SelfIdentification

WE'RE FILTERING INFORMATION BASED ON YOUR BUSINESS

· ·

CHANGE  

GO!
Web Content Viewer (JSR 286)
Decorative Image
Web Content Viewer (JSR 286)

PRODUCTS & SERVICES

Subscribe Now

To subscribe to all of CNA’s Healthcare publications, visit the Healthcare Preference Center today.

Go to the CNA Healthcare Preference Center

Download Electronic Medical Records Minimizing Litigation Risks in the ER

This report examines three major EMR-related issues and suggests countermeasures to protect patients and minimize liability exposures.

Download Your Free Copy Now

SORCE for Healthcare

CNA is proud to offer our School of Risk Control Excellence (SORCE®), world-class training to help healthcare institutions control their risk and manage their exposures.

Learn more

Share
Published Wednesday, March 25, 2020

More than ever before, companies of all sizes are allowing employees to work remotely. Unfortunately, some organizations are not fully prepared for this sudden change to a remote workforce.  Telecommuting can potentially put your company at increased risk of a cyberattack.  


Many companies offer telecommuting and have company-owned and managed devices and robust security defense to protect remote access.  Until recently, some smaller organizations might have thought that they did not need – or lacked the opportunity - to develop this type of infrastructure. This does not have to be the case:  business of every size can take proactive steps to enhance their information security posture.


For businesses of all sizes, we recommend these basic steps to help ensure your transition to telecommuting goes as smoothly as possible:

 

  • Ideally, employees working remotely should use only company-issued or approved devices to securely access company resources.  If employees generate business records on their personal devices and outside the company’s control, it may not only lessen their security but also complicate your company’s compliance functions, trade secret protection, nondisclosure agreements, record retention policies, subpoenas, and legal process, among other things.
  • For company devices, consider prohibiting personal email or other non-business use. 
  • All devices should be equipped with up-to-date antivirus and anti-malware solutions, and 
  • follow regular software updates and security patch schedules.
  • All data should be encrypted, whether in transit or at rest.  Since remote workers may be operating on less secure networks at home or on the road, implementing a virtual private network (VPN) with multi-factor authentication protects these connections
  • If personal devices are used for business purposes, consider ways to educate and require employees to strengthen their security settings and firewall configuration.  For example, require strong passwords, preferably 8-20 characters with combinations of capital and lowercase letters, numbers and special characters. You may also consider a password manager solution.

 

Telecommuting employees also need to be vigilant and follow best practices. These guidelines may help protect data confidentiality:

 

  • When working from home, individuals should exercise responsibility for their own personal electronic hardware like Wi-Fi routers, cable modems, printers, scanners, and portable devices.  A backdoor into their home network may be a backdoor into the company network.  Consider asking them to follow your company guidelines (or, if your company does not want to undertake to issue such guidelines, then their devices’ manufacturers’ guidelines) for keeping their software and firmware up to date, for using strong passwords and security settings, and for patching device operating systems regularly 
  • Employees should keep electronic work files on company systems or on company-issued hardware, and not on their personal devices. 
  • Don’t leave sensitive information in plain view – on paper or onscreen. 
  • Make sure your device has a lockout feature after a short period of inactivity.
  • Shred all paper containing sensitive information once it’s no longer needed. 
  • Use care before clicking on links or attachments in emails.  Even if the sender looks legitimate, when in doubt utilize “out of band verification”, call the sender from a known good phone number to verify the messages authenticity. 
  • If you receive a phone call or email asking for your personal or financial information, do not share. 
  • Never share any user ID or password 
  • Verify any charity or community group’s authenticity before making a donation. 

 

The ultimate goals of information security are confidentiality, integrity and availability – ensuring that remote communications are private and unaltered, and resources are available when needed. By following these guidelines, you can help move your organization towards achieving those goals and creating a safer, more functional telecommuting environment – helping your organization stay connected. 


