If you have a remote workforce, you need to modernize your cybersecurity protocols and update all of your insurance policies to reflect your new remote or hybrid working model.
The COVID-19 pandemic caused an abrupt and sudden change to a remote workforce. This change has had various lasting impacts on companies of all sizes. Within a few days’ time, companies and employees had to make an immediate transition to doing their jobs from home.
Teams without any remote working experience had to pivot and quickly adapt to their new situation. For many companies, there was not enough time to adequately address the new security vulnerabilities that were a consequence of this rapid shift. It’s not uncommon to see employees using personal devices for work, accessing the internet through home networks. These activities, along with conducting meetings via videoconferencing software, and accessing company and customer data from home, are all inherently risky from a cybersecurity standpoint.
For many businesses, the shift to remote or hybrid work will be permanent. If this is the case, companies need to establish more substantial security solutions for their remote teams. Global research leader Gartner recently noted that securing the remote workforce “has now become the single greatest existential imperative for all organizations in the wake of COVID-19.”
Criminals quickly seized on cyber vulnerabilities
Security vulnerabilities from remote work have had many implications. They have already caused significant disruptions in organizations. And, after the rapid shift to remote work, it wasn’t long before cybercriminals took advantage of the chaos that erupted. The FBI reported a 400% increase in cyber attacks from pre-COVID-19 levels. That’s nearly 4,000 reports per day. Some IT security reports show that cyber threats have increased by 800% in some organizations.
Recent victims of cyber attacks include organizations of all sizes, including several high-profile corporations. IT security experts report that many of the attacks targeted corporate email and social media. Network threats included ransomware, spyware, phishing, and other malicious attacks. Meanwhile, the pandemic has also resulted in a surge in schemes involving social engineering. If you’re unfamiliar with it, social engineering is a cyber attack that employs deception or trickery instead of technical hacking techniques. Gaining access to networks, systems, or data is the goal.
Security solutions for a remote workforce
Cybersecurity best practices for a remote workforce should focus on key areas. This includes devices, internet connections, storing and transferring data, and videoconferencing.
Device security: Device, or endpoint, security involves setting security protocols for laptops, desktops, tablets, smartphones, or other devices that connect to the internet and store or transfer data.
Internet connections: Many cyber attacks and hacking incidents are related to the use of insecure public Wi-Fi.
Videoconferencing: Widespread reports of security breaches have been tied to videoconferencing applications such as Zoom and Cisco Webex. Hackers accessed confidential meetings and information communicated or transferred in remote meetings.
Storing and transferring data: Data can be compromised when transferred via insecure channels, such as through messaging apps or over unsecured networks.
The responsibility of establishing security plans, protocols, and solutions is often left to IT departments. However, management teams should also be involved in implementing and communicating protocols and solutions for employees who are working remotely.
Companies that are new to allowing remote work can establish a remote-working policy. They should also establish a cybersecurity best practices guide for employees to use while working from home on their own devices and networks.
Protocols that help mitigate cybersecurity risks
Here are some common security protocols that can help to mitigate the cybersecurity risks encountered when working from home:
- Access the internet from private, password-protected connections and Wi-Fi only. This can include a mobile hotspot set up by your internet provider. Avoid using open public Wi-Fi connections that can be vulnerable to hackers or other
cybercriminals . - Protect devices and endpoints with antivirus and anti-malware software.
- Maintain recommended safety protocols when using videoconferencing software, such as password-protected sessions and using the waiting room protocol to approve attendees.
- Use secure passwords and two-factor authentication for devices and apps.
- Prohibit employees from disabling passwords and from using devices that aren’t password-protected.
- Ensure that employees keep the operating systems and software on their devices updated, and prohibit the use of outdated devices, as they are a security risk.
- Take extra security precautions when transmitting data. Do not transfer data over messaging apps or over an unsecured connection.
- Make sure employees receive training to recognize corporate phishing emails and how to avoid opening malicious emails.
- Make sure employees are aware of social engineering risks and scams.
- Take extra precautions to protect confidential information from anyone outside of the company, including family members of employees who may unintentionally have access to that information.
Companies should consider developing a written guide or a visual presentation that is easy to access and distribute to employees quickly and efficiently. Employees and teams can also benefit from training and interactive sessions so that they know how to conduct cybersecurity checks. Training also reinforces a culture of security and security practices.
Implications for business insurance from remote work
The shift to remote work has also resulted in changes to business insurance considerations. This is largely because the type of some business activities and the nature of the workforce has changed.
If you’re unsure, your insurance broker can help you conduct policy reviews and evaluations. These are necessary, especially as remote work continues for an extended period. Policies and coverages may need
Policy and coverage types affected
Shifting to a remote workforce can affect a number of policies and coverages.
Cyber liability: A business should confirm if its policies will cover incidents related to employee-owned networks or devices. This includes both first-party and third-party liability (for example, a breach or loss of the company’s own data versus a company’s customer data). Business liability policies may cover some data loss. However, business liability policies may not cover all data loss. A separate cyber liability policy may be needed to cover additional risks.
Crime insurance policies: Insureds should have their coverage and policies evaluated. By doing this, you can ensure that your business has coverage in case of criminal activity, such as a fraudulent transfer of funds. These risks could change or increase when employees are working from home.
Workers’ compensation: Workers’ compensation insurance policies are typically written to cover employees at primary work sites. Unfortunately, this may not include an employee’s home. Leaving this wording untouched could result in a big coverage gap.
Commercial property: Did the loss occur off company premises or in an employee’s home? Businesses should verify if they have coverage for losses related to company-owned equipment.
A permanent change
The pandemic has created a permanent change in work culture. Gartner and other workplace researchers project that 82% of organizations will allow a remote workforce in some capacity even after the pandemic.
To address this, companies will need to take a proactive approach to cybersecurity. By being proactive, they can protect themselves from the various new losses that could occur. Each time security measures are put into place, these cyberattacks grow more sophisticated and advanced in their tactics. As a business owner, consider modernizing security protocols, installing software patches and updates, and instituting monitoring procedures for systems access. Protecting your company involves taking these vital steps.
Beyond that, you should review a broad range of insurance coverage options. In light of new worksites and remote workforce procedures, reviewing your insurance coverage can ensure you have the right coverage for your current business needs.