Cybersecurity: Has COVID-19 Made Us More Vulnerable To Data Breaches?

Cybersecurity may not have been seen as a priority in 2020, with many grappling with the health, economic and social consequences of the COVID-19 pandemic.

While the nation has been distracted, cybercriminals have continued unabated and have seized the opportunity that the pandemic presented them with, targeting everything from government bodies to healthcare providers.
 

Significant data breaches in 2020

 
2020 has been another year of data breaches. One of the major ones revealed at the start of last year was the Virgin Media data breach, where 900,000 people’s private information was exposed due to an incorrectly configured database.

The data – which was left accessible for ten months from April 2019 to February 2020 – included full names, email addresses, dates of birth, telephone numbers and, in some cases, customer requests to unblock or block explicit websites. Your Lawyers estimates that affected customers could potentially receive an average of £5,000 in compensation each for emotional distress alone.

Another major breach, owing to the sheer scale of it, was the EasyJet cyberattack revealed in May 2020. The airline admitted that a “highly sophisticated cyber-attack” had affected approximately nine million customers. Although the airline stressed that most customers had email addresses and personal details exposed, 2,208 customers are understood to have had their credit and debit card details “accessed” by hackers as well.

A similar breach that took place in 2018 affected some half a million customers: the British Airways cyberattack. Your Lawyers estimates that compensation payments could total up to £3 billion, based on an average estimated claim of £6,000 per Claimant.
 

 

The impact of COVID-19 on cybersecurity

 
As a large swathe of the population shifted to working from home in response to the pandemic, cybercriminals also pivoted.

According to OpSec’s Annual Customer Barometer survey, 86% of consumers last year have been victims of either identity theft, credit card fraud, or a data breach – a 6% increase compared to 2019. Further, web application attacks reportedly increased by over 800% last year and, in March 2020, COVID-19 specific fraud cases are understood to have caused an increase of 400%.

Part of this spike in cyberattacks could be explained by businesses rushing to implement home-working and remote working protocols in the early part of last year. As the pandemic rapidly swept across the UK, some businesses invested in second-hand equipment, like laptops, without ensuring adequate protection. The need to implement adequate cybersecurity and data protection training fell short in some cases.

As a result of the rush to adapt to working from home, there were businesses that failed to establish secure connections to workplace servers and failed to implement even basic security measures like two-factor authentication on devices. These shortfalls can all leave organisations and employees vulnerable to data breaches.
 

Preparation for 2021

 
As we start the new year, businesses must take cybersecurity more seriously and be better prepared, especially now that we are back in a national lockdown and many employees will be working from home.

With the new strain of COVID-19 sweeping across the country, there is no established end date for the latest national lockdown. Businesses must ensure that they have the procedures in place to protect themselves from cybercriminals who can – and will – take advantage of the disruption.

In 2021, businesses must stop treating cybersecurity as an afterthought and start being more proactive in their approach. They need to take all the steps necessary to prevent a potentially calamitous and financially disastrous cyberattack. This means that conversations must take place at every level of a business, from the foundations to the boardroom. Businesses must be prepared for a disruptive start to 2021, and anyone on the back foot could be at serious risk of falling victim to a cyberattack.

 

Written by Aman Johal, Director and Lawyer at Your Lawyers

Aman Johal