Excess & Surplus
Specialty Risk Coverages
Life at AmTrust
AmTrust PolicyWire Blog
Remote Workers Can Be a Cybersecurity Risk
Remote Workers Can Be a Cybersecurity Risk
The number of employees working remotely has grown exponentially – a 159% increase between 2005 and 2017 – according to
a recent report
based on information from the U.S. Census and Bureau of Labor Statistics, Global Workplace Analytics and FlexJobs. Additional highlights from this report include:
The increase in remote workers can be attributed to several factors.
states that the variety of benefits remote workers enjoy can improve a business’s bottom line. Employees are more efficient as they encounter far fewer workplace distractions than in an office setting. They tend to experience less stress, as they don’t need to commute in heavy rush hour traffic, and those reduced stress levels lead to higher morale and more job satisfaction. Companies also incur less overhead and operating costs to keep the business running smoothly.
All indications are that remote work policies or work-from-home benefits will continue to become more commonplace among businesses. It also means an ongoing threat to cybersecurity for businesses offering this benefit to their workforce. Let’s take a closer look at remote workers, the cyber risks they present and tips on how to minimize them.
Risk #1: Lack of Cybersecurity Training and Established Best Practices
Small Business Trends
reported that 48% of cyber attacks were due to a negligent employee or contractor. Ensuring that there is a training program in place for best practices on security is paramount in defending against cybersecurity threats. It is vitally important that everyone in the company, especially those who work outside of the office, are up-to-date on all security policies.
Cybersecurity training for employees
should be an ongoing process. Businesses should consider doing more to ensure all employees are consistently updated about any potential security vulnerabilities, as well as how to recognize them and avoid them. A
report from Small Business Trends
states that “while many small businesses are concerned about cyberattacks (58%), more than half (51%) are not allocating any budget at all to risk mitigation.” The investment of a robust cybersecurity training program is a small price to pay when compared to what a data breach could cost the organization.
Risk #2: Using Unsecured Wi-Fi Networks
Employees often access company networks using Wi-Fi from popular locations (such as a coffee shop), making them more susceptible to the risk of an online attack. iPass, a technology company that provides global mobile connectivity to enterprises, mobile operators and brands, conducted a
mobile security report in 2018
that yielded the following results:
81% of CIOs said their company had experienced a Wi-Fi related security incident in the last year
57% of CIOs suspect their mobile workers have been hacked or caused a mobile security issue in the last year.
62% of Wi-Fi related security incidents occurred in cafés and coffee shops
No authentication is required on most public Wi-Fi networks. This means the connections are not encrypted and could make it easy for malicious actors to steal data or access credentials. Cyber thieves position themselves between a person with an unsecured device and the connection point or spoof the connection point which means information is intercepted by the malicious actor.
How to Use Public Wi-Fi Safely
Always use a virtual private network (VPN).
A VPN serves as a buffer between the Wi-Fi connection and the mobile device. Any transmitted data is then encrypted to protect it from tampering and interception. Use a trusted and reputable VPN provider. While some providers charge a fee of around $10 for monthly service, some are free. Small businesses that use a Wi-Fi-related VPN will not only mitigate security risks, but also lower their risk profile, which may qualify them for a cyber liability premium discount.
Use SSL or TLS connections.
Although most people are not as prone to use a VPN, they can easily add encryption to communications by enabling the "always use HTTPS" feature on a mobile device. This ensures a secure connection to sites and is vital for any site where financial credentials are entered. If you see a warning about insufficient levels of encryption it may be time for a new device or an upgrade of your software.
Utilize Two-Factor Authentication (2FA).
2FA means the user provides two different authentication factors to verify themselves for system access. This makes it harder for cyber attackers to gain access to devices or accounts since only knowing their potential victim's password is not enough to get past the 2FA security control. Read more about Wi-Fi security in our blog post, “
How to Avoid Public Wi-Fi Security Risks
Risk #3: Personal Use of Laptops or Lack of Physical Security
Using work devices to visit social media pages, answer personal emails or shop online is an example of risky behavior that a remote worker might engage in. Allowing non-employees like friends or family members to borrow devices for personal use is another example. This presents a risk of not being able to monitor the websites or files they access, potentially putting your company data at stake.
Physical security of company-issued devices is also a problem. This could be something as simple as leaving a device out in the open at home or in an unlocked car. Security breaches can happen simply because a device is stolen.
that in airports alone, a laptop is taken every 53 seconds. Here are some physical security tips to keep in mind:
Physical security should be a key aspect of your business’s cybersecurity policy and best practices, and its importance should be emphasized for remote employees
Monitor usage of company-issued devices to keep an eye out for a non-work related activity or the potential use by someone else other than the employee
Remind all employees (especially remote workers) to keep devices on themselves and to securely store them when not in use
Remind employees to hide their work when they are out in a public place so no one can see their screen, and to not leave devices unattended
Keep the “find my device” setting on in the event it is misplaced
Choose AmTrust for Cyber Liability Coverage and More
Cyber Liability Insurance
for small businesses provides a variety of services to address the modern-day risks and threats of business identity theft and data breaches and offers you peace of should something happen unexpectedly. Find out more with these
five things to know about cyber liability insurance
, and read up on
why business insurance is necessary for remote workers
To get started with a cyber liability policy,
or your AmTrust-appointed agent today.
This material is for informational purposes only and is not legal or business advice. Neither AmTrust Financial Services, Inc. nor any of its subsidiaries or affiliates represents or warrants that the information contained herein is appropriate or suitable for any specific business or legal purpose. Readers seeking resolution of specific questions should consult their business and/or legal advisors. Coverages may vary by location. Contact your local RSM for more information.
Subscribe to PolicyWire for weekly email updates
Articles by Topic
Small Business Advice
Paid Family Leave
New York Paid Family Leave
Business Owner's Policy
Become an Agent
Get A Quote
Oct 2, 2019
October is National Cybersecurity Awareness Month
October is National Cybersecurity Awareness Month! As a partner for Stay Safe Online, we'll be sharing tips throughout the month to help small business stay safe from cybersecurity attacks.
Jul 9, 2019
Cyber Insurance in the Time of Data Privacy Protection
Learn about the importance of cyber liability insurance in the time of data privacy legislation, such as the GDPR or CCPA, from AmTrust’s Ian Thornton-Trump.
Jun 27, 2019
National Insurance Awareness Day 2019: How Your Business Can Celebrate
June 28 has been designated as “National Insurance Awareness Day.” Although the origin of this designation is unknown, it is observed each year on this day to serve as a reminder to review your insurance policies and make sure your small business has the coverage it needs.