With many employees now working remotely for the foreseeable future as a result of the coronavirus outbreak, there’s a plethora of new cyber risks facing businesses.
“To put it bluntly, remote working increases cyber exposure,” Davis Kessler, head of cyber at Travelers Europe, recently told Insurance Business. Those added exposures stem from employees who might be using non-corporate email services, which don’t offer them the same level of protection as internal networks, he explained, or they might be connecting to the internet via a less secure wireless connection.
Back at home in Canada, national security agencies are battling against malicious cyber campaigns looking to exploit the pandemic by mimicking Canadian government websites in phishing attempts, among other tactics. Government officials have warned consumers and businesses about COVID-19 related cyber scams and cyberattacks, including text messaging scams, robocalls, and phishing emails, which attempt to impersonate the Canada Revenue Agency or other government bodies and trick people into providing personal information.
“With regards to business operations related cyber exposures, we certainly see a continuation of a lot of the threats that were previously present, including malware related risks,” said Kevin Lea (pictured), president of Fuse Insurance. “People perhaps have their guard down these days compared to when they’re at the office [and] these types of phishing emails are still going to come in so people should still be careful. Just because they’ve got [their work] email at home … doesn’t mean they should be any less cautious of suspicious-looking emails.”
This cyber risk landscape is further compounded by the fact that companies are increasingly using email for communication for more mundane items. This would include senior executives directing their bookkeeping or accounting staff, or anyone else with payment authorization to go ahead and process those things because they still need those to ensure the continuation of the business, explained Lea.
“With executives using more email-driven orders in order to make things happen, those who are processing the payments or those who are doing the two-factor verification on it need to be more cautious than perhaps they used to be,” he said. “It’s good for them to continue best practices around checking in with those executives to make sure that those changes and payment orders are actually what they intend to be and are not an impersonation.”
While Lea hasn’t seen any of Fuse’s clients fall victim to these types of cyberattacks during the pandemic just yet, he has heard concerns from cyber underwriters around the threat.
“A lot of businesses out there are not necessarily set up for robust cybersecurity protocols when it comes to remote work, especially if they are trying to rapidly implement an off-the-shelf solution that involves remote desktop viewing or something like that, that may not be as secure as a more adept solution would be,” he explained. “It’s certainly something for them to keep in mind – that if you do want to do a from-home-style setup to make sure … that the protocol that is put into place actually matches industry best practices.”