Protecting your employees while working from home

Author: John Farley

As Coronavirus took hold in the United States, the COVID-19 pandemic had an immediate impact on the operations of virtually every organization, including nonprofits.  Almost overnight, the nonprofit sector scrambled to move their workforce from familiar offices to new remote spaces. While this may have provided a safer environment from the COVID-19 pandemic, it also may have heightened cyber risk by providing cyber hackers more fertile ground to commit cyber crimes.With little to no preparation, many employees may have resorted to using unsecured public Wi-Fi, personal devices, and web conferencing platforms without the proper data security controls.

There are several best practices that nonprofits should consider following as guidance for their remote workforce:

Despite following all of these guidelines, there is still no guarantee that nonprofits, or any organization, can prevent cyberattacks 100% of the time. Cyber insurance is one of the best ways to help transfer this risk. 

Potential cyber insurance coverages, depending on a particular policy’s negotiated terms, could include:

  • Costs incurred in connection with the wrongful disclosure or otherwise failure to protect confidential personally identifiable information (PII) or protected health information (PHI).
  • Costs incurred in defending and resolving lawsuits alleging the wrongful disclosure of confidential personal information.
  • Costs incurred in responding to a regulatory investigation or proceeding triggered by an alleged failure in the collection, use, or disclosure of confidential information.
  • If allowed by applicable law, regulatory fines and penalties resulting from such investigations and proceedings.
  • Costs incurred in defending and resolving lawsuits alleging the failure to provide network access or technology products/services.
  • Business income loss and extra expenses caused by a non-malicious “system failure” – an interruption or significant degradation of the network caused by a coding error, upgrade or patch, or network failure caused by its inability to handle the increased volume of remote work.
  • If cyber thieves are able to gain wrongful access to the network:
    • Legal and forensic costs incurred in determining if PII, PHI, or third-party corporate information has been compromised.
    • Social Engineering coverage for losses from fraudulent wire transfers or invoice manipulation, although losses should be addressed by Crime policies
    • Ransomware-related coverages, which can include the cost of ransom payments, data and system recovery, legal, and forensic work.
    • Business income loss and extra expenses caused by ransomware or other attacks on the network, or by a voluntary shutdown of the network to limit the scope of an attack in process.
    • Depending on the terms of the policy, there could be Business Income and Extra Expense coverage if the network interruption is impacted by one of the company’s outsourced IT suppliers or other outsource providers (i.e. supply chain providers).

Your Gallagher representatives are ready to help your nonprofit organization during these challenging times, and as your risk evolves. Please visit our Pandemic Preparedness page for the latest information.

Author Information: