It's not surprising: in the face of this global pandemic, home internet activity has risen at an unparalleled rate. Since government-mandated quarantines took effect, remote working has become the new 'norm' and we have turned to video communication, digital classroom use, online shopping, streaming and gaming to meet our family's everyday needs. But with greater internet use comes greater risk.
Increasing internet use and an ever-expanding digital footprint expose your personal data and privacy to potential cyber-attack. Forbes estimates that home internet usage has increased by up to 70 per cent, and an MIT Technology Review cites that COVID-19 is driving the most rapid expansion of the Internet in decades.1 Cyber criminals have even unearthed old scams and repackaged them for the COVID age to lure vulnerable users, with common attacks involving impersonation of the World Health Organization (WHO), the Centers for Disease Control and Prevention (CDC), and US Government stimulus programs amongst others. Google alone states that they block an average of 18 million phishing and malware emails a day related to COVID-19 as of April 2020, and closer to 100 million phishing emails in total.2
The cost to consumers
Cyber criminals continue to be motivated by the significant profits they reap when their attacks are successful. According to the Federal Trade Commission, US consumers have already lost USD25 million to 'COVID-19 themed' fraud and identity theft incidents through May 2020.3 And these figures will likely continue to increase. Consider the FBI's Internet Crimes Report which recorded USD3.5 billion in losses to cyber-crime in 2019 alone.4 Wealthy individuals and those in high profile industries are at a higher risk of fraud and identify theft due to the prominence of their online profiles, frequent international travel, highly digitized home environments, and the broad network of service providers that provide assistance to them and their families. A study by Camden Wealth and Schillings identified that 28 per cent of family offices in 2018 were victims of cyber-attacks, a number expected to have risen in 2019.5
The cost to businesses
Businesses also remain frequent targets of cyber criminals, and for them, the costs of recovery can be staggering. IBM estimates that globally, data breaches alone cost companies an average of nearly USD4 million in 2019. In the U.S. the average cost was more than double that, at USD8.19 million.6 According to Coveware, a ransomware negotiation and remediation firm, high ransoms pushed the average ransom payment in Q4 2019 to USD84,116, doubling the prior year's average. The global research firm Cybersecurity Ventures estimates that annual global cyber-crime costs could reach USD6 trillion by 2021 — representing a figure more profitable than the combined global trade of all major illegal drugs.7
Top 10 Tips
Making cybersecurity a top priority
You can take steps to help safeguard your reputation, personal data, and privacy.
Here are our top 10 tips to follow, both on and off the internet:
1. Wi-Fi Safety
Home Wi-Fi networks with weak, unchanged or reused passwords are continuously under threat. Make them strong, and change them periodically. Public Wi-Fi and unsecured private networks like those you see in airports and hotels for example, are vulnerable and frequently targeted — it's best not to use them.
2. Children and Online Education
Where children have had to rely on their own computers for educational purposes, they may be running them without the latest software installed or without having been scanned for malware or viruses. Also, not all security software provides an unbreakable stronghold; it's best to use verified and official software to enhance security measures, such as a VPN connection to classified servers or encrypted FTP SharePoint.
3. Password Managers and 2FA
It can be difficult to juggle so many passwords in the name of safety — consider a password generator and manager to keep track, and turn on two-step verification (2FA) for every available platform you use. Using additional security questions for your accounts helps prevent fraudsters from impersonating you in a log-in attempt.
4. Video Communication
The communication platforms we are relying on more than ever are in high demand, and are vulnerable to malicious attacks. Some are safer than others; try to use platforms that offer password protection to keep communications private and prevent intruders.
5. Monitor Accounts and Set Up Alerts
Keep a close eye on your accounts and portfolios. It's useful to set up a real-time dashboard that can actively monitor your information and alert you to any unusual transactions.
6. Use Encrypted Email
Consider purchasing or upgrading to an encrypted email system. This will help to prevent data leakage from your email communications and may offer other features to block phishing attempts and malware attachments.
7. Avoid Emailing Highly Sensitive Information
As suggested above, email is not the most secure form of communication for especially sensitive transactions that involve bank or investment account details.
8. Be Wary of Urgent Requests
Don't fall prey to scammers. They use tactics that are designed to scare you and convince you that you have to act quickly on a threat or opportunity. Always check the source of the information first, whether that means calling your bank or other advisors to verify the request or determine if it's a scam. It's not likely your bank will change your account details at short notice or ask you to disclose your password or other details by email. Be wary of these kinds of communication and always verify account information or instructions in person or via phone, using your usual contact numbers.
9. Be Wary of Unexpected, Unfamiliar Opportunities
Scrutinize investment opportunities from unfamiliar sources, and be sure to vet and verify the authenticity of these opportunities. Even officiallooking email links can lead you to malicious or duplicate sites designed to harvest your personal details or dupe you into false investments.
10. Have a Recovery Plan
Back up your data regularly, and know in advance whether or not you would pay a ransomware demand if your personal information or data are hijacked. More often than not, stolen information is either deleted or otherwise irretrievable, even after paying the ransom.
Despite even the best intentions and practices, something can go wrong. Cyber criminals are constantly using new techniques and technologies to find vulnerabilities and stage their next attack. The best defense is being proactive using the tips above, backing up your data, and introducing additional security — such as a cyber insurance policy designed for individuals and families of significant wealth. To find out more about the kinds of insurance that are available within the industry, contact your Relationship Manager. At HSBC Private Banking‚ we are committed to helping you keep your data and your assets safe in every area of your digital life.