The spread of coronavirus has left business owners under pressure to keep their staff and customers safe whilst avoiding any negative effects from business interruption. Unfortunately, underhanded cyber criminals are taking advantage of the confusion and disruption, and targeting home workers.
Remote working has become more common in recent years, and the pandemic has exacerbated the trend to never-before-seen levels of people working from home. According to new data from the Office of National Statistics, 49% of UK adults in employment said they were working from home in the past month. Whilst staying home in order to stay safe is definitely recommended, it does also heighten the risk of cyber attacks, an often-neglected issue.
As brokers work with large amounts of sensitive personal and financial data, it is incredibly important that they take steps to improve their own cyber security. There are a number of easy steps to protect against the increased risks of working from home. Brokers can use this knowledge to build on relationships with clients, too – getting in touch to share useful advice about cyber security can play a key part in becoming a trusted advisor.
One of the reasons that home workers are at risk is because they are often using personal devices that don’t have strong antivirus software and firewalls set up. Firewalls are crucial; they should be enabled on devices and routers that have a built-in option, and installed on the others. Anti-virus software will help to detect and block or remove any malware that does get through. Without them, workers are exposed to potential malware threats that could compromise the security of sensitive commercial data. Ensuring that software is running at the latest version is important, because updates often include security patches to guard against threats. Setting updates to install and run automatically is an easy way to avoid using out-of-date software.
Another risk factor is in home Wi-Fi routers. Many people keep the original password given by their internet provider when the router is installed, but this leaves home networks vulnerable. It’s easy to change the password by logging into the router control panel, where it is also possible to check for updates and double check that the encryption level is set to either WPA2 or WPA3. Backing up any important data is the only way of ensuring that the data is not completely lost if a malware incident does occur.
Even when hardware and software has been secured, cyber criminals use other methods. Social engineering is the name for when a cyber criminal uses psychological manipulation to trick people into transferring assets such as funds or commercial data. These attacks are increasing in frequency and sophistication. Some are designed to play on the fears of the recipient; for example, opportunistic scammers have sent phishing emails and texts that look as if they contain important updates on the coronavirus situation, when in reality they are fake and designed to exploit the recipient’s health worries and trick them into opening the email.
Brokers should be advising clients on how to identify phishing attempts. Any email user, before clicking on a link in the body of a message, should double check the sender’s email address to see if it is genuine, not just the name displayed. It should come from a domain that matches the sender’s supposed organisation. Before clicking any link, hover the cursor over it to view the destination address, and check it is the same as the link in the email.
One heightened risk when working from home is spoof emails. Another example of social engineering, this is where a cyber criminal pretends to be someone else in order to launch an attack or steal information. With so many people working away from colleagues, it can be more difficult to track whether an email has truly come from the person you think it has.
Checking the email header gives more detailed information on the sender – for example, the “return path” section shows the email address that would receive any reply, and should match the sender from the original email. Organisations are at risk if one employee receives an email with instructions to move funds or data from someone pretending to be a boss or accountant. Brokers should make sure their clients know how to protect against this – if in doubt, it’s as easy as giving a colleague a call to make sure they did send the email.
During this challenging time, as organisations rush to develop or implement business contingency strategies, it is crucial that cyber security becomes part of their plans. The pandemic has demonstrated how business interruption – one of the potential after-effects of a cyber attack – can cause massive damage to businesses. Meanwhile, the need to keep employees safe from infection has heightened the risk.
Many organisations do not have any form of cyber insurance. This includes SMEs, who are at the highest risk of cyber attack in the UK. Now is the ideal opportunity for brokers to support their clients and boost their own business. They can achieve this by highlighting the need for proper cover and protection against the rising threat of cyber attacks, which will not disappear when things go “back to normal”.
By Michael Whitfield, managing director of CPP Group UK