![\"A](\"https:\/\/www.policybee.co.uk\/blog\/wp-content\/uploads\/2020\/05\/man-stealing-credit-bank-card-cyber-theft-concept_shutterstock.jpg\")
<\/figure>\n<\/div>\n\n\nOne man\u2019s misfortune is another man\u2019s gain, as the saying goes. And that\u2019s the case even as the coronavirus pandemic rages across the planet – because cybercriminals will stop at nothing it seems.<\/p>\n\n\n\n
Despite everything, they\u2019re still hard at work, devising ever more devious ways to cripple networks, steal data, and defraud people of their hard-earned cash. And as fate would have it, a world-wide workforce largely remote working from home, coupled with a thirst for information about COVID-19, has played directly into their hands.<\/p>\n\n\n\n
<\/p>\n\n\n\n
Quick work<\/h2>\n\n\n\n
The haste to set people up to access company servers from home, sometimes with a lack of real knowledge how to do so, has left a whole universe of remote working security vulnerabilities for cybercriminals to exploit. Meantime, the lure of \u2018essential\u2019 coronavirus updates and insight has fuelled a flurry of clicks on websites of dubious origin.<\/p>\n\n\n\n
So far we\u2019ve seen scams originated by criminal gangs posing as the World Health Organisation and the US Centre for Disease Control. More worryingly, cybersecurity firm Checkpoint<\/a> reports over 4,000 coronavirus-related web domains registered globally since January, 3% of them definitely malicious plus another 5% suspicious. <\/p>\n\n\n\n And as the pandemic spreads, with some form of lockdown the new norm for many, the opportunities for hackers will only multiply. That makes it doubly important to know what to look out for in terms of security vulnerabilities and ways cybercriminals can exploit you. Also, importantly, what you can do to prevent that happening.<\/p>\n\n\n\n <\/p>\n\n\n\n Here\u2019s some favourite methods cybercriminals use to hack your systems:<\/p>\n\n\n\n <\/p>\n\n\n\n Ever fallen for a practical joke, like picking up an urgent message to phone Mr Leon Cubb and finding yourself talking to the local zoo? Well, in the same way that it\u2019s easy to get pranked, it\u2019s easy to fall for a bogus email.<\/p>\n\n\n\n In the current climate, these might come complete with a link promising crucial new advice for staying safe from coronavirus. Or for checking symptoms. Others might request donations to help fund charity efforts or scientific research to find a cure.<\/p>\n\n\n\n But clicking the link or attachment can unleash a torrent of malware or ransomware onto your system, which can quickly spread across your network and send files into an entirely different type of lockdown. It can even paralyse your website or delete data altogether.<\/p>\n\n\n\n Fake donation sites meanwhile might be just that, and will simply take your money down a black hole and run. But if they also require you to enter personal information, that data can then be used for identity theft and fraud.<\/p>\n\n\n\n Look out for spearphishing too. People are generally more stressed and distracted under the current conditions, which can increase their risk of making mistakes. Working in isolation also means they can\u2019t simply check with a colleague across the office if they\u2019re unsure about something. <\/p>\n\n\n\n So, if an electronic invoice comes in from what looks like a regular supplier, it\u2019s maybe easier to miss the fact that a few crucial bank details are different to normal. So the transfer is made anyway \u2013 straight into the hands of a cybercriminal.<\/p>\n\n\n\n <\/p>\n\n\n\n So much new coronavirus information out there, so many people peddling it, and so many surfers in search of updates. With terms such as \u2018coronavirus tips\u2019 and \u2018COVID-19\u2019 riding high in google SERP, it\u2019s easy for hackers to lure people to their hastily set up sites.<\/p>\n\n\n\n Once there, any everyday browser taking a bit of time out from the working day to do some research might not notice anything different. They might even find the information they\u2019re looking for.<\/p>\n\n\n\n But what they won\u2019t notice is the malware being downloaded onto their computer or the personal information being stolen. On some malicious sites, the malware will be disguised as files to download or an attachment you click to \u2018see more\u2019. Other even scarier sites have \u2018drive by download\u2019, so it\u2019s enough just to visit a site or click on a pop-up window for your computer to be infected. <\/p>\n\n\n\n The UK\u2019s National Cyber Security Centre is keeping people up-to-date on the latest coronavirus-related cyber threats<\/a> via its website. It features a useful index of known malicious sites to avoid, which it updates regularly.<\/p>\n\n\n\n <\/p>\n\n\n\n Hackers are clever and they\u2019re adept at spotting remote working security failings and sneaking onto networks unnoticed. Just one chink in your IT security armour can let them in to wreak havoc, paralyse or delete data and steal sensitive information.<\/p>\n\n\n\n The sheer number of people working from home during coronavirus lockdown is like payday come early for hackers. That\u2019s because millions of people have emerged blinking from behind their workplace\u2019s usual security blanket and are instead conducting business from their own house – maybe using unsecured Wi-Fi networks, routers with inadequate encryption and worse. <\/p>\n\n\n\n The very fact that so many people are connecting remotely to their company\u2019s servers plays to hackers\u2019 strengths. The fact is, every step in the chain presents a tempting opportunity for them to find a way into networks. And there\u2019s a real fear that the scramble to set people up at home means many connections just don\u2019t have the necessary security to keep hackers out.