Speak to an expert
20th April, 2020
A huge number of malicious cyber criminals have exploited the COVID-19 pandemic with phishing scams.
In the UK, the National Cyber Security Centre (NCSC) has detected more UK government branded phishing scams relating to COVID-19 than any other subject. A surge in home working has increased the use of potentially vulnerable services, such as video conferencing, which in turn amplifies the threat to organisations across the board.
Throughout the pandemic, the UK’s National Cyber Security Centre (NCSC) and the US Department of Homeland Security (CISA) have both observed a large volume of phishing campaigns. This involves the use social engineering techniques to persuade potential victims to click on a link or open a file in order to harvest valuable credentials or to deploy malware to compromise devices.
Many have imitated trustworthy sources such as the National Health Service, World Health Organisation (WHO) and Government departments such as HMRC.
The NCSC’s phishing guidance for organisations on mitigating against phishing attacks is split into four layers:
This can be achieved through:
You are only as strong as your weakest link. The easiest way for a criminal to gain access to your data is through your people, even if you’ve got comprehensive cyber security measures in place.
Effective Cyber Awareness Training will help equip your team with the knowledge they require to prevent future cyber attacks.
Despite your best efforts, assume that your organisation will fall foul of a small percentage of phishing campaigns. Planning for this will minimise the damage caused to your organisation. It is important that you create a no-blame culture and a clear phishing incident reporting process.
Implement the following IT security controls:
The NCSC’s Cyber Essentials scheme has been designed to help organisations achieve and maintain these controls.
As is the case in many situations, the speed and effectiveness of the way respond to a phishing attack will also limit your exposure. It is imperative that you define and rehearse your incident response plan, including any legal requirements.
More details are available on NCSC’s website.
You can also find out more about protecting your organisation by visiting our Business Support Hub.
Get in touch with our expert consultants for straight-talking, jargon-free technical security advice.