Warnings over a wave of attacks as people return to offices have added to a long list of cybersecurity professionals who say thousands of businesses are at risk as they reopen.
Among those adding to fears, first highlighted in SC Magazine by the UK’s most senior police officer for cybercrime, tax and advisory firm Blick Rothenberg pointed to an acute mix of pressures on business - to claw back revenue while employees are still navigating a route back to normal office life.
Add to this a growing number of Covid-19 specific scams, as cybersecurity firm CySure moved to issue guidance on steps SMEs can take to proactively protect their business and their data.
David Hough, a technology specialist at Blick Rothenberg, said: “Businesses are facing huge pressures at the moment to get back to work and start getting money back in. They have lost income and for many who have furloughed staff they have still had bills to pay like rates, insurance and building maintenance.”
For those who have staff working from home, IT costs have been huge in providing laptops and other devices such as screens and scanners.
“For many, it is now crunch time and many businesses that may not pick up quickly like those in retail and hospitality will be thinking about redundancies if they cannot foresee bringing their income levels up to close to normal levels quickly.
“That pressure on generating income could cause businesses to overlook vital IT updates, malware scans or training that could leave them more susceptible to cybersecurity breaches. These companies cannot afford the financial and reputational damage of a security breach on reopening so it is vital that an IT health check is performed in advance of reopening."
Hough referenced a tranche of evidence showing that the “threat from cybercriminals is rife and that they will take advantage of re-opening businesses where they can.”
He said businesses need to be as savvy as they can as they go back to work and get their systems up and running.
Many businesses have reported phishing scams ranging from e-mails telling taxpayers they can claim tax refunds, to help protect themselves from the Coronavirus outbreak, Hough warned.
He has also been made aware of emails saying that a person is eligible for a tax refund before asking a user to click on a link to make a claim
Calvin Gan, manager of the tactical defence unit at cybersecurity firm F-Secure also said that businesses should assume that there will be additional security risks as companies go back to the office or go back to work.
Gan said: “Effective cybersecurity defence should be turned into a real-time, proactive, and adaptable process instead of a reactive one. Without this, we would expect to see companies shifting their cybersecurity posture ad-hoc or in a hasty manner when a need arises again. We already saw this as companies have to adapt to having remote workforces. Now is the time to get ahead of the game.”
Account accesses, policy and security procedure changes made to accommodate remote work should be reassessed and readjusted periodically to determine if they are still relevant, he said.
“It’s an important reminder that these actions and risk assessments are by no means a guaranteed way to expect 100 percent security. The consensus is to have organisations make risk-informed decisions that help them to be more resilient during this time of fast pace and constant changes.”
Meanwhile, cybersecurity firm CySure offered a three-point plan to tackle criminals exploiting concerns over Coronavirus to perpetrate cyber-attacks.
Guy Lloyd at CySure said: “The coronavirus pandemic has taught us the importance of hand hygiene and now there is a need for greater cyber hygiene. As our day-to-day lives have changed, so too has the security threat landscape.
“With many workers remotely accessing vital business applications from home, security risks have inevitably increased. Cybercriminals have no morals or ethics and don’t stop their activities even for a global pandemic. In fact, attacks have stepped up as the bad guys find ways to exploit our fears to perpetrate cyber-attacks."
Three steps SMEs can take to protect themselves include educating employees on what to look out for to prevent a variety of breaches, the most common of which are phishing scams.
Secondly, becoming certified with an accredited scheme provides a practical framework for an SME to assess its current cybersecurity and compliance levels.
And finally, making themselves a harder target to attack by being fully Cyber Essentials compliant is designed to mitigate many of the attacks faced by businesses.