Last night I found out the cyberrisk conference I was scheduled to attend this morning had been changed to a “virtual” meeting. With so many events being canceled or postponed out of an abundance of caution over the spreading COVID-19 virus, it was nice to know the show would go on safely.
I’d already been working from home (thank you, Triple-I!) to avoid exposure during my train commute and potentially becoming a “vector” to family, friends, and co-workers. As I waited for the event to begin, I scrolled through my news feed and spotted several stories about risks related to increased remote work.
Cyberrisk featured prominently in these articles. Unprotected devices, they warned, can lead to data losses, privacy breaches, and ransomware attacks.
One article alluded to campaigns designed specifically to tap into concerns around COVID-19.
“We are already seeing targeted phishing campaigns globally,” said New Zealand Health IT chief executive Scott Arrol. “The cyber virus taking advantage of the biological virus.”
Arrol said hackers seeking to exploit fears of Covid-19 are sending fake ads or links with online viruses.
The message “might look like it has come from the World Health Organization, inviting you to register for more information,” he said. “You click on that link, you’ll be taken to fill out a form and then suddenly…you’re giving away personal information you shouldn’t.”
Insurance broker Aon has issued an advisory cautioning employers to take steps to ensure that work-from-home employees can connect to secure remote networks, a Claims Journal article says.
“Any time you’re taking about employees who are not used to working from home, who may not have the correct cybersecurity posture, a virtual private network (VPN) is critically important and having two-factor authentication is critically important,” Aon Senior Vice President Stephanie Snyder said.
A VPN connects remote users or regional offices to a company’s private internal network. Two-factor authentication adds a layer of security beyond a password to make sure a user is authorized to access the system.
Snyder added that telecommuters may be tempted to work from their laptops at a coffee shop – potentially exposing their computers to intrusion. She said employers need to have strict security protocols in place to avoid such exposures.
So, I wasn’t surprised when one of the first speakers at the event I was “attending” mentioned viral epidemics like COVID-19 as something underwriters just a few years ago would not have considered a factor in assessing cyber risk but now should.
As I’ve written before, increasingly interconnected risks require a holistic approach to risk management – one that takes into account preparation, mitigation, and built-in resilience. As COVID-19 has spread beyond its origins in Asia, we’ve been hearing more about the importance of hygiene and of maintaining “social distance.”
Technology can help us maintain social distance, but the devices we rely on need to be managed and protected, lest they make us even more vulnerable.