Cybercriminals victimised NHS workers during COVID-19 lockdown

Cybercriminals victimised NHS workers during COVID-19 lockdown

During the height of the COVID-19 pandemic in March and April, the UK’s NHS received almost 30,000 malicious emails. Already an inordinate number of cases, the most worrying part is that this figure only reflects the ones that were reported.

According to a report by Computer Weekly, the most alarming attacks concerned payroll; NHS staff were lured to click on links to verify information and receive their salaries. This information sounds scary, and yet it’s only a drop in the ocean as to what could come in the following months as cyberattacks become more sophisticated.

The UK’s own National Cyber Security Centre (NCSC) has since advised all staff working in healthcare organisations to change passwords regularly and recommended the implementation of multi-factor authentication to reduce risk.

The rise in cybercrime

While the actual numbers may have tapered off as the pandemic progressed, having security breaches early on can cause irrevocable damage to a company and its reputation. An organisation the size of the NHS isn’t just going to shut down overnight, but smaller companies may suffer fates as serious as closing their doors for good.

Loss or breach of data can permanently damage a business’ reputation and the cost of recovery in this situation can be dire. From attacks as common as phishing emails, to threats a little more complex like denial-of-service attacks, businesses and employees need to be aware of the risks and how to prevent them.

Here are some of the common threat avenues:

  • Phishing

Phishing emails look and sound like they are from a trusted source but trick the user into divulging sensitive information.

  • Malware

If someone clicks a link in a spam email prompting them to install or run something on their PC, they will be subjected to malware. Malware can cause extensive damage to a computer, server or network, spreading viruses, worms, Trojan horses and other types of vicious software.

  • Password attacks

Security experts will always advise regular password changes; this is because people generally fail to create strong passwords or are emotionally tied to the words they use. Hackers are sophisticated when it comes to password identification, using AI to crack log-in details.

  • Denial of Service (DDoS)

These kinds of cyber-attacks hurt businesses by flooding the target web servers with requests. This prevents authorised users from connecting and can shut their systems down.

Protecting your business

To get to grips with protecting your business, whether you’re an SMB or an enterprise, you need to first understand the importance of healthy cybersecurity. The next step it to embed security properly within the business, which can be done by:

  • Adapting the company mindset and culture

Every business should focus on security at a strategic level. Evolving your cybersecurity isn’t just about implementing a series of actions though; it’s important that senior leaders ensure that security is considered as part of the culture and mindset.

  • Implementing the right solutions

We can talk you through what the right solution looks like for your business and what products can make up that solution. It’s important that the solutions are trusted and offer advanced features, with proven success.

  • Providing the right training

Human error is responsible for 90% of cyber breaches, but lack of awareness is not the fault of the employee. Businesses need to invest time and effort into ensuring their employees and educated about the risks and what to do about them.