Cyber Security and Privacy Concerns: COVID-19

by Kurt Murray, Assurance Agency

With a rise in cyber security and privacy concerns, we’ve seen an increase in inquiries from our insureds concerning how their businesses are being impacted. In response to this, our partners at MMA have put together a list of best practices to consider regarding security and privacy concerns.

  1. Ensure privacy of employee information. Remind employees not to share sensitive information publicly if an employee (or family member) has been or is suspected to have been diagnosed with Coronavirus.
  2. With the increased numbers of employees working from home, especially for those who may not be accustomed to doing so, it is recommended to remind employees of corporate mobile device and remote access policies (i.e. mobile device policies, email/internet usage). Also, if not already implemented, require Security Application Gateway or VPN (Virtual Private Network) to access corporate systems and ensure multifactor authentication (MFA) where applicable.
  3. Remind your employees of your organization’s data security policies, including the policy that we see many organizations have in place that mandates not sharing corporate information with non-approved and/or personal email systems.
  4. Be wary of coronavirus related emails that may lure employees to click on malicious links and download malware/ransomwarewhichmayfurther interruptyourtechnologyinfrastructurebyencryptingyournetworkfilesand subjecting your organization to a potential ransom demand.
  5. Do not connect nor download corporate documents/materials via non-approved or non-corporate managed devices (i.e. flash drives).
  6. Protect mobile devices and sensitive paper document in transit (to avoid car theft) and at home in compliance with mobile device policies.
  7. Presuming employees’ increased reliance on teleconferencing, review contracts with mobile conference systems providers (i.e. Skype, Zoom, etc.) pertaining to the security/privacy safeguards they employ. Review responsibility, collaboration and indemnity provisions in the event of a system or security disruption and/or privacy event (i.e. eavesdropping, etc.).
  8. If you are faced with supply chain disruption, maintain due diligence in seeking alternative suppliers/vendors from a systems and connectivity standpoint, without sacrificing security controls, data integrity and contractual standards.
  9. Review your cyber liability insurance policy to ensure how it will respond to security/privacy infiltrations within a remote desktop employee environment. Most updated policy forms affirmatively cover unauthorized access into the organization’s network/system/environment via remote desktop protocol (for example), although each policy differs in coverage. Remind employees to report suspected activity or infiltrations of their home network to their IT/Information Security team in accordance with your incident response plan and cyber liabili ty policy.
  10. Formultinationalorganizationsandorganizationsthatmayhavecare,custodyorcontrolofnon-UScitizendata,be mindful of the individual collection, retention and safeguarding guidelines by various Data Protection Authorities, especially in light of COVID-19. Guidelines from International Association of Privacy Professionals (IAPP) Global Data Protection Authorities.

For additional insight or questions to protect yo ur organization from cyber threats, be sure to contact a member of the A-Team today.

Kurt Murray is a Principal at Assurance with a focus in the staffing industry. With over twenty years of experience, his primary client responsibility is to provide cost-effective solutions and develop insurance programs that are individualized to a company’s specific needs. He deems it necessary to fully understand a client and their specific needs to properly develop their risk management program. Kurt graduated from Northern Illinois University with a degree in Finance. He has presented at numerous staffing industry events and conferences, including TempNet, American Staffing Association, TRICOM, and Staffing Services Association of Illinois.

Add new comment

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.