10 September 2021

Managing cyber risk when working remotely 

With the onset of the Covid-19 pandemic, many businesses have adopted a work-from-home operating model. In a remote working environment, the need for increased cybersecurity has never been more important. As evidenced by a number of recent high-profile cyber attacks, cybercriminals are moving fast to take advantage of individual and business security vulnerabilities so businesses need to be prepared.

Below are some simple steps you and your employees can take to minimise risk, help your systems remain operational, and protect your clients' data and your own from loss or exposure.

Protecting against phishing and other social engineering attacks

Remember that technical defences, while good, can’t fully protect you or your business. Attackers know that employees are often a weak link in security and will most often target them.

• Beware of unexpected multi-factor authentication requests if you use this form of security. If you receive a request to approve a connection you did not start, do not approve the request, check with the source (via an alternative channel) and report it.
• Don’t click on unknown links or open attachments.
• Beware of emails that relate to breaking news or other urgent messages that entice you to act now.
• Visit only trusted websites for information on the pandemic. Beware of sites advertised in social media posts or sites luring visitors through urgent or inflammatory messages.
• Don’t allow family members to use your company equipment for personal use, which can expose the system to unexpected browsing activity.

Sharing data and collaborating

• For internal and external collaboration, conferencing and file sharing, only use company approved file-sharing and collaboration tools.
• Don’t email data to personal email accounts or transfer data to unapproved portable storage devices (for example USB memory stick).
• Don’t email unencrypted sensitive data to external parties. If you send an individually encrypted file, secure it with a strong password, and do not send the password by email. 

Protecting data on remote networks

• Use secure, known networks including a company-provided VPN wherever possible.
• If you or a family member has the technical ability to do so, ensure your home Wi-Fi router is protected with the WPA2 or WPA3 encryption setting; ensure your router/modem and internet service provider (ISP) portal are configured with a strong, unique password; and enable software updates for all routers and modems.

Other tips

• Ensure all software is up to date, automatic updates can be turned on in the general computer settings areas of all laptops/PC computers.
• Ensure critical business data is backed up, stored and easily recoverable; using external or cloud based service providers is the safest practice.
• Ensure your staff are trained and aware of cyber risks.

We’re here to help

One of our core responsibilities as a broker is to ensure you have all the information you need to make informed decisions about the risks your business faces. With the effects of coronavirus being felt in a number of ways by our clients across the country, we wanted to share some advice to help you protect your business during this difficult and unprecedented time.

We hope you find the information above helpful, if you have any questions or if you would like to speak to us regarding cyber insurance please talk to your broker.

Further information

• Covid-19 and your insurance 
• Cyber insurance
• Phishing

Client Advisory