Cyber Crime in the Age of COVID-19

Planned Cover , 11 June 2020

As we all try to adapt to a changed world, cyber criminals are taking advantage of changes to our physical working conditions and day-to-day processes. Planned Cover takes a look at the issues around cybersecurity and offers tips on protecting your practice.

Stressful times for companies and individuals present opportunities for cyber criminals. The Australian Cyber Security Centre’s Scamwatch has reported an increase in COVID-19 themed SMS, email campaigns and other cyber-related scams since March 2020, with over 1,100 reports about COVID-19 scams, and almost $130,000 in losses reported. The ACSC has also received more than 115 cybercrime and cyber security incident reports from individuals and businesses. These figures, however, only capture the incidents that have been reported – it is believed that the numbers of cyber victims are actually far greater.

Some of the most common cyber scams include:

  • Phishing (when a target is contacted by email or text by someone posing as a legitimate institution to lure people into providing information) and spear phishing (using social engineering to impersonate a trusted senior executive contact to obtain information).
  • Social engineering is ‘hacking humans’ by deceiving them into paying fake invoices or handing over confidential information. Working from home means that we don’t have physical access to staff or management, therefore individuals can be psychologically manipulated online because of their desire to be helpful and their attitude to authority and getting the job done. The Insurance industry in general is seeing an increase in claims related to social engineering scams involving fake CEOs or other senior managers.
  • Credential stuffing’ is a trending method of hacking that uses stolen credentials to mount large-scale automated login requests. Given that so many people reuse the same passwords across multiple devices, credential stuffing can be a successful hacking process for criminals.

Risk mitigation

Cyber specialists will implement risk mitigation processes within your practices that include: encrypting data; having multiple backups on and off site; disconnecting backups from the network once completed; having business continuity and disaster recovery plans in place which are tested often; and to consider third parties that have access to your network.

If an interconnected third party is hacked, criminals may be able to walk straight into your system. What are your corporate crown jewels? Where are they stored? How secure are they?

It is paramount that practices review their cyber processes and implement robust risk management programs to reduce the likelihood of a cyber incident.

Protecting your business

Cyber insurance is designed to protect a business when its IT security, policies and procedures fail to stop an attack.

Cyber insurance can provide a cyber policy that gives insured businesses and individuals 24/7/365 access to an Australian-based response team of experts, such as forensics investigators, public relations / crisis management consultants and privacy lawyers who understand the importance of immediately mitigating potential threats to insured businesses.

A cyber insurance policy should be part of every successful business’s risk management framework. It will assist with recovering from hack attacks or data breach incidents including notifying a data breach under the Notifiable Data Breaches (NDB) Scheme which every practice over $3,000,000 in revenue must comply with.

It is now even more critical to assess your cyber security and understand whether you are protected. It is an ever-changing world we’re living in and this requires an up-to-date response to potential threats.

As the ACA preferred partner in the insurance sector, Planned Cover will review your insurance requirements and assist with the implementation of a risk mitigation program for your practice.

Planned Cover is an ACA National Principal Partner.