Cyber risks in the home office

Cyber criminals are taking advantage of the situation to devise new scams or attack company information systems. So companies face not only the threat of coronavirus-related losses, but also further damage caused by hacker attacks or scams. With cyber and fidelity insurance, companies can protect their assets from these risks.

Both cyber insurance and fidelity insurance are professional indemnity policies that protect against the financial effects of cyber and commercial criminality. Personal injury and property damage are not included in the insurance cover; the same applies to indirect and direct financial losses resulting from coronavirus, such as damage and additional costs arising from business closures or loss of personnel – for example, the loss of key personnel for IT operations. However, these insurance schemes do cover the consequences of scams or attacks on company information systems which occur more frequently in connection with coronavirus.

Working from home securely

Internal control system and information security management standards are sometimes more difficult to implement and maintain in a home office environment. That’s why Funk experts recommend the following measures:

• All of the end devices used should be equipped with the latest operating systems. Provided security measures such as virus scanners and patches should also be up to date. Reduce attack vectors by having employees only work on company devices. 
• Access to the company network should only take place via secure connections such as VPN (virtual private network) or other secure options like desktop virtualisation. Access should also be protected by two-factor authentication. 
• Login information and passwords should not be shared with third parties and not stored in a browser. 
• Employees working from home should not use company devices to consume media content that is not business-related, in order to avoid unnecessarily overloading the company network capacity. Employees should be made aware of possible risk scenarios.
• Special attention should be paid to the following:

• Implement a process that employees can use to report suspicious emails. 
• Employees should not open any emails related to coronavirus, even if they appear to come from reputable senders such as the WHO or the Robert Koch Institute. Criminals are currently using the identities of these and similar organisations to send malware via email attachments or perpetrate scams. It has proven effective to sensitise employees to the aforementioned points and to train them where possible.

• Employees should lock their computers or tablets even when taking short breaks from their work. Data protection laws and regulations such as the GDPR still apply even in a home office environment, especially when it comes to the protection of personal health data or employee data. How business data is handled is also of increased importance: do not allow your employees to store any data of this kind on personal devices or forward such data to personal email addresses. 

Important: Observe the obligations set out in cyber insurance policies

With Funk CyberSecure, Funk offers its clients an exclusive, tailored insurance solution that foregoes a ‘state of the art clause’ and also shifts the burden of proof to the insurer. To avoid potential disputes in the event of a claim, however, the technical and organisational measures specified in the Funk Cyber form should also be implemented even by employees working from home. In particular, observe the information concerning antivirus, patch management, remote access and allocation of access rights. If it is not possible implement the measures, let us know. We at Funk will then inform the insurer of the corresponding increased risk.

29/06/2020