Rely on the most comprehensive, up-to-date legal content designed and curated by lawyers for lawyers
Work faster and smarter to improve your drafting productivity without increasing risk
Accelerate the creation and use of high quality and trusted legal documents and forms
Streamline how you manage your legal business with proven tools and processes
Manage risk and compliance in your organisation to reduce your risk profile
Stay up to date and informed with insights from our trusted experts, news and information sources
Access the best content in the industry, effortlessly — confident that your news is trustworthy and up to date.
Find up-to-date guidance on points of law and then easily pull up sources to support your advice with Lexis PSL
With over 30 practice areas, we have all bases covered. Find out how we can help
Our trusted tax intelligence solutions, highly-regarded exam training and education materials help guide and tutor Tax professionals
Regulatory, business information and analytics solutions that help professionals make better decisions
A leading provider of software platforms for professional services firms
In-depth analysis, commentary and practical information to help you protect your business
LexisNexis Blogs shed light on topics affecting the legal profession and the issues you're facing
Legal professionals trust us to help navigate change. Find out how we help ensure they exceed expectations
Lex Chat is a LexisNexis current affairs podcast sharing insights on topics for the legal profession
Discuss the latest legal developments, ask questions, and share best practice with other LexisPSL subscribers
UK Finance says coronavirus has fuelled spike in impersonation scams, LNB News 16/09/2020 39
UK Finance is urging people to be aware of criminals exploiting coronavirus to target their victims, after figures revealed a sharp rise in impersonation scams in the first half of 2020. According to the trade association, almost 15,000 impersonation scam cases were reported in the first half of 2020, up 84% compared to the same period in 2019.
Without doubt, the pandemic has accelerated digitisation and, as a consequence, created opportunities that cybercriminals can use to their advantage.
The global pandemic forced us to reinvent the way we work and live. During the lockdown, we all turned to the internet for a sense of normality: shopping, working and learning online at a scale never seen before. Traditional, paper-heavy industries were forced hastily into the digital world. Sectors that were holding on to the old-fashioned ways of working with pen and paper were made to rethink. It meant that most started using systems and networks that had been secured as an afterthought rather than after in-depth planning.
Running parallel to this, the government’s support and intervention programmes (which were put together with more emphasis on ease of access and speed, rather than security) offered a raft of opportunities, both for direct fraud and for impersonation. Then came the targeting of those whose jobs have gone or are at risk.
The combination, regrettably, led to a rapid evolution of opportunities for the cybercriminals to exploit. So much so that in May 2020, in one of the government’s daily briefings, Home Secretary, Dominic Rabb, gave a stark warning to the risk faced by cyber criminals saying:
‘There will always be some who seek to exploit a crisis for their own criminal and hostile ends. We know that cyber criminals, and other malicious groups are targeting individuals, businesses, and other organisations by deploying COVID-19 related scams and phishing emails.’
In these extraordinary times, the goal is surely to ‘stay safe’ but also to ‘stay cybersafe’, particularly as in these exceptional times the internet is providing so many of us with access to the world and the means by which our businesses can hope to survive.
An INTERPOL assessment of the impact of pandemic on cybercrime has shown a significant target shift from individuals and small businesses to major corporations, governments and critical infrastructure.
With organisations and businesses having to rapidly deploy remote systems and networks to support staff working from home, criminals are taking advantage of increased security vulnerabilities to steal data, generate profits and cause disruption.
In one four-month period (January 2020 to April 2020) some 907,000 spam messages, 737 incidents related to malware and 48,000 malicious URLs (all related to pandemic) were detected by one of INTERPOL’s private sector partners. During the same period, Action Fraud reported that 18.5% of all fraudulent emails were directly pandemic-related. In contrast, there was a 32% reduction in total crime during April 2020 and May 2020, compared with a two-month average in the pre-lockdown period.
Despite this increase in reporting of cybercrimes, we know that the percentage of prosecutions will be considerably less. We have not yet seen 2019 figures but, in 2018, of the 17,900 incidents of computer hacking reported in the UK, there were only 65 prosecutions; a prosecution rate of under 1%. This reflects the scale of the problems faced by the authorities in tackling cybercrime when perpetrators are difficult to identify and pursue.
The top of the cybersecurity agenda in the aftermath of coronavirus is how to work safer at home. So many staff now work from home. This is a change that is likely to stick and many businesses must recognise the vulnerabilities that exist in this situation. There is likely to be a distinct lack of security awareness among staff and it is possible that many will have adopted an ‘out of sight, out of mind’ attitude; having deviated from their usual office ways of working where they were under the watchful eye of compliance officers.
It is likely that the early months of lockdown were dealt with flexibly regarding compliance, as employers had little time to prepare for the pandemic’s effects. The risks that businesses face, therefore, are not only external ones—there are very real insider threats posed by employees working from home and making mistakes. Looking into the future, there needs to be ongoing and robust employee training and awareness raising about cyber risks for all staff who work away from the office.
If the 2008 financial crisis is anything to go by, we can expect a focus on financial institutions having to account for any failures and regulatory breaches. Following the 2008 crash, we saw decisions made by firms come under close review, with record-breaking fines and stringent remediation programmes ordered by regulators. Financial institutions, therefore, must ensure that decisions made and conduct taken throughout the crisis can be supported by documentary evidence and stand up to scrutiny.
There is also a regulatory risk with regard to those who fall victim to cybercrime. Businesses suffering cyberattacks may be vulnerable to legal or regulatory penalties. For any cyberattack that affects a business, it must be considered whether that business has a legal or regulatory obligation to inform the relevant regulator and/or the Information Commissioner’s Office (where any personal data has been accessed or obtained).
With so many working from home, there are also issues related to General Data Protect Regulation, Regulation (EU) 2016/679 and the potential for data being transferred outside of the European Economic Area.
As discussed above, compliance was handled flexibly by employers at the start of lockdown. But it should be remembered that regulators did not formally relax their expectations or requirements. Firms should, therefore, be ready and able to explain their decisions and actions (and refer to supporting documentation) in relation to any temporary solutions regarding regulatory compliance. Regulators will be very interested in whether cybersecurity policies that firms have implemented are robust and effective.
Interviewed by Pietra Asprou.
Free trials are only available to individuals based in the UK
* denotes a required field
Access this article and thousands of others like it free by subscribing to our blog.
Read full article
Already a subscriber? Login
0330 161 1234