Cybersecurity Is never guaranteed. Make sure you’re covered cyber liability insurance
- While working remotely is nothing new, today’s cloud-based services and home computers add new risks to the mix.
- Some common cybercriminal techniques include phishing, weak passwords, file sharing, insecure home networks, and lack of encryption on personal devices, all of which can be fixed with the proper approaches.
- Cloud systems present their own challenges, so know the risks and then hire a professional to protect your company’s data.
- In-office cybersecurity is important as well, and some of the same risks apply. Perhaps the most important thing to do is make sure you backup daily on a device that’s not connected to your network.
- No matter what steps you take, things can happen, and you leave yourself financially vulnerable and can potentially lose your business without a cyber liability policy.
COVID cast a spotlight on something that was becoming more popular even before the pandemic – remote working. People have been working from home since before the Industrial Revolution. The invention of the Internet coupled with home computing caused remote work to surge in the early 1990s and there’s been a steady increase since 1999.
Pre-industrial workers faced hazards as blacksmiths, carpenters, and leather tanners, but cybersecurity was not one of them. Today’s home workers may have insecure networks, a real problem when your business is in their hands.
Additional risks come from the cloud-based platforms that are ubiquitous today. In this article, we’ll talk about the risks posed to your small business when employees work remotely, including cloud systems and how they work, how to secure your systems and devices when employees are working in your office, and how you can reach that same level of security when they work from home. We’ll also clue you in on an essential piece of the security puzzle: cyber liability insurance.
Cybersecurity risks posed by remote working and the measures you can take
Your company data is at risk. Always. Cybercriminals are becoming more skilled and inventive. Having remote workers adds an extra layer of risk. Here are the top five remote workforce risks:
- Phishing. This is usually conducted over email to get personal information. In the past year, 54% of IT-managed service companies saw an increase in phishing, 56% found an increase in browser-related infections, 44% saw that compromised devices were used to infect the entire business, while 45% saw an increase in compromised printers used as the criminal’s attack point.To defend against phishing attacks, make sure you have a secure email gateway that blocks 99.99% of spam emails and exposes them when accounts are compromised.
- Weak passwords. In research conducted using more than 15 million data breaches across 17 separate industries, the word “password” was the most common word used. Other top passwords were “Hello123,” and “sunshine.” Some companies provide a shared password for users.Encourage employees to change their passwords often and coach them to create passphrases by stringing together a random group of words. These, as well as longer passwords, are difficult to crack, and additional security can be added by adding punctuation, special characters, and numbers.
- Sharing files. Information sharing keeps your enterprise running and it happens all day, every day. While you may encrypt data on your network, to maintain security, it should be encrypted when it’s sent via email and even voicemail. Another alternative is to use a secure file-sharing platform like Box or Dropbox that encrypts information end-to-end.Voicemails can be encrypted if you have a business phone provider that has features such as voicemail-to-email to protect data.
- Insecure home Wi-Fi networks. Employees should be instructed to check for updates and install them regularly. You might also think about providing each employee who works with a lot of sensitive data with a firewall that provides better security.
- Unencrypted personal devices. Remote workers are posing a security threat by using insecure devices to connect to your corporate network – many office workers say they have used their personal laptops or printers/scanners for work and IT staff have seen evidence of compromise on workers’ personal computers.
One effective way to conquer this problem is to provide employees with work laptops with the latest in security or Desktop-as-a-Service, which can be used with a personal device leasing virtual desktops via a public or private cloud service. Speaking of cloud services, they present their own risks.
Cloud systems and their risks
Many companies have moved their applications and data to the cloud. Cloud computing means computing services that include servers, storage, databases, networking, software, analytics, and intelligence are delivered over the internet. This typically fosters innovation, makes resources more flexible, and realizes economies of scale.
However, cloud systems face their own security threats that include:
- Data breaches when cybercriminals access your system and steal or interfere with your data.
- Insiders who often have legitimate access but are malicious actors who want to harm the company.
- Denial-of-service attacks are becoming more common. This happens when a hacker floods your system with more web traffic than it can deal with, even at peak. Operations stall completely, no one can access the system, and your business can’t operate.
- Insecure interfaces and APIs. Your cloud provider uses a specific framework to provide APIs to programmers. This leaves systems vulnerable to attackers. Solve this with multi-layer security.
A comprehensive cloud security system requires professional consultation with a managed IT firm
Cybersecurity in the office
Robust cybersecurity is as essential in the office as it is outside it. Some crucial elements to include are:
- Whitelist applications
- Implementation of multi-factor authentication
- Administrative privilege restrictions
- Efficient update and patch installation
- Disable Microsoft Office Macros that you don’t trust (those that come from the internet or are unvetted)
- Block browser access to things like Adobe Flash Player, online ads, and suspect Java code.
Of course, the latest in firewalls should be installed, and perhaps the most important thing of all is to implement daily backups on a device disconnected from the network.
You can take all the cybersecurity precautions in the world, but sometimes the unthinkable still happens, and cyber liability insurance adds an additional layer that can bring great peace of mind.
Protect your business with cyber liability insurance
- A cyber liability insurance policy safeguards small businesses from the astronomical costs of a data breach or software attack. A cyberattack can put you out of business: 60% of small businesses fail after a cyberattack. A cyber liability policy typically pays for:
- Mandatory notification of all affected parties. If you don’t do this, you could face high fines as well as penalties.
- The investigation and mitigation of security flaws
- Credit monitoring service
It also covers the correction of reputational damage if you have to hire an advertising or public relations firm to repair it.
Cyberattacks are ruinously expensive and typically take a long time to resolve. One study said the average cost of a data breach is $3.86 million, and the average time to identify and contain it is 280 days.
Few businesses can afford this type of financial hit, so it’s imperative that if you have staff working remotely that you contact your insurance agent and get covered.
Don’t risk financial ruin. You need cyber liability insurance from Avante Insurance
Remote working is a boon for workers and with its tendency to increase productivity and reduce expense, it’s here to stay. Be sure your business is protected.
At Avante, we’ll work with you to build the complete coverage you need with a deductible that works for you. Reach out today, because you never know what tomorrow will bring.
This blog and website are made available by the publisher for educational and informational purposes only. It is not to be used as a substitute for competent insurance, legal, or tax advice from a licensed professional in your state.