If you’re a security expert or IT consultant, one of your professional responsibilities is to keep track of the security threats that could cause data breaches on your clients’ networks. Because the data security landscape changes day by day, this task is easier said than done.
So how do you stay informed about new cyber threats? Because traditional media often report data breaches days or weeks after they happen, you need faster sources of information.
Before we look at some of the tools you can use to keep track of data breach news and software vulnerabilities, let's examine why you can't rely on a vendor to inform you about a breach on its network or a software flaw in its product.
eBay Data Breach Shows Why You Can't Rely on Vendors to Alert You about a Data Breach
Simply put, many vendors are slow to warn their customers about a data breach. Companies often want to know exactly how many customers were affected and where the breach happened before they make public announcements. This means they don't officially acknowledge a breach until long after news organizations have run the story.
As we reported in our post "eBay Data Breach Shows Danger of Phishing Attacks on Small Businesses," eBay was hacked and millions of user passwords were stolen. Strangely, it wasn't until a week later that eBay alerted its customers that they needed to change their passwords for this site and any other sites that are protected by the same password.
eBay was willing to talk with the media about the data breach, but didn't tell its own customers directly about the breach until much later. By that time, logins and passwords were already being sold online in identity theft forums. Talk about too little, too late.
How Do IT Consultants Stay on Top of New Cyber Threats?
A recent PC World article explains how the Electronic Frontier Foundation ranks many companies' data security efforts for transparency and overall security. Apple and Google get high marks, but a surprising number of big-name tech companies don't. Amazon, AT&T, and Snapchat all get poor ratings.
Revelations like this point out how little we really know about a company's security efforts. This is a problem for IT consultants who have to rely on vendors for a number of key aspects of the IT infrastructure they install at their clients’ offices.
So what can you do if many vendors have data security issues and you can't rely on them to alert you to flaws in their security? You'll need to get your news from better, faster sources.
Here are four resources to help you track threats to your client's data security:
- Blogs. Often, journalists pick up data breach stories days after experts first started discussing the issue on their blogs. Case in point: about a week before it was making headline news, security news blogger Brian Krebs had posted about a possible data breach at Target. Recommended blogs: Krebs on Security and ThreatPost.
- Twitter. Some people joke about Twitter as if it were a site only used by teens posting selfies. Actually, that's Instagram. In fact, Twitter can be a hugely important data security tool. Following the right people on Twitter can alert you to data security issues before they appear in the news. In addition to the blogs we mentioned above, some good follows include Bruce Schneier (@Schneierblog), Robert David Graham (@erratarob), and Audit Shark (@AuditShark).
- TechInsurance's Small Business Center blog. As a risk management site, we track cyber security issues with a focus on the legal risks IT small businesses face. This is obviously different than the technical blogs you might read about data security. But reading our site can be a useful way to understand how these issues affect real-life small businesses and their budgets.
- Mobile apps. Lifehacker reports that new versions of the mobile app BillGuard alert users when banks, e-commerce sites, and other companies they've made purchases from have been hacked. This data breach alert is a helpful feature and can be a smart way to make sure you and your clients are in the loop about their data security.
While it's crucial to stay in touch with data security news, one of the important things to remember is that by the time an expert writes a blog post, a data breach or security flaw has already occurred.
Following the right blogs and Twitter accounts is important, but it's not enough. To cover your data security liability, you need more comprehensive liability coverage. Errors and Omissions Insurance can cover IT consultants and small businesses when their clients are hacked.
For a free quote on IT liability insurance, fill out our online insurance quote form. You can get a free quote for E & O, Property, General Liability, or other small business insurance policies.