Cyber Crime and COVID-19

Cyber fraud costs UK businesses approximately £27 billion per year and can severely affect the brand and customer confidence of franchise networks. You may be aware that there has been a rise in cyber-crime during the current COVID-19 pandemic, with cyber-criminals using public interest in news and government support packages as a new means of infecting internal systems. In this blog, Goldstein Legal will explain these new attacks and offer guidance to help franchisors and franchisees mitigate such risks. While the below is specifically aimed at the franchising community, the information is also applicable to other business operations.

What does cyber fraud look like?

The primary method currently used to defraud unsuspecting businesses is the use of ‘phishing’ emails. It is estimated that almost half of all UK fraud cases arise from ‘phishing,’ while identity theft, the use of malware, and money laundering are also prevalent.

At is core, ‘phishing’ is the sending of emails whereby a cyber-criminal portrays themselves as a trustworthy individual seeking specific information or encouraging an action. While not always easy to identify, a fraudulent email will usually contain some, or all, of the following characteristics:

• Incorrect spelling and grammar
• Unrecognisable email address claiming to be from a familiar person
• An urgent action with the promise of a financial incentive
• A link or attachment that the sender is requesting be opened
• Time pressure

Franchisors and franchisees are especially encouraged to watch out for any unsolicited communication related to the COVID-19 outbreak. There have been ongoing reports of fake government headed emails being sent to multiple organisations encouraging the recipient to sign up for various Coronavirus support packages, including VAT suspension. Such emails have been reported to contain the request of immediate action by way of clinking a link incorporated within the email itself. Upon doing so, the unsuspecting user is potentially exposing the system to malware or a similar form of attack.

How does it affect businesses?

Fraud can have a devastating effect on a business, both internally and through the perception of clients and customers. A defrauded company may experience some, or all, of the following consequences of an activated ‘phishing’ email, depending on the scale of the fraud:

• Theft of customer or other confidential data
• Theft of funds or fraudulent transactions
• A malware virus infection
• A reduction in brand value
• Loss of clients and customers who are concerned about future attacks
• Expensive measures needed to rectify the issue

What steps can I take to help prevent this?

It is imperative the franchisors and their franchisees have robust training, reporting, and IT support programs in place to help minimise the threat of cyber-crime. In the current climate, the move to home working has also contributed to the rise of attacks as employees are effectively working in isolation. Accordingly, businesses should:

• Review their cyber-crime training, and offer a refresher to employees
• Draft a working from home policy that incorporates cyber-crime
• Develop and communicate a step by step action plan for employees that details how to report suspicious emails and other activity
• Ensure that all anti-virus software is up to date
• Seek expert IT support

In general, businesses should regularly encourage employee vigilance to combat cyber-attacks.  Each employee is equally likely to be targeted in a company where every worker has an email profile. This is particularly pertinent given the current threat of increased ‘phishing’ in relation to COVID-19.