COVID-19 Cyber Threats
California’s “Stay at Home” order transformed the workplace from working in office spaces to working from home. In light of this “new normal”, it is imperative to revisit and revise your cyber risk management policies.
Below are tips your organization should consider implementing to mitigate exposures to data breach, limit exposure of sensitive information, and maintain cybersecurity while employees continue to work remotely.
- Password Requirements: Your organization should have strict complex passwords for employees that should be changed at frequent intervals. Employees should not be permitted to share their passwords with other employees without your administrator’s express approval.
- Multifactor Authentication: In addition to complex passwords, multifactor authentication requires users to have at least two pieces of information to gain access to company data such as a password or PIN number, access code from an SMS Text or Authenticator, or fingerprint signature. The multifactor authentication prevents unauthorized access to email accounts and prevents cybercriminals from gaining entry even if passwords or credentials have been compromised.
- Strong Encryption at Rest and In-Transit: It is crucial to have strong encryption to protect your data from outside eyes and to secure your data regardless of where it is being used. Strong encryption should be in place at all times, whether your data is at rest, residing in your system, in transit, or moving from one location to another. Administrators should know who has access to the encryption keys at all times.
- Bring Your Own Device (BYOD) or Company-Supplied Hardware: While many employees utilize their own devices to access their organization’s data, best practice is to have your organization supply employees with the appropriate hardware to ensure that your data is secure and so your IT personnel/vendor can easily and immediately connect to update and manage your organization’s security. There are several risks involved with respect to BYOD including data theft, malware infiltration, theft of devices, and employment practices liability. However, if your employees utilize their own devices, consider implementing a BYOD policy requiring employees to install, use, and regularly update anti-virus and anti-spyware software.
- Auditing, Training, and Planning: In addition to the measures discussed above, your organization should perform regular cybersecurity audits of networks and systems, as well as, require employees, interns, and/or volunteers to undergo regular training in best practices security. Additionally, make sure that your organization continually revises its cybersecurity program and that personnel is informed of any changes.
- Cyber Liability Insurance: While there is no “standard” cyber policy form. Most standalone Cyber policies offer forensic investigation coverage, system restoration costs, defense and indemnity costs associated with litigation resulting from the loss of personal information, or other sensitive data, as well as potentially defense costs and penalties associated with regulatory investigations. Many cyber insurance carriers also offer broad risk management services. Moreover, most General Liability policies now exclude coverage for cyber-related claims.
Aside from these proactive tips to reduce data breach, your organization should also have an incident response plan in place, which outlines how your organization will respond to an incident. Implementing an incident response plan will help your organization to quickly investigate and remediate cyber-attacks. In addition to informing your employees, supervisors and key managers, it is important to keep your board of directors informed of your policies, procedures, and incident response plan as part of their fiduciary duties.
A cyber risk management policy can help to mitigate exposure to data breach, especially since your organization may be in the transition to a remote workforce. Cyber liability insurance should be considered as part of your risk management plan (and not your only plan). If your organization currently carries cyber liability, review the coverage terms, conditions, and exclusions with your organization’s counsel to detect any exposure in coverage.
Let us know if you have any questions regarding cyber risk management or would like us to provide you with a quote for cyber liability. We are here to help! Stay safe!