Cyber risks increase as a result of Covid-19
By Lucy Thomas, Associate, CMS and Chris Wilson, Senior Associate, CMS
While businesses come to grips with hitherto unseen challenging operating conditions, there is another thing to add to the list of growing concerns; increased risk of cyber breaches brought about by the millions of people currently working from home.
At the moment, the true extent to which Covid-19 may give rise to additional cyber-attacks is unlikely to be clear until after the pandemic has passed. Many companies have temporarily ceased operations in response to government guidelines and for the time being we simply don’t know if hackers are lurking within IT systems with a view to attacking once people return to work.
However, that is a risk that businesses should be alive to now. Management should be working in conjunction with their IT teams/external providers to remotely identify any vulnerabilities exploited before or during the pandemic.
A key concern is that the massive change to the way people are working presents its own risks. The sharp increase in remote working could encourage hackers to seek to take advantage of potential vulnerabilities that companies have on their IT networks, many of which will never have been tested to see whether they can deal with the volume of users or the additional security risks posed by employees.
The main complication with the additional volumes of people working from home is poor cyber hygiene from employees i.e. using personal email accounts and printing confidential documents at home. Employees will also be now connected to home networks and most likely use a range of video-calling apps that lack sophisticated protection. If a hacker gains access to a company’s network via an app that is unrelated to a company’s IT system, for example, by hijacking a video-telephone conferencing call, it may be difficult to trace the vulnerability and avoid future breaches.
In our experience, hackers seek to exploit the fact that individuals are more susceptible to scams during times of crisis. Phishing emails and texts to the general public related to Covid-19, such as bad actors posing as government officials and medical suppliers, have been widely reported in the press. As the pandemic evolves, threat actors have been utilising more targeted strategies to de-fraud companies. These include emails purporting to be senior executives feigning IT issues and resorting to using alternative email addresses and suppliers requesting a change in bank details.
Many have commented that Covid-19 has changed the landscape of remote working irrevocably. Companies will need to constantly be abreast of vulnerabilities in their networks to keep one step ahead of threat actors, who will no doubt seek to exploit the pandemic to defraud individuals and companies alike.
CMS runs a dedicated 24/7/365 emergency response facility that can be accessed in the event of a cyber-attack [details]. If you do not have an emergency but want to learn more please contact the authors: Lucy.email@example.com / Chris.firstname.lastname@example.org