Your Cyber Security Risk Has Never Been Greater
As U.S. companies shift to remote working due to the coronavirus, isolated employees face a surge in cyberattacks from hackers seeking to capitalize on the crisis. Since March 11, 2020, COVID-19 has been used as a phishing lure by cybercriminals against CPAs, lawyers, marketing executives, and even the American government. These phishing threats often masquerade as messages from retailers to explain what they’re doing to confront the coronavirus threat. Cybercriminals have also used the branding of “trusted” organizations such as the World Health Organization or the Centers for Disease Control and Prevention to implant malware on computer systems.
Employers should be proactive in addressing the risks of working from home by educating workers about cybersecurity best practices. With the coronavirus crisis already putting significant strain on business operations, the last thing you need is a data breach. Ponemon Institute’s 2019 Cost of Data Breach Report found that the average cost of a data breach is $3.92 million. From ransomware payments to litigation and lost customers, the cost of a data breach is extensive. Make sure you take the following precautions to reduce your company’s vulnerability to threat actors during the coronavirus outbreak:
1. Warn Employees About Phishing Attacks.
Work-from-home employees may be especially vulnerable to phishing. There have been reports of phishing emails that pose as alerts about COVID-19 and encourage the reader to click on a link to learn more. The phish is used to implant malware in the computer, giving hackers an opportunity to steal data or demand a ransom. Employees should be discouraged from clicking any link embedded in the email and from downloading files or opening attachments –– even if they seem to be from a known source.
Plenty of phishing emails are obvious. They’ll be punctuated with typos or exclamation marks and include an impersonal greeting. Cybercriminals make mistakes in these emails intentionally in order to get past spam filters and improve their response rates. Also, be careful about shortened links on social media, which seek to trick readers into thinking that they’re going to a legitimate website.
2. Set up a Virtual Private Network (VPN).
Remote employees might be tempted to sneak off to Starbucks to work on their laptops. However, employees that connect to public servers create access points for hackers to infiltrate business systems and data. The danger is worse when employees use public WiFi. Employees should be required to use private WiFi, which can be as simple as a mobile hotspot on their phone to attain a secure connection.
Setting up a Virtual Private Network (VPN) will further mitigate cyber security risk by adding privacy to networks. While VPNs are most often used by corporations to protect sensitive data, setting up a personal VPN is becoming increasingly popular as more interactions go online. A VPN will replace your employee’s real IP address with an IP address from another city. For example, you might live in Washington D.C. but you can appear to live in San Francisco or New York thanks to your new IP address.
Without a VPN, malicious actors can spy on your employees’ connection and harvest information while it is still unencrypted. Take the time to research the options among VPN providers, as some are better than others. Your network should include multi-factor authentication, although you should be aware of and compensate for its vulnerabilities.
3. Upgrade Passport Requirements.
Inadvertently exposing your company’s passwords is another remote working security risk. Institute a password policy that requires more complex and lengthy passwords and change them regularly. Unfortunately, many people use the same password across different accounts, which means that just one compromised password puts all your data at risk. Cybercriminals have sophisticated means of figuring out your password, whether through specialized programs or malware that finds its way onto your computer, such as keyloggers. A keylogger is a type of surveillance technology malware that monitors and records each key typed on your computer.
Passwords should be unique for each account and utilize a long string of upper and lower case letters, numbers, and special characters. Since these passwords may be difficult to remember, password managers have become a popular tool these days. If your company culture allows it, you should update passwords as often as possible – even every day if you are able to.
Partner with ProWriters
Educating your employees and implementing strong protocols are first-line measures to mitigate the risks of working from home, but only a cyber liability policy can safeguard you from the most devastating effects of an attack.
ProWriters has streamlined the process of comparing cyber insurance to help agents and their clients find the best coverage for them. Our Cyber IQ Comparative tool allows brokers to quickly evaluate multiple quotes from different carriers, ensuring clients can get the cyber coverage they need in the most timely manner. To learn more about working with ProWriters or ways to reduce remote working security risks, please schedule a call with one of our experts.