In these days of emergency linked to the spread of the new coronavirus, many companies worldwide have adopted the smart working solution. The risk related to corporate data security is underestimated for those companies that have allowed their employees to work in “smart-working” fashion. It is indeed true that this method brings numerous advantages, but we would like to raise the attention of firms also to its threats, something we already did during a recent MPL webinar.
And indeed: what degree of security can corporate computers – and private ones, because not everyone has them – have, when it comes to a home WiFi network, through which employees access their work documents? How improvised is the solution and how truly reliable and safe? If the employer, on the one hand, can see the advantages from an economic point of view (i.e. continuity of service), on the other hand he/she must be very careful to avoid that a solution that is in principle advantageous, brings far more substantial financial and reputational damages.
Unfortunately, we live in a worse world than we think and these days there are countless fake Covid-19 themed e-mail alerts that actually hide cyber security threats and major network violations. A shameful form of “digital looting”, with the intention of bringing other types of “infections” online, while taking advantage of the one spread in the real world.
In addition to verifying – as also in the ordinary workplace – that the employee uses company devices for the sole purpose of work, it is necessary to set up user accounts with limited access, encrypt data and establish connections to company data via VPN, with minimum security protocol like the OpenVPN type. It would also be advisable to encrypt the data present on external devices and to set up DLP – “Data Loss Prevention” procedures. Company IT consultants will be able to provide detailed guidelines.
Once minimum safety standards are guaranteed and procedures are followed (companies – regardless of size – should provide their employees with detailed guides), firms should think about protecting themselves from an insurance point of view, with cyber risk policies, whose offer on the insurance market is constantly evolving.
CARE MPL has been a pioneer in cyber insurance consultancy activity aimed at Italian and foreign companies. Cyber risk is now known above all for coverage against hacker attacks, but actually offers a whole series of protections, against business interruption for example, or with reimbursement of costs for the recovery of data and systems, plus in some cases also reputational damage.
Cybernetes, CARE’s cyberconsulting program on the market since January 2018, wants to put customers back in a secure position of trust and control over their virtual assets, following in-depth assessments regarding actual risks and compliance with GDPR legislation (EU companies).
Subject to local compliance, we’d be happy to review your requirements, so do contact us!