Risk & Business Magazine Spectrum Insurance Spring 2020 | Page 27

REMOTE WORK AND CYBER RISK
hardship. Unfortunately, the
COVID-19 pandemic is no
exception. Cybercriminals have
been known to pose as charities
and legitimate websites to lure
victims into sending money and
revealing personal information.
Individuals should scrutinize
any emails, texts, and social
media posts related to COVID-19
and be cautious when clicking
any links and attachments.
Specifically, employees should be
instructed to:
•
•
• avoid clicking links from
unsolicited emails and be
wary of email attachments;
• use trusted sources
when looking for factual
information on COVID-19,
such as CDC.gov;
• never give out personal or
financial information via
email, even if the sender
seems legitimate;
• never respond to emails
soliciting personal or
financial information; and
• verify a charity’s
authenticity before making
any donations.
Have a virtual private network
(VPN) in place, and ensure
employees are using it to access
company systems and data
when working remotely. VPNs
encrypt internet traffic, which
can be particularly useful when
your employees are connected
to a home or public network.
Furthermore, it could be
beneficial for your company
to prohibit employees from
accessing company information
from public networks altogether.
Mandate the use of security
and anti-virus software. This
software should be up to date
and include the latest patches.
"INDIVIDUALS
SHOULD
SCRUTINIZE ANY
EMAILS, TEXTS,
AND SOCIAL MEDIA
POSTS RELATED
TO COVID-19 AND
BE CAUTIOUS
WHEN CLICKING
ANY LINKS AND
ATTACHMENTS."
•
•
•
Educate your employees on the
kinds of sensitive data they are
obligated to protect. This could
include confidential business
information, trade secrets,
intellectual property, and
personal information. When
working with sensitive data,
employees should take the same
precautions they would if they
were at the office. They should
avoid using their personal email
for company business and think
critically about the documents
they are printing at home. If they
must print sensitive information,
they should shred the document
when it is no longer needed.
Encrypting sensitive information
can also help you protect any
data that is stored or sent to
remote devices.
Prohibit employees from sharing
their work devices with friends
and family members. Doing so
reduces risks associated with
unauthorized or inadvertent
access of company information.
Have employees update their
contact information. That way, if
your systems are compromised,
you can easily contact your staff
and provide the appropriate
updates and instructions.
• Create and communicate a
system that employees can
use to report lost or stolen
equipment. This will help your
IT department respond quickly
and mitigate potential data loss
threats.
• Require two-factor
authentication for all company
passwords. Two-factor
authentication adds a layer of
security that allows companies
to protect against compromised
credentials. Through this
method, users must confirm
their identity by providing
extra information (e.g., a phone
number or unique security
code) when attempting to access
corporate applications, networks,
and servers. This additional
login hurdle means that would-
be cybercriminals won’t easily
unlock an account, even if they
have the password in hand.
• Consider security precautions
for mobile devices. Proper phone
security is just as important
as a well-protected computer
network. A smartphone could
grant access to any number
of applications, emails, and
stored passwords. Depending
on how your organization uses
such devices, unauthorized
access to the information on a
smartphone or tablet could be
just as damaging as a data breach
involving more traditional
computer systems.
For additional protection, employers
should consider backing up data and
bolstering network protections as best
as they can. For more cybersecurity
guidance, contact Spectrum Insurance
Group today. +
27