In response to the evolving cyber challenge in the post-COVID-19 landscape, Here James Allen, Chief Risk & Technology Officer for the Webhelp UK Region, considers the way that risk in customer service has evolved and reveals the steps Webhelp has taken to protect its clients and people, with a human centred approach to cyber security.

The humanitarian crisis brought by COVID-19 undoubtedly caused rapid and universal disruption to businesses across the global stage; impacting economies, and leaving some companies struggling to maintain business continuity, whilst increasingly vulnerable to unscrupulous cyber criminals.

In fact, the Council of Europe’s Cybercrime division has reported evidence of a substantial rise in malicious activity (specific to the topic of COVID-19) in areas like phishing, malware, ransomware, infrastructure attacks, targeting teleworking employees to gain system access, fraud schemes (fake medicines and goods), misinformation and fake news.

In July, Action Fraud, the UK’s national reporting centre for fraud and cybercrime, published that victims had already lost over £11 million to COVID-19 related scams.

Consequently, the pandemic has put an intense spotlight on personal cyber practices, especially as working from home (without proper measures) can create more risk than the traditional controlled office environment. Similarly, Tech Republic reported that, from phishing attacks to malware, 71% of security professionals have been recording increased security threats or attacks since the COVID-19 outbreak, and as a result many countries and companies have been spurred into rapid action.

In the UK more than 80 coronavirus-related phishing and scam websites were taken down in just one day after the UK’s National Cyber Security Centre (NCSC) asked for the public to report suspicious emails. Existing takedown services, in one month alone, removed more than 2,000 online scams related to coronavirus, including 471 fake online shops, 555 malware distribution sites, 200 phishing sites and 832 advance-fee frauds. NCSC chief executive officer Ciaran Martin believes that the rise in technology use is making online safety more critical, saying:

 “Technology is helping us cope with the coronavirus crisis and will play a role helping us out of it – but that means cybersecurity is more important than ever,”   Source: Zdnet.com

 And, according to PWC, 80% of UK CEOs are concerned about the risk of cyber threats to their business, it is the issue they are most worried about, above skills (79%) and the speed of technological change (75%).

Revealingly, just under half of UK CEOs (48.4%) have taken some action regarding their own personal digital behaviour, including deleting social media or requesting a company to delete their data.

This is a worrying trend, which was noticeable even prior to the current crisis, as (according to the U.S. Securities and Exchange Commission) 2019 saw a 350% increase in ransomware attacks, a 250% increase in spoofing or business email compromise (BEC) attacks and a 70% increase in spear-phishing attacks in companies overall.

Furthermore, the average cost of a cyber-data breach rose from $4.9 million in 2017 to $7.5 million in 2018. Likewise, worldwide spending on cyber security increased by over 20% during 2017-2019 ($101Bn – $124Bn) and inevitably these costs will continue to rise, but without addressing the human behaviours contributing to this trend, much of this investment could be wasted.

And behaviour change is the key, as research firm Proofpoint revealed that a staggering 99% of threats observed relied on human interaction like enabling a macro, opening a file, following a link, or opening a document – highlighting the role of social engineering in enabling successful attacks, and the importance of knowledge as the top factor for prevention.

A recent FirstData study revealed that 60% of individuals are currently concerned about online security, and feel the need to do more to protect themselves. But information on how to do this is clearly absent, as over a quarter of those asked were entirely uninformed about the subject.

We know that the pandemic has led to record numbers of individuals now working from home – often without prior knowledge and experience of safe remote working practices and the potential security risks.  And, this situation is complicated by the fact that too often companies publish complex security policies, which are difficult to understand for the regular user.

As a people-first company, Webhelp is committed to a human centred approach to Cyber Security, aiming to provide all our people with the essential skills to keep them and their families safe online.

From the start it was clear that education was critical to delivering this goal. We recognised a need for clear and simple guidelines, put forward in an engaging and easy to follow manner, to help employees gain insight and confidence in recognising and protecting themselves against potential scams and take action when approaching cyber security.

So, in 2020 we launched our Cyber Super Heroes Campaign, designed to make complex security advice simple and accessible to all colleagues. This campaign talked to these issues in a humorous yet informative voice, and our activity has accelerated to support our colleagues through a time when cyber threats were increasing.

Focusing on a different topic every fortnight, guidance has been delivered across multiple channels including on site, email, social media, the employee intranet, desktops and screen savers and by using digital animations and posters.

Our people were also given the opportunity to get involved by becoming a Webhelp Cyber Superhero, through signing up for in-depth additional information to better champion the cause to their teammates and families.

The campaign has covered a full spectrum of cyber security topics including:

  • Phishing
  • Safe Passwords
  • Physical Security, both at work and at home
  • Keeping safe online
  • Social Engineering
  • Malware
  • Social Media
  • Keeping kids safe online
  • Safe Online Banking
  • Keeping your devices secure when you’re out and about
  • Cookies

Finally, to add a truly human face to our campaign, personal stories from volunteers in our business were shared. Colleagues were extremely keen to highlight their experiences and offered heartfelt advice to their colleagues, with the goal of really delivering a relatable message that Cyber scams can and do happen, and that together we can make our online activity safer, both in our workplaces and in our homes.

However, the work doesn’t stop there as Head of Cyber & Privacy for Webhelp UK Region, Chris Underhill, explains:

“The cyber threat landscape is constantly evolving, requiring businesses to monitor threats, adapt to change and deal with incidents swiftly. As part of my new role in Webhelp, I will be supporting our international teams and clients with cutting edge cyber intelligence, training, technology and consultancy services that not only help secure organisations against a growing number of threats but also to provide professional, certified level assurance to help secure business as usual against a backdrop of regulation, uncertain times and new working conditions.

 It’s clear that threats facing businesses extend well beyond the network perimeter and a move towards a new ‘human centric’ approach to cyber security is required to protect critical assets from compromise. Webhelp are committed to supporting our teams and clients using the very best in technology and educational programmes that will provide a robust suite of solutions across industry.”

Agility and innovation in risk has been crucial to managing the pace of change during the pandemic, so despite the challenges brought by COVID, fear must not stand in the way of progress. This is something that will be explored further in a forthcoming blog for the #servicereimagined series.

 

To discover more about customer service models post COVID-19 read our new Whitepaper, a joint publication with Gobeyond Partners, part of the Webhelp group, on Reimagining service for the new world which is underpinned by our unique industry perspective alongside new research to discover the operating models of the future.