Protecting your business from phishing during the Covid-19 pandemic. Posted by Chris Thomas, 01 Apr 2020

In these unprecedented times as the world is coming together to battle a crisis, cybercriminals have been quick to capitalise on the change in normal working environments.

As the ultimate opportunists, they use the latest headlines around Covid-19 as clickbait, preying on intrigue, fear and uncertainty to gain access to corporate networks, potentially leading to compromised personal and company data and financial loss.

In recent weeks, there has been an enormous rise in malicious emails related to the current pandemic. Mimecast has reported nearly 24 million coronavirus related phishing email attacks leading up to March 23(1), equating to 16% of its total emails scanned during that time. Cybercriminals have sent emails in the guise of various groups to trick people into clicking their malicious links. Examples include emails from the World Health Organisation giving advice on how to avoid the virus, texts from ‘HMRC’ offering tax refunds, and even communications masquerading as being from employee’s own HR departments. Vigilance is a prerequisite when protecting your business, so being on top of your security now is more important than ever.

As businesses settle into a new way of working, cybercriminals are looking to take advantage of remote workers while they are away from their usual environment. Even though employees may have knowledge of security policies, reinforcing awareness at this difficult time is the key to safeguarding your business. For example, emails containing multiple spelling and grammatical errors, unusual attachments and click through links, and threats or statements with a panicked sense of urgency are all tell-tale signs of a phishing email(2).

So, how can you improve the protection of your business from these malicious attacks at this time? Here are some key considerations:

1. Educate your employees

Whilst many will understand the dangers of cybercrime, it’s important to make employees aware of the potential threats and urge them to report anything suspicious. Remind your employees not to click on links or open any attachments. Cybercriminals can be creative and very convincing, so if in doubt, do not open!

Also, when sharing internal communications, think about setting up an intranet and diverting staff to one place for all news and updates. This will eradicate the possibility of an employee believing that a scam is a genuine HR or other internal email.

2. Update all devices

Ensure all your company devices have the latest security updates, including antivirus and anti-malware services. Keeping software up to date will ensure any vulnerabilities are patched, leaving your systems as secure as possible.

3. Use a reputable mail protection service

These services will help to protect your business from both internal and external threats. For example, since the coronavirus outbreak, Mimecast has reported blocking 5,000 URLs a day related to Covid-19 - 37 times more than those blocked in January. And as well as ongoing monitoring and scanning, these services rewrite clickable links, scanning them at the point of clicking to provide businesses with real-time protection from attacks.

4. Enable Multi-Factor Authentication (MFA) where possible

A single password is simply not enough protection from the world of cybercriminals. Most applications now enable MFA and according to Microsoft, MFA can block over 99.9% of account compromise attacks(3).

The National Cyber Security Centre (NCSC) is taking measures to reduce and remove malicious sites, and continues to urge people to follow online security guidance. However, if you do fall victim to a phishing attack, it’s important to report this to Action Fraud. To keep up to date with the latest cyber security news, visit www.ncsc.gov.uk where you will find weekly threat reports.

Finally, whilst businesses are being urged to increase security awareness during this period, it should always be an essential part of your IT strategy. For support and guidance with your security and IT needs, call our expert team on 03330 11 22 55.

References
(1) Mimecast, ‘Coronavirus phishing attacks speed up globally’, 2020
(2) NCSC, 'Our guide on spotting and dealing with phishing emails', 2020
(3) Microsoft, 'One simple action you can take to prevent 99.9 percent of attacks on your accounts', 2019