued customer', or 'friend', or 'colleague'? This can be a sign that the sender does not actually know you, and that it is part of a phishing scam.
Does the email contain a veiled threat that asks you to act urgently? Be suspicious of words like 'send these details within 24 hours' or 'you have been a victim of crime, click here immediately'.
Look at the sender's name. Does it sound legitimate, or is it trying to mimic someone you know?
If it sounds too good to be true, it probably is. It's most unlikely that someone will want to give you money, or give you access to a secret part of the Internet.
Your bank, or any other official source, should never ask you to supply personal information from an email.
Plan for the worst-case scenario
Failing to prepare is preparing to fail. We don’t think twice about fire alarm tests and fire drills and we all watch the flight attendant run through emergency procedures before take-off. Developing an emergency response plan is crucial to surviving a cyber-attack. The NCSC has developed a dedicated ‘Response and Recovery Guide for Small Business’, visit https://www.ncsc.gov.uk/collection/small-business-guidance--response-and-recovery
Stay safe and stay aware
Always be on guard, expect the unexpected, imagine that you’re going to be hacked, and be ready to execute your plan.
Backup, backup, backup
As part of your daily routine, ensure you are backing up your data as often as required and ensure you’re keeping your backup data off your network. Should you fall victim to an attack you’ll only lose some data, this coupled with the emergency response plan you’ve developed, you should be able to mitigate the attack and continue operations quickly.
Most problems almost always present opportunities. Whilst there has been an inevitable negative impact on businesses providing traditional in-person services, some digital based businesses have seen sales rocket. The chance for businesses to embrace and adopt secure digitalisation could provide opportunities to innovate.
This could mean the development of a new product or service or gaining access to new markets, or, it could be to improve efficiencies by changing processes. It might be that diversification and changing business models/practices will help some companies to continue to operate during this challenging time.
Jon Lomas from Lancaster University leads the delivery of the “Secure Digitalisation’ programme as part of The Greater Manchester Cyber Foundry project.
The Greater Manchester Cyber Foundry is a unique partnership between Lancaster University, Manchester Metropolitan University, The University of Manchester and the University of Salford, providing a Cyber Innovation programme that supports SMEs based in Greater Manchester to defend, innovate and grow their business.
The programme is part-funded by the European Union European Regional Development Fund.
For more details go to www.gmcyberfoundry.ac.uk