NHS staff received almost 30,000 malicious emails as cybercriminals targeted NHS staff during lockdown. This was during the the height of the COVID-19 pandemic as the NHS was already under huge stress and pressure. Alarmingly, these figures only reflect the ones reported.
According to Computer Weekly, the worst attacks were directed as payroll. As a result of the malicious emails, NHS staff were lured to click on links to verify information. These emails were presented in a way that users would validate info in order to receive their salaries. As scary as this may sound, this is tiny when compared to what may happen in the following months. Cyberattacks become more sophisticated, and therefore making it more possible for users to fall victim.
Staff have been advised by the UK’s own National Cyber Security Centre (NCSC) to change passwords regularly. Another recommended step is for people to implement multi-factor authentication, in an effort to mitigate risk.
The rise in cybercrime
As the pandemic has progressed, the numbers have tapered off somewhat. Early security breaches can however cause irrevocable damage to a business and its reputation. Cybercriminals that targeted the NHS during lockdown may not cause it to shut down. On the opposite end of the spectrum, smaller more fragile businesses could well do.
A data breach or data loss caused by any situation can be very costly for an organisation. Regardless of the cause of attack, be it phishing or denial of service attacks, businesses need to be risk-aware. More importantly, the staff need to be aware of the risks and how to prevent them.
Here are some of the common threats:
Phishing
Phishing emails look and seem genuine, however they trick the user into divulging sensitive information.
Malware
Someone clicks a link in an email prompting them to install something on their PC, which subjects them to malware. Malware causes serious damage to a business environment including computer, server or network. Th malware could be spreading viruses, worms, Trojan horses and other types of vicious software.
Password attacks
Cheeky Munkey always advise regular password changes. The main reason is because people generally fail to create strong passwords. People can also be emotionally tied to words that they use, and often repeat them on multiple platforms. Hackers are sophisticated when it comes to password identification, even using AI to uncover info.
Denial of Service (DDoS)
This cyber attack is when hackers flood the target web servers with requests. This prevents real and authorised users from connecting and can shut their systems down.
Protect your business
Whether a large business or a start up, businesses need to do is understand and value healthy cybersecurity. After that, the next step it to implement proper security within the organisation, which is done by:
Adapt the current mindset and culture
Security should be understood and implemented at a strategic level. Evolving your cybersecurity isn’t just about implementing actions. Senior management involvement is critical to ensure that security is considered as part of the organisation culture.
Implement the right solutions
Cheeky Munkey have a 15 step security track so we can talk you through what the right solution looks like. We can also cover what products can make up that solution for your business. It is important that the solutions are trusted, manageable and offer advanced custom features. It is also important they have been met with proven success.
Provide the right training
It has been said that human error is responsible for around 90% of breaches. It is important to note though that lack of awareness is not solely down to the employee. Businesses need to invest time and effort in educating their employees about the risks, and what to do with them.
Interested in strengthening your business cyber security? Cheeky Munkey can take you through our 15 step guide to secure your business.
To book an appointment with our technical pre-sales to talk through the 15 steps, please get in touch.