Risk Alert - Cyber criminals exploiting Coronavirus

Risk Alert - Cyber criminals exploiting Coronavirus

Increased working-from-home mandates, following the measures brought in to combat the spread of Coronavirus, are providing opportunities for cybercriminals; who are making the most of remote working and general confusion around the new ways of working to exploit gaps in processes and procedures.

Coronavirus has already triggered widespread disruption globally as, in an effort to protect public health and the NHS, the UK Government has invoked an effective lockdown. With this has brought a new way of working for many businesses as, those who can, have brought in working-from-home mandates.

Increased remote working can open gateway to hackers

Remote desktop protocol (RDP), when set up correctly, is a great tool for remote working. However, using it without multifactor authentication (MFA) enabled or on an insecure network can open the gateway to hackers. In fact, in 2019, 80% of the ransomware attacks our specialist cyber insurer partner CFC handled were initiated through RDP. Businesses that start using RDP for remote working during the outbreak should be aware of some of the cybersecurity risks it can pose and ensure it is being used securely. Employees should always log on within a trusted network and ideally work with their IT department to secure personal devices – and implement MFA – prior to remote working.

Coronavirus increasingly being used in phishing attempts

As new cases of the Coronavirus continue to be reported daily, cybercriminals have been leveraging the situation to take advantage of those looking for information on the outbreak. For example, the Sophos Security Team has spotted emails impersonating the World Health Organization (WHO).

The emails ask victims to “click on the button below to download Safety Measure”. Users are then asked to verify their email by entering their credentials, redirecting those who fall for the scam to the legitimate WHO page, and delivering their credentials straight to the phisher. In addition, a Twitter user has identified another malware campaign purporting to be a “Coronavirus Update: China Operations”. The emails have attachments linking to malicious software.

What can you do to reduce the risk of a cyber or data attack?

1. Test remote log-in capabilities
Not only should personal devices be configured for secure remote working, but business should ensure that multi-factor authentication (MFA) is set up immediately. MFA is an authentication process that requires more than just a password to protect an email account or digital identity and is used to ensure that a person is who they say they are by requiring a minimum of two pieces of unique data that corroborates their identity. Implementing this significantly reduces the chances of cybercriminals being able to log into a business’s RDP. For more information on MFA and how to implement it, click here:

2. User education and awareness
Produce user security policies covering acceptable and secure use of your organisation’s system and train your employees in them. Ensure employees are aware of potential malicious emails and what process to follow should they receive one. Re-communicate processes and procedures that should be followed for, for example, making payments and confirming security details.

3. Manage user privileges
Limit user privileges to just the software and packages employees need to do their jobs. Consider if and what data employees actually need access to and restrict access for those who don’t. Where possible, monitor user activity and dip check usage.

4. Malware protection
Establish anti-malware defences and regularly scan for malware across the organisation. If personal devices need to be used in order for employees to work from home, ensure they have current, up-to-date malware protection in place. Encourage documents and data to be sent securely and ensure items sent by email have the necessary encryption.

5. Network security
Manage your network perimeter regularly and filter out unauthorised access and malicious content.

Read more information about the cybercrime protection we can off or take our 3-minute Cyber Risk Assessment test to establish the level of cover you may need.

For more information or for a full review of your insurance needs, please contact your usual Towergate Insurance Brokers adviser or email TIB@towergate.co.uk.


The information contained in this bulletin is based on sources that we believe are reliable and should be understood as general risk management and insurance information only. It is not intended to be taken as advice with respect to any specific or individual situation and cannot be relied upon as such. If you wish to discuss your specific requirements, please do not hesitate to contact your usual Towergate Insurance Brokers advisor.