During these uncertain times of Covid-19, businesses around the country are looking at ways to protect their staff from COVID-19. Instructing and empowering staff to work remotely has been a common way to encourage social distancing to minimise the spread of the virus. However, this comes with its own set of unique risks and exposures for your organisation.

Remote work arrangements can have security implication and cybercriminals may attempt to take advantage of this. We are already seeing COVID-19 scams being transmitted via text message. See Emergence LinkedIn for more information; whom are a leader in cyber security and protection within the Australia insurance industry. It is essential that adequate measures be taken to ensure effective cyber security is in place and ongoing protection of private data. This guidance is from a risk management perspective only. For any queries relating to insurance cover please contact our office.

WORKING FROM HOME
With flexible work arrangements it essentially opens the business network to unsecure home environments and insecure devices which could result in malware infection, unauthorised access, and reduced data and privacy security. It’s important that businesses and their staff ensure that remote access to business networks is secure so they aren’t vulnerable and business information isn’t exposed.

HOW DO I STAY SAFE?
It is important to set and maintain strict protocols around cyber security and the protection of private and sensitive date, both physical paperwork and files and electronic records and systems. Consider incorporating the following proactive strategies:

BUSINESS PROTECTION

• Review your business continuity plans (BCP) and procedures, which should include a cyber incident response plan.
• Ensure all employees are familiar with who to contact and how to contact them if they have a concern of issue which needs to be addressed.
• Never pay ransom. It’s not always wise to pay a ransom as you are not able to determine where the money will go or if the hacker will repeat this attack.

SYSTEM & DATA PROTECTION

• Ensure that your systems, including Virtual Private Networks (VPN’s) and firewalls, up to date with the most recent security patches.
• Implement multi-factor authentication (MFA) for remote access systems and resources (including cloud services).
• If you use a remote desktop solution, ensure it is secure.
• Ensure your work devices, such as laptops and mobile phones, are secure.
• Ensure that you are protected against Denial of Service (dos) threats.
• Regularly monitor these who have legitimate access to the computer network, and the network itself.
• Ensure your data is backup daily and automatically, ideally with the back-up stored away from the normal premises and not connected to the network.

EDUCATION

• Ensure that your staff and stakeholders and informed and educated in safe cyber security and privacy protection protocols, such as identifying socially engineered email sand messages.
• Have regularly scheduled training and education to help establish positive and secure habits within the workforce.
• Use common sense on the internet and educate all staff about being smart about not exposing yourself to cyber-attacks. Think before you click on unfamiliar links and don’t open strange email attachments. Delete all emails that look suspicious.
  
  STRONG WORKPLACE POLICIES AND PROCEDURES
• Increase your cyber security measures in anticipation of the higher demand on remote access technologies by your staff, and test them ahead of time.
• Develop and enforce a strong password policy with a mix of letters, numbers and symbols that are frequently changed.
• Establish procedures to ensure that all hardcopy files and paper work are continually disposed of securely.
• Make sure staff working from home have physical security measures in place. This minimises the risk that information may be accessed, used, modified or removed from the premises without authorisation.
  
  SOCIAL ENGINEERING FRAUD AWARENESS
• Ensure there are call back procedures with customers or suppliers to authenticate any fund transfer email instructions greater than $50,000 prior to transfer.
• Maintain strong third-party vendor management protocols, but ensuring that any requests to alter supplier and customer details including bank account details is independently verified with a known contact for authenticity.

NEED MORE HELP?
Australian Signal Directorate’s Australian Cyber Security Centre (ACSC) has produced some great advice to help businesses stay secure from cyber threats whilst managing a remote workforce.

COVERAGE UNDER A CYBER INSURANCE POLICY
Cyber Insurance can be arranged to help provide another layer of protection. Coverage can be designed to cover cyber event response costs, loss of profits and any potential litigation which may arise. The costs of insurance will almost always be far less than the cost of shutting down the business in the wake of a cyber-attack.

If you have questions regarding these recommended measures or want to discuss Cyber Insurance further please call your Account Manager, or the office on:

(02)9587 3500 or theteam@wsib.com.au