How businesses can stay cybersecure during COVID-19

Insurance brokerage Gallagher has issued tips on how those who have moved to a remote-work basis amid the coronavirus (COVID-19) pandemic can deal with the increased pressure on their cybersecurity risk management.

Read more: Coronavirus to have implications for Australian businesses and insurance

Read more:  Marsh: Organisations need to be ‘proactive’ as coronavirus multiplies

Gallagher said significant amount of pressure may come from the need to comply with all applicable privacy, data security, and confidentiality laws in handling sensitive, health-related information they collect from their employees as they work to mitigate the spread of the illness, as well as in keeping remote staff cybersecure.

The insurance brokerage suggests these tips to increase the cyber protection of remote workforce:

• Allow network-access only through virtual private networks (VPNs)
• Require strong passwords and multi-factor authentication
• Be extra alert for cybercriminals using the higher remote traffic to mask their efforts to exfiltrate data
• Remind employees:
  • about heightened social engineering risks, methods, and defences amid the COVID-19 situation
  • to keep their laptops within their physical control, and their screens hidden from others, at all times when they are in public places
  • never to provide login credentials in response to an email request
  • log off when not using network, even when at home
• Tighten the scope of authorisation for any financial processes and monetary transfers and the appropriate verification of each authorisation

Last but not least, Gallagher stressed the importance of taking up adequate cyber insurance protection for when cyber breaches arise despite companies’ best efforts.

“Companies with dedicated cyber insurance policies (or, where appropriate, combined cyber/E&O policies) will likely find coverage for many of the costs they will incur from these incidents,” Gallagher said.

The Australian Cyber Security Centre has also sent out guidance on how to stay secure while staff work remotely.