Cyber security in the time of Covid-19

COVID-19 has led to new cyber threats, with figures from the Australian Competition and Consumer Commission showing Australians have lost $309,108 to phishing scams since the start of the pandemic in 2020. This year to date, the commission has received more than 10,000 scam reports.

The explosion in online fraud has come about in part due to new vulnerabilities emerging as people have shifted to working from home. This means firms must be especially vigilant when it comes to protecting their operations and their staff from cyber threats.

Gerry Power is the national head of sales for cyber specialists Emergence Insurance. He explains cyber risks have heightened due to so many staff now working from home who have never before worked this way, and because this transition happened so quickly.

“People are using home computers that don’t have the same security controls as the business they work for, making it easier for hackers to access IT systems,” he explains. So the onus is on firms to take action to protect their networks and their staff from criminal exploitation.

It’s vital businesses have in place a process so all on- and off-premise systems, virtual private networks and firewalls are continually updated with the latest security requirements.

“This is important as we’re seeing a rise in claims related to ‘remote desktop portable hacks’.

These occur when an employee working remotely, who is linked to the business’ IT system, is using technology that has not been updated with the latest security patches. If your business has staff working from home, make sure the virtual private network has the latest security software.

This allows information to be encrypted as it goes over the internet,” Power explains. Also ensure the business’ security system has multi-factor authentication in place. This means staff need to use a code of up to six digits to access the system, in addition to their password.

“This means to get into the network, criminals need to get a username and password and also access the staff member’s phone. That makes remote access much more secure,” he adds. These protocols should remain in place as many people are likely to continue to work from home into the future.

The role of insurance 

Rising cyber risks mean insurance has a more important role to play than ever. Power gives this perspective. “If one of your delivery drivers suffers an accident, chances are the vehicle will be able to be repaired and get back on the road with the assistance of motor vehicle insurance.

But if the business is hacked and your database is stolen, your entire business is under threat because you no longer have the tools you need to do business. That's why cyber insurance is so important,” he explains.

Moreover, new strains of ransomware are much more insidious than earlier versions. Criminals are now using this malicious software to completely remove data from exposed businesses and drip-feed the information through the internet, amplifying brand and reputational damage.

Multiple mitigation measures 

Cyber insurance must, however, be part of a suite of protections, that include regular, automatic daily data backups. Says Power “Our incident response experience shows claims from companies that only back up their data on a weekly or monthly basis costs three times the claims of companies that back-up daily.”  Finally, speed is of the utmost importance when it comes to cyber security.

If there is a breach, the sooner it’s rectified and remediated, the more damage can be contained, resulting in reduced damage to the business. Cyber criminals and their techniques will only become more sophisticated over time.

Which means it’s essential for every business to have clearly articulated and communicated cyber security policies and procedures. That’s the best way to prevent threats and reduce the potential damage fraudsters can cause in what is already a fragile business environment.