Ask an expert: how will COVID-19 affect cyber security for businesses?

30 March 2020

UCLan’s Dr Max Eiza, Lecturer in Computing, outlines the cyber security risks arising from COVID-19 scams

In the midst of the outbreak of COVID-19, another risk has emerged – a rise in the number of cyber attacks and scams targeting businesses and individuals alike.

Security experts have seen a rise in scams around the world, including fake tax refunds or emails purporting to be from the World Health Organisation (WHO), while local authorities in England have been targeted with fake emails containing malware or phishing links.

In an already challenging and uncertain period for businesses, with many staff working from home for the first time, what are the steps that organisations can take to ensure that they remain secure?

We spoke with UCLan’s Dr Max Eiza, Lecturer in Computing, to gather some useful tips for businesses and employees.

What types of routes are hackers likely to use, and how will this affect businesses?

With the sudden change in how businesses are operating, hackers will be looking for ways to exploit insecure remote connections and software, as well as the humans using these tools.

This could be through phishing emails promising solutions to the current coronavirus issue, or making offers on products that are in high demand, such as toilet rolls or hand sanitiser. It could also be emails from hackers impersonating managers and asking for login and password details to access work remotely.

Because of this sudden change and increased risk, it’s more important than ever for everyone to be vigilant.

"With the sudden change in how businesses are operating, hackers will be looking for ways to exploit insecure remote connections and software, as well as the humans using these tools."

Do you think employers should take a lead and ensure workers ought to boost their cybersecurity, or is the onus on individuals? 

Cyber security is a shared responsibility. Employers should already have or be in the process of implementing a remote working policy for employees. This needs to include advice on working remotely, guidance on the tools that will be used, and where staff can find support to ensure a smooth remote working process. Microsoft Teams is just one example of a collaborative tool that can be used, but training on how this can be best used will be vital. 

Employers should also try to enforce a stricter password policy, and encourage employees to change login and password details regularly. Ramp up system activity monitoring and take action when it’s needed, especially when it comes to phishing emails or DoS attacks.

On the other hand, employees should ensure that their PCs or laptops at home are secure, up to date and have the latest anti-virus software. All video calls should be conducted on trusted software for security reasons, and people should avoid using any software from unknown developers. 

All of this will be crucial in ensuring business continuity and security.

What are the practical tips people working from home can take to improve their cybersecurity?

Individuals will need to make sure that their devices are all patched and up to date. They shouldn’t use public Wi-Fi or insecure connections to access their work.

They will also need to be extra careful of emails that might look like it’s generated from their work or boss. And under no circumstances should they send their login and password information to anyone.