Cyber Crime Guidance During COVID19
An increasing number of malicious cyber actors are exploiting the current COVID-19 pandemic for their own objectives. In the UK, the NCSC has detected more UK government branded scams relating to COVID-19 than any other subject. Although, from the data seen to date, the overall levels of cybercrime have not increased, both the NCSC and CISA are seeing a growing use of COVID-19 related themes by malicious cyber actors. At the same time, the surge in home working has increased the use of potentially vulnerable services, such as Virtual Private Networks (VPNs), amplifying the threat to individuals and organisations.
APT groups and cyber criminals are targeting individuals, small and medium businesses and large organisations with COVID-19 related scams and phishing emails. This advisory provides you with an overview of COVID-19 related malicious cyber activity. It offers practical advice that individuals and organisations can follow to reduce the risk of being affected.
Best practices for working from home
Organisations are being urged to follow cyber security best practice guidance while home and remote working is in practice in the wake of the coronavirus (COVID-19) outbreak. This guidance can be found here.
The National Cyber Security Centre (NCSC) has published advice for UK companies to reduce the risk of cyberattack on deployed devices including laptops, mobiles and tablets, and tips to help staff spot typical signs of phishing scams.
Working from home is new for a lot of organisations and employees. Even if home working has been supported for some time, there may suddenly be more people working from home than usual, some of whom may not have done it before.
The NCSC has outlined recommended steps for organisations in:
- Preparing for home working
- Setting up new accounts and accesses
- Controlling access to corporate systems
- Helping staff to look after devices
- Reducing the risk from removable media
Within the guidance there is advice on dealing with suspicious emails, as evidence emerges that criminals are exploiting the coronavirus online by sending phishing emails that try and trick users into clicking on a bad link. If clicked, these links could lead to malware infection and loss of data like passwords. The scams may claim to have a 'cure' for the virus, offer a financial reward, or be encouraging you to donate. A direct link to this guidance can be found here.
The guidance offers advice on spotting those emails, as well as on how to respond in the event of falling victim to a scam.