<\/p>\n\n\n\n <\/p>\n\n\n\n Cybercriminals are clever, but there\u2019s still plenty of things you can do to foil their cunning plans.<\/p>\n\n\n\n <\/p>\n\n\n\n It\u2019s more important now than ever to get your remote working security right. Not all hackers can be stopped because they move quickly and can exploit the merest hint of vulnerability in any set-up. But properly configured security can present a pretty tough barrier for them to have to break down.<\/p>\n\n\n\n If staff are working from home, make sure their set-up is as watertight as it can be. It\u2019s surprising how many people use devices like laptops and tablets but fail to use complex passwords, enable a firewall or download anti-virus software. As the first line of IT defence, this is essential.<\/p>\n\n\n\n Similarly, make certain all staff have their devices set to download the latest Windows or Mac updates automatically. Also commit them to keeping software programs up-to-date by installing bug fixes and latest versions.<\/p>\n\n\n\n The thing is, security patches like these are usually released once a vulnerability in a program or operating system has been spotted. So to update only after a hacker has already used that vulnerability to sneak onto your PC is too late. <\/p>\n\n\n\n Remember the Wannacry ransomware attack that crippled large organisations like FedEx\u2019s and NHS hospitals\u2019 networks in 2017? It took advantage of a vulnerability in Windows operating software, particularly Windows XP, and unpatched computers were brutally exploited – 200,000 of them across 150 countries. Ouch.<\/p>\n\n\n\n <\/p>\n\n\n\n Huge swathes of workers across the world are now accessing their company servers via a remote connection across a VPN (virtual private network). But unless the VPN you\u2019re using is secure and correctly configured, you could be advertising an easy way for cybercriminals to access those servers too.<\/p>\n\n\n\n The first step is to ensure your VPN provider really does provide a totally private connection, and that data is fully encrypted. As a word of warning, it\u2019s been recently reported that cybercriminals have been busy exploiting a vulnerability in the Citrix VPN<\/a>, Citrix Gateway. So, do your homework and check out which VPNs offer the best security<\/a>.<\/p>\n\n\n\n Also important is to make sure your VPN has 2-step authentication. That means people can only access it by providing two unique pieces of information, say a user password combined with a one-time generated password, or voice\/facial recognition. It makes it much harder for hackers to exploit the connection and find a way into your systems.<\/p>\n\n\n\n <\/p>\n\n\n\n It\u2019s safe to say that most cyber-attacks start with human error. A member of staff is tricked into clicking on a malicious email link or attachment and infects the whole network with malware, for example. It\u2019s easily done.<\/p>\n\n\n\n So it\u2019s essential to train your staff in all matters of cybersecurity, from using secure passwords, to what to look out for in terms of phishing emails and malicious websites. There are plenty of online training programs out there that can help \u2013 Sophos<\/a> and Cybsafe<\/a> are just two. <\/p>\n\n\n\n Also make sure you have a home working policy and everyone has read and acknowledged it. It should have a section that states what\u2019s expected from employees in terms of remote working security, including applying the latest operating system updates and running up-to-date antivirus software.<\/p>\n\n\n\n <\/p>\n\n\n\n If your systems are paralysed, your data\u2019s been stolen, your website\u2019s been taken down or your files are being held to ransom, you can always call an IT expert for help. But that\u2019s not always much use in these days of lockdown. Plus an IT expert will only be able to do so much.<\/p>\n\n\n\n What you really need is a plan for recovery. Something that can help fix the problem, deal with any damage and make sure you get back on your feet again quickly. Also something to handle the potentially sensitive issue of stolen data if that\u2019s in the equation too.<\/p>\n\n\n\n Because every day spent not operating at full capacity means lost revenue. And every day sensitive info that\u2019s now in the hands of cybercriminals isn\u2019t reported to the regulator or the affected parties spells more trouble.<\/p>\n\n\n\n A one-size-fits-all solution is cyber insurance<\/a>. It provides immediate help to stop an attack, fix the damage, retrieve data and get you up and running again as quickly as possible. Plus it also covers your lost revenue, as well as any claims against you or regulatory investigations as a result of losing people\u2019s personal information.<\/p>\n\n\n\n If you\u2019d like a quick quote, click here<\/a>. Or call the team on 0345 222 5391<\/strong>.<\/p>\n\n\n\n Image used under license from Shutterstock.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":" One man\u2019s misfortune is another man\u2019s gain, as the saying goes. And that\u2019s the case even as the coronavirus pandemic rages across the planet – because cybercriminals will stop at nothing it seems. Despite everything, they\u2019re still hard at work, … Continue reading 3 ways hackers will try and find a way into your systems<\/h2>\n\n\n\n
1. Phishing emails<\/h3>\n\n\n\n
2. Malicious websites<\/h3>\n\n\n\n
3. Remote working security vulnerabilities<\/h3>\n\n\n\n
3 ways to boost your remote working security<\/h2>\n\n\n\n
1. Get the basics right<\/h3>\n\n\n\n
2. Make sure your VPN is watertight<\/h3>\n\n\n\n
3. Train your staff<\/h3>\n\n\n\n
What to do if you\u2019re hacked<\/h2>\n\n\n\n