The COVID-19 pandemic disrupted global labor markets on a mass scale and caused many businesses to transition into fully remote work environments. Companies are now re-evaluating what the future holds regarding their day-to-day operations, and many have announced plans for hybrid schedules going forward. As the work environment shifts and the economy becomes increasingly digitalized, our dependence on technology is heightened. Therefore it is no surprise that cybercrime is escalating and is now ranked a top business concern globally.
Since 2020, studies have shown that there has been an increase in reports of fraudulent emails, phishing, and spam attempts by corporations. According to the FBI press release dated March 17, 2021, the 2020 Internet Crime Report revealed that there were “791,790 complaints of suspected internet crime – an increase of more than 300,000 complaints from 2019 – and reported losses exceeding $4.2 billion”. As a result, a strong cybersecurity program has become essential for businesses.
Below are three ways companies can strengthen cybersecurity in a remote work environment:
1. Assess IT infrastructure:
Companies should reassess their IT infrastructure and identify any areas for potential breaches as they shift from traditional office setups to remote work environments. For example, if a company uses unprotected conference links on platforms such as Microsoft Teams or Zoom or cloud-based servers to share sensitive documents, this increases the risk of potential cyber-attacks and data leaks. Companies should be aware of these risks and put necessary controls in place to mitigate them. Controls include, but are not limited to, making sure all conference links are password-protected, requiring multi-factor authentication for document sharing tools, and installing systems that can scan suspicious links or attachments in incoming emails.
2. Brainstorm mitigation efforts should a cyber breach occur:
If control measures fail, businesses should be prepared with proper disaster recovery plans. Examples of this include IT system recovery plans that ensure the restoration of data and periodic checks that these backups are working correctly.
Additionally, businesses should keep track of all documentation related to the cyber event for claim purposes. This documentation includes, but is not limited to the following:
- Invoices for restoration of data, IT related costs, legal costs, and professional fees
- Internal labor costs related to restoration of data and computer systems
- Detailed timeline including date and time cyber-related incidents occurred, computer shutdowns, etc.
- Hourly, daily, or weekly revenue reports that can be used to quantify any loss of income attributed to the cyber event
3. Emphasize staff training and communication:
Human error is where organizations are most susceptible to a cyber-attack. Therefore, employers should emphasize communication and training in work-from-home environments and ensure their employees are well informed on potential security threats. Below are some examples of how to better equip your employees with the knowledge they need to avoid phishing attempts:
- Have employees keep an eye out for suspicious links, attachments, or domain names
- Ensure the company is performing system updates and shutting down laptops, cell phones, and apps regularly.
- Avoid repetition of passwords across multiple accounts.
Since the pandemic, cyber threats have become increasingly more prevalent. By implementing the above measures, companies can mitigate or reduce the risk of a cyber event. Should a cyber event occur, companies should consult with insurance professionals to help identify potential areas of coverage under their cyber policy and assist with claim preparation.