Identifying and mitigating cyber risk for remote work

Commercial Lines

Identifying and mitigating cyber risk for remote work

Published: 06 June 2022

As more people work remotely, employees are inadvertently creating opportunities for hackers to forge tunnels into company networks through often unsecured connectivity. According to a recent Accenture report, South African businesses experience 577 cyber-attacks per hour. This increase in the prevalence of cybercrime makes it imperative that businesses implement the best possible risk mitigation strategies if they want to remain safe.

Phillipa Wild of Santam says, “The proliferation of technology coupled with remote work have created the ideal environment for smart, opportunistic digital criminals. While cybercrime insurance provides quick access to service providers that can clean up the resultant fallout after an attack, simple measures such as updated anti-virus software and educating employees are the first step to helping prevent major cyberattacks and saving companies millions.”

What cyber criminals are after:

Being able to protect your business means knowing what hackers are after. Top data targets include intellectual property and databases of personal information about employees, partners, suppliers, and customers. Through a range of techniques hackers can wreak havoc within an organisation. These techniques include:

  • Extortion, where data is held ransom. These are called ransomware attacks and they have been on the rise across the globe.
  • Hackers can also blackmail businesses with Distributed Denial of Service (DDoS) attacks or threats of DDoS attacks. A DDoS attack is an attempt to make an online service unavailable by overwhelming it with traffic from multiple sources.
  • Remote work means that you may be in a wide variety of locations working from your laptop, tablet, or mobile phone. As you look for free Wi-Fi networks, you may unknowingly connect to a shadow network – a system that is intended to look like any other public network except that it’s monitored by a cyber predator. Therefore, it is important to set your device to not automatically connect to available networks.
  • Phishing – This is when a person is targeted via email, phone, or text by someone posing as a legitimate (and often known) institution or individual to extract confidential information. It could be to steal credit card or banking details, credentials, and other information. Users of this technique have become incredibly sophisticated.

What a cybercrime incident could mean for your business?

The immediate effect of a cyber-attack is of course the cost of business interruption. What can often be even more devastating is the reputational damage if the attack is not dealt with properly.

Finally, the risk of litigation is also high. Companies found to be liable of not safeguarding their data well enough can run afoul of regulations like the POPI act. Contravening those laws could result in a fine of R10 million. Therefore, it’s imperative to have security measures in place to safeguard this information according to most up to date best practice.

Cover is key:

The average small business hack can cost an enterprise anywhere between R50 000 to R250 000, even more,  to recover from. As such it is crucial to have cover in place that combines risk management services and insurance to cover losses such as business interruption, ransomware and forensic costs.. Given the how disruptive a malware attack can be, getting comprehensive cover is paramount. The average monthly cybercrime instalment premium from Santam is generally less than R1000, which means the benefits of getting covered will greatly outweigh the cost.