With the COVID-19 pandemic forcing more and more people to work from home, personal devices are increasingly being used for work purposes. This has meant that businesses of all sizes have become more vulnerable to cyber-crime.
Cyber criminals took full advantage of this vulnerability, knowing that companies hadn’t had time to prepare security measures for the newly formed remote workforce.
In fact, the National Cyber Security Centre (NCSC) reported that throughout 2020:
• 2.3 million suspicious emails were forwarded to the Suspicious Email Reporting Service (SERS)
• The NCSC handled 723 security incidents (10% up on 2019) and provided support to almost 1200 victims – the highest numbers since the NCSC was formed
• They also discovered and took down 166,710 phishing URLs
So, What Are The Most Common Threats?
Ransomware is a type of malware that encrypts a victim’s files. The attacker then demands a ransom from the victim to restore access to the data upon payment.
Users are given instructions on how to pay a fee in order to be given the decryption key and retrieve their data from the cyber-criminal.
As well as seeing a rise in ransomware attacks throughout 2020, the NCSC also noted a significant change in the way ransomware attacks are carried out:
‘Rather than just preventing access to data, criminals are now stealing it and threatening to leak the most sensitive parts to the public.’
Hackers are even threatening to share staff salaries or upcoming business deals and patents. However, paying the ransom doesn’t always guarantee access to the encrypted data; the criminals may repeat the threat and request more money, meaning it can take weeks or even months to resume normal business operations.
This is not one of your employees trying to intentionally do you harm, this is employees innocently clicking or downloading malicious content, due to their lack of awareness or training around cyber activity.
Hackers are getting clever when it comes to making content look genuine, and internal threats have become more of a concern for business owners during the pandemic, as your staff are more likely to be operating remotely – meaning you don’t get to speak to them as often as you would in the office.
The good news is, by using affordable online Cyber Awareness training videos it’s easy to ensure your staff are more informed of the risks. You could make the videos part of your onboarding process, and run them annually to keep everyone up to date.
Emotet And Malware
Emotet is a type of malware that has been with us for a few years now.
It is one of the most tenacious threats around, and is constantly evolving.
Emotet is most successful with businesses who have weak security systems in place, as it creates a backdoor for hackers to enter and leak sensitive data from unsecured devices or networks.
The Trojan virus spreads mainly through email, but is known to infect websites and other forms of media too.
The best line of defence against Emotet attacks is robust security measures, including implementing a Virtual Private Network (VPN) on all connections which access the internet.
Historically thought of as the cheapest and easiest way for hackers to access your data, these scams became more sophisticated throughout 2020.
Phishing attacks are designed to lure and persuade potential victims (mainly through the use of email) to hand over payment information, passwords, or other similar types of sensitive data.
Phishing attacks also come in the form of sending the victim malicious attachments or links to websites, in order to infect their device.
Worryingly, these are just a few of the threats businesses now face when it comes to Cyber Security, but the good news is, there is lots you can do to defend yourself from attacks, and some don’t even cost you a penny!
Here are our Top 12 Tips for keeping your business Cyber-Safe:
• Educate your employees with online Cyber Awareness training
• Apply for a Cyber Essentials certification
• Turn on Multi Factor Authentication
• Backup your files regularly
• Keep your devices and software updated
• Create strong and unique passwords
• Switch on your firewall
• Implement and continuously review your Business Continuity Plan
• Develop a Disaster Recovery Plan and test it
• Consider Cyber Insurance
• Control how memory cards and USB drives can be used
• Discuss your Cyber Security measures with your in-house IT team or outsourced IT Partner