Cyber Security in a Remote Work Environment
Brian Gibbs, Commercial Lines Producer
Did you know that daily digital crime has increased 75% since March due to COVID-19 and mandatory business closings? Employers and employees, many of whom had never worked remotely before, were suddenly scramble to maintain “business as usual”. For some, this may have included ordering additional company equipment such as laptops and monitors, but for many, it also included employees using their own personal laptops to remote into their office servers.
A predominately remote workforce, poses serious risk to companies big and small. We’ve identified a few areas that business owners should assess to determine their exposure to risk.
- Remote Connections: Vulnerabilities are created by employees using personal devices, personal wifi networks, and public wifi networks. A strong long-term plan that includes using multi-factor authentication for access to company data, ensuring antivirus and malware programs are up to date and using secure cloud locations for file storage.
- Increase Social Engineering Attempts: Cyber criminals know you’re not in the office and impersonating an officer or someone with the authority to disperse funds is even more tempting. It is critical you remind employees to watch for suspicious emails and always have a verification process in place prior to releasing funds when directed to do so in an email.
- Personal Use of Company Laptops: It’s logical to think that after the work day your employee might decide to pop onto Facebook or other sites they typically frequent while still on their work computer. It is critical to make sure all anti-virus, browsers, and any third-party software are being kept up to date. We recommending setting up automatic updates so you are not relying on the employee to remember to do this.
- Phishing & Ransomware: COVID-19 has led to an extreme increase in attempts to obtain sensitive information such as passwords, credit cards by luring the recipient to a fake website. These attempts have exploited the fear and uncertainty of the virus referencing the WHO, CDC, or other official health information site. Ransomware attacks are also being delivered via phishing attacks. Cyber criminals are also lurking behind file sharing sites.
An employer’s best defense against these cyber vulnerabilities is making sure everyone’s equipment, whether company issued or personal, has up to date anti-virus and firewall software, use encryption and secure cloud storage when possible, raise awareness of the potential threats and purchase a good cyber security insurance policy! It is estimated that 60-65% of all business are not purchasing cyber insurance currently.
It’s also important to note that there is a vast difference between Cyber coverage that might be “thrown in” on your package policy and purchasing a specific Cyber Insurance Policy. Typically your thrown in coverage only provides you with some defense coverage in the event you are sued after a breach, whereas a full policy will provide both first and third party coverage including defense, notification costs, your loss of income associated with a breach and even replacing your equipment if necessary. In summary, the new norm has led to new exposures and it’s important to reassess your exposure to risk regularly.