Remaining vigilant: Fraud and cyber prevention
26 March 2020
09 June 2020
How to avoid becoming the victim of fraud or a cyber attack because of COVID-19.
As many of us are still adjusting to working remotely, unfortunately there are opportunists who are taking advantage of the situation. There has been a reported increase in fraud and cyber crime, which means we all need to be extra vigilant.
Now that more people are working from home, reports of scam callers and phishing emails are on the rise. Criminals posing as banks and health organisations have been telephoning people, trying to trick them into sharing personal data.
The World Health Organisation (WHO) have warned about fraudulent emails sent by criminals posing as the WHO. This follows similar warnings about scammers spreading phishing 'clickbait' via email and social media, as well as the rise of fraudulent websites created selling fake antiviral equipment.
These scams are taking advantage of catching people off-guard as well as preying on vulnerable people by taking advantage of their fear and uncertainty because of the coronavirus. Therefore, it’s important to treat these telephone calls and suspicious emails as cynically as you would any other.
The Financial Conduct Authority have provided some advice on how to spot and action fraudulent activity:
- Reject offers that come out of the blue.
- Beware of adverts on social media channels and paid for/sponsored adverts online.
- Use the FCA Register and Warning List to check who you are dealing with.
- Do not click links or open emails from senders you don't already know.
- Avoid being rushed or pressured into making a decision.
- If a firm calls you unexpectedly, use the contact details on the Register to check that you’re dealing with the genuine firm.
- Not give out personal details (bank details, address, existing insurance/pensions/investment details).
- If you suspect a scam, call Action Fraud straight away on 0300 123 2040.
Similarly, it’s also important to maintain good cyber security. With many people working from personal devices, security controls may not be as strong as those within the office. Accessing databases and servers remotely may also create vulnerable entry points that could be easily hacked.
The National Cyber Security Centre (NCSC) have published guidance on how organisations with an increase in home-workers can spot coronavirus (COVID-19) scam emails. Their general recommendations on how to support secure home working include:
- Remote users may need to use different software (or use familiar applications in a different way) compared to what they do when in the office. You should produce written guides for these features, and test that the software works as described.
- Depending on the experience of your staff (and the applications you provide), you should consider producing a series of 'How do I?' guides. For example, you might produce a 'How to log into and use an online collaboration tool'.
- Staff are more likely to have their devices stolen (or lose them) when they are away from the office or home. Make sure devices encrypt data whilst at rest, which will protect data on the device if it is lost or stolen. Most modern devices have encryption built in, but encryption may still need to be turned on and configured.
- Fortunately, the majority of devices include tools that can be used to remotely lock access to the device, erase the data stored on it, or retrieve a backup of this data. You can use mobile device management software to set up devices with a standard configuration.
- Make sure staff know how to report any problems. This is especially important for security issues.
- Your staff might feel more exposed to cyber threats when working outside the office environment, so now is a great time for them to work through the NCSC's Top Tips for Staff e-learning package.
The Confederation of British Industry (CBI) have also addressed issues some organisations may have in maintaining good data protection:
- Data is at the heart of the fight against the spread of COVID19, helping scientists and officials make the analysis and decisions to keep us safer. However, some businesses are worried that their data protection practices might not meet their usual standards during the pandemic due to stretched resources and increased home working.
- The Information Commissioner’s Office (ICO – the data regulator) are keen to stress that they understand these exceptionable circumstances. They have updated their guidance and have a hotline to help firms navigate tricky questions.
- The data regulator, the Information Commissioner’s Office (ICO) Data protection and coronavirus: what you need to know, contains answers to FAQs (including for healthcare companies).
- For further help if your questions aren’t answered on the FAQ page, businesses can call the ICO hotline (0303 123 1113).
This document is believed to be accurate but is not intended as a basis of knowledge upon which advice can be given. Neither the author (personal or corporate), the CII group, local institute or Society, or any of the officers or employees of those organisations accept any responsibility for any loss occasioned to any person acting or refraining from action as a result of the data or opinions included in this material. Opinions expressed are those of the author or authors and not necessarily those of the CII group, local institutes, or Societies.