Surge in working from home raises cyber exposure issues.

• Author: Greenwald, Judy

Companies directing large numbers of employees to work from home for the first time because of the coronavirus pandemic face a host of cybersecurity issues, including concerns over tthe security of workers' personal computers and vulnerability to phishing attacks. In addition, data lines may be strained as the number of staffing corporate systems remotely surges. While it's likely that many problems would be covered by cyber insurance or other policies, now is a good time for firms to review their policies, experts say. Meanwhile, employers should reinforce the need for employees working from home to follow best "cyber hygiene" practices, including using two-party authentication; being sure their systems have the latest security updates and patches; that employees back up their data; and that they are warned about the proliferation of phishing scams as cyber criminals try to turn the crisis to their advantage, they say. "The problem is, we're suddenly pushing out a very large contingent of the folks who work for you, and not all of them may be sophisticated telecommuters," said Robert Parisi, New York-based managing director and cyber product leader for Marsh LLC. Those who work from home on a regular basis "already know the drill," but people who are not used to telecommuting are in an environment "that's emotionally stressful and that's going to create problems," Mr. Parisi said. Small- to medium-sized firms that may have not previously addressed remote access and telecommuting may see the most acute problems, he said.

Thomas Srail, executive vice president, cyber risk team, for Willis Towers Watson PLC in Cleveland, said over the past week many employers had a test day for working remotely, keeping staff home for a day and testing remote connections.

The results have been "kind of a mixed bag," with professional services organizations that have many travelers "probably finding it easier vs. more traditional employers who don't have a lot of traveling," Mr. Srail said.

Companies should ensure they have procedures in place, Mr. Parisi said.

Employers must have a secure way for employees to access systems, which usually means a virtual private network, or VPN, said Tedrick A. Housh III, a partner with Lathrop GPM LLP in Kansas City, Missouri, who focuses on data security and privacy.

"If you have a lot of people working off of their own computer devices, you're of course counting on the fact that they have practiced good cyber hygiene at...