Cyber Risks of Working-From-Home

Business Management

May 13, 2020

Cyber Risks of Working-From-Home

By Paula Dixon, Senior Vice President, Holmes Murphy

In light of the response to COVID-19, companies large and small have quickly pivoted to work-from-home scenarios. While company computers and networks are armed with antivirus software and other forms of protection, those measures often go out the window when employees are working from home and remotely accessing the company computer network.

Allowing employees to work from home has become a necessity and will likely continue.  Employers should conduct a cybersecurity review of each work-from-home office to identify and eliminate exposure.

Where possible, have an IT professional review each home office and examine the connection to the company’s network. Is it adequately protected by robust ID/password combinations?  Are those updated regularly? How much access does the remote employee have to company servers, clouds, and other databases? Are those adequately protected by firewalls? Are activities tracked and alarms sounded in the event of an attempted breach? Are files backed up regularly to a secure location? Your goal is to make the home desktop, laptop, tablet, or cell phone as secure as any computer in your office.

It’s a good idea to investigate the employee’s internet service provider (ISP) as well. Make sure the ISP each employee uses the latest generation of security enhancements.

You will also want to establish policies for the use of company equipment in the home office. It is almost impossible to stop employees from accessing company computers and internet connections at their home office for personal use, but you should set limits and guidelines about what is allowable. Employers should prohibit employees from downloading games or visiting websites that contain offensive content, for example. Set guidelines for how to handle suspicious email attachments.  And, prohibit anyone other than the employee from using the company computer or network.

Insurers have developed cyber insurance policies that provide a broad range of coverages, most of which apply to remote office exposures. Specific coverages and policy language will vary by carrier. When reviewing policies, look for the following coverages:

• Network and data security breach
• Loss of income
• Business interruption
• Electronic media liability
• Security breach remediation
• Computer program and electronic data restoration

Some insurers now offer robust risk management resources and services to strengthen your cybersecurity measures. Insurers can assist with assessments of your current vulnerabilities. And should you suffer losses, you will likely receive assistance from your insurance company in tracking the breach and identifying the culprit.

Insurance issues can be tricky when it comes to work-at-home offices. When there is a mixture of employee and company property involved, it becomes even more confusing. Consult with your insurance professional to make sure you are fully protected during these trying times.

Paula Dixon is a board member of The Professional Liability Agents Network (PLAN). To find a qualified agent in your area, visit our website at www.plan.org.

 

All comments to blog posts will be moderated by ACEC staff.