Mobile Work & Cyber Safety
Staying cyber safe while working remotely.

It is a sad state of affairs when a global virus proves to be a nexus to computer viruses. However, one of the immutable laws of the universe is ringing true: ‘out of disaster, comes opportunity’. And unfortunately, in this case, the ‘opportunity’ is being taken by cyber criminals ramping up their phishing efforts, and taking advantage of the uncertain times.
As a small business owner, whilst your priorities at this time are probably on your personal health and hygiene, and the wellbeing of your employees, now might also be the time to brush up on some ‘digital hygiene’ habits to prepare your business for this newly emerging wave of threats.

Be on the alert for phishing emails and websites

Criminals are crafting emails and websites purporting to provide information on a vast range of important topics, such as health reports, travel advisory updates, flight cancellations and school closures, just to name a few. Some of these communications are skillfully crafted, making it difficult to identify them as a phishing email or website. Be on the lookout for emails or websites that ask you to click on suspicious links or request sensitive information such as log-in details, credit cards, passwords, passports, health details or addresses, and ensure you’re raising this awareness with your staff.

Take this opportunity to ensure your employees genuinely understand the importance of protecting your business’s data, and understand their responsibilities

Test your remote working capabilities and policies

Such testing should be part of a regular Business Continuity Plan. In the current environment it is recommended that businesses ensure all staff understand the protocols they must adhere to when working remotely.

Testing your capabilities is an important step, as individuals may not be aware of all policies, procedures and protocols. It is essential the appropriate security functions have been implemented and are functioning correctly, such as Multi-Factor Authentication and VPN.

Take this opportunity to ensure your employees genuinely understand the importance of protecting your business’s data, and understand their responsibilities when it comes to hard drives and file encryption in storage and in transit. Brief your staff members on home network best practices, including the use of non-default router and Internet of Things (IoT) passwords.

WiFi may be your enemy

Unfortunately, public and personal WiFi networks may be compromised in certain circumstances. Delete WiFi credentials from your device as soon as you disconnect and enforce a strong password to your router (ensure it has been changed from the default password). Where possible, operate within a VPN.

Check Your Insurance

If you and/or your employees are now working remotely, there may be a heightened risk of cyber threats. Further, there may be a new level of information sharing between your business’s network and your employees’ personal systems not previously anticipated.

If you have cyber insurance, it’s worth contacting your broker to confirm whether cyber attacks that occur whilst  working remotely are covered, and clarify whether you have any additional obligations or need to disclose any of your policies, practices and procedures on remote working. 

What can you do as a small business?

Awareness and proactive action makes a difference. We have witnessed a variety of attacks where criminals attempt to exploit the current situation. These include among others:

  • Coronavirus phishing scams preying on fear and confusion about the virus
  • Phishing and scam websites themed around the pandemic
  • Exploitation of leading corporate VPNs with major vulnerabilities
  • Ransomware attacks on hospitals where scammers anticipate the urgent need to function will push administrators to pay ransom amounts

There are actions you can take to help combat cyber-attacks:

  1. Ensure work-from-home employees understand how to configure and connect to your Virtual Private Network (VPN) providers and avoid split-tunnelling
  2. Plan fallback measures for phone-based and off-net communications and work, as many (VPN) providers may encounter scaling issues as large numbers of users join
  3. Ensure the computers and devices work-from-home employees use are updated with the most current system and application versions
  4. Assess your cyber security resilience plans/incident response plans and ensure that cyber insurance limits are appropriate for any potential financial impact as the result of a cyber-attack

If you have any questions regarding your insurance policy, or if you have suffered a claim or incident, please contact your Aon representative to assist you during this challenging period.

Subscribe to SME Talk

This information is intended to provide general insurance related information only. It is not intended to be comprehensive, nor does it, or should it (under any circumstances) be construed as constituting legal advice. You should seek independent legal or other professional advice before acting or relying on any of the content of this information. Before deciding whether a particular product is right for you, please consider the relevant Product Disclosure Statement (if applicable) and full policy terms and conditions available from Aon on request or contact us to speak to an adviser. Aon will not be responsible for any loss, damage, cost or expense you or anyone else incurs in reliance on or use of any information contained in this article.