The coronavirus pandemic has created a number of new challenges for SMEs, one of the most significant of which has been moving operations from offices to the spare rooms and kitchen tables of employees. But few corporate computer systems were designed to manage such a large remote workforce. With so many people now working from home, cyber criminals have found new ways to attack businesses, particularly given that homes don’t have the same built-in security protocols as offices.
The National Cyber Security Centre (NCSC) recently issued a warning about cyber criminals actively exploiting the coronavirus pandemic to target the general public and businesses. The NCSC was particularly concerned about the speed and scale at which criminals were using tactics such as phishing, social engineering and remote access.
Coronavirus-related attacks come at a time of increasing cybercrime with recent research from the UK Department for Digital, Culture, Media and Sport showing that:
- Almost half of businesses (46%) report having cybersecurity breaches or attacks in 2019-2020, with more of them experiencing these issues at least once a week in 2020 (32%, vs. 22% in 2017).
- Breaches that result in negative outcomes can incur substantial costs too. For instance; among the 46% of businesses that identify breaches or attacks, one in five (19%) have experienced a material outcome, such as losing money or data.
- Where businesses have faced breaches with material outcomes, the average cost of all the cybersecurity breaches these businesses have experienced in the past 12 months is estimated to be between £3,230-£5,220.
- Despite these issues, only 32% of businesses report being insured against cyber risks.
How to protect your business
There are several steps you can take to protect your business against cyberattacks during the pandemic:
1. Adapting to new software
- 'Software creep' is the excessive expansion of the amount of software a business uses. It can mean data goes into more disparate places, requiring more consideration and protection from a cyber perspective.
- Ensure you have a clear understanding of software being used and their security protocols. Know how your data is stored, accessed, and utilized. Ensure user controls are in place to enable/disable employees.
2. Physical & technological access
- Ensure you have full knowledge of who has access to technology devices that are in any way connected to your sensitive business information. With changing circumstances, it's important to be aware of employee working environments at home (e.g. flatmates, families, children) and how that could impact device usage.
- Make use of tools like encryption, multi-factor authentication, and VPNs.
- Ensure employees only use company-approved IT tools which come with sufficient levels of security.
3. Review & communicate
- Ensure your secure remote working policies are up-to-date and adapted to reflect your cybersecurity needs during the pandemic.
- Communicate updates to the whole team, particularly where new software, tools and processes get introduced.
4. Consider insurance
- Cyber insurance should already be a key part of your cyber strategy, and should be reviewed to ensure it isn’t being invalidated by remote working.
- It's used to protect businesses and individual users from internet-based risks and, more generally, from risks relating to information technology infrastructure and activities such as fraud, data theft/breaches, social engineering and ransomware.
- Such insurance can cover, for example, loss of income caused by business interruption, paying ransom fees, the costs of restoring data, 3rd party claims against a business for the damages they suffer as a result of an attack, as well as the cost of defence to regulators and repairing reputational damage in the aftermath of an attack.
About the Author
Paul Callaghan is the founder of Cyber Insurer UK, a specialist insurance broker for UK businesses to help protect them against the threat of cyber attacks and data breaches. Cyber Insurer simplifies business insurance for startups, micro businesses & SMEs.