COVID-19 has certainly placed us in the midst of countless new challenges. With many of those challenges come risks we haven’t considered before, and your timely and appropriate decision-making is being put to the test. As always, Peel & Holland is in the business of looking out for our clients’ best interests. While most the world is focused on preventing the spread of this virus, there are others who unfortunately are preying on businesses, large and small, during this time. Cybercriminals are actively targeting companies with the assumption that employees are otherwise preoccupied. We want to make sure that you are protected from these criminal predators who seek to capitalize on the technology vulnerabilities we now face, more than ever before.
Our job as your Risk Advisor is to be certain you are fully aware of the increased exposure to hackers as we face the ongoing coronavirus pandemic. We want to remind you to remain vigilant against scams, malware, and ransom attacks that are widely circulating. We are available to help you evaluate and mitigate your cybersecurity risks.
How is COVID-19 a Cybersecurity Risk?
The COVID-19 global pandemic presents unique legal and practical challenges for companies across all industries with respect to privacy and cybersecurity risks and protections
The Cybersecurity and Infrastructure Security Agency (CISA) has released alerts encouraging risk management against a variety on scams. One of the most common methods used by hackers is to target both personal and company emails. These malicious criminals attempt to take advantage of public concern, using bogus email and website sources, with the hopes of gaining access to personal or company data.
Examples include:
- Links to COVID-19 maps on websites containing malware
- False warnings that you may have been exposed to coronavirus at a recent event with links to more information
- Use of familiar brand names or trademarks (shipment carriers, airlines, banks, etc.) to entice recipients to click on malware
- Luring recipients to download documents that appears to be from an official health organization, government agency, or insurance company
- Emails with links stating you can learn about a cure or find other health safety measures
- Donation requests for fraudulent charities or groups posing as COVID-19-related causes
Remote Workers Create Higher Risk
Another huge cybersecurity risk has rapidly expanded with the current high volume of remote workers. The flexibility of working remotely is helping companies ride out some very tough times. Nevertheless, this model involves real cybersecurity risks that companies should be aware of and work to mitigate in the face of the COVID-19 outbreak. Most of us never had to work remotely, yet companies cannot ignore the new challenges this environment creates.
Quite frankly, exposure is huge, mostly because the technology used for accessing networks remotely is the highest source risk for a breach. With increased remote work, there is increased risk of employees accessing data through unsecured and unsafe Wi-Fi networks, using personal devices to perform work, and not following general security protocols established by the company.
As most organizations have at least a portion of their employees working from alternate locations, CISA is encouraging companies to adopt a heightened state of cybersecurity. We also encourage you to educate your employees on cybersecurity risks. A few resources you may find helpful:
COVID-19 Security Resource Library (National Cyber Security Alliance)
Securing a Remote Workforce (Cyber Readiness Institute)
Three Simple Tips for Working from Home (Global Cyber Alliance)
Security for Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Solutions (National Institute of Standards and Technology)
Addressing Increased Threats
Keep in mind that although your company is certainly different from others, every organization is potentially at risk for a cybersecurity breach. Your specific cybersecurity strategy will have varying controls and procedures depending on the complexity of your operation, as well as the sensitivity of your data.
In general, Peel & Holland advisors recommend a layered approach that starts with technology, is supported through effective employee training, and is backed with a comprehensive insurance plan to protect against harmful financial and business disruption in the event you become the victim of a cybercriminal.
A comprehensive strategy should be customized by your IT professionals to reduce the probability of an attack. Technology tools and practices provide the foundation for securing your data. There are some obvious basic protocols to follow, but a customized IT evaluation is necessary – now more than ever. Peel & Holland recommends you obtain professional IT services to establish a solid strategy for addressing your specific cybersecurity needs.
The Cybersecurity and Infrastructure Security Agency (CISA) leads the national effort to protect and enhance the resilience of the nation’s physical and cyber infrastructure. In response to COVID-19, CISA has published guidance and alerts, as of April 7, 2020. Please check their website for additional updates as they become available.
Risk Management for Novel Coronavirus (COVID-19)
Defending Against COVID-19 Cyber Scams
Enterprise VPN Security Alert
Finally, cyber insurance should be in place to reduce the impact of cyberattacks once they occur. You cannot assume that even the best technology strategy eliminates your risk of attack. Given the COVID-19 situation, please reach out to your Peel & Holland Risk Advisor to make sure your cybersecurity insurance is up to date and appropriately aligns with your current business model. If you have shifted to a remote workforce, your risks have likely elevated. Your Advisor can explain how cyber-related losses will be covered by insurance. Just as important, you should have a basic understanding of how we respond with immediate mobilization if any event should occur.
We should also discuss the availability of risk-specific supplements, riders, or endorsement to their standard policy coverages. You may want to consider Errors and Omissions coverage to protect from accusations of professional negligence. You may want to include supplements that cover financial exposures that a cyberattack causes, such as ransom payment or costs of customer notifications.
LET’S TALK
If you’re unsure about any of this, let’s talk right away. Please don’t think that because you are a small business, you are not at risk. Businesses of all sizes rely on technology to conduct daily operations. If you have employees and data, you’re at risk for a cybersecurity breach.
Hopefully, you have always been aware of cybersecurity and the risk of a detrimental loss. Insurance is there to take care of that when it happens. Yet now, we face an even deeper concern due to the additional vulnerabilities due to the COVID-19 pandemic. Just like most of you, the Peel & Holland team is working in atypical environments, but we remain open for business, committed to helping you protect all you’ve working hard for, and are still looking out for your best interests. If you’d like to review your cyber insurance options, we are ready to help.
