The coronavirus has provided a perfect topic to use in cyber attacks: it impacts across the globe, it appeals to some basic universal human needs (food, security) and fears (illness, protecting loved ones); and there are lots of international brands, organisations and bodies involved whose identities criminals can adopt to trick people into passing financial details.
According to some estimates, coronavirus-linked scams have increased 667% since February. In the UK, moments after the Prime Minister announced live on television severe restrictions on movement, a scam email emerged pretending to be a well-known food delivery service with slots suddenly available in the next 24hrs. Human fears and reactions are being preyed upon.
The humanitarian and development sector has a less than perfect record on cyber security. In 2019, the UK’s National Cyber Security Centre stated that only 53% of organisations in our sector saw cyber as a priority, compared to 74% in other sectors. It’s fair to say that 1 in every 2 organisations in the sector do not have adequate cyber security measures.
The surge in staff working from home has reduced protections even further. Awareness raising measures and reminders on cyber security have been left in physical office space. Organisations have little control over individuals accessing corporate IT systems through personal devices, raising the risk that organisations may be attacked as well as individuals.
So what should the sector do about this risk?
1) Start with reminding staff working from home about the risks and provide some basic tips to help them protect themselves. We’ve provided a free basic guide here that you can share with staff.
2) There’s lots of good and free advice on the National Cyber Security Centre (NCSC) website: https://www.ncsc.gov.uk
3) And if you’re worried you might be in the 50% of organisations who don’t have adequate protection, speak to us.