COVID-19 Security Scams and How to Avoid Them

Data breaches and cyber-attacks have become a new normal in many industries, Travel and Hospitality included, alongside the coronavirus pandemic. Andrew Sanders advises on the four most prominent areas organizations need to focus on to protect sensitive data.
9/06/20
ALL articles
By Andrew Sanders
Vice President Travel & Hospitality
Share
COVID-19 Security Scams and How to Avoid Them

It’s time to refocus your IT investments, but don’t neglect your organizations’ security

ALT: Sure, organizations need to be more selective than ever with their IT investments, but not at the expense of their security

EasyJet, the UK’s largest airline, disclosed in May it was the subject of a security breach that affected 9 million customers including full details of thousands of credit cards.

Interestingly, and maybe curiously, the airline became aware of the breach in January this year. They’ve now announced the perpetrators had access to customer data for nearly five months from October 17, 2019.  While it appears that lower IT expenditure associated with decreased revenues from the COVID-19 lockdown was not a cause here, organizations face challenges in re-focusing their IT expenditure as a result of the pandemic. The EasyJet example should be a warning that security remains an area that needs vigilance, perhaps now more than ever.  While many companies are facing financial issues, reputation loss can be even more costly for a business.

Indeed, data breaches have become a new normal alongside the coronavirus pandemic. Recommendations to change passwords after yet another cyber-attack are familiar to everyone as are recommendations to check temperatures and wash hands. Customers might avoid companies that are careless to personal information safety and don’t provide sufficient levels of data protection. 

EasyJet could be fined by the ICO (the UK’s independent authority for data privacy), in a similar fashion to British Airways in 2018. Not the best scenario for an airline company in the current situation. But at some point, businesses should realize that securing sensitive data is less costly than paying fines, dealing with lawsuits, and losing loyal customers.

Faced with reduced revenues, companies will cut costs, but with security they’re also cutting corners.  Often, they only see the value of good security after a major incident like this occurs.

Organizations have a duty to care for the data that’s been entrusted to them and should be testing their systems’ integrity now more than ever.  People are distracted by a very real virus going around the world.  As they work from home in potentially less secure environments than their normal work place, hackers and scams continue.  Your personal online security is important now more than ever.

From Small to Big: Personal Scams and Enterprise Threats

Personal scams offering purported government issued COVID-19 test kits, expedited stimulus checks and even fake charities and donation frauds are among the top scams spreading right now, but people should also not fall for emails falsely purporting that their Netflix accounts are due to expire unless they enter new credit card details. SMS/text messages are a particular concern as they are often perceived as a trusted source, but the FTC has recently felt it necessary to issue a warning about COVID-19 contact tracing text message scams.

Enterprise attacks are increasingly common using COVID-19 as a lure and cover Phishing scams and Malware distribution. Security and risk management leaders should instill this awareness among employees to mitigate risks and run mock-phishing campaigns.

We think security breaches and scams will be on the rise this year as a result of work-from-home due to COVID-19 with reduced expenditure on securing systems. Additionally, people may be more inclined to use their work-devices -- now on home networks -- for personal use like banking.

Organizations need to take care of four key issues:

1. Password security: ensuring the integrity of password systems and access levels and forcing periodic changes with complex passwords, helping avoid exposures like Boots experienced in March 2020.

2. Ensure integrity at their main business partners to avoid scams and back door exposures like at US retail giant Target in 2013 that exposed 100 million credit card records.

3. Conduct regular training for all personnel to raise awareness of social engineering attacks and record incidents of suspicious actions, such as phishing emails and abnormal activity within the systems.

4. Use a trusted third party to regularly perform security testing on software and networks.

Companies that employ certified ethical hackers keep abreast of the latest techniques fraudulent actors use to invade systems and networks.  They then attempt to ‘break in’ but in an ethical way, and can help companies plug possible holes.  This is an expert service but one that can prove to be a sound investment for companies not wanting to expose their customer - or staff - data to unscrupulous attacks.

DataArt has a vast expertise in Cybersecurity. We focus on cutting edge industry solutions and apply effective methods to make sure our clients feel safe.

Sign Up for Updates!

Subscribe now to receive industry-related articles and updates

Choose industries of interest
Thank You for Joining!

You will receive regular updates based on your interests. No spam guaranteed

Add another email address
Read more
Enterprise Security

Protect your Business and your Reputation

Learn more
Sign Up for Updates!
Choose industries of interest
Thank You for Joining!

You will receive regular updates based on your interests. No spam guaranteed

Add another email address
Welcome
We are glad you found us
Please explore our services and find out how we can support your business goals.
Get in Touch