Cyber-attacks are far from just being the concern of big business, we are all targets. With that in mind, there are things we can all do to keep ourselves a lot safer online – ensuring the convenience of having connected devices isn’t overshadowed by cyber threats.
Cyber criminals are using the disruption and challenges caused by the COVID-19 virus outbreak to increase attacks on businesses and individuals. For example, in January a number of phishing emails emerged that referenced COVID-19, but by early March they represented a significant percentage of all malicious email traffic. Likewise, an increasing number of malicious websites are being created using COVID-19 or related terms, with over 42,000 sites of this nature being registered since early February.
In addition, following the imposition of a Government lockdown to counter the spread of COVID-19, there has been a substantial increase in the number of people now working from home – many for the first time in their career – and this is another development that can provide hackers with more opportunities to breach IT security.
Extra vigilance is needed to defeat these attacks. We must not let ourselves become complacent in these unprecedented and challenging times, when perhaps our focus is naturally drawn elsewhere.
A particular concern for funeral directors is that during the past year personal data has been the most targeted by cyber criminals. Under recent GDPR legislation whilst a personal data breach may only apply to living individuals, the personal data for relatives of the deceased still needs to be handled carefully and securely.
Care is also needed to avoid personal data breaches that could provide cyber criminals with information they can use to hold your business to ransom, damage your reputation, gain money from the press, or it can even be sold on through other mediums, such as the dark web.
To help you, we have set out below some guidance on the most common types of cyber-attacks, followed by advice on ways in which you can protect your business from cyber criminals.
Common methods of attack
1. Phishing emails
- Emails that appear genuine are sent asking to install software onto a device
- Special offers from commercial organisations offering free medical products or trials
- A coronavirus cure
- Tax refund support or the offer of financial aid from the UK Government
- Safety advice from the World Health Organisation
- Home working and contacts from bogus HR Departments
- Extortion requests demanding payment or confidential information will be released
- You can find examples of phishing emails and what to look out for from HMRC
2. Malicious websites
- Creation of malicious websites e.g. a bogus John Hopkins University website map that provides COVID-19 updates
- COVID-19 tracker applications (downloaded from third-party app stores)
Accessing these websites or downloading the software to your computer, smartphone or tablet is very dangerous. There’s a very strong chance that you are downloading malware (malicious software) that could lock you out of your device or lock all of your files. There will then be a demand for money within a set time or all information on the device will be deleted. Other types of malware can monitor your activity without your knowledge or take control of your device and use it to attack others.
Defeat the cyber criminals
Many cyber-attacks can be defeated by following good practice and implementing basic security controls. These include the following:
- Continually raise awareness and remind individuals of the importance of computer security
- Encourage and support individuals with training so they can identify threats and how to respond
- Back up your data regularly and in more than one place, if you are using an external hard drive – do not leave your backup connected to your device when not in use
- Although the cloud computing market is reasonably mature and most providers have good security practices built-in, we recommend you read the National Cyber Security Centre (NCSC’s) Cloud Security Guidance before selecting a cloud service provider
- Keep portable devices safe e.g. use PIN/Password protection/fingerprint/face recognition, keep device software updated, do not connect to public spot hots use 3G/4G or VPNs, replace any devices no longer supported by manufacturers
- Prevent malware damage e.g. regularly update anti-virus software and update your devices with the latest software patches. Only use approved software, control access to removable media i.e. memory sticks, ensure your firewall is always enabled
- Avoid phishing attacks e.g. scan for malware, change passwords if a successful attack is detected, look out for poor spelling, grammar or images that may be indicative of a rogue email
- Protect data using strong passwords and encryption. Avoid using predictable passwords, provide secure storage for passwords
- Have a tried and tested response plan in the event you do fall victim to an attack
- Continually assess and test the robustness of your cyber defences
- Learn from any incidents and update your defences
The NCSC also provide expert advice on how to enhance your cyber security on their Cyber Essentials website where you can also find out about seeking certification under the Government’s Cyber Essentials scheme, which demonstrates to others that you take the protection of data seriously.
Having specific Cyber Insurance in place to mitigate the risk of a cyber-attack can make a big difference in reducing the financial impact. Conventional business insurance policies may not cover many of the losses associated with cyber risks, such as having access to expert IT, legal, forensic and media relations advice and support when an incident occurs. This alone can help to greatly reduce the financial impact of a cyber event and any subsequent reputational damage.
To find out more about cyber insurance, cyber threats and what you do to reduce the risk, please contact Liam Casserley, our Schemes Manager, on 07388 379203 or firstname.lastname@example.org
A Thank You from SEIB
The past month or so has seen a dramatic change to everyone’s lives. For some of us, it`ll be our first time witnessing such a rapid change within our communities. Drastic measures have been put in place to prevent the spread of COVID-19 and key workers like you have been working hard to support our communities and keep essential services running. Whether you’re a funeral director, embalmer, celebrant or indeed work in any part of the funeral trade, we would like to say a sincere and heart-felt thank you!
SEIB have been supplying insurance to the funeral industry, including NAFD members for over 40 years, giving them expert insight and understanding of such a unique industry. To find out more about tailored insurance protection please call SEIB on 0345 450 0648 for a review of your cover requirements or visit www.seib.co.uk