Cyber risks in the home office
The fight against coronavirus has caused many companies to close offices and branches. A large number of employees are still working from home. This situation poses new technical challenges for companies and employees.
This cyber insurance covers damage caused by hacker attacks and malware. Protection is provided regardless of where the employee is working – the computer in their home office is also part of the insured computer system.
This fidelity insurance also provides cover if employees working from home fall for a scam and the company incurs damage as a result.
Cyber criminals are taking advantage of the situation to devise new scams or attack company information systems. So companies face not only the threat of coronavirus-related losses, but also further damage caused by hacker attacks or scams. With cyber and fidelity insurance, companies can protect their assets from these risks.
Both cyber insurance and fidelity insurance are professional indemnity policies that protect against the financial effects of cyber and commercial criminality. Personal injury and property damage are not included in the insurance cover; the same applies to indirect and direct financial losses resulting from coronavirus, such as damage and additional costs arising from business closures or loss of personnel – for example, the loss of key personnel for IT operations. However, these insurance schemes do cover the consequences of scams or attacks on company information systems which occur more frequently in connection with coronavirus.
Working from home securely
Internal control system and information security management standards are sometimes more difficult to implement and maintain in a home office environment. That’s why Funk experts recommend the following measures:
- All of the end devices used should be equipped with the latest operating systems. Provided security measures such as virus scanners and patches should also be up to date. Reduce attack vectors by having employees only work on company devices.
- Access to the company network should only take place via secure connections such as VPN (virtual private network) or other secure options like desktop virtualisation. Access should also be protected by two-factor authentication.
- Login information and passwords should not be shared with third parties and not stored in a browser.
- Employees working from home should not use company devices to consume media content that is not business-related, in order to avoid unnecessarily overloading the company network capacity. Employees should be made aware of possible risk scenarios.
- Special attention should be paid to the following:
- Implement a process that employees can use to report suspicious emails.
- Employees should not open any emails related to coronavirus, even if they appear to come from reputable senders such as the WHO or the Robert Koch Institute. Criminals are currently using the identities of these and similar organisations to send malware via email attachments or perpetrate scams. It has proven effective to sensitise employees to the aforementioned points and to train them where possible.
- Employees should lock their computers or tablets even when taking short breaks from their work. Data protection laws and regulations such as the GDPR still apply even in a home office environment, especially when it comes to the protection of personal health data or employee data. How business data is handled is also of increased importance: do not allow your employees to store any data of this kind on personal devices or forward such data to personal email addresses.
Important: Observe the obligations set out in cyber insurance policies
With Funk CyberSecure, Funk offers its clients an exclusive, tailored insurance solution that foregoes a ‘state of the art clause’ and also shifts the burden of proof to the insurer. To avoid potential disputes in the event of a claim, however, the technical and organisational measures specified in the Funk Cyber form should also be implemented even by employees working from home. In particular, observe the information concerning antivirus, patch management, remote access and allocation of access rights. If it is not possible implement the measures, let us know. We at Funk will then inform the insurer of the corresponding increased risk.
Tips for managers: maintaining team morale
- Hold daily conference calls with your employees individually or in groups – use modern communication technologies such as video chat for this.
- Be transparent. Communicate openly and regularly about new developments.
- Schedule virtual coffee breaks together, where people have the chance to chat about things other than work if desired.
In the digitised world, cyber attacks today can have serious consequences. Companies should therefore think carefully and holistically about the risks. Learn what you should keep in mind on our overview page on cyber risks, where we offer a collection of posts, videos and more on the topic.