Like a traditional burglar, cyber criminals will often focus their energy on easier targets. That’s why they tend to prey on victims at their most vulnerable moments.
We’ve all seen that heart-breaking news story of a pensioner losing their life savings after falling victim to a scam, for instance. And while we think that something like that couldn’t possibly happen to us, the truth is we are all in a vulnerable moment right now: we are living in a remote-working world.
Cyber criminals are trying to take advantage of our predicament. And Hiscox, one of the leading Cyber & Data insurers in the UK, has recently detailed how. Here are the top three threats that they’ve seen businesses face since employees have been working from home.
1. Phishing
It should come as no surprise that there has been an influx of coronavirus-themed phishing emails. In fact, it’s made headlines across various news sites.
Cyber criminals have leveraged the current anxiety and desperation for information by sending out phishing emails with reports on COVID-19, updates on vaccines, advice on tax refunds, or information on the latest preventative measures from the medical world.
Simply clicking the links or opening the attachments contained within these emails can quickly take an employee to a fraudulent page. From there, criminals can harvest the personal and business information used by an employee – from login credentials right the way through to financial and tax information. Scary stuff.
2. VPNs
Safe remote working normally involves the use of a virtual private network (VPN). It’s what is recommended, so it should provide adequate protection and peace of mind when your employees need to work remotely.
Unfortunately, it’s not that straightforward. Only recently, several available VPN appliances were found to have critical vulnerabilities and needed to release emergency patches as a result.
By their nature, VPN devices need to be internet-facing. This gives attackers a door through which to check out who is secure and who is an easy target. When there’s a vulnerability, criminals can gain remote access to a network without needing login details.
3. Stretched IT staff
Of course, there’s also greater strain on our IT teams. Due to the changes required for remote working, they’re under greater time pressures and face additional distractions. It’s only natural that mistakes get made and things are missed.
Overworked staff, who are trying to enable remote working for high numbers of employees, might be unable to detect potential security issues effectively. They could have difficulty managing their finite resources and may be tempted to go for easy, quick-fix answers over security-focused solutions.
There’s only so much people can do, after all. When under intense pressure, it’s only human to drop your guard a little. And that’s what criminals are exploiting.
Protect your business with the right insurance
If you’re concerned about the potential threats facing your business as you work remotely, RiskBox can help. We’ve supported a number of clients in responding effectively to breaches or attacks – from notifying the insurers through to limiting the impact on brand reputation.
To discuss a new Cyber & Data policy or the suitability of an existing one, contact us today.
Photo by Susanna Marsiglia on Unsplash