Around the country, governors are issuing shelter-in-place orders to help stop the spread of COVID-19. Many businesses have had to close as a result, sometimes laying off or furloughing workers. Other businesses are lucky enough to be able to switch to a work-from-home model. However, this method is not without its pitfalls. Although remote work is an ideal solution for the current problem in many ways, it may also be leaving companies exposed to increased cyber risks.
The Problem of Less Secure Devices
Cybercriminals can exploit vulnerabilities in any type of device, whether it’s a company computer, a home laptop or a smartphone. Unfortunately, even though the risks can be the same, people tend to be more cautious with some devices than they are with others.
The Verizon Mobile Security Index 2020 found that 43 of respondents said that their organization had sacrificed mobile security in the past year. Organizations that sacrificed mobile security were twice as likely to experience a security compromise.
As the saying goes, a chain is only as strong as its weakest link. Now that more people are working from home, the number of weak cybersecurity links may surge. If the home devices that workers use aren’t properly secured, hackers may be able to exploit the oversight to bring about data breaches, launch ransomware attacks or infect systems with other types of malware.
BEC and Phishing Could Increase
Business email compromise (BEC) and phishing schemes have been a growing problem, and the pandemic may make a bad situation worse.
Phishing schemes are used to trick people into revealing sensitive information, such as passwords and credit card numbers. In business email compromise schemes, individuals may be targeted and tricked into making a wire transfer. In some cases, the victim may be tricked into sending sensitive information instead of money. The fraudster often poses as a legitimate entity, such as a partner, vendor or client.
According to the FBI, between June 2016 and July 2019, there were 166,349 business email compromise incidents resulting in losses of more than $26 million. These figures include both domestic and international incidents.
As people try to adjust to working from home and using new communication methods, they may be especially vulnerable to business email compromise and phishing attacks. The number of attacks also appears to be increasing as scammers take advantage of coronavirus fears. In fact, the FBI recently warned that there has been an increase in fraud schemes related to COVID-19, including fake CDC emails and phishing emails.
Take Precautions to Protect Your Organization
Employers and managers have a great deal to consider right now, but cybersecurity cannot be allowed to fall by the wayside. Essential steps must be taken to prevent the risk of cyberattacks.
1. Create systems to prevent social engineering schemes. As businesses switch to remote work, their day-to-day systems must adapt. This can understandably create confusion. It’s important to develop new policies and procedures that minimize the risk for business email compromise schemes, phishing attacks and other types of fraud.
In its Protected Voices series, the FBI gives advice on avoiding business email compromise schemes. One simple tip is to require a separate form of communication, such as a phone call, to verify transactions over a set amount. See the Protected Voices video for more tips.
2. Review cybersecurity with your workers. Many people are working from home for the first time, and they may not know enough about cybersecurity to handle these issues on their own. Send out step-by-step instructions, and have workers confirm that they have implemented them.
Key measures include the following:
- Secure Wi-Fi networks
- Strong passwords
- Installation of security patches
- Anti-virus software
- Secure backups
3. Reevaluate your cyber liability insurance protection. Even prior to this pandemic, cyber exposures were considered one of the greatest threats to business of all sizes. If you don’t yet have cyber insurance protection in place, talk to your broker about the options available to you.
Wilson, Washburn & Forster is a boutique independent insurance agency that has been in business since 1961. We have expertise and connections in the commercial and cyber insurance markets and can also help customize the right mix of coverage to protect against the unique exposures of your business. You will find that our experience, claims handling, service, and community commitment is unrivaled.
Contact us today at 786-454-8384 for a complimentary analysis of your current insurance program by an insurance specialist in this field.