Managing Cyber Risk as Employees Continue to Work from Home

The coronavirus (COVID-19) outbreak has transformed the way we live and for many, the place we work is now the home office.

The Global Workplace Analytics estimates that 56% of the U.S. workforce holds a job that is compatible (at least partially) with remote work. Gallup data from 2016 shows that 43% of the workforce works at home at least some of the time. Their prediction is that the longer people are required to work at home, the greater the adoption we will see when the dust settles.

They believe, based on historical trends, that those who were working remotely before the pandemic will increase their frequency after they are allowed to return to their offices. For those who were new to remote work until the pandemic, they believe there will be a significant increase in at-home work. During this time managers have learned that employees working from home actually work, and going forward more employees will demand it. Their best estimate is that we will see 25-30% of the workforce working at home on a multiple-days-a-week basis by the end of 2021.

Information security is one the greatest challenges for companies with employees working remotely. For a business, having coverage is certainly important. And so too is a vigilant effort to safeguard your business and employees from data breaches, cyber scams and viruses.

There are steps that every business should follow to minimize the risk of cyberattacks.

  1. Train employees to detect and respond to phishing attacks. Cybercriminals have been known to pose as charities and legitimate websites to lure victims into sending money and revealing personal information. Individuals should scrutinize any emails, texts, and social media posts and be cautious when clicking any links and attachments. Specifically, employees should be instructed to:
    • BE SURE TO VERIFY THE EMAIL ADDRESS MATCHES THE SENDER NAME. Hackers now often mirror the logos, message, and syntax of real entities. Your first clue is an email address that does not match that of the sending organization.
    • Avoid clicking links from unsolicited emails, and be wary of email attachments, particularly “free” online gift certificates.
    • Use trusted sources when looking for factual information on COVID-19, such as
    • Never give out personal or financial information via email, even if the sender seems legitimate.
    • Never respond to emails soliciting personal or financial information.
    • Verify a charity’s authenticity before making any donations.
  2. Have a virtual private network (VPN) in place. Ensure that employees are using it to access company systems and data when working remotely. VPNs encrypt internet traffic, which can be particularly useful when your employees are connected to a home or public network. It could be beneficial to prohibit employees from accessing company information from public networks altogether.
  3. Make it a policy to use security and anti-virus software. This software should be up to date and include the latest patches. Educate your employees on the kinds of sensitive data they are obligated to protect. This could include confidential business information, trade secrets, intellectual property, and personal information. When working with sensitive data, employees should take to the same precautions they would if they were at the office. They should avoid using their personal email for company business and think critically about the documents they are printing at home. If they must print sensitive information, they should shred the document when it is no longer needed. Encrypting sensitive information can also help you protect any data that is stored or sent to remote devices.
  4. Create and communicate a system that employees can use to report lost or stolen equipment. This will help your IT department respond quickly and mitigate potential data loss threats.
  5. Require two-factor authentication for all company passwords. Two-factor authentication adds a layer of security that allows companies to protect against compromised credentials. Through this method, users must confirm their identity by providing extra information (e.g., a phone number or unique security code) when attempting to access corporate applications, networks and servers.
  6. Consider security precautions for mobile devices. Proper phone security is just as important as a well-protected computer network.
  7. For additional protection, employers should consider backing up data and bolstering network protections as best as they can.

Taking precautions such as these can lessen the risk of a cyber attack on your company’s infrastructure. Having cyber liability protection in place is also very sensible. The industry now has cost-effective solutions for all types and sizes of businesses. Your network and your information is your business – so protect it as best you can.

Christine Cunning is a principal with Sullivan Garrity & Donnelly Insurance Agency, Inc. (, a family-run insurance agency serving the region for nearly 100 years, with locations in Chatham, Hyannis, Cohasset and Worcester, Massachusetts and is licensed nationally as an independent brokerage with dozens of insurance carriers.)