Following the most recent government announcement further relaxing the lockdown measures in the UK, thousands of businesses are re-opening and returning to offices. But, with so many businesses getting their systems back up and running at full capacity again, the risk of cyberattacks could be just as high as when the COVID-19 pandemic first began.
Interviewed by businessleader.co.uk, David Hough, a Technology specialist at tax firm Blick Rothenberg, said: “We have all sorts of evidence that the threat from cyber criminals is rife and that they will take advantage of re-opening businesses.” Companies should tread carefully as they ramp back up; regardless of whether they’d transitioned to remote working or had ceased activities altogether.
Common attacks already being reported, according to Hough, include phishing emails offering taxpayers COVID-19 tax refunds and inviting the receiver to click a link in order to make a claim. These coronavirus-specific scams are also being delivered by phone call, text message and WhatsApp, either offering tax refunds or imposing fines for breaking lockdown rules. HMRC never uses these methods of communication and receivers should ignore and delete any communication like this, refraining from clicking links or interacting with the message in any way. If you suspect a message or call is a scam, you should report the details immediately to HMRC at email@example.com.
Phishing emails aren’t the only types of attack on the rise at the moment. Hough added: “Business systems could have been hacked while staff were furloughed, ready to be exploited when individuals return to work, so it is important that security is up to date and software subscriptions have been paid”.
Hough also explained that criminals will be looking to exploit vulnerability in a similar way as when the pandemic began: “Cyber criminals will be looking to attack businesses from every angle and will be looking for weaknesses in not only technology but also the way in which they operate, especially those companies that suspended operations for a period. People will be under pressure when they get back to work to get the business going and to start generating revenue, but they need to make sure that they don’t compromise their situation by rushing and not taking the necessary steps.”
So how can businesses remained protected as they shift back into operation and offices?
Having a pro-active and versatile security strategy with regular review periods is key during this turbulent period of change. Calvin Gan, Tactical Defence Unit manager at cybersecurity firm F-Secure, told businessleader.co.uk that: “An effective cybersecurity defence should be turned into a real-time, proactive, and adaptable process instead of a reactive one. Without this, we would expect to see companies shifting their cyber security posture ad-hoc or in a hasty manner when a need arises again. We already saw this as companies had to adapt to having remote workforces. Now is the time to get ahead of the game.”
In addition to computer security, physical security devices in offices like CCTV and biometric scanners should also be monitored and checked closely for tampering.
It is also vital that employees are clearly warned and well educated on the risks. Attacks occur on PC’s, laptops and smart phones via email, text, call or sometimes even post and can be hard to spot, so providing employees with training on how to identify attacks and what to do if they suspect a scam has never been more important.
As the UK begins to revert back towards its previous state of ‘normality’, it is important that businesses remain vigilant when it comes to cyber security. Hough concluded his interview with businessleader.co.uk by adding: “Businesses and individuals now have to be on their guard as we come out of lockdown and gradually get back to work. The Governments ‘Stay Alert’ statement is just as relevant to keeping us safe from an IT perspective as it is to one of health”.