By Legal Futures’ Associate Willis Towers Watson
Business continuity is a priority risk facing organisations following the outbreak of the Coronavirus Disease 2019 (COVID-19) globally, with cases likely to increase. The heightened awareness of COVID-19 has made many organisations assess, evaluate and enforce their business continuity programmes in order to mitigate the impact the virus may have on businesses, their staff and supply chains with travel restrictions, office closures and self-isolation.
As with all contingency planning, the key is to have measures in place to minimise any disruption to the business and the service provided to clients. Ineffective contingency planning may lead to operational failures and any significant disruption may result in a loss of revenue and clients which in turn may lead to financial instability. We have seen the impact COVID-19 has had on the global financial markets with stock markets suffering their worst losses since the global financial crisis of 2008.
The Law Society have provided some excellent advice and guidance on the support available. Detailed below are some further thoughts on managing cyber risks.
Criminals seek uncertainty to exploit security weaknesses and take advantage of them. As the uncertainty caused by COVID-19 continues to develop we will see more attempts by criminals to exploit any vulnerabilities.
There has been an increase in reported fraudulent criminal activity using COVID-19 as a pretense, especially in phishing attempts. The World Health Organization has issued a warning about imposters impersonating them in phishing attempts, and other organisations, and their customers, will undoubtedly become the target of such attacks.
Employees need to be more vigilant and aware than ever to identify and prevent these attacks in succeeding. Criminals will use the uncertainty surrounding the current situation to send emails that relate to the pandemic, changes to the working environment or changes to an ongoing transaction.
The usual checks and rules apply in these circumstances,
- Do not open emails from unknown senders
- Do not click on links in unexpected emails. Go to the website of that organisation and access the information there
- If you have any doubts over the legitimacy of the email delete it
- If you need to then contact the sender through a different means, a phone number that you have used previously for example
As the restrictions on travel increase then working from home is more likely and staff who are isolated are in turn increasingly exposed to the threats and risks of cyber-crime. Previous scams including change of payment details, email from the CEO or manager urging payment quickly and other general phishing scams are likely to increase.
Ensuring that your staff are aware of how business will continue, what procedures are in place to make legitimate payments, what to do if you receive a suspicious email and regular communication with colleagues will be invaluable in keeping your business secure during this time, and ensuring that when business does return to normality you are in the best place to benefit.