How to protect your clients from cybercriminals cashing in on COVID-19

Brokers advising clients on cyber insurance during the COVID-19 pandemic will want to make sure there is an appropriate loss of income coverage under the policy, similar to other lines of insurance, a specialist insurer said recently.

“If we were to say any time is the right time to buy a cyber policy, now would be that time,” Lindsey Nelson, international cyber team leader with CFC Underwriting, said in an interview Monday. “Because it works exactly in the same way as loss of income would on another, traditional line of insurance if it’s loss of income for cyberattacks to your business.”

Cyber policies these days are designed to cover income loss arising from the interruption of a network for a variety of reasons, whether it’s the result of an ongoing cyberattack or ransomware attack, or, more broadly speaking, full systems failure. Some markets offer additional coverage for voluntary shutdown, whereby businesses choose to shut down their computer systems proactively in response to a potential cyber event to stop the spread of malware across their network.

“Clearly, the terms and conditions of all policies vary and specifics of any individual case are going to be considered under the exact wording,” Nelson added.

She spoke with Canadian Underwriter following the release of a CFC client advisory last month about how cybercriminals are trying to cash in on the COVID-19 crisis.

For example, cybercriminals have impersonated the World Health Organization, asking people to click on a button to download safety measures to implement. In another case, online food delivery company Deliveroo was hacked at a time when many people are depending on food deliveries to their home. Realizing that many people are requiring government assistance, cybercriminals are sending links purporting to be the government and asking for bank information to issue employment insurance cheques or wire transfers.

According to CFC’s 2019 claims data, 80% of ransomware attacks that CFC handled were initiated through remote desk protocol (RDP). One of the main concerns is that this can open a gateway to hackers if employees are not aware of the cybersecurity risks associated with RDP.

“Everybody is migrating to work from home,” Nelson said. “It’s creating a lot of opportunities for the cybercriminals.”

Nelson said CFC’s broker partners and their clients have realized that with many working from home, employees are working on potentially insecure devices and haven’t implemented training to spot things like phishing links “that would play on the vulnerability of humans wanting more information about COVID-19.”

In addition, Nelson observed, cybercriminals are capitalizing on people’s fear to use phishing campaigns and malicious links to gain access to information, or to trick people into sharing their confidential credentials.

“I think we’ve almost seen a complete shift for people who didn’t realize that they have a cyber exposure,” Nelson said. Now many people do.

Work-from-home mandates are inevitably increasing the vulnerability of businesses. Some employees, for example, may be tempted to log onto public WiFi connections if they’re not able to get a connection at home. Or they might be using personal devices that don’t have the same level of security as company devices – for example, they may not have anti-virus programs installed.

How can employers protect themselves and their employees? Aside from businesses ensuring that personal devices are configured for remote working, Nelson recommends that multi-factor authentication is in place to ensure a person is who they are by requiring a minimum of two pieces of unique data points. Another important factor is training and employee awareness on how to spot a phishing email.