While the coronavirus infection rate shows welcome signs of slowing down in the UK, the number of international cyber attacks on British organisations is soaring. Cybersecurity experts like our specialist investigative lawyer Clive Mackintosh are in much demand. We are currently advising a medical trials research business that has recently suffered a serious cyber attack, as well as a number of other businesses who have experienced similar.
The UK and US have issued a joint advisory confirming that cyber spying activity is on the rise and that criminals are hunting for intelligence about research on COVID-19. Analysis suggests that hackers are intent on disrupting the work of UK scientists researching a coronavirus vaccine. While no data is thought to have been stolen yet, the authorities believe it’s a matter of time before an international hacker breaches biomedical security.
Employees of healthcare and research organisations are also being targeted with sophisticated phishing emails. Some communication platforms will be particularly open to attack, given the recent nationwide shift to remote working and the new vulnerabilities that have resulted.
The UK’s National Cyber Security Centre recently reported on COVID-19 related password ‘spraying activity’, in which passwords are hacked by ‘brute-force’ attacks. It is becoming increasingly clear these tactics are being used to target healthcare operators in the UK. The fallout to affected firms is potentially very serious and could result in regulatory fines and legal action from patients whose data is compromised.
Our cybersecurity and investigative lawyer Clive Mackintosh offers this advice in this time of heightened risk to UK business:
‘I have worked in cybersecurity for more than three decades and I am really concerned about the nature of some of the attacks hitting vital UK organisations. The information security threat is at an all-time high, but there are measures you can take to reduce the risk of cyber crime affecting your organisation:
- Revisit your information security policy – or create one, if you haven’t already
- Ensure cybersecurity forms part of your governance framework
- Regularly test your internet and network security. Update your virus and firewall products
- Test security around remote working. Use a secure VPN and don’t allow staff to send or receive confidential information via their own home internet provider or free public wi-fi
- Keep employees up-to-date about the latest cyber threats, like phishing scams
- Review and test your disaster recovery plan and implement one, if you haven’t already
- Put in place a team of external or internal advisers such as cyber security lawyers, forensic experts and public relation advisers who can be engaged immediately in the event of a security incident
- Keep an up-to -date inventory of your information assets. You need to know what data you process, where the data is stored and in which systems and servers
For guidance on these points or any other cyber-security concerns you may have about your business, related to COVID-19 or otherwise, you can get in touch with me at Harper James.’