If your business can continue with employees working remotely, you’ve avoided many of the risks connected to COVID-19, aka coronavirus.
What you may not realize is that other types of risk and liability have now greatly increased.
If employees have access to servers, networks and sensitive data from remote locations, so do hackers. And if you think it’s difficult to protect data with an IT department managing your network, imagine the challenges when your virtual network now stretches miles—to homes and public wi-fi networks.
Are your employees more likely to click on a phishing email in the comfort of their home than they would in the office? If they use their laptop for both work and home while working remotely, can a hacker access their machine through personal email and then penetrate your network?
You don’t want to find out the hard way that the remote working measures you’ve taken to keep your business operating are endangering your operations as well.
Best practices for remote workers
- Train employees about data security. Especially if your organization handles sensitive medical or financial data, workers have to know how to protect that data—even from other eyes while working at home. Update training whenever new types of cyber attacks or cyber frauds appear. If your employee manual doesn’t include data security policies and procedures, now is the time to add them.
- Set up a Virtual Private Network (VPN). If your company allows remote working, require employees using public networks to only log in to the company network via a VPN. For additional security, require secure connections using SSL encryption and prohibit personal activity on work laptops.
- Implement or tighten basic data security procedures. Back up data daily, update firewall security and virus protection methods, and implement strong password management protocols. Don’t allow employees to bypass biometric protections, such as fingerprint readers. Implement multi-factor authentication so that, if an employee’s work laptop is lost or stolen, thieves can’t access your network or data. Require dual authorization for financial transactions. If laptops have sensitive data, encrypt them so no one else can access that data.
Guard against business email compromise (BEC)
One of the most common cyber hack methods is through a business’s email system. Business Email Compromise (BEC) is a cyber hacking trend in which a hacker gains access to a business email account and then poses as that employee.
Hacking into an employee’s email through firewalls and secure networks might seem far-fetched, but this can be done through something as simple as an employee signing up for a fake webinar.
Once cyber attackers have control of a business’s email system, they can send emails masked as any employee, including the president of the company. Imagine if someone could send your CFO, accountant or bookkeeper an email requesting a large transfer of funds to a bank account, conveniently linked directly in that email? Would they question the request if the email came directly from the president of the company?
Employees can be personally liable as well. If someone from HR asked them to send their social security number to “verify” it, chances are some employees would. And if “HR” was actually a hacker, employees could find their bank accounts cleaned out.
Avoiding phishing scams
The Internet Crime Complaint Center (IC3) recommends the following actions when receiving external emails to help avoid phishing scams.
- Be suspicious of any unsolicited email requesting personal information
- Avoid filling out forms in email messages that ask for personal information
- Always compare the link in the email to the link that you are actually directed to. If they have different domain names, be cautious.
- Log on to the official website, instead of “linking” to it from an unsolicited email
- Contact the actual business that supposedly sent the email to verify if the email is genuine
Insure yourself against cyber attack
Cyber risk insurance is available for organizations of virtually any size and industry. Talk to your insurance partner about options to protect your business from cyber attacks. Solutions are available to protect businesses like yours against business interruption, extortion, legal expenses and even regulatory fines.
If you don’t currently have an insurance partner, be sure to seek advice from an experienced insurance broker who knows what types of coverage are available to you and can advise you on the exact coverage you need.
If you have any questions about cyber risk insurance or your current insurance policy, or would like a free insurance review, please call us at 877-576-5200.