In light of possible workplace disruption caused by the escalating threat of the Coronavirus (COVID-19), your IT personnel should by now be assisting you in enabling most or all of your work force to work from home. But while businesses are busy preparing IT contingency plans, other “IT experts” are preparing too: hackers. The greater the number of people working from home, the larger the risks to company security. Hackers are well aware of employees accessing the network from outdated home routers and computers that haven’t been scanned for viruses since Barack Obama left office, people logging onto the local Starbucks Wi-Fi and even leaving laptop screens visible with company information while they refill their mocha lattes. The time to hold the fire drill isn’t when you smell smoke, and the time to get security in order is not when the employees have locked the office door to work from home.
Inexpensive, common-sense steps to ensure the company’s data remains secure include an immediate virus scan of your systems; redistribution of the company’s network access policies accompanied by emails from management about areas of greatest concern and focus; refreshers on safe access to the network; and review of the company’s insurance policies in the event malware is introduced to the system.
Some key questions to consider are: What information would be needed in the event of a shutdown? How would you prove the value of a business interruption? Does your company carry cyber risk insurance or other policies with business interruption coverage? If so, does your insurance carrier provide for appointment of a forensics consultant to help the company get the systems back up?
Finally, check your agreements with your customers and vendors. Does a virus, human or computer, qualify as a force majeure event that could excuse performance?
Prudence rather than panic indicates that taking the above steps to adequately prepare and equip the company to handle COVID-19 related disruptions, and securing the right advice now, is good risk management practice as the spread of the virus continues and the repercussions become clearer.
If you have questions regarding preparation for and mitigation of potential cyber risks that may result from the spread of the virus, please contact Kenneth Rashbaum.
Read all BARTON CLIENT ALERTS – CORONAVIRUS RISK MANAGEMENT
Identify the Business Risks from COVID-19 to Manage Them (MAR 05, 2020)