With swathes of employees confined to working from home during lockdown, cyber criminals have taken full advantage. According to cyber security company Darktrace, malicious email traffic targeting home workers increased from 12% pre-lockdown to more than 60% six weeks later. Now, more than ever, individuals and businesses are coming under fire.

Threats to Individuals

Scammers have always been opportunistic, but the pandemic has created a near perfect scenario for them. Since March, more than 100,000 COVID-19-related web domains have been created. While most are legitimate, it's often difficult to distinguish those from the bogus. Unsurprisingly, many are being caught out, entering their bank details and transferring money for a home testing kit or facemask that never arrives. Some websites, purporting to be COVID-19 tracking maps, contain malware, which steals visitors' credentials. During lockdown, scammers have also been caught posing as government agencies, sending emails which, once opened, install ransomware that encrypts the user's system until the ransom is paid.

This issue is self-perpetuating, with scammers emboldened by the successes of others to create their own variations or copy-cat scams to target the same or related groups. While their website may be exposed and shut down, it's easy to create another to continue the same fraudulent activity. Scammers are growing more successful in their attempts. CyberScout, a cyber security company specialising in identity-theft protection and data privacy security, has witnessed a surge in fraudulent activity and expedient online scams. Scammers know if they can entice people to act on emotion rather than logic, they're more likely to be successful in their attempts. It is no surprise therefore, given the fear and uncertainty about Covid-19, that we have seen an increasing number of victims.

Whilst scammers have been innovative, old scams are still effective. More people are using lockdown to carry out the DIY jobs that were previously put on hold. The 'we have changed our bank account details, please transfer to this account' message from your builder is still something to be wary of.

Employer Worries

Every laptop, tablet, Wi-Fi network or server accessed remotely is a vulnerability that can be exploited. With the enforced, short notice move to remote working, some employees could resort to a less safe way of working, making them more vulnerable to the impacts of ransomware. From a hacker's perspective, timely deployment of ransomware not only increases the likelihood of success but could mean their victims are willing to pay more to resolve the issue.

Other factors further exacerbate the problems businesses face. In an office setting, phishing attempts could easily be checked by a colleague or IT team; something people are less likely to do in isolation. Before lockdown, fixed working hours made IT patterns predictable, making unusual network activity easily noticed. Now with flexible working as the norm, parents are juggling their parental responsibilities with work, and logging on much earlier or later in the day. Detecting network abnormalities becomes that much more difficult. This only adds further pressure onto IT teams who are already managing employees potentially running outdated computers or logging in on unsecured Wi-Fi networks.

What you can do

While difficult to mitigate entirely, steps can be taken to thwart a cyber attack. Adhering to the guidelines below could make all the difference in keeping yourself and your employer's network safe.

1. Make sure all software is up to date and latest patches implemented. This can help to avoid the latest strains of malware. It's an easy step, but one that is often forgotten.
2. Avoid public Wi-Fi networks. While it's tempting to sit and work in the park because you have access to public Wi-Fi, it is not secure. If you're going to login from a public place, ensure that you use a virtual private network (VPN).
3. Before transferring money, call the intended recipient to make sure that the details you have are correct. If a scammer has sent you fake bank details in an invoice, they may add their own phone number- so when checking the details be sure to use the number on the official website.
4. Back up your data. Another simple step, but one that could stop you from losing precious photos, music or other software if your system becomes compromised.
5. Secure your mobile devices. Use any biometric security features, turn off your Bluetooth, disable location sharing and make sure your device does not automatically connect to any public Wi-Fi networks.

For further advice and tutorials from our incident response provider, CyberScout, click here.

For more information on TMK's personal lines Cyber Ctrl product, click here.