For many businesses, COVID-19 is testing a telecommuting infrastructure for the first time. While the practice certainly keeps employees safe, it also exposes companies to new risks. From cyberattacks to malware and security breaches, businesses now are facing a different type of threat as workers move to remote work, many using home networks with fewer security defenses. However, with a little bit of planning and education, most businesses can make “working from home” work for them.
Understanding the Cost of Cyber Exposure
Cybercrime is a multi-billion-dollar business. One employee innocently clicking on the wrong digital link could expose your company to an attack. Consider these statistics:
- In 2019, the average price tag on a business data breach was $3.9 million with more than 25,000 records compromised per incident. Identifying and containing a breach averaged 279 days.
- According to CFC Underwriting Ltd, 80% of cyber incidents last year, including ransomware and phishing, were initiated through remote desk protocols and logins.
- A University of Maryland study found that computers with internet access get attacked every 39 seconds for a total of 2,244 times per day.
- Hackers are not just targeting big companies. One Texas school district serving a community of only 10,000 people was bilked for nearly $2.3 million dollars through phishing emails posed as vendors seeking payment.
- The real estate industry is experiencing some of the biggest spikes in phishing scams with a 1,100% increase between 2015 and 2017.
Cyberthreats present a very real risk to all enterprises. Combatting them should be part of every company’s risk mitigation strategy.
Protecting Against Cyber Risks
Cybercriminals prey on the vulnerabilities of personal computers, outdated software protections, fraudulent emails, and unsecure internet connections. These criminals are indiscriminate regarding sizes and types of companies. If a remote workforce is new to your business, start with these steps for establishing strong cybersecurity protocols.
Step 1: Check the Insurance Policy
Review your commercial general liability (CGL) policy and determine what coverages, if any, exist for cyberattacks. Companies often mistakenly believe their CGL policy provides financial protections, but standard policies typically limit coverage to bodily injury, physical property damage, and advertising injury. Even if a policy affords some cyber coverage, it typically is not enough for the full cost of a breach. However, some policies may have special endorsements for cyber activity, so check with an agent.
For specific coverage tailored to digital activity, companies purchase cyber liability insurance. The policy covers first- and third-party costs associated with cyber breaches. Coverage typically includes IT forensic and notification costs, credit protection, crisis management costs, fines, business interruption expenses, and damage assessments.
Step 2: Establish Cybersecurity Rules
Creating work safeguards is the most important step for protecting against a cyberattack. While every business is different, following are a few universal best practices:
- Identify sensitive information including confidential business data, trade secrets, intellectual property, work products, and information about customers and personnel. Restrict access and encrypt data transmissions whenever possible.
- Train employees on spotting and addressing phishing attacks and other types of malicious activity. This is particularly important for anyone with access to a company credit card or authorized to issue payments.
- For employees using work computers and devices, ensure they are not shared with anyone else in the household. If employees use their personal devices, train them to avoid saving any work-related materials locally or within the cloud, like Google Drive, outside of company-protected servers.
- Establish a virtual private network (VPN) for employees. This mandates staff log into the VPN to access work-related information. VPNs provide a strong layer of security and are traceable in the event of a breach.
- Run a check to ensure all devices have current security software. IT professionals can use remote access to help employees using personal devices update their security.
Step 3: Create a Playbook for Addressing Security Breaches
Unfortunately, cyberattacks are often not a matter of if, but when. Establishing internal protocols for quickly addressing a breach is paramount to minimizing the damage.
Start by ensuring a trained IT representative is always on call. Alternative schedules often accompany remote work, so a trained IT professional must be accessible whenever employees are online. For small to mid-sized companies with limited resources, consider contracting with an independent IT firm at least while staff telecommute.
Form a business continuity team that can quickly contain and assess the damage. Determine the size of the breach and secure any affected data. Reset passwords and pull devices offline as needed to restore security. Seek financial support from any applicable insurance policies. Prepare a crisis communications plan and designate representatives authorized to correspond with external parties.
Once the imminent threat is addressed, investigate what happened and improve future protections. Hackers evolve and get smarter and so should your cybersecurity plan.
About myCOI
Risks are everywhere, but they don’t have to run you ragged. When it comes to vendor insurance compliance, myCOI is the number one defender. Our platform automates certificate of insurance tracking, communication, and risk identification to save companies time and money. In a world full of business risks, myCOI ensures compliance isn’t one of them.