Coronavirus: Fighting the rise in cyber criminals from the home office
With many people working remotely because of the coronavirus outbreak, the number of cyber incidents is increasing as hackers, scammers and spammers look to exploit vulnerabilities in an attempt to steal valuable information. In response, AGCS experts highlight a number of measures that can help employees to better combat the cyber challenges Covid-19 brings.
Coronavirus is changing how people work and interact every day. Many companies have needed to expand their remote working capacity as a result of the outbreak – and usually at very short notice. In order to provide as many employees as possible with easy access to operating software and systems quickly, in some cases IT security standards may have had to be lowered or suspended, resulting in potential cyber security exposures for companies.
One consequence of potentially laxer security may be that cybercriminals and hackers may find it easier to penetrate previous effectively protected corporate systems, causing data breaches, cyber blackmail intrusions and IT system failures. It is estimated that anywhere between 50% and 90% of data breaches are caused or abetted by employees, be it by simple error or by falling victim of phishing or social engineering.
According to the Allianz Risk Barometer, an annual survey of more than 2,700 risk management experts around the globe, cyber risk already ranked as the number one threat for businesses in 2020 before the coronavirus outbreak, driven by concerns about data breaches becoming larger and more expensive; ransomware incidents bringing increasing losses; and Business Email Compromise (BEC) or spoofing attacks, which typically involve social engineering and phishing emails to dupe employees into revealing confidential or valuable information, increasing in frequency. BEC attacks have resulted in fraudulent losses in excess of $20bn since 2016.
Unfortunately, the significant increase in home workers accessing the corporate network with a virtual private network (VPN) connection because of the coronavirus pandemic only exacerbates these risks, providing a perfect opportunity for cyber criminals, as recent events demonstrate only too well.
Coronavirus phishing scams with malicious links or attachments sent out by email or WhatsApp messages started circulating in January 2020 and their number has continued to increase since. The European Commission has said that cybercrime in the EU has risen since the outbreak began, while The World Health Organization (WHO) recently warned about suspicious email messages attempting to take advantage of the Covid-19 emergency by stealing money and sensitive information from the public. In some countries, data shows that the number of attempted cyber attacks increased five-fold between mid-February and mid-March. In April, Google detected and blocked more than 18 million malware and phishing emails and 240 million daily spam messages related to the pandemic in a single week[1] . In total, the tech giant blocks more than 100 million phishing emails each day.
“Remote workers may be dressing down in the home office but this does not mean that they can be casual when it comes to maintaining IT security standards,” says Jens Krickhahn, a Regional Practice Leader of Cyber Insurance at AGCS.
In the new risk bulletin: Coronavirus: Staying Cyber-Secure Through The Pandemic, AGCS cyber experts provide an overview of tips and measures to consider to combat internet attacks. These are based on the core measures of the German Federal Office for Information Security and the guidelines of the Charter of Trust, an association of companies promoting global IT security, of which Allianz is a member, and apply to all devices, including those provided by companies for employees to use.
Suggested measures to consider for bolstering IT security in the home office highlighted in the bulletin include:
- keeping software up-to-date
- activating virus protection and firewalls
- being increasingly cautious about sharing personal data – online fraudsters increase their success rates by addressing victims individually
- making sure web browsers are up-to-date
- keeping passwords safe and changing them regularly. The general rule: the longer, the better
- protecting confidential emails with encryption
- only downloading data from trusted sources
- making regular backups
- turning off voice-activated smart devices and covering webcams when not in use
- making clear distinctions between devices and information for business and personal use and not transferring work between the two. This will prevent unintentional information leakage
- identifying all participants in online sessions
- logging out when devices are no longer in use and keeping them secure
- following security practices for printing and handling confidential documents
- being careful with suspicious e-mails or attachments, especially if the sender is unknown.
For the full overview of IT security measures download the bulletin here.
All of the recommendations are technical advisory in nature from a risk management perspective and may not apply to specific operations. Please review any loss prevention measures carefully and determine how they can best apply to specific needs prior to implementation. Any queries relating to insurance cover should be made with your local contact in underwriting and/or broker.