Another virus risk: home working raises cyber worries
Businesses face increased cyber risks that may not be covered by insurance as they send staff home to work on unsecured personal devices and criminals step up attacks using scams and malware.
Cyber Indemnity Solutions CEO Greg Hodgkiss says it is highly unlikely an attack would be covered by insurance policies that are issued on the understanding that a business has taken certain security precautions around its own infrastructure.
“The problem with a home-owned device is that it doesn’t come under any form of management to ensure standards are being kept up to date,” he told insuranceNEWS.com.au today.
“It’s not just anti-virus software; it is router systems that are unsecured, and other software on home computers. It is a whole raft of things that would give insurers an out.”
The Australian Signals Directorate has issued a statement advising organisations not to overlook cyber security as they focus on protecting the health of employees and the wider community amid the coronavirus pandemic.
“As more staff may work from home, and the use of remote access technology increases, adversaries may attempt to take advantage,” it said.
“ASD’s Australian Cyber Security Centre (ACSC) encourages Australians to remain vigilant and ensure sound cyber security practices.”
Cyber specialist Emergence says its policy is designed with working remotely in mind and covers IT infrastructure that is owned, leased, rented or licensed by the insured and used in conducting the insured’s business.
“That means if a cyber event emanates from a computer or laptop or other device being used by the insured’s employees at home, the policy will respond to cover the cyber event for response costs, loss of profits and any potential litigation that may arise,” the company says in a post on its website today.
Emergence says it is aware of multiple reports of coronavirus-themed scam texts being sent to members of the public, and has warned against clicking on links in the phishing scams.
Suncorp also says scammers are using COVID-19 to target people with phishing emails and malicious websites using its name.
“Beware of emails/texts message from unknown sources and do not click on any links,” it says. “If you receive a suspicious message from Suncorp please delete it immediately.”
Mr Hodgkiss says criminal syndicates have become more sophisticated in their use of malware, which can sit undetected stealing data before any more obvious impact or demand for ransom.
Insurtech Cyber Indemnity Solutions offers cover underwritten by Lloyd’s and also provides artificial intelligence (AI) driven security that aims to monitor and stop malware before it can create wider problems.
“The biggest threat at home on devices is people are jumping on all sorts of sites that are being targeted,” he said.
“If we can secure the endpoints, which are all the personal devices, it stops a malware virus ever getting to a connection somewhere else.”