To learn more about how CNA’s Risk Control services can help you manage your risks and increase efficiencies, visit http://cna.com/cyber.
 

Insurance for Physicians

With more than 50 years of experience in the healthcare industry, CNA is a trusted leader and top underwriter of healthcare insurance products and services for a wide spectrum of organizations.

As a physician working in a large group practice or clinic, hospital or healthcare delivery system, you've made a decision to focus on your patients — free from the demands of building and managing a traditional private practice. You need an insurance carrier that understands the fast-paced medical environment in which you perform your professional services, as well as the challenges you encounter on a daily basis.

CNA's extensive industry knowledge, valuable insight and core coverages are tailored to meet the unique needs of physicians who pursue a traditional practice. This expertise also gives us the ability to write nontraditional and hard-to-place risks to qualified insureds. And because your insurance needs go beyond professional liability, our CNA Connect® product can provide you with your Commercial General Liability, Property, Cyber Liability and Commercial Auto coverages for the practice that you have worked so hard to build.

We understand that risks and litigation environments vary dramatically from region to region. Our state-specific underwriting and claim capabilities ensure appropriate coverage levels to address your unique exposures. The Healthcare claim team deploys its talent and expertise in working with internal colleagues dedicated to claims of high severity and complexity, as well as nationally recognized external attorneys versed in high severity claims, including birth trauma, neurological injury, other catastrophic injury and certain aging services matters. And our highly skilled risk control consultants can assist you in addressing the specific exposures your organization faces.

Products

Learn more about our broad portfolio of insurance solutions specialized to meet the needs of your business.

CNA offers a broad portfolio of insurance solutions — from general liability to property to professional and management liability and more — specialized to meet the needs of your business.

Services

Explore our services designed to help you manage your claims, understand your exposures, address potential losses and maintain business continuity.

CNA offers an array of services designed to help you manage your claims, understand your exposures, address potential losses and maintain business continuity.

Business Insurance Fundamentals

Learn more about how to identify the insurance and services you need to safeguard your business.

Are you looking to learn more about the kinds of insurance coverage you need before you contact your local independent agent or broker? We've developed some helpful resources and tools to get you started.

What kind of insurance do I need?
Identifying the right coverages that address your risk exposures and your greatest challenges is important. To help determine your business insurance needs, use this checklist to help guide your discussion with your independent insurance agent.

What is risk control?
Preventing and controlling risk can be just as important as being properly covered. CNA Risk Control offers a wide range of services focusing on management accountability, cost drivers and business solutions to help you improve your bottom-line profit.

Why use an independent agent?
Dedicated to offering the broadest selection of policies and coverage to best meet their customers' needs, independent agents represent multiple product lines from more than one carrier. CNA is proud to support the Independent Insurance Agents & Brokers of America and their Young Agents Committee. Find a local independent agent for you.

How can I prepare for an emergency?
Learn how to safeguard your business, your employees and your family in the event of an emergency by visiting Resources to Manage & Reduce Risk for online tools and resources from CNA's own business continuity planners and government organizations.

How can I better prepare for my policy renewal?
Your independent insurance agent is your best resource to ensure your business has the proper insurance coverage as it changes and grows year over year. Review this list of 10 items to prepare for your conversation about how your business and its insurance needs have changed since your policy was issued.

Twitter
LinkedIn
Email

CNA Cyber Risk Solutions

Warranty and Alternative Risks

Business Interruption

Commercial Auto

Directors & Officers (D&O)

Employment Practices Liability (EPL)

Equipment Breakdown

Medical & Scientific Equipment

Healthcare Professional Liability

Property

Workers’ Compensation

International

Litigation Counsel

California Medical Provider Network (MPN)

CNA Claim Services

Outcomes Based Network and CNA Selected Providers

CNA Risk Control Services

Special Investigations Unit (SIU)

Texas Healthcare Network (HCN)

Workers' Compensation Medical Provider Networks

hiddenheader