As more of America’s workers were asked to work from home due to the COVID-19 pandemic, cyber criminals jumped at the opportunity to take advantage, it seems. Remote work means work being handled on the cloud as employees share files and need a convenient way to access them. But cyber criminals are banking on workers letting down their guards when they work from home, so it’s no surprise that while cloud service usage among enterprises jumped 50% between January and April, external attacks on cloud accounts boomed 630% in the same period. Also, hackers and other cyber scammers orchestrated systematic attacks on collaboration tools like Cisco WebEx, Zoom, Microsoft Teams and Slack, according to the “Cloud Adoption & Risk Report – Work from Home Edition” report by McAfee. The risk to enterprises cannot be overstated as criminals try to take advantage of the sudden shift to telecommuting by thousands and thousands of organizations as they try to cope with the COVID-19 pandemic and continue operating during stay-at-home orders. Employees are your first line of defense. You can protect your company by encouraging them to be skeptical of e-mail from unfamiliar sources. 

Training your staff

The preferred method hackers use to gain access to network and cloud files is through phishing and ransomware attacks. Consulting firm PricewaterhouseCoopers recommends coaching your staff to take the following precautions, particularly on their mobile devices: 

• Be skeptical of e-mails from unknown senders, or from people (like your company’s CEO) who do not usually write directly to you.
• Don’t click on links or open attachments from those senders.
• Don’t forward suspicious e-mails to co-workers.
• Examine the sender’s e-mail address to ensure it’s from a true account. Hover over the link to expose the associated web addresses in the “to” and “from” fields; look for slight character changes that make e-mail addresses appear visually accurate – a .com domain where it should be .gov, for example.
• Grammatical errors in the e-mail text are a sure sign of fraud.
• Report suspicious e-mails to the IT or security department.
• Install the company-approved anti-phishing filter on browsers and e-mails.
• Use the corporate-approved anti-virus software to scan attachments.
• Never donate to charities via links included in an e-mail; instead, go directly to the charity website to donate.

Cyber Insurance

Cyber insurance is designed to protect your company by insuring you for network security issues, privacy, interruption to your business, media liability, and errors and omissions. For phishing, ransomware and other cyber attacks, the network security and business interruption portion of the policy would mainly come into play. Network security coverage – This includes first-party costs. That is, expenses that you incur directly as a result of a cyber incident, including:

• Legal expenses
• IT forensics
• Negotiation and payment of a ransomware demand
• Data restoration
• Breach notification to consumers
• Setting up a call center
• Public relations expertise
• Credit and identity monitoring
• Restoration

Business Interruption

Business interruption – When your network, or the network of a provider that you rely on to operate, goes down due to an incident, you can recover lost profits, fixed expenses and extra costs incurred during the time your business was impacted. This includes loss arising from:

• Security failures, like a third-party hack.
• System failure.