It’s no secret that the COVID-19 pandemic has impacted every corner of the business world. From executives and board members, to junior employees and interns – the virus has not been discriminatory in the way it has affected finances, flexibility and the future of business.
However, there is one group that has benefited from the unprecedented coronavirus circumstances – cyber criminals. Check Point Research has shown a 30% increase in COVID-19 related cyber-attacks over the first two weeks of May, with repeated attacks on organisations including the NHS. Even the UN has had to issue warnings regarding the threats.
One of the biggest contributors to this has been the rise in working from home caused by the pandemic. Remote working strategies expose vulnerabilities that can open the door for cyber criminals to exploit. This is particularly problematic for freelancers, who must be especially wary of the risks that could see them affected by costly client claims.
Read on to find out more about the cyber security errors that could cause insurance issues for businesses, and how they can be avoided.
Data security and cyber crime
Since the start of the pandemic, the number of phishing and invoice fraud emails reported has rocketed. Cyber criminals have pounced on uncertainty and new ways of working with more sophisticated emails that look exactly like communications from a trusted customer.
For freelancers, the risk is that falling for these attacks could leave them open to negligence claims, particularly if they are handling client money. Making a payment to a fraudster leaves clients out of pocket, and the client may pursue the freelancer through legal channels for compensation.
Additionally, most freelancers in such roles use online platforms to issue invoices. If their account is compromised, criminals may change the bank details to their own and issue invoices.
This can lead to a client mistakenly making payments to a cyber-criminal, suffering a loss as a result and potentially giving them grounds to pursue the contractor under cyber liability..
Enabling all security options available can help mitigate against this risk. For example, two-factor authentication acts as an additional protection measure (if passwords are compromised) by requiring a second method of authorisation, preventing criminals from gaining access.
Contractors who work closely with client data face greater threats while working remotely.. Working from home means many people may access work accounts and data from personal devices or email clients, which, if compromised, presents a significant risk.
For example, a personal email inbox containing confidential attachments, or security vulnerabilities in devices could see sensitive data being breached more easily.
To prevent these mistakes from leading to a client dispute that could ultimately lead to a professional indemnity claim brought, it’s important that where possible files are secured in line with client requirements (e.g. password encryption or sent via a secure server) and device software updated to the latest version.
The need for immediacy
In the current climate, there is increased pressure on all workers to be ultra-responsive. When this is the case, it’s easy to slip up.
If immediacy is the order of the day, it’s easy for contractors to make mistakes and email a file to the wrong recipient, or send personally identifiable data in an insecure way. Again, this could cause a dispute with clients which leads to a professional indemnity claim.
Follow your client’s protocol if you suspect a security breach, and inform your insurer at the earliest opportunity so they can help find a resolution. Time is of the essence in these situations, so it’s important to act quickly to mitigate the potential damage as much as possible.
By Liam Greene, Underwriting Manager for Professional and Management Risks, Markel Direct.
Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit https://digital.privsec.info/.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.