During the ongoing Covid-19 pandemic and the economic fallout from it, many businesses have been so preoccupied with staying afloat and dealing with huge changes to ways of working, they haven’t considered the emerging cyber and data risks.
It’s important not to take your eye off the ball. We explore how the pandemic has led to an increase in cyber risks and who is at risk.
For many business sectors, their focus will understandably be on survival and immediate business continuity. However, with the change to remote and/or hybrid forms of working, there is a backdrop of increased risk. According to IT Governance, the number of security incidents recorded in 2021 (up to the end of July) was 815; that may not sound too bad, but it represented almost 4 billion breached records. The government’s annual survey showed that almost 40% of businesses and over a quarter of charities reported cyber attacks in the last 12 months, similar figures to 2020. This is not a problem which is going to decrease, much less go away, unless businesses always remain vigilant.
Why has the pandemic led to an increase in cyber attacks?
The simple answer is that it provides the perfect cover for fraudsters to launch phishing attacks.
Why does WFH make the problem worse?
As many of us have discovered, working from home (WFH) means receiving a high volume of messages across a variety of media, which makes it easier for an attack to slip in unnoticed. The rapid adoption of new business practices without the routine IT support you might find in an office environment also makes us more vulnerable.
Which areas are at specific risk?
There are several types of business which might find themselves at risk:
- Retail firms are increasingly focusing on e-commerce and online marketing and sales, so the risk shifts from physical goods and stock to intangible goods with an online presence, customer data and the ability to manage fulfilment.
- Travel and hospitality is another sector which has moved more into e-commerce; they will also be handling a large amount of changes to payment instructions online.
- Creative industries and the media are becoming increasingly digital with social media campaigns, lead generation and virtual events all involving more data processing and GDPR challenges.
- Professional services – the use of social media to generate work and other changes to methods of working and filing data may give rise to new e-media risks if they accidentally breach privacy laws or encroach on competitor intellectual property.
- Firms experiencing growth and having to increase capacity will rely on technology to scale up. They may be relying on a network which was built with a smaller business in mind and should not overlook an increased cyber risk.
Are data breaches more likely?
Sharing personal data and/or confidential information outside a secure network is almost inevitable as communication channels change. This may be what is known as a delayed risk, meaning that problems could emerge from data protection or GDPR concerns many months later, including the inability to retrieve data effectively.
What can businesses do to protect themselves?
Introducing a cyber policy can defend you against claims made where your communications have been hijacked to initiate payment fraud. Policies can include both cyber crime and social engineering or impersonation where no actual hacking has occurred. They can also ameliorate any business interruptions, such as the increased costs of working or loss of profit occurring during any downtime enforced by, for example, lack of access to servers. And finally, they may include access to emergency IT and legal support, and even PR crisis management.