How remote working poses an evolving threat to cyber security
Please find an article from Allianz below, exploring the effect of COVID-19 and remote working on IT security.
by Christian Simpson, Senior Cyber Underwriter, Allianz
Following the Government lockdown announcement on 23 March, Allianz, like many insurers, quickly moved the majority of its employees to a home-working model. Fast forward eight months, and the situation remains largely unchanged; data shows that the number of people working exclusively from home in the UK has increased to nearly a quarter of the population (24%.)
This new way of working brings many advantages, such as less time spent commuting and more flexibility. However it’s also served to shine a spotlight on the subject of cyber security and cyber threats.
Moving employees and their equipment offsite immediately introduces new access points for vulnerability. Whereas an office may house a few WiFi routers, the new geographical spread of staff now translates to thousands of routers and networks, increasing exposure across the company’s IT ecosystem.
Video conferencing apps such as ‘Zoom’ experienced a steep increase in usage during lockdown and consequently became a target for hackers. In response, the National Security Cyber Centre issued guidance for individuals and organisations, warning of cyber criminals exploiting the pandemic for commercial gain through activities such as social engineering methods and phishing emails.
Business should also consider the risk of equipment containing sensitive data being stolen if a home is broken into, or a laptop screen being viewed whilst an employee works from a coffee shop.
Repercussions for businesses
Cyber has secured its place as one of the key threats for businesses, along with more traditional perils. A cyber security incident or breach can be a showstopper for any company, and any organisation which deals in data is at risk.
Financial loss is only one consequence of a cyber incident. Companies who experience a cyber breach may find themselves in the position of having to defend an expensive legal case, especially where sensitive data has been lost. This can also raise the interest of the regulator where an organisation has failed to comply with GDPR; fines for this can be as high as €20m (approximately £18m) or 4% of annual global turnover – whichever is greater). Other potential costs include those needed for forensic and/or IT experts and restoration of systems and data. Not least, there may be significant reputational damage.
How can companies minimise the risk?
It’s recommended that organisations implement certain IT security measures, such as VPN (Virtual Private Network) password protection and two factor authentication; the latter involves a system user successfully providing two pieces of evidence in order to verify their identity and log in, such as a password and one time access code.
At Allianz, we’ve invested heavily in our IT security recognising that cyber threats are a continuing and evolving threat. We also continually educate our employees about cyber security, including how to recognise scams and report a suspected cyber or data breach. Simple measures, such as implementing robust password security, should not be underestimated and can help protect company information. Employees should be encouraged to use longer words or phrases with special characters as passwords. We recognise the importance of working closely with brokers on this issue and have run a number of regional broker training sessions in conjunction with our award winning legal partner Norton Rose Fulbright. Our website also hosts a wide range of thought leadership articles and white papers on the topic of cyber security.
Finally, you may want to consider cyber insurance. A comprehensive cyber policy will not only provide cover for first and third party losses, but will also include crisis management support, including help from specialists such as forensic and IT experts, lawyers and PR professionals.
Businesses have long been aware of more traditional risks to their operations, such as fire and theft. However, with many companies currently operating remote working models due to the pandemic, cyber will continue to take centre stage as a catastrophic risk as cyber criminals seek to exploit the situation. Organisations will need to take time to understand their exposures to these threats, both now and in a post-Covid world, taking necessary preventative action to avoid significant disruption.
 Office for National Statistics. Coronavirus and the latest indicators for the UK economy and society: 1 October 2020