COVID-19: Information security risk rises amid outbreak

A surge in the number of people working from home amid the coronavirus pandemic is likely to see some firms cut corners in their rush to enable remote access to their office IT systems -- leading to warnings around confidentiality, and a call to firms not to bypass usual security measures.

Partner at Clyde & Co, Helen Bourne said: “It is advisable for ‎organisations to consider the logistical impact and security implications of a greater proportion of a workforce working from home. Communication channels change when a majority of people work remotely and as a result, the confidentiality of documents and information may not be as secure and cyber hackers are aware of these vulnerabilities.

“The likely changes in working conditions in the foreseeable future should prompt companies to review the effectiveness of remote working security policies to protect the confidentiality and privacy of information. Reminding employees of good online security techniques, strong passwords and to guard against phishing emails or security threats over the coming weeks will be essential, bearing in mind the same legal obligations, particularly in respect of personal data, will continue to apply.”

The consequences of failing to adopt suitably robust security measures can have legal implications, and could even lead to a penalty from a regulator, she explained. “It is also not just about taking steps and implementing policies to mitigate security risks but additionally ensuring there is an incident response plan and back-ups in place so that the impact of the compromise is minimised."

Head of cyber response corporate intelligence, crisis management and cyber security firm, SR-M, Oliver Price, added: “In their haste to encourage home working, firms may be tempted to bypass their usual due diligence practices in the rush to set their employees up with remote working and cyber hackers will be rubbing their hands with glee at the prospect of firms dropping their guard on security standards. Employers must prepare for a likely increase in social engineering and phishing emails targeted at their employees, especially firms that have had their offices shut due to a suspected or actual coronavirus case.

“Corners must not be cut when it comes to online security. Employees need to be mindful of phishing emails that purport to come from their employer and ensure they check that the email and email address looks genuine before clicking on any links within it. Furthermore, firms should be vigilant, monitoring the location that staff are logging in from to check any unusual connections from overseas countries. The good news with many companies banning overseas travel at the moment is that connections from unusual locations will be easier to spot.”

    Share Story:


Cyber physical risks
Property damage as a consequence of cyber attack is often excluded from standard property policies, but as the industrial internet of things expands, so too do the risks. This podcast examines the evolving threat landscape. Published October 2021

Financial institutions were early adopters of cyber security and insurance. Are they still on top of the game?
Managing huge amounts of sensitive data online makes financial institutions a prime target for hackers. As such, the sector was an early cohort for insurers in creating cyber cover. Since then, the market has evolved almost beyond recognition. It continues to challenge itself to this day, complying with rigorous regulatory demands and implementing avant-garde enhancements to keep abreast of the ever-changing risks. Published June 2021