COVID-19 Considerations: Cyber Security and Remote Workforces

March 24, 2020

As more and more social distancing measures are enacted, employers are transitioning their workforce to remote workstations en masse. The COVID-19 outbreak is presenting a myriad of challenges, but for IT teams, specifically, equipping employees with the necessary tools and systems to maintain their productivity is uncharted territory.

In this unprecedented time, maintaining security is of the utmost importance. We’ve already seen evidence that cyberattacks could become more focused as government agencies and companies move swiftly to adapt to COVID-19. One recent example includes the attack targeted at the U.S. Health and Human Services Department (HHS) on March 16. In that instance, the attack overloaded the HHS servers with millions of hits over several hours; however, the attack did not significantly slow the agency’s systems. HHS anticipated increased attacks and added extra protections in place.

To help ensure that your organization’s response to cyber threat is more akin to that of the HHS, our experts give guidance on mitigating your risk.

 

Remind Employees of Online Best Practices

Companies are always vulnerable to cyber and phishing attacks, but an increase in remote workers may present new dangers. As everyone checks their hand-washing routine, it is important to remind employees of best practices for online security.

  • Be wary of suspicious links, especially those about COVID-19, including cure claims, donation requests and links or documents from unfamiliar email addresses.
  • Ensure home Wi-Fi has a strong password. Instruct employees on minimum lengths or complexities of passwords and resources on how to update their passwords.
  • Update or increase security requirements on work passwords. With increased potential exposures, consider increasing the complexity and frequency of password resets.
  • Explain any policies about using public Wi-Fi and the risks of using it.
  • Clarify acceptable options for working and which platforms cannot be used. For example, explicitly say if employees can or cannot use platforms like Zoom, Slack, Google Drive, Google Hangouts or other shared platforms.
  • Direct employees on at-home printing protocols and if and how they can print sensitive materials and how to dispose of them appropriately.

 

Increase in Scams

Experts expect to see an increase in scams targeted to personal and company emails. Current circulating malware, virus and phishing scams include:

  • Links to COVID-19 maps that are on websites loaded with malware.
  • An email saying that a person at an event you attended may have COVID-19. The email includes a link to stay updated on the status of the individual’s diagnosis; however, the link is malicious.
  • Luring people to download documents that appear to be from an official health authority but really contain malware or other harmful code.
  • Emails containing a link to learn about a new COVID-19 cure.
  • Spoofed emails from CDC or WHO claiming to have updated information on the virus.
  • Donation requests for fraudulent charities or groups posing as COVID-19 causes.
  • Promoting fake cures or protections.

 

For Businesses Struggling with Remote Capabilities

Technology companies are easing the transition cost to try remote tools. These tools can ease the transition process for small or large businesses not equipped to work entirely remotely. Instruct employees on any restrictions surrounding these platforms to ensure that all sensitive or secure items are kept that way.

Microsoft Offering a free six-month trial of its premium plan for Teams chat app
Google Giving free access to its enterprise version of Hangouts Meet to all G Suite and G Suite for Education users now through July 1, 2020
LogMeIn Offering free “Emergency Remote Work Kits” for three months
Cisco Webex Providing free 90-day licenses to non-Webex customers and is allowing existing customers to expand their usage at no additional cost

 

Know Your Coverage

If you have any questions or concerns about your cybersecurity insurance coverage, talk to your Beecher Carlson account representative. We will continue monitoring the situation and share new information as it becomes available.

 

Download

 


Sources


Please be advised that any and all information, comments, analysis, and/or recommendations set forth above relative to the possible impact of COVID-19 on potential insurance coverage or other policy implications are intended solely for informational purposes and should not be relied upon as legal advice. As an insurance broker, we have no authority to make coverage decisions as that ability rests solely with the issuing carrier. Therefore, all claims should be submitted to the carrier for evaluation. The positions expressed herein are opinions only and are not to be construed as any form of guarantee or warranty. Finally, given the extremely dynamic and rapidly evolving COVID-19 situation, comments above do not take into account any applicable pending or future legislation introduced with the intent to override, alter or amend current policy language.