Firms have been urged to check their insurance cover to ensure their policies will offer protection for staff forced to work remotely.
As millions of workers across the world are forced into home working Oliver Dent, Senior Associate at law firm Kennedys, and member of the London Forum of Insurance Lawyers (London FOIL), warned that cyber criminals are seeking to take advantage of the uncertainty caused.
“On 18 March, two prolific ransomware groups (Maze and DoppelPaymer) publicly promised to not attack medical institutions during the coronavirus pandemic,” he said. “However, healthcare organisations unfortunately cannot rely on the kindness of criminals, and there are a huge number of other criminal hacking groups that are continuing to exploit this period of international crisis with one simple aim – to make money.
“Furthermore, over the past few weeks we have seen a rise in cyber-attacks across the market which are specifically designed to prey on employees who are now working from home and organisations that are facing disruption as a result of this huge organisational shift.”
Mr Dent said the criminals were seeking to prey on the fears of firms and staff over the impact of COVID-19.
“Many of these scams are conducted by way of “phishing emails” which encourage users to click a link or download an app,” he explained. “This leads to them either unwittingly entering their personal information or results in ransomware being deployed on their device. Some examples of the phishing emails we have seen include a link to access a fake government tax rebate scheme, a coronavirus tracking app, and an invitation to download software said to be required to enable the user to work from home.
“A few simple clicks can lead to entire systems being encrypted or allow cyber criminals access to email mailboxes where they can sit, undetected for weeks or even months. This increased and evolving risk is likely to result in the risk of data breaches and severe financial implications for organisations (at a time of financial uncertainty) and is likely to further increase the take up of standalone cyber insurance across all sectors.”
He warned firms to ensure their corporate insurance covers were broad enough to include the risks around remote working.
“Most standalone cyber insurance policies will be designed to cover employees working from home, but it is now increasingly important for organisations to ensure that their policies are broad enough, and that the definition of an Insured’s computer network caters for this scenario,” added Mr Dent. “It is now easy to imagine a situation where the activities of an Insured’s employees, using their own personal equipment, cause the Insured to suffer breaches or cyber attacks. It is quite possible that we will start to see coverage issues arising in this context.”