Many employers have suddenly had to face the necessity of their employees working remotely. With remote access comes additional risk.
Remote access is often used as a vector to hack into corporate networks and most cyber attacks are crimes of opportunity. These facts in the new normal we’re living in put us all at increased risk for data breach, ransomware, and other cybercrimes.
Here are a few things you can do to help manage the risk of remote access:
Use of a Virtual Private Network (VPN)
A VPN creates a security shell outside of your network that helps to hide the existence of the network that you want to protect. If you’re employees are logging onto your servers or their desktops remotely, a VPN is a virtual necessity.
Two Factor Authentication (2FA) or Multi-Factor Authentication
Have you ever logged in to a website or application with your user name and password, then been sent an authorization code via text message or email? This is 2FA. Essentially, this process helps protect against a user name and password being stolen or broken into. Implement 2FA with your VPNs and other tools that your employees are using.
Utilize Strong Passwords
This step cannot be overlooked. Using longer passwords, enforcing unique passwords for different programs/web sites, and implementing a 90-day mandatory password change are all very effective security tools. How many of your employees do you think use the word ‘password’ as their password? What about using the same password they’ve used for their personal email for the last decade? You can also use password management tools to help keep track of everything.
Ensure Data is Encrypted
By ensuring that you have end to end encryption (such as through a VPN), you can prevent ‘man in the middle’ attacks. Encryption software for emails containing private or personal information is also a necessity at all times.
Mandate the Use of Company Provided Hardware
If an employee is logging onto your network remotely from their own personal computer, your network can be in danger of being laterally infected by malware from those computers. Providing employees with hardware set up to your company’s standards will certainly be expensive, but is much better from a risk management perspective.
Educate Employees on Remote Access
If you educate your employees about the most common risks (such as phishing) and make sure they understand the importance of being diligent, you’re limiting the potential exposure.
Remember that cyber attacks are most often crimes of opportunity. Limit the opportunity of your exposure. Putting up even minor roadblocks can make a big difference. If your home has signage out front for an alarm system and your neighbor doesn’t, when all other things are equal, who’s house is more likely to get robbed?
Risk Management is one Aspect of Protecting your Business. Risk Transfer is the Other.
There’s another important thing to consider – no cyber security plan is bullet proof. You might have the best protections money can buy but undiscovered vulnerabilities exist in hardware and software all the time – that’s why updates and patches are needed and so important to implement. While your security has to be effective 100% of the time to prevent loss or a breach, a hacker only has to be effective once to cause irreparable harm.
Your cyber security is the management aspect of the risk you face – having the right insurance in place transfers your risk to an insurance company.
Cyber & Privacy Liability policies are designed to help you manage the fallout, recoup losses, and get back to where you were (at least as much as possible) before a cyber-incident occurs. Not only do these policies provide you with Liability protections (both the cost of defense and any settlements or judgments) but important indemnifications against things like Funds Transfer Fraud, Reputational Harm, and Business Interruption that occur as a result of using the technology we all depend on now more than ever.
In Summary
Don’t forget that you might already have additional resources to access. Cyber & Privacy Liability policies often come with risk management and consulting resources. If you don’t know how to access these resources, give us a call and we can help you identify and access the resources available to you. And if you don’t have a Cyber & Privacy Liability policy – now might be the time to get one.
Cyber Liability insurance policies are relatively inexpensive compared to the coverage and risk management tools you’ll get. Many insurance carriers are competing for this evolving and increasingly necessary coverage and they are pricing coverage aggressively to get as much business as they can. If you haven’t already, you can take advantage of market conditions now to obtain relatively inexpensive and comprehensive coverage.
Like you, our business operations are affected by COVID-19. While many of our employees are working remotely, we’re still here to help you protect your business. As always, please don’t hesitate to call us with any of your questions or concerns.