Cybersecurity and remote working: One person's risk is another's opportunity
A home network may have less than state-of-the-art security.
The move last March to a prolonged period of working from home arising from Covid-19 restrictions has raised awareness in many companies of the greater need for increased cybersecurity.
Victor Timon, partner at Lewis Silkin, says there are security issues with home working.
“I’ve seen cases where companies have been scrambling to put in place work from home guidelines and checking their general insurance and cyber insurance policies to see if they're covered.
"We've had a number of requests to review existing guidelines since lockdown to see if they are ‘fit for purpose’ and in other cases we've had to start from scratch.”
With the country in the midst of a second lockdown, and a continued emphasis on remote and home working, it has become an area of greater criminal activity.
“One man's risk is another's opportunity," Victor says.
Interpol reports that Covid-19 has resulted in a significant target shift for cyber criminals from individuals and small businesses to major corporations, governments, and critical infrastructure.
“This of course is assisted by the possible weaknesses in home security, where criminals can find an easier route into corporate systems.
"Ireland is not immune from this and the massive growth in online shopping due to the closure of retail has exposed may more people to scams," Victor says.
Gardaí reported in June that online fraud increased by 55% and phishing complaints rose by 45% in the period March 1 to May 31, compared to the same time last year.
“Conversely, the Central Statistics Office has published figures showing that the number of burglaries in Ireland dropped by 52.8% between March and June, so maybe those folks have newly ‘invested’ in laptops,” he says.
That cybercrime threats continue to grow and become more sophisticated is not unique to Ireland — with Covid-19 having multiplied the opportunities.
“For corporates and other large public and private organisations, these include where attackers seek to gain access to official business email addresses which they then use to engineer fraudulent payments or data theft.
"Disruptive malware is also on the increase and in particular against critical infrastructure and healthcare institutions, due to the potential for high impact and financial benefit," Victor explains.
For individuals, there has been a move away from traditional online scams and schemes, with criminals having moved to Covid-19 themed phishing emails, often impersonating government and health authorities.
In this way they hope to entice their prey into disclosing their personal data and downloading malware.
"However, despite all that, most security or data breaches that I am asked to advise on occur due to human error — the laptop left on the bus, or emailing the wrong person — that gets most firms in trouble.”
E-commerce continues to grow during lockdown, offering another area of opportunity for criminal activity.
Lockdown has brought a number of older and, in some cases less cyber aware, shoppers online. Some 80% of credit card fraud in Ireland happens when conducting business over the internet, though statistically we are half the European average.
“Activity highlighted by the Banking and Payments Federation of Ireland includes fake suppliers.
"These websites target businesses that urgently need a large supply of PPE."
Many Irish companies have increased their spending on cyber security, he says, especially so in the financial services sector where the CBI regularly monitors the compliance by regulated entities — banks, insurance companies etc — with its cyber security requirements.
“In a survey by the insurance firm Hiscox this year, of companies in the US, UK, Belgium, France, Germany, Spain, the Netherlands, and Ireland, this country topped the table for the percentage of companies expressing confidence in their IT and security readiness, at 70% and 66% respectively.
Irish companies are also most likely to have a standalone cyber insurance policy.
“That all seems encouraging, but I have certainly experienced firms in the SME bracket learning the importance of cyber security the hard way, who’ve come to us for help on data breaches, who’ve then had to try and close the barn door after the horse had bolted," Victor says.
Media influencers are becoming ever more prominent in consumer behaviour — another area of potential concern.
“Absolutely, the market here has expanded rapidly. In fact, a report by An Bord Bia shows that Irish brands are spending more on influencers than ever before — not surprising given the reckoned 2.3m Irish people who use social media.
"The problem is that they don't all realise that they are subject to the Advertising Standards Authority for Ireland code.”
He cites high profile instances in the UK, where, for example, Made In Chelsea stars were found to be in breach of that country’s advertising regime. Those complaints were mostly concerned with hidden advertising or influencers failing to disclose that they were being paid to promote products or that they were gifted them.
“Here, during 2019, the ASAI worked closely with influencers and bloggers, focused on the importance of transparency for brand reputation of both influencers and companies. This will continue to be a work in progress for some time to come, I believe.”
He adds that the platforms also have a role to play and indeed Instagram has pledged to do more to prevent hidden advertising on its website and App.
While cybercrime has become a reality of modern life, there is significant growth potential for greater employment in the cyber security and prevention sector for future Irish graduates.
One of the great success stories of the technology ecosystem in Ireland has been the proliferation of cyber security businesses, he says — think McAfee, Trustev, Symantec, and Sophos for examples of global firms that have located here.
“But also, there are many indigenous ones — like Tines, snapped up for €9.9m. If you look today on indeed.com you'll find, even in lockdown, about 140 cyber security jobs being advertised in Dublin alone.
"I've acted for a number of great Irish start-ups in this space.
To crown an already extremely challenging 2020, the prospect of Brexit arriving in just two months is another factor Irish business must contend with.
“I think it will be lot worse for companies in the UK than the remaining member states — including Ireland. The UK has to untangle itself from all the European IP registration offices that it would have taken for granted to give it EU wide IP protection.”
Irish businesses, with an existing European trademark or registered design, will be granted a new UK equivalent right at the end of the Transition Period.
“The trademark or design will then be treated as if it had been applied for and registered under UK law,” Victor says.
CONNECT WITH US TODAY
Be the first to know the latest news and updates
