Keep calm – and carry on working safely!

For those outside the world of cyber security, the term ‘risk surface area’ probably won’t mean much.

But with millions of UK staff working from home for weeks or possibly months ahead, it is something which has suddenly become much bigger.

The ‘risk surface area’ covers all the elements of an IT system that cyber attackers can target through phishing, ransomware, malware infections and denial-of-service attacks.

Although technology is helping many businesses and organisations keep going during the current crisis, the dramatic shift in working patterns sadly means the risks of attacks have also ramped up.

Spike in breaches

Cyber-criminals have been quick to seize on the opportunities with a spike in breaches already being seen, including successful ransomware attacks designed to take advantage of heightened fears around the Covid-19 pandemic.

Since February, the UK’s National Fraud Intelligence Bureau, which focuses on financially-motivated cyber-crime, has identified more than 20 incidents where coronavirus was mentioned with victim losses totalling more than £900,000.

As far back as January, bogus emails purporting to be from official sources warned recipients to be aware of the threats of the virus. Those who fell victim entered sensitive details into what they thought was a genuine Office 365 site.

Another scam involves a ‘Covid-19-Tracker’ Android app which claims to geographically track new outbreaks and highlight areas to avoid. However, when downloaded the ransomware locks mobile phones with users then asked to pay $100 in Bitcoin in order to access their device again.

The risks posed to the NHS from cyber-attacks, at what is an unfamiliar and difficult time, are particularly concerning. In 2017, computers in hospitals across the UK were crippled in the global WannaCry attack. That attack is estimated to have cost the NHS £92m, but the price of a similar attack in the weeks ahead could be much significant in terms of human lives.

Simple steps to reduce risks

Although a cyber-attack can have very serious consequences, the steps to dramatically minimise the risk, and for staff to maintain good ‘cyber hygiene’ are relatively simple – the technology equivalent of hand-washing.

For example, a password lock on a phone can help prevent ransomware attacks like the Covid-19-Tracker. Regularly reminding staff that ‘if it looks wrong it probably is’ can dramatically reduce incidents of them clicking on something they shouldn’t.

There is wealth of information out there from reliable sources such as the National Cyber Security Centre (NCSC) which has guidance on home working as well as a ‘Top Tips for Staff’ e-learning course.

In summary:

  • Apply patches and security updates as soon as possible. Anti-malware should be updated using a ‘push’ rather than ‘pull’ regime and scans carried out automatically.
  • Ensure staff are aware of how to spot potential attacks and that an effective reporting procedure is in place.
  • Remind staff to make sure they are not being overlooked when working in a public environment.
  • Ensure devices can be remotely locked, data erased or backups retrieved.
  • Ensure credentials including tokens are securely stored and changed when required.
  • Use encryption tools to protect stored data and secure connections such as a VPN for data in transit.

As we all now take steps to protect ourselves and others from the health risks of Covid-19, it is important to also do the same against those who will look to use the crisis to expose our IT vulnerabilities.

In a series of upcoming articles, Gemserv will be looking in more detail at the ways to help organisations and their staff stay safe and work productively.

Share this...

Share on email
Share on twitter
Share on linkedin
Share on facebook

Find out

More

Every day our teams of experts are analysing information like this, providing high-level need to know reports for our clients so they can continue to stay ahead and lead their industries.

Get an unfair advantage – subscribe to our mailing list by filling out the form opposite. You can find out how we look after your data in our Data Policy.

About the Authors

We are in unprecedented times and businesses are needing to adapt faster than ever to an ever changing situation. But what does that mean in practice and what does that mean for employees?

We are launching a series of live podcasts with some of our team whose backgrounds are in IT, Security, Business Resilience and Digital Transformation. They will discuss advice and guidance for companies in the process of adapting to unprecedented changes in the way we work and live.

Following the most recent government guidance, we are asking all but essential staff to work remotely. Consequently, for the time being, we will no longer be hosting meetings at our London and Dublin offices, though we will continue to provide our services as normal.

Visit our Coronavirus Information Page for full details of the procedures we are adhering to and who to contact if you have any questions

Following the most recent government guidance, we are asking all but essential staff to work remotely. Consequently, for the time being, we will no longer be hosting meetings at our London and Dublin offices, though we will continue to provide our services as normal.

Visit our Coronavirus Information Page for full details of the procedures we are adhering to and who to contact if you have any questions