The coronavirus pandemic continues to cause huge upheaval in our everyday lives. With a third lockdown now in force across England, the changes and difficulties that many are living with are unfortunately set to continue.
Businesses have been dealt a difficult hand, having to manoeuvre through the chopping and changing of rules and regulations. With upheaval comes confusion and, unfortunately, this weakness has brought about huge issues with cybersecurity, and cyberattacks have increased.
With much of the country continuing to be asked to work from home, it’s worth looking at how businesses have contended with the ever-present threat of cyberattacks and how they can mitigate this continual danger.
How COVID increased cybersecurity risks
The pace of change in the workplace following the national lockdown in March 2020 had a huge impact on cybersecurity across the nation. With many businesses having to manage these changes, corners were cut and mistakes were made in some cases.
The issues that lockdown brought meant that it was open season for cybercriminals to attack businesses, and employees had to swiftly adapt to performing business operations in a remote working environment.
Before the pandemic hit, many businesses dealt with their cybersecurity within the confines of the office space. With everyone being mandated to work from home, cybercriminals no longer only had one place of entry, but countless potential entry points across the country. In the UK, businesses saw a 31% increase in cyberattacks during the initial months of the first lockdown, with an estimated £6.2m reportedly lost in cyber scams since the pandemic began.
While these stats are shocking, it’s no surprise that this increase occurred. With people working at home, criminals were able to break into networks that were either open or not as well defended, an issue that many businesses previously did not have to contend with.
Learning from mistakes – how to thwart cyberattacks in future lockdowns
With businesses again being forced to move employees to work from home now that the third national lockdown has been enforced, they must not fall into the same trap again.
Businesses must have robust cybersecurity measures in place across all facets of the organisation, and communicate the importance of this, and its mechanics, to employees. There is a continuing lack of awareness from some employees when it comes to the risks of cyberattacks, with many still relying on weak passwords and not listening to issues that continue to be raised.
Having at least one specific person within the business that manages cybersecurity can be important to ensure that the business is protected and that employees adhere to policies and procedures. Consistently updated training, and re-training, is also a must.
Simple measures like enforcing two-factor authentication, which should already be the norm nowadays, can help to reduce the risks of cyberattacks. It is always worth implementing technology like this and making use of advanced authentication tech, such as biometric authentication, to make sure that only the right people can access your business’s data.
Without these measures in place, businesses risk significant financial penalties from the Information Commissioner’s Office (ICO), and in the form of compensation pay-outs to affected victims. For example, a data breach affecting over 400,000 British Airways customers in 2018 led to a fine of £20m and an estimated total pay-out of up to £2.4bn.
Last year, businesses had to contend with the impact of coronavirus across the world. Many had to manage the increased stress of adjusting to a new way of running a business and a continual need to work from home. The speed of change has led many to cut corners and make mistakes. With cybercriminals willing to jump on these issues, there has been an increase in successful cyberattacks.
As we kick off the new year, it’s vital that businesses continue to fight against this common threat of attacks and maintain robust cybersecurity measures. If not, they could see huge amounts of personal and business data stolen, or held for ransom with hackers demanding millions of pounds such as in the recent Manchester United incident, with ransomware continuing to be a serious problem. Falling foul of the law can result in e massive fines, in addition to significantly costly class actions.
Lawyer and Director
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.