The coronavirus crisis has forced millions of people to work from home, many for the first time. Many businesses have struggled to adapt their IT systems to enable remote access to data servers and specialist software that was never designed to use offsite.
As more employees began accessing confidential data through their home internet, companies have become even more exposed to hackers, and even those using a Virtual Private Network have felt the strain. Some businesses have been unable to perform routine IT maintenance and forensic tests, leaving them particularly exposed to cybercriminals seeking to take advantage.
Data breaches, computer viruses, or online shopping scams could prove extremely costly to your charity. Make sure your staff know the most recent risks and what they can do to avoid them and keep your organisation and its people safe.
Bogus news bulletins
Every day we are bombarded by updates on the pandemic, and while everyone tries to get their head around the Government’s latest advice, fake news is finding its way into our inboxes. The National Cyber Security Centre has warned of bogus emails claiming to have coronavirus updates, but containing links that, once clicked, infect the user’s device with a virus. Other emails offer paid access to a map of local COVID-19 cases, but provide no such thing and simply steal your money or bank details. Do not open suspicious looking emails, and only get your news from legitimate sources.
You can check the legitimacy of a sender without opening the message by hovering the mouse over their name to see the email address, or right clicking on it and selecting “Forward” so it appears in the original message below. If the address is just jumbled letters and numbers, it’s probably fake, but if you are simply suspicious, report and delete it.
Devils in disguise
Cybercriminals have been operating undercover, using respected organisations such as the World Health Organisation (WHO) as their disguise. They have been sending emails and text messages, making phone calls, and setting up fake websites under the guise of the WHO in order to steal money or sensitive data.
The WHO have clarified on their site that they will never:
- ask for your username or password;
- email attachments you did not ask for;
- send links to sites outside www.who.int;
- charge money for job applications, conference registration or hotel reservations; or
- conduct lotteries or offer prizes and grants via email.
So, no matter how urgent a request seems, do not rush into any action without running a background check. You may also wish to email your donors and stakeholders warning them of this trend, in case a scammer sends a request for money in the name of your charity.
Health service hackers
Despite the monumental work the NHS and medical research centres have been doing to treat people affected by the coronavirus, hospitals and labs have been a prime target for cyberattacks. These are mostly ransomware attacks, whereby the hacker steals and encrypts medical data and demands money to get it back. This is a dangerous distraction from the crucial work of our doctors and nurses.
If your charity is connected to any medical institution or is focussed on fighting disease, your data could also be at risk. As ever, urge your employees not to open suspicious emails.
Dodgy online deals
The surge in demand for hygiene products and protective equipment, such as hand sanitiser and facemasks, provided another opportunity for scammers to set up fake online shops that either take money and send nothing, or send out unsafe imitation items. More concerningly, by working together on the dark web, cybercriminals are exploiting COVID-19 anxiety to sell products containing dangerous or banned ingredients. Only buy equipment from verified, trusted sites, and if an offer seems too good to be true, it probably is.
At Unity, we understand how the charity sector has suffered during these uncertain times, and the last thing any organisation needs to deal with now is the financial fallout of a cyberattack. If you would like to know more about what Cyber Liability Insurance can cover, give one of our experts at Unity a call on 0345 040 7731 and we’d be happy to talk things through.