Risk of Remote Work During Covid-19 Crisis
Why This MaTters
The coronavirus is, unfortunately, an opportunity for cybercriminals. Cybercriminal organizations are exploiting the panic over COVID-19 to trick or trap personnel to click on links or emails that unleash cyber attacks or reveal their user names and passwords!
As a result of the COVID-19 outbreak, numerous businesses find themselves in uncharted waters when it comes to working remotely. Complying with mandates for social distancing from health organizations and state and local governments is more than an inconvenience, disrupting our daily lives and routines. Working remotely gives organizations the opportunity to continue their work and their mission. At the same time, we need to understand and manage the cybersecurity risks inherent in remote work.
This alert provides you with important tips on how to ensure your remote work is secure.
As reported in our recent Cyber Threat Alert entitled Cybercriminals Target Companies with Coronavirus Scams, crimes committed by cybercriminals most often rely on the exploitation of human behavior. Our goal was to highlight how emails, text messages, phone, and fake websites are being used steal your data or extort ransom in exchange for returning your data.
Now, social distancing mandates are in play to help prevent community spread of the coronavirus. Thankfully, we are at a point in time where many businesses have the capability of having employees and contractors work remotely from home. That means, fewer businesses will be disrupted to the point of a full shutdown.
For those companies and organizations capable of doing remote work, here are some tips to ensure that your systems remain secure:
Use a remotely accessed digital workspace (e.g., Virtual Private Networks or VPNs)
- Implement multi-factor authentication (MFA) to prevent unauthorized access to your digital workspace.
- Provide support and instructions in using VPN to access emails, documents and billing applications.
Telephone and Video Conferences
- Obtain additional licenses, if needed, since free services may be less secure.
- Educate your team on the dangers of linking to the company’s systems using insecure public Wi-Fi or using home Wi-Fi with weak password protection.
- Do not allow others to use your company’s laptop, tablet or mobile device.
- Disable network sharing on your company’s devices.
- Do not save company files or documents to your personal devices.
Employee training to avoid human error or deception
- This can be done by conference call or video conferencing if you have not had this type of training before the crisis. Reiterating your plan now will help to ensure that your team is equipped with what they need under duress.
Here are some examples of the cybersecurity risks of remote work and connecting virtually:
Social Engineering resulting in deception by imposters
- Business Email Compromise leading to a fraudulent wire transfer to a fake bank account
- Phishing / Spear Phishing leading to a ransomware attack or a data breach
Human Error resulting in the release of malware into the network by:
- Clicking on a malicious link in an email, text message, or unsecured website
Business Interruption causing loss of profits and extra expenses from:
- A data breach that forces you to shut down your network to mitigate the risk
- A ransomware attack that locks or encrypts your data while you decide whether to pay the ransom requested or implement your data backup plan
Cyber Insurance Solutions
Cyber insurance is your go-to option when you are looking to transfer some of this risk that cannot be fully mitigated:
- Social engineering coverage, including employee education and risk mitigation services
- Ransomware or cyber extortion coverage, including ransom payments and/or data recovery
- Data breach coverage, including direct first-party losses and third-party liability and damages
- Business interruption coverage, including loss of profits and extra expenses incurred during a shutdown of your computer network.
- Employee training and educational tools to help prevent attacks and protect your network / data
- 90% of IT teams believe remote workers pose a security risk
- 54% of IT teams believe that remote employees pose a greater risk than onsite employees
- 73% of business leaders believe remote workers pose a greater risk than onsite employees
- Organizations need a formalized detailed remote worker security policy with IT oversight
- Organizations need to include remote employees in continuous cybersecurity training
- More than one third of organizations have experienced a security incident caused by a remote worker’s actions
Keep in mind, the benefits of remote work outweigh the risks if you have cyber insurance.
Cyber Armada and its cyber insurance carriers are at the ready to support policyholders during the COVID-19 crisis and beyond.