Remote work has blurred the lines between personal and professional digital security, creating new vulnerabilities that HR departments and employers must address, according to a Canadian insurance executive.
“The lines have been blurred more so than in the past,” said Jim Hand, head of partnerships at BOXX Insurance, in a conversation with HR News Canada. “With people working either fully remote or partially remote, people are using their home networks. They’re using additional devices, and they probably are accessing the data and the capabilities, even if they’re fully compliant with their IT practices in different ways, and that just all goes to expand the attack surface.”
Fraud remains the primary threat targeting employees, Hand said, including identity theft, credit card fraud and impersonation scams. Cyberbullying and online harassment have emerged as the second-most common threat, particularly disruptive to families.
New risks demand broader approach
Hand said employers need to expand their concept of employee wellness beyond traditional health benefits to include digital security.
“We used to think about protecting individuals, their weight, their health, their programs in terms of this, but we probably need to expand that now to think about how to protect individuals from their finances, their mental health, their stress levels from being impacted by cyber,” he said.
The company recommends HR departments look beyond IT as the sole owner of cybersecurity and recognize their role in safeguarding enterprise data through employee-focused programs.
Warning signs and response
Hand outlined several red flags employees should watch for: unexpected requests for passwords or sensitive information, urgent or fear-inducing messages, and communications from familiar contacts in unusual formats.
When an incident occurs, employers with defined emergency response plans should follow those protocols first, Hand said. But gaps emerge when employees face personal cyber incidents affecting their ability to work.
“Those are the times when it gets more messy and blurry and having somebody to turn to as a trusted advisor is that’s where that’s helpful,” he said.
Protection options
BOXX Insurance offers two main solutions. The first provides 24/7 emergency breach response, giving employees immediate access to expertise when they suspect a problem.
“If it’s nine o’clock and you’ve just filled out a bunch of information on what you thought was your bank website, until you realize, uh oh, it wasn’t my bank website. It’s 9:30 on a Sunday night. Who do I call? What do I do?” Hand said.
The second option involves personal cyber insurance designed to reimburse employees for financial losses from compromised bank accounts, fraudulent payments or gift card scams.
Hand cited data showing Canadians rank financial information compromise and identity theft as their top concerns, surpassing property crime and physical violence. Yet 69 per cent of people would not know where to turn if an incident occurred, according to company data.
“The threat is real. They’re worried about it,” Hand said. “By fulfilling that gap, they make the employees feel better because they have protection, and they also help their own cyber resiliency, because as employees are more protected, the organization is more protected.”
