Issue link: https://maltatoday.uberflip.com/i/1238637
23.04.2020 6 OPINION George Mangion Watch out for cybercrime during COVID-19 pandemic George Mangion is a senior partner of an audit and consultancy firm, and has over 25 years experience in accounting, taxation, financial and consultancy services. His efforts have seen PKF being instrumental in establishing many companies in Malta and ensured PKF become one of the foremost professional financial service providers on the Island A cross the globe, we notice how COVID-19 infections have in- creased over the past month, (albeit in South Korea, one is noticing a drop in the number of infected cases) yet we've seen an unsettling trend of cy- bercriminals taking advantage of this pandemic by targeting small businesses through phishing emails. As most businessrs on lock down are relying on staff working remotely at homes, one regrets that the incidence of cyber crime is another unexpect- ed headache. Unfortunately, it is not common for small businesses to afford time and expertise to build a business continuity plan. is is a roadmap that help firms prevent and respond to cy- berattacks or breaches. e same types of thefts using deception encountered during the COVID-19 crisis have exist- ed before, but criminals have adapted their modi operandi to the current sit- uation. e number of attempts involving these types of thefts and scams is likely to increase in Malta. Ideally as a means to defend local firms, they can be ad- vised to engage a designated team of key personnel assigned to specific response roles to face such a breach scenario. e best line of defense in any phishing attempt is to educate staff, now mostly working online at home: to take steps to increase your employees' acumen in both recognizing and reporting phish- ing emails. Staff should avoid using emailed links as much as possible. e ability to conduct Incident re- sponse planning, including tabletop exercises, will help firms when such at- tacks occur. One may ask, is this a storm in a teacup? Not really watch how for instance, in the UK, phishing is becom- ing a common occurrence. One of the latest scams involve criminals asking for donations to help the National Health Service fight COVID-19, and total loss- es of those targeted had reached £1.6m as of the beginning of April. Typically, one reads about advice giv- en by security experts that cybercrim- inals are increasingly sending corona- virus-themed phishing emails designed to resemble reputable organizations such as the US Centers for Disease Con- trol (CDC) or the World Health Organ- ization (WHO). As can be expected, ransomware operators have escalated the targeting of hospitals. Some dark- net markets have become overcrowd- ed with listings for PPE products and fraudulent COVID-19 cures. One case involved the transfer of €6.6 million from a company to another company in Singapore to purchase al- cohol gels and masks. e goods were never received. In another case, an EU company attempted to purchase 3.85 million masks and lost €300,000. e pandemic has overnight created a par- ticularly high demand for certain types of healthcare and PPE products (masks, gloves, cleaning products, pharmaceu- tical products). ere is a risk that counterfeiters will use acute shortages in the supply of these goods to increasingly pro- vide counterfeit alternatives. is may include sub-standard or counterfeit foods, hygiene items and other every- day goods. is acute scarcity yields a fertile land for fraudsters to create a substantial market for product counter- feiters, fraudsters and profiteers. Some instances, such as the distribution of fake corona home testing kits, are par- ticularly worrying from a public health perspective. ere is no limit for a scammer's in- genuity on how to manipulate unprec- edented fears surrounding the virus to fleece victims at every possible oppor- tunity. e media has revealed how fraudsters are setting up fraudulent COVID charities, sadly, anything you can think of — cybercriminals can be quite creative. It comes as no surprise that fraudsters have been very quick to adapt well known fraud schemes to tar- get individual citizens, businesses and public organisations. ese include various types of adapt- ed versions of telephone fraud schemes, supply scams and decontamination scams. Fraud linked to the current pan- demic is likely highly profitable for the criminals involved as they attempt to capitalise on the anxieties and fears of victims throughout this crisis period. At this juncture, one may ask what is a phishing email? e answer is that it is a type of social engineering scam, that uses email or malicious websites to solicit personal information by posing as a trustworthy organization. Some phishing emails even offer health advice on how to protect yourself against the coronavirus from counterfeit health- care professionals. is can be an ideal time for such criminals to play on the weakness of small firms and others to willingly do- nate funds to fake charities or even open up databases by malicious means. is is easily done. For example, by de- ceit one is encouraged to click a link in these fake emails which could potential- ly install malware on your computer, or land you on a phishing page where your credentials could be compromised. It looks dangerously easy at a time when staff are working from home and do not benefit from immediate IT ad- vice. Ideally, staff at home should be aware of such pitfalls. Experts tell us that the most effective response to a phishing attack should begin before any attack occurs. Most advise that if employees have access to sensitive data, they should be provided a com- pany-controlled and secured laptop, in- clusive of encrypted hard drives. While ideally everyone will have a se- cure laptop to work remotely, that may not be a financial reality for small firms. If you need to prioritize, focus on the high risk employees based on the sen- sitivity of the data they need to access. Try to limit the options for employees to save data out of secured locations to their own devices. Ensure you establish and communi- cate clear expectations of the work- from-home strategy. While the rush to secure jobs and making use of remote access to company data bases was the first priority, little regard was given to the risks the company will be exposed due to cyber crime. Experts tell us that if firms may not be able to implement full technical con- trols to manage risk, then the next step in the circumstances is to start training employees on how to work efficiently and securely. In conclusion, a severe pandemic has paralyzed global business in many sectors with potentially devas- tating consequences to human life and the operational stability of the economy.