Our cookie policy

We use cookies to give you the best possible experience of our website. If you continue, we'll assume you're happy for your web browser to receive all cookies from our website. See our Privacy & security policy for more information on cookies and how to manage them.

Our response to Covid-19

× Back

How to Protect Your Business Online During Covid-19

With mass remote working underway in the UK and around the world during the COVID-19 lockdowns, an unintended side effect may be the risks posed to companies’ cyber security.

A recent study reveals that since early February 2020, cyber criminals have been exploiting the fear and concerns brought on by the COVID-19 pandemic. They have targeted companies with employees working remotely, who have become more likely to click on malicious links or to use unsecure networks due to their isolation.

One particularly sinister phishing attack saw cyber criminals posing as employees from the World Health Organisation (WHO), encouraging remote workers to distribute a malicious attachment that stole personal information.

Due to this concerning rise in cyber security cases, we here at Brightside wish to help you keep your business safe online during these uncertain times. Here we will detail risks to be more wary of, ways to ensure online security and actions to take with any new or existing cyber liability insurance policy to support any potential claims you make.

Which cyber-attacks have become more common during COVID-19?

Though these types of cyber-attacks should always be considered when looking to secure your online business, the following attack types pose an increased risk to remote and/or decentralised workers:

  • Phishing/Spear Phishing – Online communications, typically emails, that contain specific information pertaining to the recipient to fool them into clicking a malicious link, opening a dangerous attachment or taking another similar action.
  • Business Email Compromise (BEC) – Emails typically in the guise of being from the targeted company’s CEO, CFO or other senior management figure, designed to trick victims into wiring money.
  • Social Engineering – Malicious methods that target workers psychologically to manipulate them into performing actions they wouldn’t ordinarily do for the benefit of the fraudsters.

Should any of your business’s employees fall victim to cyber-attacks such as these, the result can mean a drastically increased risk of ransomware.

Ransomware is malicious programming that can lock down entire online systems & networks and subsequently demand a ransom – usually cash – to remove. Ransomware can not only lock down the computer networks of businesses and their customers, but also encrypt or even destroy sensitive and/or valuable data within these networks.

Worse still, these types of attacks can lurk undetected within a company’s computer network for days or even years before making themselves known. It can then become difficult to pinpoint where, when and how such a cyber-attack first infiltrated your company’s systems.

It can also have a detrimental effect on your company’s reputation and financial standing down the line. Customers value the online security of companies and will be quick to jump ship should they learn that any of them have potentially risked their own personal data through a cyber-attack.

How can I protect my business online during COVID-19?

Fortunately, there are many steps that you can take to mitigate the risks of either you or your remote employees falling victim to a cyber-attack:

  • Employee training – Train your staff fully about phishing tactics and your own company’s security procedures. This ensures that employees can identify and report any suspicious communications or suspected existing breaches to your company’s appropriate point of contact.

    Teach them to not click links or open email attachments from untrusted senders. Ensure they know not to share sensitive information with unknown entities, as well as how to carefully inspect received URLs to verify their legitimacy.
  • Secure communications – Ensure that your workers’ remote connections to your business’s network are both stable and secure, preferably through a VPN (virtual private network) or similarly encrypted method. Your VPN should also ideally have multi-factor authentication steps to make sure that only authorised individuals – your employees – are able to access it.
  • Firewalls – Your IT department should ensure that your company’s firewalls are properly configured. They must consistently monitor their logs to assess and verify both attempted and successful connections to the network from unauthorised or suspicious IP addresses.
  • Buy Cyber Liability and Crime Insurance – Taking out insurance cover for this eventuality will help cover you against potential costs. These could include provision of an expert intervention to fix, repair, re-instate or release your business from a Cyber attack. Also, a facility for potential financial compensation for cyber related theft or financial crime can be covered.

What should I do if I detect a Cyber-attack and want to claim?

The last thing you want to hear in the midst of a global pandemic, is that your business has fallen foul of a cyber-attack.

Here are some of the significant areas in which cyber liability insurers have declined coverage in the past and how to avoid these potential pitfalls:

  • Failure to Maintain – Can also be referred to as “Failure to Follow” or generally as a negligence exclusion. Some insurers contain this exclusion within their policy wording which denies coverage in the event of the insured business being deemed to have failed in maintaining minimum or adequate security standards prior to the cyber-attack.

    Companies can generally avoid this by ensuring that their network implements strong security measures such as those detailed above (although this is not an exhaustive list). Review your company’s cyber liability policy if this is of particular concern to you.
  • Cyber Extortion/Ransomware – In the event of your business being extorted by ransomware for a specific amount of money, it is important to review your policy wording to ensure that the policy’s limits and sub-limits will cover the amount being demanded.

    For example, if your business were being held to ransom for £25,000 but your policy only covered up to £20,000 in the event of ransomware extortion, then the £20,000 sum is the maximum that you would expect to be reimbursed.

    Although it is, of course, impossible to predict an exact amount that you could be potentially extorted for in the future, ensure that the scope of your policy’s coverage seems sufficient.
  • Social Engineering Schemes – Due to the evolving nature of social engineering scams, policy language is still changing in turn to better cover the losses accrued by insured companies. However, many cyber liability insurance policies contain several exit points through which insurers can potentially deny coverage in the event of such an attack.

    For example, coverage under some policies may be denied because a fraudulent transfer of funds was carried out via a phone rather than a computer, or because losses incurred were not “direct” losses of the insured company but rather losses of their clients’ funds.

    Check through your policy’s wording for any such exit clauses and ensure that the most likely pitfalls for your company’s typical ways of operating are not potential exit points under your policy. If they are, contact your insurer to review your terms of coverage.

As an insurance broker, Brightside works with a range of top cyber liability insurance providers to help keep businesses like yours protected. Explore our cyber liability insurance service today, or, for more information on staying safe during the COVID-19 pandemic, check out our COVID-19 page