If you follow this blog at all, you know that the threat of client data breaches is everywhere. And as you likely know, when clients are the target of a data breach, they often point the finger at their IT consultants.
It’s your job to stay on top of your clients’ data security, but where do you even begin? Easy. Start by focusing on these two questions:
- Which threats are most common (and expensive) in my clients’ industries?
- Which threats are becoming more common?
Answering these two simple questions can save IT consultants time and money. Read on to learn more.
Nip the Problem in the Bud: Which Data Security Threats Are My Clients Exposed To?
How do you know which threats are most likely to affect your clients? Just take a look at Verizon’s 2014 Data Breach Investigations Report.
Verizon reviewed 63,000 security incidents and summarized some of the important trends. Here's a sampling of some of the different risks of specific industries:
- The healthcare industry: 46 percent of all data breach incidents were caused by theft or loss of devices. The next biggest risk was insider misuse, which made up 15 percent of healthcare data breaches.
- Professional industries: This includes engineering, advertising, and law firms. The biggest threats were cyber espionage (29 percent) and denial-of-service attacks (37 percent). (We profiled a few recent DDoS attacks in the article, "DDoS Attack Shuts Down Salesforce, Exposes IT Department to Liability.")
- Hotels and accommodation businesses: The biggest threat in this industry is from point-of-sale attacks, which make up 75 percent of all attacks.
- Retailers: As you would expect, point-of-sale attacks are also a major concern in this industry (31 percent of its attacks), but its biggest threat is from denial-of-service attacks (33 percent), probably because a massive amount of retail takes places via e-commerce.
These are just a few industries, but you can see how much cyber risks vary from one to the next. Project managers and security consultants need to allocate their efforts (and their budgets) according to their clients’ specific risks.
Of course, we're not advocating that you ignore the less common threats. In fact, the threat landscape changes month to month, so you need to be flexible and pay attention to new research and reports. This leads us to the second way you can refocus data security.
Be Prepared: Which Cyber Threats Are Growing?
IT security publication SC Magazine reports that the first three months of 2014 saw a spike in email attacks. In fact, it was the highest number of attacks we've seen since 2008.
Most people know to not open attachments to suspicious emails and to not download anything from untrustworthy websites. However, hackers have gotten better at disguising attachments and downloads. For instance, many sites use popup boxes claiming there's been an error. When users click the box, they unintentionally download the malware.
Phishing emails have become more advanced as well. Hackers sometimes engineer a phishing email based on the industry of the recipient, even gleaning details from information they are able to scrape off public social media sites. These "personalized" phishing attempts are becoming much more common, and clients might not be aware of the trend.
Similarly, it's important to remember that attacks are cyclical and seasonal (it's strange, but true). For example, tax season brings out fraudulent emails that appear to be tax-related. You'll also remember that there was a rash of cyber attacks during the Christmas and Thanksgiving holidays. That's because hackers know that this is peak shopping season.
Not to say we told you so, but…we told so. Before the Target data breach was known, we published a holiday cyber security reminder, a Christmas carol called "A New Holiday Tradition: 12 Days of Risk-mas" in which we warned industries about the prevalence of attacks during the holidays. If only people had listened to our silly Christmas songs!
To prevent future data breaches, you should be aware of different cyber attack "seasons," increase your vigilance during these months, and teach clients about trending attacks.
How Do I Protect My Business from Data Breach Lawsuits?
Certainly, the best way to protect your business from lawsuits is to provide high-quality work to your clients, but you should also cover your financial risk with Errors and Omissions Insurance.
E&O coverage pays for the legal expenses related to a data breach lawsuits (as well as other IT lawsuits). For a free quote on IT business insurance, fill out our online application, and let our agents customize a policy for you.