Propel provides innovative insurance solutions to thousands of companies across the country. We make it our business to know your world inside and out.
Claims & Risk Management, Cyber Security
Managing Cyber Risks Associated with Increase in Remote Workforce
Now that employees have gotten used to working from home, many never want to return to the office. A recent survey from Harvard Business School Online found that only 18% of workers want to return to the office full time, while 27% want to work remotely full time and 61% want to work remotely two to three days a week. While remote work offers many advantages – including reduced office costs for employers and an end to commutes for workers – it also comes with disadvantages. Cybersecurity risks are one of the biggest problems.
If you’re planning to let remote work continue, it’s time to get serious about cybersecurity and understand the risks it poses to your company.
The Rise in Cyber Threats During the Pandemic
Ransomware attacks were bad before the pandemic. Then they got worse. According to Infosecurity, one report found that ransomware attacks increased 485% between 2019 and 2020.
Other cyberattacks, including business email compromise schemes, have also been a major threat. According to an FBI warning, fraudsters took advantage of uncertainty around the pandemic. All the changes and chaos made it easy for scammers to pretend to be bosses, clients, customers or employees requesting legitimate payments.
The fact that many employees were working from home on personal devices also created an opening for many scammers. Another FBI notice issued in early 2021 warned that cyber criminals have been targeting employees of companies that maintain network access and an ability to escalate network privilege. According to the warning, “During COVID-19 shelter-in-place and social distancing orders, many companies had to quickly adapt to changing environments and technology. With these restrictions, network access and privilege escalation may not be fully monitored.” Cybercriminals have been quick to take advantage of this lack of oversight.
Insurance Coverage for Cyberattacks
Cyberattacks have become so common that, even with strong cybersecurity policies in place, you may fall victim to one. If this happens, having the correct insurance coverage will be critical to your company’s ability to recover and possibly even survive the incident.
Review your insurance coverage now to make sure you don’t have any gaps. With the rise of remote work, it’s especially important to look at how the policy defines computer systems. If you have remote workers but your policy doesn’t define employee-owned devices or remotely operated devices as part of the covered computer system, you may have a serious coverage gap.
Even if your insurance is solid, understand that you may face heightened underwriting scrutiny at your next renewal. Prepare for that now. Having a well-established security breach plan and practicing table top scenarios can be critical. A good broker or cyber policy can help you put these pieces in place.
Because of the rise in cyberattacks and the switch to remote work, there has been a shift in the marketplace for cyber coverage. Carriers will not offer a policy if your cybersecurity efforts, including IT controls and employee training, aren’t in order.
It’s Time to Close the Security Gaps
During the early days of the pandemic, some confusion was inevitable. It’s now time to close the security gaps.
When it comes to preventing cyberattacks, there is no silver bullet. Cybercriminals are constantly changing their tactics and exploiting new vulnerabilities. You need to keep up with them – or better, one step ahead of them.
- Establish IT controls. Make sure that your technology is managed in way that aligns with your security goals. Remember the FBI’s warning about cybercriminals exploiting network access and privilege escalation, and make sure your organization is not making things easy for cybercriminals.
- Use up-to-date programs. Install security patches and updates as soon as they become available.
- Use strong passwords with multi-factor authentication (MFA). Make sure every employee with access to networks is engaging in strong cybersecurity practices. According to Microsoft, MFA can block over 99.9% of account compromise attacks. That’s because if MFA is in place, hackers can’t gain access even if they crack the password.
- Use a VPN. A VPN, or virtual private network, encrypts your information and can help keep you safe from hackers.
- Focus on training and policies. Cybercriminals will try to trick your employees into clicking on dangerous links or unwittingly authorize fraudulent transactions. Train your employees to spot threats and implement policies to reduce business email compromise and phishing risks.
If you’d like assistance with reviewing your cyber insurance coverage (or lack thereof), contact Propel Insurance.
