02.08.11
Data Breaches and Cyber Risk
Recent news surrounding the WikiLeaks scandal highlights the danger of electronic data leaks. While there are regulations in place now, most are centered around protecting consumers’ information (social security and credit card numbers), rather than corporate intellectual property.
What lessons can companies learn to avoid the release of potentially damaging information? First, “companies should attempt to understand employee concerns and head off problems that might drive the staff to leak information to third parties.” Nearly half of data breaches involve insiders. “In addition, roughly half of the breaches in 2009 involved the use of organizational resources or privileges for purposes contrary to those intended—actions typically done in ignorance of policy or for the sake of convenience, personal gain or malice.”
Secondly, companies need to keep tabs on their information and those handling it. For example, perhaps customers’ sensitive information could be destroyed after the transaction is concluded. In addition, credit card information may be sent to a third party service provider for authorization and settlement. The result is that information never resides in the company’s own computer system. “When sensitive data must be maintained, proper training of employees is vital, experts say.”
Finally, monitoring employees’ system use can help identify problems. Passwords should be changed regularly—and not posted nearby. “Companies that suffered cyber attacks in 2010 reported that those events took numerous forms.” The most common of these were malware infection (67%), being fraudulently represented as a phishing message sender (39%), laptop or mobile hardware theft or loss (34%) and insider abuse of internet access or e-mail (25%).
From Business Insurance, January 3, 2011 edition, pp. 1 and 20.
Cyber Security Liability insurance is available to protect your business from significant financial and public relations losses. Please call us if you are interested in learning more.