Across all industries and sectors, the ongoing COVID-19 crisis has spurred an uptick in cyber crime. A confluence of factors including a rapid shift to remote working models, and increasingly disoriented and distracted citizens has proven to be the ideal breeding ground for would-be threat actors.
Unfortunately, cyber crime does pay. According to IBM executive Jesus Mantas, it is “one of the fastest growing businesses right now.” Mantas pointed to a “6,000 per cent increase in Covid-related spam” in the United States at the pandemic’s peak.
British businesses are facing a similar surge, and one that is hitting the nation’s small and medium sized enterprises (SMEs) hard. Already these smaller businesses were notorious for lackadaisical cyber security, if they had any at all, making them the ideal target for hackers who rely upon poor security to find an easy in.
In 2018 a Hiscox report showed that a small business in the UK is attacked every 19 seconds. While not all of these attacks are successful, the ones that are spell disaster from both a financial and reputational point of view.
Companies are not the only entities at risk, individuals are also being targeted in record numbers. From phishing emails impersonating the World Health Organisation and the NHS to fraudulent text messages informing the recipient they have been in contact with a known case in a bid to steal personal information, citizens are being bombarded with misinformation and scams.
In 2019 a joint Cabinet Office and Detica report estimated the cost of cyber crime in the UK at £27 billion per annum. It is likely that 2020’s pandemic and accompanying rise in threat level will see this figure jump even higher.
It’s certainly a pretty price to pay for what is largely preventable with forward planning and the correct tools in place. With that in mind, below are some actionable steps both companies and individuals can take to bolster their cyber defenses.
Battening the Digital Hatches
- Practice good digital hygiene
Often, the very basics of cyber security are not adhered to or ignored. A company could have advanced perimeter security, for example, and be let down by a single employee working on a compromised personal device, or using the same password across multiple accounts.
Both SMEs and individuals should get their basics in order: don’t repeat passwords, sign out of accounts when you’re finished, use multi-factor authentication, use complex passwords of 12 characters with a mix of upper and lowercase letters, numerals, and special characters.
It seems we never learn. In 2019, some of the most commonly used passwords were ‘password,’ ‘qwerty123,’ and ‘12345678.’
Some companies also choose to use a password management system. It is an encrypted tool for businesses or individuals to store their passwords securely. It also helps users generate complex and secure passwords. All you need to remember is your master password to have access to all your online accounts.
- Secure IoT networks
The internet of things has been a boon for convenience, there no doubt about it. But it has also provided a boon to threat actors. Vast networks of interconnected devices mean myriad potential access points in a home or office’s systems.
It may sound like the plot of an Ocean’s 11 movie, but a smart fish tank was used to hack into a major US casino’s systems, proving that even the most innocuous devices may be used for nefarious means.
To protect the whole network, be it in an individual’s home or the corporate setting, you can install a VPN app on the router. VPNs should also be used by staff who are working remotely, particularly if they are connecting to company systems, and by anybody who works on an unsecured wifi network, such as free public wifi.
- Be aware of current scams
Antimalware and antivirus software are all well and good, and all companies and citizens should have both on all their devices, but sometimes the best line of defense is human. Learn about the current scams making the rounds and how to identify phishing emails and text messages.
Phishing emails may seem like they are from an organisation you know. However, if you are cautious enough, you will be able to spot the attack and prevent it. These emails often use different methods to lure you to click on the link, from offering a discount, to claiming there are issues with your account. Make sure you stay vigilant.
Facing the surge in cyber crimes targeting businesses and remote workers, companies and individuals have to step up and ensure all cybersecurity measures are put in place, including staff training, using strong passwords, and properly encrypting your networks. Most importantly, employers and employees should always stay vigilant.