Managing Increased Cyber Risk in a Pandemic

Travelers T logo
By Travelers
3 minutes
Last updated 20 July 2020
Cyber risk, conversation

As Covid-19 has spread, technology’s critical role has become all the more clear. It has made remote learning and work possible for millions, connected elderly, vulnerable and isolated people with online deliveries of food and medicine, and provided a means for people to get support when in-person connection isn’t feasible.

A report in Time said that in Singapore, which has, to date, managed to contain the spread of Covid-19, more than one million people have used a telehealth app for medical help and it has made the population feel more secure about remaining at home when ill.

In short, in the space of just a few months, many technologies have evolved from simply driving efficiency and convenience to becoming lifelines. As countries and economies emerge from this crisis, technology will surely play a key role in the recovery effort too.

But, at the same time, our increased reliance on technology has cast a spotlight on our vulnerabilities. Organisations rely on their employees to be strong links in the cybersecurity chain. But, right now, there is greater risk of weaknesses in the chain as so many employees are working in more relaxed security settings at home and, in many cases, from their own computer devices.

It has become all the more important for employees to use strong passwords, keep technology current with the latest security updates and to share files using only software and systems that have been approved by their employer. It is therefore paramount employees remain vigilant when receiving emails that could well be a phishing attempt to access their laptop.

Covid-19 scams growing

In mid-April, Google said more than 18 million daily malware and phishing emails related to Covid-19 scams were sent via Gmail alone. It appears that the threat actor’s technique remains the same as pre-Covid-19, but it is now orchestrated in a different way to relate to current events, thus playing on the victim’s requirement for information.

SMS scams pose additional risks for employees. Symantec has found that one in 20 SMS messages related to Covid-19 contain phishing attempts or other high-risk content. What magnifies the risk is that the sender could present as someone the owner recognises, such as their mobile network operator. It is therefore always best to err on the side of caution when receiving such messages from third parties.

The Home Office’s Stop, Challenge, Protect guidance is good practice for all employees to follow in addition to their organisation’s internal controls and processes. It is important to always consider the authenticity of requests such as payments or change of financial accounts, whether the employee initially deems it suspicious or not.

Fraudsters will use all types of tactics when carrying out fraudulent activities, often using urgent tactics to place the employee under time pressure and play on their good nature and efficiency, thus causing them act first and think second.

Shared data

Finally, the growing amount of vital data being shared creates its own risk. Being able to effectively accomplish tasks in an organisation requires the secure transmission of data – whether personal medical records, a company’s financial information, or even military secrets that, if exposed, could damage the security of a nation. Organisations of all kinds need to be aware of the security threats they face, take steps to protect their information and have an action plan in place to aid recovery if or when a breach occurs.

Now is a good time for companies to review their disaster recovery/business continuity plan and incident response plan, while making sure those employees highlighted within them have up-to-date contact information listed. Companies should also consider what happens if employees mentioned in the plans are furloughed, how those employees can be reached and what legal requirements are in place to bring them back to complete essential duties if needed. Consider where a hard-copy document of these plans is located, as it is likely to be in the office and therefore may not be able to be accessed instantly.

We are currently in a very different world, both professionally and socially. Even when normality eventually returns, it is likely those employees who can work from home may opt to continue to do so, once a week or even more. Therefore, the cyber risk is here to stay.

While it is has been a difficult time for businesses, especially in respect of the financial pressure they are facing, it is critical that cyber security continues to be on a firm’s priority list and funded accordingly.

More insights & expertise

Thinking Beyond Insurance to Manage Evolving Cyber Risks

Travelers prepares to bring new cyber services to the UK and Ireland market following its acquisition of Corvus.

Matt Waller, formerly of Corvus and now head of the combined cyber underwriting team at Travelers Europe, and Chris McMurray, managing director for cyber at Travelers Europe

More insights & expertise

Managing Cyber Threats in a Law Firm’s Supply Chain

If cyber threats to your law firm keep you awake at night, you’re not alone.

A businessman working late in an office.

More insights & expertise

Interview: Travelers Comprehensive Cyber Solutions | Chris McMurray and James Doswell

What are the top cyber threats facing UK businesses right now? This video explores Travelers’ cyber proposition in the UK.

Man holding smart phone with data security on display at office