Submitted by Assurance

With a rise in cyber security and privacy concerns, we’ve seen an increase in inquiries from our insureds concerning how their businesses are being impacted. In response to this, our partners at MMA have put together a list of best practices to consider regarding security and privacy concerns.

1. Ensure privacy of employee information. Remind employees not to share sensitive information publicly if an employee (or family member) has been or is suspected to have been diagnosed with Coronavirus.
2. With the increased numbers of employees working from home, especially for those who may not be accustomed to doing so, it is recommended to remind employees of corporate mobile device and remote access policies (i.e. mobile device policies, email/internet usage). Also, if not already implemented, require Security Application Gateway or VPN (Virtual Private Network) to access corporate systems and ensure multifactor authentication (MFA) where applicable. 
   
   Additional tips from CSOonline.com: 8 Key Security Considerations For Protecting Remote Workers.
3. Remind your employees of your organization’s data security policies, including the policy that we see many organizations have in place that mandates not sharing corporate information with non-approved and/or personal email systems.
4. Be wary of coronavirus related emails that may lure employees to click on malicious links and download malware/ransomware which may further interrupt your technology infrastructure by encrypting your network files and subjecting your organization to a potential ransom demand.
5. Do not connect nor download corporate documents/materials via non-approved or non-corporate managed devices (i.e. flash drives).
6. Protect mobile devices and sensitive paper document in transit (to avoid car theft) and at home in compliance with mobile device policies.
7. Presuming employees’ increased reliance on teleconferencing, review contracts with mobile conference systems providers (i.e. Skype, Zoom, etc.) pertaining to the security/privacy safeguards they employ. Review responsibility, collaboration and indemnity provisions in the event of a system or security disruption and/or privacy event (i.e. eavesdropping, etc.).
   
   National Institute of Standards & Technology (NIST) Virtual Meetings Best Practices
8. If you are faced with supply chain disruption, maintain due diligence in seeking alternative suppliers/vendors from a systems and connectivity standpoint, without sacrificing security controls, data integrity and contractual standards.
9. Review your cyber liability insurance policy to ensure how it will respond to security/privacy infiltrations within a remote desktop employee environment. Most updated policy forms affirmatively cover unauthorized access into the organization’s network/system/environment via remote desktop protocol (for example), although each policy differs in coverage. Remind employees to report suspected activity or infiltrations of their home network to their IT/Information Security team in accordance with your incident response plan and cyber liability policy.
10. For multinational organizations and organizations that may have care, custody or control of non-US citizen data, be mindful of the individual collection, retention and safeguarding guidelines by various Data Protection Authorities, especially in light of COVID-19. Guidelines from International Association of Privacy Professionals (IAPP) Global Data Protection Authorities.

For additional insight or questions to protect your organization from cyber threats, be sure to contact a member of the A-Team today.