Cyber Risks Grow as Employees Work from Home After COVID-19
Small to medium-sized companies are increasingly the target of sophisticated social engineering hacks and other types of cyber threats. What does a social engineering cyberattack entail? Wikipedia defines social engineering hacks as follows. “Social engineering, in the context of information security, is the psychological manipulation of people into performing actions or divulging confidential information.”
According to cnet, an electronics-centric website, recent attacks focus on attempting to get readers to click on links related to information about the coronavirus. With many people now working from home, some with access to their business’s confidential data, hackers are targeting this new trove of users. Is your cyber insurance coverage robust enough to meet the coverage challenges of these unique risks?
From Fake Netflix Scams to Phishing Attacks, Cyber Risks Escalate
Users with access to business data are a valuable target for hackers. Most phishing attempts take place by email. Using fake Netflix sites and other questionable tactics, scammers use home quarantine and its accompanying boredom to target isolated at-home users. Additionally, general information in emails regarding COVID-19 or charitable donations related to the coronavirus have appeared across the nation.
Scammers developed these sites to lure users to enter payment and other personal information. In some instances, this personal information release resulted in business hacks when users duplicated their social media personal passwords with business passwords. It’s important your employees understand this risk. One of the best ways to protect your business from cyber-attacks is to institute a policy that requires employees to change their passwords regularly, or on a set schedule. Caution them not to use social media passwords in business, as well.
Taking home laptops loaded with company and employee data and logging into corporate websites can pose significant risks for business owners. Many business users regularly log into public Wi-Fi hotspots, which can create a runway into your business data.
With the coronavirus changing the way employees work, we may find businesses relying on work-from-home for the foreseeable, even long-term, future. Now is the time to take a few steps to strengthen your cyber awareness.
Best Practices Information Technology Tips for Today’s Businesses
Your cyber insurer may offer some tips to help you manage your information technology. However, Lewis and Brisbois[N1] , a provider of cyber legal training and cyber-response teams, offers a few best practices in cyber management.
Appoint a cyber management team with a senior officer to lead. However, your information technology (IT) team members should be at the forefront. Include representatives from other key departments, such as public relations, finance and risk management. If you’re hacked, you’ll need to make rapid decisions. Appoint those who have enough authority to make decisions and who are not afraid to make tough decisions. For example, if you’re hit with ransomware, will you pay? That decision is an agonizing one for businesses.
Create a cyber action plan. Ensure your cyber team creates a detailed cyber plan. However, don’t make it so complex it will sit on a shelf. List those people responsible for which tasks and keep that list updated. Practice by working through different “what if” scenarios to prepare your team in the event you experience a cyberattack.
Determine the firms that can help in case you face an attack. This should include your cyber insurer, legal counsel, public relations firms, local law enforcement or the FBI, as well as IT vendors who can bolster your internal IT force if needed.
Stay current on emerging threats. Historically, businesses faced infiltration of viruses and malicious coding. Social engineering hackers are at the forefront of cyber threats today and have hurried to exploit the work-from-home movement. Hackers continue to grow in sophistication. Invest in training for your IT and cyber team and ensure that information flows back to the organization with frequent updates.
Develop a strong training program. Due to COVID-19, social engineering hacks top the list of today’s cyber threats. Keep employees updated on password importance, common cyber tricks and other attempts they may face as they manage their in-home work. Warn employees about the emerging threats from email and other scams faced by many users arising after the COVID-19 epidemic.
Cyber Insurance Coverage Problematic for Small-to-Midsize Businesses
Perhaps you have endorsed some level of cyber coverage on your businessowners policy (BOP). Cyber coverage under your BOP, however, is extremely limited. Generally, the BOP provides only third-party coverage in the event you experience a hack that damages others. Coverage for first-party costs, such as business interruption losses you experience or public relations costs you may incur for damage control, can help provide much-needed insurance assistance post-hack.
We can help you tailor cyber insurance coverage that can help you meet the challenges of today’s increasingly sophisticated hacks.