With the unprecedented global pandemic of Covid-19, companies are adapting to the new reality of social distancing and self-isolation practices encouraged by our government and health authorities, leading many businesses to transition large numbers of employees to remote working. Many of these employees have no prior experience working remotely, and in some cases, may not be properly equipped to do so.
Remote working requires, among other things, equipping employees with the ability to connect to company servers from home. This transition requires furnishing employees with the tools required to carry out their work efficiently, such as providing them with laptops, at home workstations, and remote access to secured networks and other company resources.
Unfortunately, the transition to working remotely almost certainly will mean increased risk of cyber attack and cyber losses. Cyber risks faced by businesses today take different forms. In addition to hardware and/or software failure, the loss of portable devices such as laptops or smart phones, and the use of unsecured Wi-Fi connections by employees, companies face sophisticated attacks from hackers targeting users seeking information on Covid-19.
Given these risks, it is critically important businesses take steps to insure and protect themselves against cyber losses.
Cyber insurance – what is it and what does it cover?
Cyber insurance provides protection and coverage for the security and privacy of digital information and losses resulting from data breaches.
Cyber risk policies provide both first party and third party coverage. Cyber insurance may take the form of a stand-alone policy or be made available by way of endorsement to a D&O or E&O liability policy. Though each policy varies, and a policy should be thoroughly reviewed prior to purchase, first party coverages typically provided under a cyber insurance policy include:
- expenses incurred by a company as a direct result of the breach, including remediation and notification expenses, as well as crisis management expenses; and
- resultant costs such as business interruption and loss of goodwill.
Third party coverage under a cyber insurance policy typically provides coverage for liability in connection with losses suffered by customers as a result of the theft and use of their personal and/or financial data.
Most insurers also offer value-added services, such as network security testing, designed to help companies avoid and mitigate the effects of a data breach, and crisis management services.
Ensure that your cyber insurance policy is comprehensive enough to suit your company’s needs
Coverages offered under cyber insurance policies vary considerably. When purchasing a cyber insurance policy, the policy wording, and especially the exclusions, should be reviewed with a professional to ensure the potential loss events your company may face in the event of a data breach are covered. The type of coverage required will depend on the nature of the company, the types of information it stores within its secure network, as well as the types of activities the business participates in.
What can employees and employers do to prevent cyber attacks?
Both employers and employees must take utmost care to protect themselves as well as confidential company information, especially while working remotely. Such steps include:
- Encouraging employees to pay attention to phishing emails, which are emails disguised with an enticing link, that when clicked on, can download malware onto a device and the company’s systems;
- Ensuring employee devices are up to date on their anti-virus protection;
- Ensuring employees are working on secure, password-protected internet connections and reducing the use of public Wi-Fi as much as possible;
- Reminding employees personal email should not be used for any company business; and,
- Urging employees to keep track of what they are printing at home and to shred confidential documents as soon as possible before they are disposed of.
The best way to protect your company from cyber risks is to ensure appropriate preventive measures are in place and employees working from home or with remote access to company data are trained on how to implement these measures. We must all be diligent in protecting and securing sensitive business data and client information. However, when an attack does happen, it is crucial to have the right cyber risk insurance products in place to assist in dealing with the after-effects of a breach.
By Katie Gauthier and Cassandra Khatchikian, Gowling WLG
- Nixon v. The King – deals with Ideas Canada Foundation and 2002 and 2003 donations - October 31, 2023
- CRA adds additional questions and schedule to T3010 annual return - June 29, 2023
- Globe and Mail article “CRA typo causes a multimillion-dollar mistake for the Hewitt Foundation” focuses on the importance of T3010 - June 26, 2023