Businesses around the world are rethinking the ways they can protect themselves from cyber attacks with working from home becoming more common and necessary.
Companies had to prepare quickly as the new coronavirus hit North America and forced widespread shutdowns. This involved sending employees home with equipment to do their jobs as comfortably as possible with little time to ensure networks were secure. Some employers are even committing to keeping their workers at home through the end of the year.
Although these steps are important for protecting workers and public health, protecting personal and client data while working remotely is a concern. Even as some employees begin to transition to occasionally going into the office, keeping this information secure is of utmost importance.
A recent Statistics Canada survey says only seven per cent of small businesses have purchased cyber liability insurance. Small businesses make up 97.9 per cent of employer businesses in Canada.
The Insurance Bureau of Canada released a report in September 2019 indicating 37 per cent of businesses affected by a data breach lost over $100,000 while one in five had no idea how much the breach cost.
Businesses can use the following four steps to keep them protected from attackers.
Communication
Open the lines of communication with employees about the risks they face and do so on a frequent basis via video conference. Employees can then discuss how to best address potential threats, and they can be part of building the reporting process. The security and privacy flaws discovered on the popular Zoom video conferencing application are a reminder that businesses and employees have a role to play in reducing exposure to cyberattacks.
Clear Reporting Process
When an employee receives a suspicious email or phone call, what should they do with it? Employees need to have a way to report suspicious activity. That includes knowing how and where to report incidents as well as actions they need to take and an expected response.
Cyber Resilience Culture
Set clear expectations on what your employees can and cannot do. With additional platforms and applications, employees can become frustrated quickly with having to remember login credentials for each system. You should therefore emphasize the importance of not disabling encryption and password protection in software. Do not allow any employee to reconfigure devices to remove some of their security protocols. These systems are essential to protecting company data.
Education
The most critical aspect of cybersecurity is educating and training your workforce. In order to report issues, employees need to understand how to identify them. Even in a remote environment, companies should be deploying simulated social engineering and phishing campaigns to help employees spot phishing emails and to assess their level of preparedness.
For support as you align yourself or your business with necessary cyber liability coverage, contact an NFP advisor today.