Cyber Hygiene and Mobile Devices

As more and more work is done remotely, businesses have concerns and coverage questions regarding the mobile devices they provide employees and the issues those devices can raise with their systems. We often receive questions about whether mobile devices are covered under cyber insurance. 

Generally, for a mobile device to be covered by a cyber policy, it must be owned by the insured’s business. Devices owned by the insured are included in the definition of computer system in Acuity’s cyber form.

Employee-owned mobile devices are not covered. However, if employees are using personal devices to access a VPN into the insured’s network, it could lead to a data breach or a computer attack against the insured’s company devices. In that case, coverage would apply to resulting damage, including to company devices. 

For businesses with employees working remotely on company-owned devices, cyber hygiene is important. HSB recommends the following to improve home cybersecurity and enhance digital experiences:

1. Unsubscribe from unsolicited email. Look at the number of emails you receive and consider how many you need. The more email received, the more vulnerable you are to a phishing attack, so unsubscribe from unwanted lists every few months. 
2. Get on the Do Not Call list. Unsolicited calls and voicemails offer undue stress to many individuals and can create cyber risk. 
3. Block unwanted callers. Go through received calls and voicemails and block unwanted callers. This is typically done by clicking an information link near the caller’s ID. 
4. Try a password manager. Using a lot of apps, tools, and websites comes with a lot of passwords to remember. Using a password manager will make online life easier and more secure.
5. Employ multi-factor authentication. Multi-factor authentication refers to combining the use of something known, like a password, with something prompted, like an SMS message sent from the site to a phone, and/or something biometric, like a fingerprint. 
6. Confirm that operating systems have the latest updates installed. If using a Windows system, click on the search icon in the lower left-hand corner near the Windows icon and search for “system information.” The search results will tell you what version of Windows is running. Then, do an Internet search for the current version of Windows and make sure it is what you are using. 
7. Confirm and update subscription(s) to antivirus and anti-malware software. Make sure all antivirus and anti-malware software is configured to automatically install updates or set up a schedule to manually update regularly.

Businesses need to make sure their systems and their employees’ systems are secure and won’t lead to a cyber incident. Following good cyber hygiene is an important part of cyber risk management.