Cybersecurity and Working Remotely: Are Your Business Clients at Risk?

Cybersecurity RisksThe COVID-19 pandemic has forced many businesses to either temporarily shut down, or remain operational and adjust to employees working remotely in order to protect the health and safety of others. Even as the country begins to slowly reopen, some major companies have already announced that they will have employees work from home until at least 2021. In fact, according to the Society for Human Resource Management, approximately 17% of the HR leaders in 2,284 U.S. companies surveyed said they will very likely allow employees to work from home on a permanent basis in the very near future.

Unfortunately, cybercriminals are taking full advantage of the pandemic and our new normal. And while it’s very likely that your business clients have been diligent in safeguarding their systems and data from cybercriminals, the pandemic has created additional exposures that are putting cybersecurity protocols to the test.

Remote access risks
Simply put, remote access is the ability to access a computer or network, at home or in an office, from a remote location. The risk of remote access services and software is that they can allow a hacker to gain access to a business’s system, exposing it to a host of IT security threats. Once a hacker is inside the system, it can be very difficult to prevent data loss and phishing attacks, or protect against ransomware and other threats.

The following are three remote access risks for businesses to be aware of and guard against.

  • Browser-based attacks. By compromising web browsers (e.g., Google Chrome, Microsoft Internet Explorer), hackers gain entry to end-user systems. Once inside, cybercriminals spread malicious code throughout the company network and steal sensitive data. Web attacks often use social engineering to persuade users to take actions that launch the initial attack. For example, an employee clicks on a link in a phishing email that directs them to a web page where malware downloads to their device.
  • Systems being exposed to unsecured and unreliable wireless networks. Home office internet and Wi-Fi connections aren’t always as secure as those used in the office environment. And the more mobile devices — PCs, tablets and phones — that employees use to conduct company business, the more opportunities there are for cybercriminals. Even smart speakers and virtual assistants pose a significant risk, as cybercriminals use silent ultrasound waves to trigger smart devices in prompting users to reveal their credentials and passwords.
  • The inability to remediate security incidents on remote workstations. Most businesses have network monitoring and security tools to protect their systems and to catch hackers before they gain access to employee computers. Some businesses even have dedicated on-site IT experts. However, all that protection goes away when an employee works remotely. With employees away from the business network and its security safeguards, the attack surface for hackers is increased. When a system compromise is suspected, having off-premises employees can make it difficult for businesses to immediately identify and respond to the threat and prevent further damage.

As cybercriminals actively take advantage of employees working remotely, businesses are at increased risk of losing valuable intellectual property, sensitive data and financial information. And while no cybersecurity solution is foolproof, businesses can better mitigate damage from an incident with a layered approach that includes employee education, industry best practices and cyber liability insurance.

At FastrackCE, we make it easy for insurance professionals like you to maintain current CE licensing requirements so you can continue to serve your clients. When you need us, we can help. For more information, call 800-544-3605 or visit us at fastrackce.com.

This entry was posted in Insurance, News & Events and tagged , , , , , , , , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *