Skip to main content
Article | Risk Management Matters – Legal PI

How to prevent and reduce the risk of cyber crime during the pandemic

Financial, Executive and Professional Risks (FINEX)
COVID 19 Coronavirus

By Joanne Cracknell | May 26, 2020

There has been a significant increase in attempted ransomware attacks on hospital networks 1.

Cybercriminals are maliciously seeking to lockout critical systems preventing hospital staff from accessing vital resources needed during the pandemic, until a ransom is paid.   

In May 2017 we witnessed the impact ransomware attacks can have on hospitals following the WannaCry attacks on the National Health Service, and with hospitals around the world at breaking point, the threat of further attacks could lead to more deaths and increase the financial burden such organisations are facing.

There have been many warnings about the increased threat of Covid-19 cyber activity and it is not just hospitals that are vulnerable to ransomware attacks or cyber security threats.  Cybercriminals are taking advantage of all businesses who are increasingly working under extreme pressure and more frequently are doing so remotely, which for many is a new concept and therefore they may not be as focused on cyber security as they usually would be.

In addition to ransomware threats, cybercriminals continue to use phishing attacks to target businesses but the scams are now Covid-19 related by purporting to come from charities seeking donations, or impersonating governmental bodies or contain information about treatments for the virus2. Users are asked to click on attachments or links which in turn leads them to malicious websites allowing cybercriminal access to sensitive data and financial information. More recently there has been a wave of telephone calls claiming to be from HM Revenue and Customs (HMRC) investigating tax evasion by the recipient of the call. In light of this, the HMRC has issued some guidance setting out examples of HMRC related phishing emails and bogus contact3.

Phishing attacks continue to be the biggest cyber security threat to organisations

Phishing attacks continue to be the biggest cyber security threat to organisations and such attacks are considered by those affected to be the most disruptive. In the latest Cyber Security Breach Survey published last month by the Department for Digital, Culture, Media and Sport (DCMS)4 , 46% of businesses surveyed had experienced a cyber security incident during the last 12 months (DCMS, p. 35), 67% of those identified phishing attacks as their most disruptive cyber security incident (DCMS, p. 38) resulting in a temporary loss of access to their networks or files, damage to their systems and/or software and the loss of money (DCMS, p. 39).

During these troubled times Covid-19 is causing uncertainty and difficult business conditions for all organisations, and the SRA recognises that the pandemic also affects the legal profession. It has recently issued guidance for law firms to help them if they have fallen victim to a cyber attack5.

Given the heightened risk for cyber security breaches during these unprecedented times, the Information Commissioner’s Office has launched an information hub dealing with data protection issues and Covid-19 in order to support both individuals and organisations, which includes information about how data is being used during the pandemic to ensure that it remains safe in accordance with the requisite data protection legislation, as well as an update on the latest scams.6

We do not know how long we will be working under such conditions, or what the overall impact of Covid-19 will have on businesses, but the key message in relation to minimising the risk of a cyber attack in these unprecedented times is to remain vigilant and remember to follow recommended guidance, including:

  • Only open emails or download software/applications from trusted sources
  • Do not click on links or open attachments in emails which you were not expecting to receive, or come from an unknown sender
  • Backup all important files frequently, and store the back ups independently from your system (ensuring you are following your company’s policy in doing so where this is business related)
  • Ensure you have the latest anti-virus software installed on all systems and mobile devices, and that it is constantly running
  • Ensure all security vulnerabilities are patched as soon as practically possible after they are released
  • Secure email systems to protect from spam emails
  • Use strong and unique passwords which should be changed regularly
  • If you are working from home, do not allow your children and other family members to use your work devices to ensure confidentially of sensitive information is maintained and to minimise the risk of any accidental deleting or modification of information, or even worse, any accidental infection to your device
  • If you are uncertain about anything discuss the issue with your Data Protection Officer

We hope this briefing note finds you and your families safe and well during these uncertain but be assured that we will continue to support you.

For further information please contact Joanne Cracknell.

Footnotes

1 Interpol. (2020). Cybercriminals targeting critical healthcare institutions with ransomware. Retrieved from https://www.interpol.int/en/News-and-Events/News/2020/Cybercriminals-targeting-critical-healthcare-institutions-with-ransomware

2 National Crime Agency (2020) Beware fraud and scams during Covid-19 pandemic fraud. Retrieved from https://www.nationalcrimeagency.gov.uk/news/fraud-scams-covid19

3 HM Revenue & Customs. (2020). Examples of HMRC related phishing emails and bogus contact. Retrieved from https://www.gov.uk/government/publications/phishing-and-bogus-emails-hm-revenue-and-customs-examples

4 Department for Digital, Culture, Media & Sport. (2020). Cyber Security Breaches Survey 2020. Retrieved from https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/875573/Main_report_-_Cyber_Security_Breaches_Survey_2020.pdf

5 Solicitors Regulation Authority. (2020). Cybersecurity Q&A. Retrieved from https://www.sra.org.uk/sra/news/cyber-security-qa/

6 Information Commissioner’s Office. (2020). Data protection and coronavirus information hub. Retrieved from https://ico.org.uk/global/data-protection-and-coronavirus-information-hub/

Author

Associate Director - Finex PI UK Legal Services

Contact Us

Related Solutions