14 July 2020

Cyber security risks for a returning workforce

The coronavirus pandemic has caused havoc, hitting many businesses financially, slowing down operations and affecting productivity. As work restrictions are lifted, the rapid reintegration of remote workers returning to the office raises additional cybersecurity concerns, even for businesses who were prepared for the switch to remote working.
Here, we look at the main risks facing a returning workforce and how to mitigate your exposure.  There are four categories of cybersecurity risk, each offering potential for the introduction of malware and subsequent data loss from your business:
Personal devices

The switch to working remotely has prompted increased reliance on personal phones, laptops, computers, USB storage devices and other devices able to store and transmit data. If compromised by hackers, they could introduce malware to a company’s network. Ideally, work on personal devices should be sanitized and migrated onto a closed infrastructure or a monitored network specially for personal devices.
Unapproved personal applications

Workers may have used work devices for personal use, for example, teleconferencing, personal Cloud storage, printer or other hardware drivers, video games, social media and internet browsing. This increases exposure to phishing and malware attacks on devices that were considered trusted or secure. Before connections are made to a company network, misconfigurations should be identified and fixed, assets that should not be online removed, and malware scanning and cleaning introduced.
Reintroducing unattended systems

Systems and services that were offline and unattended during lockdown may have missed security patches, making them newly vulnerable when reintroduced. They may also have been compromised by hackers, who are waiting for their reintroduction before deploying malware. Any unmonitored systems should be scanned with an antivirus tool and logging checked for evidence of intrusion, plus security patches should be verified across all machines.
Human error

As people return to the workplace, human error can occur in the form of falling victim to phishing, unwittingly violating security practices, forgetting processes that have not been performed for months and accidentally leaking information. The pressure of returning to standard operations may encourage complacency and people may be uncertain about policy and practices regarding personal devices. Phishing education and training specific to security should be implemented and continuous email monitoring made a priority.
The solution

Insurance protection

The last thing any business needs on returning to normal operations is a cyberattack. With cybercrime on the increase and businesses vulnerable as described above, it has never made better sense to take out cyber insurance, providing you with the necessary technical and legal expertise to mitigate and remedy intrusion, and cover any downtime.
At Erskine Murray, we strive to ensure our clients are protected, particularly from new and emerging risks such as cyberattack.  We can review your demands and needs and put in place a policy that provides a range of services to support you following an attack.
Depending on your circumstances, some of the following Cyber insurance benefits may assist your business:

To discuss your cyber insurance requirements and ensure you return to work safely and securely, with the peace of mind you are protected against any form of cyberattack, call us today on 0116 265 4300 or email [email protected].