For current information regarding insurances and COVID-19: we are regularly updating this landing page as the situation progresses, please check here for guidance.
The cyber security risks of homeworking
17 April 2020
COVID-19 is not only having an impact on the way we live and manage our health, but also the way in which we work. With the situation constantly developing and the UK Government having extended its preventative measures, it’s meant that numerous businesses and their employees have had to adapt quickly, with many now working from home.
Naturally, remote working does come with challenges. Not only do people have to adapt to a new work-life routine, but there’s also the increased cyber and information security risks associated with homeworking to consider. Many are technology related, whilst others are due to working in a new environment.
Here are some top tips on how you can make sure your data is safe, whilst your staff work from home:
Work is better than personal
Generally, cyber security is significantly weakened when you mix personal and business devices and usage. So, having people work off personal devices is generally unwise. Where possible, work activities should be done on a company device, as this is more secure.
Stay current with software updates
Due to how fast businesses have had to react and get employees working from home, it might not have been possible for everyone to have a work device. In these cases, it’s important that employees keep their personal devices up-to-date with the latest software, as these help patch security flaws and help protect data.
Let your insurer know
Whether you’ve bought additional computer equipment for staff to use, or you’re allowing staff to work on their personal devices, if you already have a cyber-insurance policy, you should:
- Make sure the insurer is aware of the certain systems/processes that are in place - e.g. encryption, two-factor authentication. If these have now changed, you will need to let them know.
- Be aware of any policy conditions relating to encryption, backups or other processes and consider whether your new way of working complies with these.
Try to keep work separate
With everyone in the household having to remain indoors, it’s likely that screens, documents, and work-related conversations may be seen or heard by family members or other cohabiters. Therefore staff training is recommended on how to organise work and the risks associated with handling data from home.
Watch out when screen sharing or on video
Additional information leaks can occur with video conferencing and screen sharing. Staff may not notice something in the background when video conferencing, or sharing information on their screen. Users will need training, to ensure they use these facilities appropriately.
Be aware of phishing
The risk of phishing attacks still exist when working from home. Sadly, in recent weeks, there have been a number of new phishing attacks exploiting scenarios about the virus. These kind of attacks are designed to trick users into downloading malicious software or disclosing their passwords. Staff should be trained on what to look out for in phishing emails and how report them.
If you would like information about how a cyber-insurance policy could help you and your staff whilst working remotely, or need help understanding how your existing policy works in these circumstances, please get in touch with us on 0330 008 5555.
Sign up for the latest news
Subscribe to our email updates and latest news from the insurance world.