Businesses worldwide are adjusting to “the new normal” brought on by the global coronavirus pandemic.
Not unlike the disease itself, InsurTech companies and insurance technologists are not immune to the challenges and business process changes required to keep operations running as smoothly as possible during this crisis. Most were quick to assemble online resource pages and webinars to educate and inform around their COVID-19 impact and response.
The Private Risk Management Association was among the industry organizations to raise a red flag regarding the cybersecurity risks linked to the uptick in people working from home during this period when individuals and families are sheltering in place to help prevent the spread of the virus.
“Work-from-home employees are targets for phishing expeditions,” PRMA said in a statement. “These expeditions implant malware in a computer that gives hackers a chance to demand ransom or obtain a company’s data.”
Moody’s also predicted a spike in cyber events. Specifically, the credit ratings agency said businesses can anticipate a spike in coronavirus-themed phishing attempts and malware risks, disinformation campaigns, and attacks that degrade the health care response to COVID-19
“Previous cybersecurity incidents have shown, criminals will use a headline-grabbing event to try to elicit risky cyber activity from their victims,” Moody’s Assistant Vice President Leroy Terrelonge said in a prepared statement. “When employees fall victim to phishing attacks, business disruptions with material credit effects can ensue. And with many employees working from home, the need to keep operations going as efficiently as possible may push some issuers to forgo certain security measures used during normal operations.”
Remote workers hunker down
According to the British technology company Comparitech, the major cyber risks facing remote employees include the use of unsecured Wi-Fi networks, the use of personal devices and networks for business purposes, and scams that target remote workers. Aimee O’Driscoll, the company’s tech writer and editor, compiled the following tips to help businesses mitigate remote worker cybersecurity risks:
- Use strong passwords
- Set up two-factor authentication
- Use a VPN
- Set up firewalls
- Use an antivirus software
- Secure your home router
- Install updates regularly
- Back up your data
- Beware remote desktop tools
- Look out for phishing emails and sites
- Watch out for work-from-home scams
- Use encrypted communications
- Lock your device
Business continuity concerns
Applied Systems published a blog post on March 12 telling its clients how the technology provider planned to keep running amid the pandemic and subsequent shelter in place regulations. The company emphasized that although its employees are now working remotely, it intends to continue offering 24/7 services and support. Among other things, Applied encouraged clients to:
- Make a crisis management plan;
- Consider how technology can support business momentum;
- Take extra steps to protect data; and
- Communicate regularly with customers.
Novarica also used its blog, newsletter and webcasts to educate clients and partners on such topics as the pandemic’s potential insurance industry impact. In a March 13 blog post about how carriers can prepare for what’s to come, Rob McIsaac, the company’s executive vice president of research and consulting and practice leader for life/annuity/benefits, offered these tips for insurance carriers who are crafting long-term work-from-home policies:
- Determine whether the policy is “work from home” or whether it is more accurate to describe it as “not working from the office.” Assuming the latter, organizations need to guide employees on how they can be productive and secure at the same time. Leaving the details to individual employee creativity or imagination can lead to surprising, detrimental results.
- Ensure that the equipment the organization provides to employees when working from home (or not in the office) is sufficient to address their tasks. Companies should deploy and test VPN capabilities at scale if security is paramount, for example. Softphones that employees can use anywhere there’s a Wi-Fi connection can also be valuable as work is virtualized and moved between people/organizations in response to changes in circumstances and work patterns. Avoiding rigid structures and fixed locations for work can enhance adaptability in uncertain times.
- Replacing the usual social network employees have for informal, in-person communication with a planned approach for virtual information-sharing can also be an important step to maintain organizational focus and morale. This is one of the best practices from major innovation or transformation events — creating a closed-loop communication process to ensure that the messages that leaders send are the same as the messages the organization receives. This will have a significant impact on outcomes and can reduce passive-aggressive behavior and organizational anxiety. It can also offset the impact of 24/7 news channels providing the only soundtrack for associate lives. Virtual town hall sessions can provide important connections for employees who may feel disoriented after the severing of typical communication networks.