As the impacts of the coronavirus pandemic spread across the globe, many companies are responsibly embracing the idea of “social distancing” in an effort to slow the spread of the coronavirus, and “working from home” has become the new norm for a lot of companies.
Like many companies our employees have been asked to work remotely, there are benefits that remote working provides in helping the spread of coronavirus, but with it comes its own set of cyber risks.
Unsecured applications and remote data sharing
One of the initial “shadow IT” effects of the pandemic is that a slew of new companies had to facilitate new workflow processes and applications to accomplish their work tasks. The use of cloud applications such as video conferencing tools, CRM systems, and workflow management tools have exponentially increased, with little or no consideration of the underlying risks to the customer’s data or the cybersecurity threat that they may be introducing.
As a general back practice, we recommend that companies should require employees to test their ability to work remotely. These tests should include at a fundamental level: 1) testing of internet connectivity bandwidth and security (ie a public hotspot would NOT be deemed appropriate), 2) rules concerning location and sharing of confidential data with another person that is in their household 3) the ability to shred and protect confidential information they may have printed.
Monitoring and control of cloud applications
Accessing company networks in an insecure manner is not a new risk, but its profile is raised by the prospect of an entirely remote workforce and the use today of many cloud applications that outsource functionality of key components of their business to third-party “partners”. Companies have in the past attempted to combat this risk through a combination of formal policies, such as a remote access policy, security policy, or BYOD policy, as well as security tools and by requiring access to company networks, shared drives, and sensitive corporate information through a virtual private network (VPN) if at all possible.
However, VPNs alone are not a bulletproof solution, since many websites allow connectivity directly to these cloud applications. Our analysis shows that many applications are now directly accessible through the cloud.
THE MAJOR INCREASE IN CYBER LIABILITY AND RISK
For many companies, the use of 3rd party cloud applications has become the norm in the execution of their business models and the expansion of these applications is going to grow at an exponential rate as remote work-force employees utilize them to meet the workflow demands that companies place on them. However, the utilization of these apps brings enormous financial and liability risks that many corporations have not adopted a correct risk strategy around.
HOW TO LOOK AT YOUR RISK AND SHOULD YOU BUY CYBER INSURANCE
Best practice suggests that you should look into your risks in three main buckets:
- Informational Risk
- Data Breach
- Customer & Employee Information
- Confidential Corporate Information
- Privacy Risk
- Regulatory Liability
- Consumer Privacy Rights
- Contractural Indemnifications
- Operational Risk
- Reliance on technology to operate
When calculating your exposure to these risks cyber insurance companies will asses your financial risk and liability based upon three main areas:
- Data Breach Modeling
- Business Interruption Modeling
- Contractural Identity Modeling
The COVID-19 pandemic has changed how the world interacts, and the new reality for many companies involves a remote workforce and increased utilization of 3rd party cloud and with them come inherent cyber risks.
WHAT WILL A CYBER LOSS INCIDENT COST ME TODAY AND DO I NEED CYBER INSURANCE?
According to HIPAAJournal.com
“Average Data Breach Costs $3.92 Million
Over the past five years, the average cost of a data breach has increased by 12%. The global average cost of a data breach has increased to $3.92 million. The average breach size is 25,575 records and the cost per breached record is now $150; up from $148 last year.
Globally, the healthcare industry has the highest breach costs with an average mitigation cost of $6.45 million. Healthcare data breaches typically cost 65% more than data breaches experienced in other industry sectors.
Data breach costs are the highest in the United States, where the average cost of a data breach is $8.19 million – or $242 per record. The average cost of a healthcare data breach in the United States is $15 million.”
HOW TO CONTROL COSTS AND KEEP CYBER INSURANCE PREMIUMS LOW AND ULTIMATELY MAKE SURE THE LIABILITY OF AN INCIDENCE IS BORN BY THE CORRECT PARTY.
At Lokker we have a solution that offers you the ability to take back control of all these applications and reduce your risk and can assist insurance companies in subrogating the claims. How does it work?
At a high level, our service allows you to utilize all these cloud apps but still retain the same level of control and visibility to your data.
Now is a great time for companies to reinforce some basic cyber hygiene tools and practices to meet these increased cyber risks head-on and use a remote working environment to their advantage. If you would like to learn more about our services contact us at the link below.