While much of the focus related to COVID-19 understandably focuses on the medical, humanitarian and economic aspects for families and businesses, many businesses may not have fully considered the increased risks that have developed from cyber security and cyber risk perspectives.
Coronavirus has changed how almost every company operates and accelerated the landscape of cyber risk:
- Many companies have adopted work-from-home policies resulting in more remote access to company systems and data via laptops and cellphones. In some cases, employees may be using their own personal devices to connect or conduct company business.
- Electronic meetings via Zoom and other platforms to conduct company business have created additional opportunities for hacking.
- Businesses have changed their operations including, in some cases, expanding e-commerce offerings and payment methods.
- Stress on IT infrastructure and resources from both a systems and staffing perspective.
Increasing Cyber Risk
Due to the growing reliance on technology, cyber risk has long been considered a top risk for organizations in coming decades; however, with the arrival of the coronavirus, many companies are realizing that cyber concerns, which seemed years off, have become a reality within a matter of weeks...and the challenges are accelerating.
- The increase in number of people working remotely has increased the number of targets for cyber attackers using phishing scams and malware on the newly remote workforce.
- Fast deployment of work-from-home may result in system access vulnerabilities and increases the risk of lost devices.
- Changes in operations requiring expanded online functionality including payment and other e-commerce features has potential liability concerns for security of customer data.
Despite the challenges of this rapid change, many cyber risks are known; therefore, they can be anticipated and with proper planning mitigated through prevention efforts.
In addition to reviewing data security protocols and increased training. More and more businesses are now purchasing Cyber Liability insurance as part of their risk management plan. Cyber Insurance can help businesses to be financially protected for instances when a data breach or other cyber risk occurs despite their best efforts.
Two key areas of risk
Increased phishing and malware attacks
Put your employees on alert. Law enforcement and cyber experts have reported dramatic increases of cyber criminals using the coronavirus as an opportunity to send phishing emails and spread malware attacks, which if successful can collect login credentials, account numbers, and other sensitive personal and business information.
The best line of defense is training staff on how to identify red flags of social engineering phishing scam and to follow proper protocols if they receive suspicious communications. Here are links to two helpful resources that can help you and your staff learn how to identify scams.
Systems and confidentiality exposures
With employees working from home, the exposures increase exponentially especially if prior to the pandemic work-from-home wasn't typical for your organization. Also if your business has changed how it operates and conducts customer transactions, it's important to consider that these new activities are being properly managed to address security concerns. Assessing your company's preparedness and protection in the face of cyber and data risks requires considering security from a variety of angles. Here are just a few to consider:
- Are employees remotely accessing your network using company issued or personal devices?
- Are you using security software to help detect threats, and is your system data backed up separately from your network?
- Have you established procedures for storage and access of sensitive company/customer information? Have you maintained security with remote access?
- Have you established procedures to ensure that sensitive information is secure if using Zoom or other online meeting tools?
- Have you changed how your business provides services and conducts transactions/payments such as online payment that could impact storage and protection of private personal information?
Depending on how you answered these questions you may feel confident that you are doing all you can to protect from cyber risks or you may find that you have areas that require improvement.
How Cyber Liability insurance helps protect your business
Cyber Liability insurance protection addresses the first- and third-party risks associated with e-business, the Internet, networks and informational assets. While some general insurance liability policies may offer limited protection in the event of a data breach, typically the coverage provided isn't sufficient for a significant cyber liability event. The category of Cyber Liability includes security breaches; data theft; virus transmission; privacy issues; copyright, trademark and intellectual property infringement; libel or any other issues that first parties can pass to third parties via the Internet. Some of the types of claims that may occur include:
- Accidental release of confidential customer information
- Spreading a virus into a customer’s computer system
- Theft of customer’s credit card or banking account numbers
- Identity theft resulting from data breach
- Denial of service attack hacking
- Electronic data extortion or destruction
- Interruption of business operation due to system being down
- Webmaster uses another site's content in site development
While the exposures outlined above are not all inclusive, and no policy covers every risk, Cyber Liability insurance can make all the difference in helping your business avoid a crippling financial impact if a system or data breach occurs despite your mitigation efforts. To learn more about getting Cyber Liability coverage for your business, contact us. We look forward to helping ensure your business has the protection in needs especially during these challenge times of accelerated risk.