24 June 2020

Where commercially sensitive or confidential information is being shared or discussions with clients are taking place, businesses must be satisfied that an appropriate level of security is offered. Unsecured systems give rise to potentially huge claims for damages and, in the case of personal data, hefty fines from the Information Commissioner.

Recent weeks have been something of a baptism of fire for businesses trying to implement effective home working and some have adapted better than others.

While few companies have experience of dealing with a wholesale move to homeworking, those with systems already in place will no doubt have coped more easily with lockdown restrictions. However, home working under normal circumstances usually means that someone is in the office – someone will be able to collect and send out mail, copy and print documents on a large scale, provide ID to carry out anti-money laundering checks and verify bank details for transfers.

Inevitably, that sort of admin becomes much harder when trying to work remotely. The impact of the pandemic has been so profound that most businesses are simply focussed on trying to stay afloat and the detail of compliance and risk management is easily overlooked.

As restrictions now begin to ease, it seems likely that office workers will return to their desks in the medium term, but it seems equally likely that ways of working will change permanently. Some degree of social distancing may become much more common and those businesses that have successfully implemented home working are now considering whether so much expensive office space is really required. With the rise of flexible working it seems that the number of people working from home, if not permanently, on rotation, is likely to rise. But what are the risks?

A marked increase in cybercrime and fraud has been reported during the pandemic, often as a result of phishing and similar scams, but bank account fraud has risen sharply too. Remote working has also seen a dramatic surge in the use of video conferencing systems such as Zoom and Microsoft Teams, with many column inches devoted to a critique of their security. Where commercially sensitive or confidential information is being shared or discussions with clients are taking place, businesses must be satisfied that an appropriate level of security is offered. Unsecured systems give rise to potentially huge claims for damages and, in the case of personal data, hefty fines from the Information Commissioner.

When business systems are accessed remotely, particularly from personal laptops and PCs, the lines between business and personal storage systems become easily blurred and the potential for giving unauthorised access to third parties increases exponentially, exposing businesses to risk and claims.

It is therefore vital for businesses to dust off remote working policies and ensure that they are up to date and sufficiently robust for the future of home working. Businesses will also have to reconsider the cyber security provisions that they have in place and ensure that they are fit for purpose. In addition, businesses should consider whether they have sufficient insurance cover in place and the terms of that cover, should the worst happen. In providing cover most insurers will generally expect:

1. all remote workers to connect through a Virtual Private Network;
2. multi factor authentication for all online business services and employees remotely accessing the network;
3. IT security measures to apply equally to those working from home, e.g. security measures must be in place for personal devices;
4. change control processes to be in place for any alterations to the network; and
5. team members to be available to cover IT staff absences.

The last few months will undoubtedly have given businesses a much keener sense of the practical implications of business interruption and remote working. With that in mind, perhaps it is time to re-visit the small print, after all cybercriminals have not been furloughed.

Contact

Lynn Richmond, Partner, E: lyr@bto.co.uk / T: 0131 222 2934
Gordon Taylor, Branch Manager, GS Group 
Siobhan Fogarty, Underwriting Manager, GS Group