Cybersecurity a must as scammers spread infection

While Coronavirus threatens the health of people around the world, computer hackers have launched a series of attacks threatening our cybersecurity too. Coronavirus-themed scams have been reported, with hackers taking advantage of public fear associated with the virus, and workers’ decreased security due to working from home, to access personal data on victims’ computers.

Know the Symptoms

Cyber-criminals have become creative in capitalising on Coronavirus to corrupt users’ computers, so knowing the signs of a potential attack is key. Many attempts take advantage of users’ increased interest in finding information about the virus and what they can do to protect themselves. Some recent examples include:

• phishing emails which contain attachments claiming to offer Coronavirus safety information, that install destructive files on users’ devices when downloaded;
  
  
• phishing emails which appear to have come from trusted advisors such as government departments and health authorities, with links that take users to generic looking Microsoft login pages and ask them to enter their user credentials; and
  
  
• websites which lure users in with Coronavirus-related domain names and then encourage them to click on malicious links or download unsafe documents.

Prevent the Spread

We recommend providing comprehensive staff training on how to recognise these potential threats, and how to respond if one arises. This will be particularly important if the situation escalates so that more employees are working from home, sometimes without access to secure networks and on devices with weaker security settings. Those devices might lack the data encryption, firewall and web-filtering measures that many workplaces use.

Strategies that employees can use to identify cyber-threats include:

• checking the URL of websites they access for incorrect spelling or unusual domain names;
  
  
• being cautious about emails or websites which encourage them to click on links to new pages; and
  
  
• monitoring email and website content for indicators that it may be illegitimate, including spelling or grammatical errors, incorrect language translations, and the use of low-resolution images or graphics.

Businesses can also take the following overarching measures to protect against a cyber-attack. We recommend:

• instituting a data breach response plan, which includes what might constitute a data breach, who should be notified, and how to respond to any media attention;

• mapping what data your business stores, its location, and how it flows from one place to the next;

• encrypting and de-identifying any data stored by the business if possible; and

• ensuring that your company privacy policy complies with the standards in the Privacy Act 1988 if the business collects and store data containing customer information.

For further information, please reach out to our team below.

This publication covers legal and technical issues in a general way. It is not designed to express opinions on specific cases. It is intended for information purposes only and should not be regarded as legal advice. Further advice should be obtained before taking action on any issue dealt with in this publication.