Securing the Remote Office – Jennifer Tonner, JMP Ltd.

3rd February 2021

In 2021 the need to make smart decisions on top business priorities and our budgets has never been greater. COVID-19 has had far-reaching effects on the world and our daily lives. In terms of cyber risk, it has presented a new opportunity to cyber criminals to exploit fears and misinformation. COVID scams relating to the vaccine, fake testing kits, PPE and anything else you could think of have become staples of social engineering and cyber crime. It has been reported that a quarter of COVID-related domains are malicious or suspicious and Google has declared it is the most used phishing topic of all time. Concurrently it has massively accelerated the shift to remote working and changed the way the workforce operates – possibly forever. This raises the question – how do you secure the remote office?

Within the first few months of the pandemic, the National Cyber Security Centre reported more than 2,000 online scams related to coronavirus. It is hardly surprising that nearly half of organisations (47%) feel more vulnerable since the move to working from home and 21% say they do not understand the protection that is available to their business.

To fight back there are several stages to formulating your risk management strategy:

Risk assessment – The first step is to consider where your risks lie. Think about your worst case scenarios. How quickly would you lose revenue in the event of an attack? Are you reliant on any third party systems? Where do you fit within your supply chain? What are your legal responsibilities? These are just a few of the questions you should seek to address at this stage.
Policies and procedures – It is not only important to have these procedures in place but to make sure you review and adapt them frequently so that they are still relevant to a remote workforce. Most importantly communicate these with your staff clearly so they understand their responsibilities and a culture of openness and collaboration is created.
Robust data management – You need to consider the type of data you hold. If you hold personal data you need to ensure you are in compliance with the relevant data protection legislation in both your storage and processing. You also need to ensure that this is secured to the highest standard and be prepared to deal with the appropriate authority following a breach. If you have operational data you need to consider how this is vulnerable and ensure you have sensible backup procedures.
Training – The vast majority of cyber incidents can be traced back to human error – some estimates state up to 90%. It is crucial to be able to trust your staff but in order to do this, you need to ensure they have the knowledge and confidence to perform their role safely particularly when working with the distractions of the home environment. Training is the best way to create a cyber secure culture.
Incident response planning – It is also essential to have a plan in place for how you will deal with any incidents. In an effective IRP, each step will be clearly communicated and key members of staff will know their responsibilities in case of a cyber event. It will save valuable time and mitigate any loss if you are able to respond quickly.

There are tools available that can help you with every step of this process that accessible to every business on every budget.

Your preparation is will put you in the best position but even with the best security and culture, you may still have a cyber incident.

Cyber insurance is key to your resiliency.

A cyber insurance policy should form a critical part of your incident response plans. Having the right cover in place means you have access to the right solutions at the most critical time for your business. A cyber insurance policy can pay for your liabilities to others but it can also ensure you do not lose revenue to network downtime. Even the time it takes to rebuild can be covered whilst your insurer helps you to rebuild your systems and business. It will also connect you with the professionals you need when you need them to investigate and fix your issues, address any legal or regulatory ramifications and help you manage the message with public relations support.

As the saying goes; a reputation takes years to build and seconds to destroy. 60% of small businesses fold within 6 months of a cyber incident.

Cyber insurance is a vital lifeline.

The challenges which have been thrust upon businesses over this last year can also be viewed as an opportunity. Now is the time to rethink your business risk management strategy to adapt to the changing threat landscape.

END