Cyber Security and COVID-19: What Everyone Needs to Know
May 13, 2020
By: Sara Ametrano
In these times of social distancing and working from home, it’s become even more crucial to ensure strong cyber security measures are in place for your business. Working from home can pose its own challenges and takes adjusting to; the last thing anyone would want is a cyber breach to occur at the same time.
As organizations have moved to a work-from-home state, it can be argued that the risk of cyber exposure is even higher. This is due to an expanded attack surface with potentially weaker security protocols. Employees may also be using devices provided by the company and/or personal devices when accessing the company network, making the cyber playground vaster and more vulnerable.
We at Trisura are also working from home and have compiled some tips and tricks that work for our team to share with you and your clients. This article will highlight several different tools and strategies companies, employees and brokers can use to combat potential cyber breaches.
What organizations can do:
Implementing a multi-factor authentication process (at least two steps) for logging into a company’s network remotely adds an extra layer of security as it requires identity confirmation through a variety of factors. This could be in the form of security questions, multiple email addresses or sending a code to a mobile device.
Installing smart anti-virus software can help to alleviate any worries surrounding breach protection. It is recommended that organizations opt for “next-generation” and intelligence-based anti-virus software since these types of virtual shields can evolve like viruses do. They are programmed to analyze data, such as unique characteristics, rather than simply looking at signatures.
Just as it’s important to always hit the “Save” button as you work, offline and offsite data backup is also good housekeeping for combating ransomware. Frequent backups, both at the PC and network levels, will prove to be useful should you be required to wipe the system clean and reinstall everything.
What employees can do:
Having up-to-date firewalls and technology (i.e. patching) are certainly important, but it doesn’t stop there: ensuring employees have the proper training and information about cyberattacks is equally important. If an attacker tries to obtain personal information through email, for example, employees who know how to spot suspicious emails are more likely to thwart a possible breach than those without cyber awareness.
The employee’s responsibility begins at the login page. Once an attacker knows the username, cracking the password may not be too difficult. To avoid an attacker breaking into your network, here are some password tips to keep in mind:
Change your password often;
Make your password hard to guess with a combination of upper and lowercase letters, numbers and special symbols; it should not be something related to you;
Do not share your password with anyone.
What brokers can do:
As there may be some uncertainty surrounding the vast world of cyber, brokers should familiarize themselves with the risks. Brokers can serve as a resource for your clients and spread awareness through news stories and articles that highlight the exposures.
It’s also important to gain an understanding of where your clients may be vulnerable to cyberattacks. Find out your client’s cyber protection measures and help identify these gaps. With the help of insurance carriers, you can then suggest experts your client can use to strengthen their cyber breach prevention practices.
Now you’re ready
We hope these tips prove helpful in mitigating your and your client’s cyber exposures. Though there are many controls that can prevent cyber-attacks, remember that the human element is the most important piece of the puzzle. Employee errors cause the most breaches, so if the organization has good employee training and awareness policies, you are well on your way to combating the bad actors.
If you have any questions or are want more advice, don’t hesitate to contact your Trisura expert.
This article does not intend to provide legal or technical IT advice. You should consult your own legal counsel or IT professional in connection with matters affecting your own legal or technological requirements or interests.