Why Risk Assessment is Critical in Addressing COVID-19 Cybersecurity Threats
For many businesses, the COVID-19 pandemic has drastically and negatively affected their security due to issues arising from permitting or directing many, if not all, of their employees to work remotely from home or elsewhere to avoid virus transmission.
In this work structure, technology has become more important than ever. Unfortunately, all too often remote activity is not a ‘cyber-safe’ working environment since remote-working individuals do not often enjoy the inherent protections afforded them at their place of business.
Some of the major factors contributing to critical cyber security threats in a remote work environment include:
- Bring Your Own Device (“BYOD”) policies for phones, tablets and laptops. Businesses can meet this issue effectively for employees by instituting Corporate Owned Personally Enabled (“COPE”) policies.
- Human error, prevalent before COVID-19, is greater now as a cyber security issue. Human error can be addressed in many ways including time-outs in key information systems and automated controls.
- Remote-working employees untrained in enhanced cyber security issues.
- Increased activity of cyber criminals targeting less secure remote systems and usage.
What can you do to help your business combat increased, COVID-enhanced cyber security risks? Begin with the importance of risk assessment as a necessary first step in dealing with cyber and COVID-19 exposures.
Your risk assessment must be thorough and comprehensive, price effective and have a rapid turnaround. This is particularly important now with the exposures changing rapidly in scope, kind and numbers.
To be useful to your business, any thorough assessment report must include recommended remediations and check lists. For flexibility, the process yielding a report should be algorithm-based. A full report should be ready for you in a matter of days, not weeks or months.
An effective process will assist underwriters in placing the right coverage and assist claims folks in determining if a claim is covered, all of which will likely save you a lot of time and expense.
An informed and well-crafted process will allow you to make informed decisions as to whether to fix, ignore or transfer given exposures.
If you have any questions regarding the foregoing, please contact Edward M. Dunham Jr. at (215) 241-8802 or edunham@sgrvlaw.com