It is a sad state of affairs when a global virus proves to be a nexus to computer viruses. However, one of the immutable laws of the universe is ringing true: ‘out of disaster, comes opportunity’.
With specific reference to computer viruses, the criminal element is unfortunately taking said opportunity and using a terrible global health pandemic to cause another kind of pandemic – phishing-style attacks. Whilst our priorities at this time must be on personal health and hygiene, we also need to be vigilant against these opportunistic threat ‘actors’. Some ‘digital hygiene’ must also be observed.
Many questions have been raised concerning cyber insurance response given that we have an unprecedented level of remote working, which undeniably presents a heightened threat landscape. Further, there may be a new level of information sharing between corporate systems and employees’ personal systems not previously anticipated.
Insurers are familiar with ‘Bring Your Own Device’ policies and remote/agile working practices, and it is not uncommon for data to be routinely passed over the corporate network and beyond, including to employees’ personal devices. Whilst each insurance policy must be considered in the light of the incident/claim that gives rise to loss, these types of scenarios are mostly anticipated by insurers as likely situations where claims will arise.
Whilst it is likely we will experience a positive response from insurers in dealing with such incidents, we should be mindful that with this heightened threat landscape, insurers are likely to start seeking further details of policies, practices and procedures on remote working.
Be on the alert for phishing emails and websites
Criminals are crafting emails and websites purporting to provide information on a vast range of important topics, such as health reports, travel advisory updates, flight cancellations and school closures, just to name a few. Some of these communications are skillfully crafted, making it difficult to identify them as a phishing email or website. Be on the lookout for emails or websites that ask you to click on suspicious links or request sensitive information such as log-in details, credit cards, passwords, passports, health details or addresses.
Test your remote working capabilities and policies
Such testing should be part of a regular Business Continuity Plan. In the current environment it is recommended that businesses ensure all staff understand the protocols they must adhere to when working remotely.
Testing your capabilities is an important step, as individuals may not be aware of all policies, procedures and protocols. It is essential the appropriate security functions have been implemented and are functioning correctly, such as Multi-Factor Authentication and VPN.
Try implementing a daily ‘roll-call’ with a list of critical items to cover. This helps to maintain the social and team aspects of working, but also helps to ensure critical steps have been taken.
Take that opportunity to ensure employees are fully cognizant of company information protection procedures including those regarding hard drives and file encryption in storage and in transit. Brief employees on home network best practices, including the use of non-default router and Internet of Things (IoT) passwords, Service Set Identifier (SSID) broadcast hiding and the configuration of trusted Domain Name Servers (DNS) providers.
WiFi may be your enemy
Unfortunately, public and personal WiFi networks may be compromised in certain circumstances.
Delete WiFi credentials from your device as soon as you disconnect and enforce a strong password to your router (ensure it has been changed from the default password). Where possible, operate within a VPN.
What should you be doing as an organisation?
Awareness and proactive action makes a difference.
We have witnessed a variety of attacks where criminals attempt to exploit the current situation. These include among others:
- Coronavirus phishing scams preying on fear and confusion about the virus
- Phishing and scam websites themed around the pandemic
- Exploitation of leading corporate VPNs with major vulnerabilities
- Ransomware attacks on hospitals where scammers anticipate the urgent need to function will push administrators to pay ransom amounts
There are actions Australian organisations can take to help combat cyber-attacks:
- Ensure work-from-home employees understand how to configure and connect to company Virtual Private Network (VPN) providers and avoid split-tunnelling
- Plan fallback measures for phone-based and off-net communications and work, as many Virtual Private Network (VPN) providers may encounter scaling issues as large numbers of users join
- Ensure the computers and devices work-from-home employees use are updated with the most current system and application versions
- Assess cyber security resilience plans/incident response plans and ensure that cyber insurance limits are appropriate for any potential financial impact as the result of a cyber-attack
If you have any questions regarding your insurance policy, or if you have suffered a claim or incident, please contact your Aon representative to assist you during this challenging period.