During this unprecedented time, the Coronavirus pandemic will test business continuity and resilience. Due to the increasing number of employees working remotely, businesses can be exposed to greater risk from cyber-attacks.
The National Cyber Security Centre (NCSC) has reported that cyber-criminals are taking advantage of the disruption and uncertainty caused by COVID-19 by targeting weaknesses in online security, through phishing and malware attacks.
We advise businesses to ensure their employees are aware of the increased risks and follow the basic steps below:
- If work laptops are not accessible then ensure employees use secure personal devices.
- Implement Two-factor authentication where possible or strengthen passwords using a combination of words, numbers, symbols and both upper and lower case letters.
- Encourage the use of secure (non-public) Wi-Fi or Virtual Private Network connections.
- Phishing email awareness and training – be extra vigilant at this time as there have been reports of emails claiming to be from credible sources with important Coronavirus updates, that contain infected attachments.
- Having plans in place should things go wrong: test and practice your business cyber incident response using the ‘Exercise in a box’
- Reducing cyber incidents caused by employee behaviours: educate your employees using the ‘Top Tips for Staff’training tool.
- Managing third party cyber security risk: set out security measures for suppliers and partners, and train your staff in procurement roles on how best to protect commercially sensitive information using this online course.
In our Cyber Security Guide we outline additional steps to take:
- Back up your data
- Restricted user access and management of user privileges
- Cyber Essentials Certification
- A cyber insurance policy
- Use antivirus software and activate your firewall to ensure network security
- Regularly patch your operating systems and applications;
- Control the use of USB drives and Memory Cards.
Cyber risk will be unique to each business and therefore risk management and awareness of what you have to protect is key. Whilst Cyber Insurance will not protect you from an attack, it allows for some of the financial risk to be transferred and assist with mitigating disruption. Cyber Insurance with its unique service led proposition can provide critical incident response expertise.