By Aman Johal, lawyer and director of Your Lawyers
One of the unexpected outcomes of the two UK lockdowns was the rise in community spirit.
In April, online conversations using the words ‘community spirit’ reportedly increased by more than 82%, and who could forget the spirit of thanks that swept the nation in the early months of the pandemic, culminating in the clap for carers which dominated UK doorsteps on a Thursday night for ten-weeks up until the end of May?
Unfortunately, the need for working remotely presented an opportunity for cybercriminals to exploit. Alongside the rise in community spirit, we also saw an explosion of cyberattacks, particularly during the initial stages of the COVID-19 pandemic.
Impact of COVID-19 on cybersecurity
According to OpSec’s Annual Customer Barometer survey, 86% of consumers this year have been victims of either identity theft, credit card fraud, or a data breach – a 6% increase compared to 2019.
Similarly, web application attacks have reportedly increased by over 800% this year and, in April, phishing scams had reportedly risen by 667% in the US alone.
Part of this is likely down to the first lockdown and the sudden need for businesses to migrate their employees to home-based working solutions. The rapid shift from office to home working in March forced business leaders into quick decisions like bulk buying laptops for staff; potentially leading to the absence of security considerations which would usually be standard practice.
As a result, many businesses left themselves vulnerable to cyberattacks, and there can be little surprise that COVID-19 specific fraud cases were said to have increased by 400% in March.
Although the UK only finished its second lockdown at the start of December, speculation has already begun about a third lockdown, particularly as we are set to see a relaxation of restrictions over Christmas. And, with this in mind, businesses cannot allow history to repeat itself for a third time and everyone must prepare for any weaknesses that may appear in their cyber defences as a result of another lockdown.
How employers can prepare for a third lockdown
Employers must work proactively with employees to prevent data breaches from happening. Cybersecurity software is a necessity, especially as many businesses have purchased pre-used laptops to speed up and cheapen the transition to home working. Everyone using technology for remote working must be able to benefit from the high level of security expected in an office, and they must be trained and aware of how to protect themselves and their employers.
Secure connections to workplace servers and systems are a must. Any device that is being used for accessing information and systems must have the same high level of security used elsewhere.
Alongside this, employees can further bolster cybersecurity efforts by using two-factor authentication on devices and having strong passwords for each account. This should be strongly enforced by an organisation – it’s staggering that, in a world with such vast cybersecurity threats, the two most popular passwords are still 123456 and 123456789.
The financial costs of a data breach
Although businesses may consider that they have other priorities above cybersecurity right now, they must understand the risks posed by a data breach.
Not only are data breaches damaging to reputations, but they can also be financially ruinous, which is a particular consideration for businesses that have already taken a hit from COVID-19.
Take Virgin Media, for example. The telecommunications giant disclosed a data breach in March that affected approximately 900,000 people, with names, phone numbers, email addresses and, in some cases, details about contracts, being left unprotected for roughly ten months on an unsecured database.
In accordance with the GDPR, companies may be fined up to 4% of their annual turnover when consumers’ privacy rights are breached. As a result of this and their lax approach to cybersecurity, Virgin Media could be set to pay up to £4.5bn in compensation claims.
At a time when global economic fortunes are on a downward trajectory, businesses cannot afford to do cybersecurity on the cheap and leave themselves vulnerable to a data breach.
Although we are out of the second lockdown, a third one may well be on the horizon, and business leaders must take the necessary steps to protect their data while employees are working from home.
If they don’t, they could be facing a sizeable fine from which recovery may be incredibly hard or, in the worst-case scenario, impossible.