The trend towards working from home has opened organisations up to new cyber risks and legal liabilities, according to Gerallt Owen, managing director of cyber risk at Kroll.

Speaking on the third day of PARIMA’s Digital Conference, Owen said the growing use of personal computers and devices for work left companies vulnerable to attacks.

The executive said organisations had not had time to plan properly for the realities of working from home.

“Many businesses were left scrambling to find ways to continue to operate and had not given much thought to, or indeed implemented, bring-your-own-device policies.”

“They had not even considered which assets they were trying to protect, and how to do so or the particular risks associated with their business. Often, training of staff and implementation of the necessary cybersecurity was absent,” he added.

As companies adjusted to the pandemic and allowed staff to work, many had unwittingly become liable to lawsuits from suppliers and clients, Owen added.

“Businesses often also failed to review existing client contracts to establish whether or not there were any prohibitions on the use of employee devices in those contracts.

“Many businesses have consequently found themselves breaching contractual obligations. Similarly, businesses often did not consider the liability implications of a breach caused as a consequence of the use of employee equipment.”

Owen urged companies to act and inform their employees about cyber risks under the new Post-Covid normal.

“Understand the risks of working on unsecured Wi-Fi networks and the risks of allowing their devices and passwords to be shared with family members,” he said.

“The key message for organisations who allow employees to use their own equipment is to implement bring-your-own-device policies, and then audit and then update those policies in response to the ever-increasing and changing cyber threat landscape.”