Corporate information technology departments are busy enough without having to worry about hard-core gamers. So when a story is published about how a gamer’s World of Warcraft account has been hacked, most IT professionals would probably ignore the details and return to their own internal cyberdefense issues.
But those professionals can easily miss the risks that a gaming attack might pose to their own systems if the gamer had been using a computer that has also been used to access a company’s network.
Employees are increasingly using their own personal devices to access company networks. By one estimate, more than 80% of all companies allow employees to use their personal computers and mobile devices to connect to a company network, and almost 60% of all employees take advantage of that policy. Further, more than 4.5 million of those devices are lost or stolen annually, and cyber thieves are particularly aware of the valuable trove of information that can be tapped in those misplaced or purloined devices.
Most companies provide training as to how and when employees should use personal devices on a company network, but that training rarely, if ever, extends to family members who might share usage of those devices. As a result, an employee’s child might be the biggest security risk that a company faces.
That risk comes in many forms. A child or other family member might use a personal device to click on a link, for example, that directs them to download the latest versions of Facebook or Twitter. Those links can direct them to a phony app store and an app download that searches the personal device for network access information.
Cybersecurity experts believe that online video gaming is a particularly ripe conduit for cyberattacks. Weak security in online gaming platforms can allow hackers to steal a gamer’s online credentials or to install key loggers into a device that capture all information that a user might enter for every account accessed on the device. A hacker who steals legitimate corporate sign-in credentials can enter a corporate network undetected and cause all manner of problems for an IT security team.
The most drastic response to this situation is to preclude employees from using personal devices to access a corporate network. Because this is impractical, most employers will shun this advice and leave their networks exposed to inadvertent threats that originate with an employee’s family member. Internal cyber defense can repel some, but not all, of those threats. For those threats that do cause damage, cyber protection in the form of cybersecurity insurance can be the lifesaver that a company needs.
A successful cybersecurity attack can lead to far greater losses than a company might anticipate. Cybersecurity insurance can provide compensation for many of those losses, including:
- Expenses incurred in managing a cybersecurity incident
- Media liability coverage for website repairs and intellectual property losses or infringement
- Ransomware or extortion liability coverage
- Third-party damages associated with compensating customers or clients whose personal information is lost or stolen as a result of a data breach
For the most part, children and family members will not deliberately cause a corporate cybersecurity problem, but they generally will not use personal computers and mobile devices with the same care and caution that are instilled in employees who use the same personal devices to access a corporate network. When a company’s precautions are not enough, cybersecurity insurance will provide the necessary backstop to help a company recover from a successful cyberattack.
For more top security practices, see Cybersecurity: It’s More Than Just Technology.