As a community, we may have started out thinking working remotely was temporary, but it’s now clear this is how we’ll be doing business for the foreseeable future. Many firms have moved strictly to work-from-home (WFH) models for the rest of the year.
In preparation, you rushed to move your users to a WFH model, secure their at-home workstations, and educate them on phishing and other security measures.
What you may not have thought of, though, is how these changes affect your insurance. Insurers are looking more closely at work environments and practices that could open new avenues for breaches and exposure. They’re worried, for instance, that the use of home networks and personal equipment for company business could introduce cyber risks that may not have been a concern or consideration when business continuity plans (BCP) or data loss prevention plans (DLP) were drawn up. However, remote work models weren’t a consideration when the cyber liability policies were written. No one—even the insurance companies—planned for a pandemic.
Insurers are looking for proof from prospective customers of certain universal good practices. These include ensuring that
- Remote access is properly secured.
- Operating systems are kept up to date with security patches.
- Email servers are properly configured to guard against phishing attacks.
According to an article in the Wall Street Journal, insurers were already “looking at enhancing their understanding of cyber risks and coming up with better modeling techniques” due to loss trends stemming from data breaches and ransomware incidents.
Agio takes those issues and their impact on your firm seriously. We’ve kept up with the latest information, helped you transition to a WFH model, and advised you on best practices to avoid malicious attacks and remediate issues that arise.
If you’ve been working with Agio, we’ve helped you implement the good practices insurers are looking for, whether that’s properly securing remote access, evaluating when to update security patches, or how to guard against phishing attacks.
Agio created a solid Remote Access Infrastructure Cybersecurity Health Check explicitly designed for clients to prioritize cybersecurity remediation. At the time, we wrote this checklist because investors and stakeholders were asking questions about cybersecurity and a WFH model. This checklist is even more critical as insurers are looking for answers on these same issues.
Investors and stakeholders are asking more questions than ever around the technology and cybersecurity you have in place to support your fund’s now fully remote workforce.
When this pandemic started to take hold, there was a lot of information thrown around—some of it reliable, some of it just adding noise. We knew our clients would need reliable information to make informed decisions about safe transitions to remote working environments. To that end, we wrote blog posts addressing the most pressing issues around cybersecurity and managed detection and response (MDR). But we knew we couldn’t be the sole resource, so we put together a list of the Top 10 Sources for COVID-19 Cybersecurity Reporting to ensure our clients had the most reliable updates in the industry.
COVID-19 indeed forced firms to scramble to set up users at home. Even the most robust BCP couldn’t have imagined a pandemic of this scale and what it would mean to do business as usual, even when it wasn’t. Agio encouraged firms to explore Windows Virtual Desktop (WVD) as “the future of secure remote computing.” We provided advice via checklists for IT operations, cybersecurity operations, and employee training to keep businesses running smoothly without exposing themselves to security gaps.
While other companies were stitching solutions together—trading security for a quick fix on consistency, reliability, or usability for optimal productivity—CTOs who took advantage of the WVD service had fewer issues because they had a reliable enterprise-class solution designed from the ground up with security in mind.
As the pandemic hit, Agio saw the immediate need to provide and protect data while seamlessly allowing employees to do their jobs. We encouraged CTOs to use Windows Virtual Desktop to leverage the cloud to provide secure virtual desktops as reliable WFH solutions.
As you know, Agio doesn’t just offer a solution and walk away. We met with clients to implement Windows Virtual Desktop and shared information about how to move to the public cloud quickly. The cloud makes it easier to manage remote workers. It’s flexible, scalable, and can accommodate spikes in demand.
Agio also provided a roadmap for educating employees on how to work from home during COVID-19 (e.g., enable two-factor authentication, and don’t allow family members to use your laptop). We encouraged firms to implement new support escalation paths specifically for WFH models.
One severe and real threat to working at home is phishing and ransomware attacks. Agio was particularly sensitive to these concerns and addressed different scenarios in multiple articles.
We partner with Inky’s best-in-breed Phish Fence technology, leveraging machine learning, behavior profiling, and advanced heuristics forgery detection to uncover even the most sophisticated deep-sea phishing attacks that both trained users and conventional email filters miss.
We introduced our clients to terms like whaling, ransomware, and spear phishing. We explained how to spot specific phishing attacks like Perswaysion and how to avoid becoming a victim of such scams. This training and information in turn, increased security as employees moved to remote workstations, all of which insurers will be looking for in the coming years.
If you have questions about cybersecurity, secure work-from-home solutions, MDR, or phishing—and how we can help you meet insurer expectations—give us a call. We’re here to help.