Does Cyber Insurance Cover Employees Working From Home?

When your employees work from home, this will pose new challenges to your cyber security.

If your employees are working from home on a temporary or permanent basis, they should have cover under your cyber insurance policy. You should take precautions and ensure all equipment and working processes are as safe as possible.

In this article, we’ll cover questions such as:

• Are my employees protected under my cyber insurance?
• Will working from home put my customers’ data in danger?
• Do cyber attacks happen more often when working from home?

Working from home leaves your company’s data vulnerable. Out of a controlled environment, you cannot be sure that the computer equipment your employee is using has sufficient protection. You also cannot watch what happens, or be there if they let their guard down.

Cyber insurance and working from home

For many of us here in Ireland, working from home has become the “new normal” after COVID-19. But, with an increase in time spent doing work-related activities from our own homes comes an increase in the risk of cyber attacks.

The reason for this is simple: you probably did not purchase your domestic wifi network and personal digital equipment with stringent cyber security in mind. For example, does your home computer or laptop offer sufficient protection for your work? Is your wifi network easy to access? Many criminals will seek to exploit the current crisis and penetrate your business’s defences via these unsecured home networks.

Even after COVID-19, we can expect the number of Irish citizens working from home to rise. For this reason, businesses should strongly consider purchasing cyber insurance which covers these at-home employees.

Cyber security company Cynet has identified two main trends in information security breaches in recent times. The first is attacks which aim to steal remote user credentials for logging into workspaces and company accounts. The second involves weaponising email to launch phishing attacks and install malware which home email software may not detect.

Risks of working from home

Remote working poses serious data security risks to companies. When working from home, employees will be at a distance from security measures, both cyber and physical, which they would otherwise enjoy within an office environment.

Many people thrive when working in a home environment, and the improvements are often felt on a company-wide basis. However, companies should remain sensitive to their employees’ preferred working style, and need to remain vigilant to any signs of lapses. This is because some employees’ homes are simply too distracting, or the upheaval too much to cope with, leading to decreased concentration.

Unfortunately, the majority of data breaches result from human error and not from cyber attacks from an unknown source. Weak passwords, failing to update security software and clicking malicious links in spam are all examples of where your security can leak.

You need to inform your employees of the importance of cyber security when working from home. Under the General Data Protection Regulation 2016/679 (the “GDPR”) a data protection breach can result in a company receiving a fine of up to €20 million or 4% of the company’s annual global turnover. The fact is, data security is of real concern to employers for financial as well as moral reasons. And if your company must cease trading because it cannot afford a fine, the perpetrators of the mistake leading to a security breach will lose their job.

Secure your remote working environment

As more and more teams transition from office spaces to home-based setups, they face many challenges when it comes to cyber security. Online working environments need a different management style than physical, so you may find there’s a bit of a learning curve.

Take the time to create a new cyber security policy. This will set out in black and white what you expect from your employees, now and in the future, and how they can comply. Be sure to address the following:

• How employees determine if their WiFi connections are secure
• Anti-virus updates and installation
• Backup strategies and cloud storage
• Approved privacy tools for remote teams and add-ons for browsers

Depending on your industry and what your business offers, you might need to include policy statements on:

• Protecting medical devices from criminal hackers
• Knowing the sites of email phishing campaigns and fraudulent messages
• Establishing safe VPN connections
• Securing cloud-based vulnerabilities and data access points
• Sharing data and passwords (among other sensitive information)

It goes without saying that once you create a cyber security policy, you must update it regularly to ensure it stays as robust as possible.

Wondering about how your business can implement cyber insurance? Call and talk to our cyber insurance experts today.