As more and more social distancing measures are enacted, employers are transitioning their workforce to remote workstations en masse. The COVID-19 outbreak is presenting a myriad of challenges, but for IT teams, specifically, equipping employees with the necessary tools and systems to maintain their productivity is uncharted territory.

In this unprecedented time, maintaining security is of the utmost importance. We’ve already seen evidence that cyberattacks could become more focused as government agencies and companies move swiftly to adapt to COVID-19. One recent example includes the attack targeted at the U.S. Health and Human Services Department (HHS) on March 16. In that instance, the attack overloaded the HHS servers with millions of hits over several hours; however, the attack did not significantly slow the agency’s systems. HHS anticipated increased attacks and added extra protections in place.

To help ensure that your organization’s response to cyber threat is more akin to that of the HHS, our experts give guidance on mitigating your risk below.

Stress on IT Resources

Increased remote workers inevitably bring an immediate surge of requests on the IT team. These are the first steps in implementing or rolling out remote viabilities to your teams.

  • Practice a dry run for anyone who may need to work from home. This can be done in waves to maintain business continuity and availability.
  • Roll out capabilities as they are available. Your teams may have limited remote capabilities at the moment, but continue to distribute tools and resources as they become available.
  • Expect increased expenses as more technology, computers, access or subscriptions are needed to keep your workforce productive and secure. Proactively work with finance to define the scope of expansible items.
  • Implement a Virtual Private Network (VPN) and multi-factor authentication and any other layers of protection needed for your line of business. Using a remote desktop without a VPN may leave your network exposed to hackers and ransomware attacks.

Remind Employees of Online Best Practices

Companies are always vulnerable to cyber and phishing attacks, but an increase in remote workers may present new dangers. As everyone checks their hand-washing routine, it is important to remind employees of best practices for online security.

  • Be wary of suspicious links, especially those about COVID-19, including cure claims, donation requests and links or documents from unfamiliar email addresses.
  • Ensure home Wi-Fi has a strong password. Instruct employees on minimum lengths or complexities of passwords and resources on how to update their passwords.
  • Update or increase security requirements on work passwords. With increased potential exposures, consider increasing the complexity and frequency of password resets.
  • Explain any policies about using public Wi-Fi and the risks of using it.
  • Clarify acceptable options for working and which platforms cannot be used. For example, explicitly say if employees can or cannot use platforms like Zoom, Slack, Google Drive, Google Hangouts or other shared platforms.
  • Direct employees on at-home printing protocols and if and how they can print sensitive materials and how to dispose of them appropriately.

Increase in Scams

Experts expect to see an increase in scams targeted to personal and company emails. Current circulating malware, virus and phishing scams include:

  • Links to COVID-19 maps that are on websites loaded with malware.
  • An email saying that a person at an event you attended may have COVID-19. The email includes a link to stay updated on the status of the individual’s diagnosis; however, the link is malicious.
  • Luring people to download documents that appear to be from an official health authority but really contain malware or other harmful code.
  • Emails containing a link to learn about a new COVID-19 cure.
  • Spoofed emails from CDC or WHO claiming to have updated information on the virus.
  • Donation requests for fraudulent charities or groups posing as COVID-19 causes.
  • Promoting fake cures or protections.

For Small Businesses Struggling with Remote Capabilities

Technology companies are easing the transition cost to try remote tools. These tools can ease the transition process for small or large businesses not equipped to work entirely remotely. Instruct employees on any restrictions surrounding these platforms to ensure that all sensitive or secure items are kept that way.

Know Your Coverage

If you have any questions or concerns about your cybersecurity insurance coverage, talk to your Hays account representative. We will continue monitoring the situation and share new information as it becomes available.


Please be advised that any and all information, comments, analysis, and/or recommendations set forth above relative to the possible impact of COVID-19 on potential insurance coverage or other policy implications are intended solely for informational purposes and should not be relied upon as legal advice. As an insurance broker, we have no authority to make coverage decisions as that ability rests solely with the issuing carrier. Therefore, all claims should be submitted to the carrier for evaluation. The positions expressed herein are opinions only and are not to be construed as any form of guarantee or warranty. Finally, given the extremely dynamic and rapidly evolving COVID-19 situation, comments above do not take into account any applicable pending or future legislation introduced with the intent to override, alter or amend current policy language.

Interested in learning more? Connect with us today: