Tell me if you've heard this one before: a tech company decides not to support older versions of its software, exposing countless users to known vulnerabilities. According to Threatpost, that's just what happened when Google told security researchers it wouldn't support WebView, the webpage-loading app that came bundled with earlier versions of the Android OS.
After rolling out Android version 4.4 (aka KitKat), Google dropped WebView from its mobile OS. The software is still used on millions of devices because so many people have older phones. In fact, this is exactly the kind of security liability that affects small businesses, which are more likely to have outdated technology.
As an IT consultant, you can be liable for data breaches on your clients' devices. In order to protect your business from a professional liability lawsuit, you'll need to warn clients about the dangers of using outdated software and hardware, and hopefully, convince them to update to more secure platforms.
Understanding an IT Consultant's Professional Liability Risk Exposure
Think about what the typical small-business owner's information technology budget looks like. In a word: shoestring. In order to save money on their IT, many of your small- and medium-sized business clients do the following:
- Ask employees to use their own laptops, smartphones, tablets, and other devices (i.e., maintain a BYOD workplace).
- Use old computers and software.
- Wait to upgrade or install updates out of fear that their legacy IT and old data won't integrate with newer software.
While these strategies help your clients save money, they expose you to more risk. To help you understand how your professional liability works, let's look at an example.
Case Study: Professional Liability Lawsuit Filed against IT Contractor
Say your client maintains a BYOD workplace and one employee's old Android phone is hacked. The security breach exposes your client's network and cyber criminals steal their data, including customer payment information, addresses, and other protected information. The data breach costs your clients $25,000 in PR, legal, and IT costs.
To recoup these expenses, the client files a lawsuit against your IT firm, claiming…
- Your security software should have prevented the data breach.
- You should have advised them about the perils of BYOD workplaces and suggested solutions to limit their risk.
- You should have put stricter controls on the company's data that would have prevented malicious outsiders from accessing it.
For IT to be effective, the client's users have to be committed to using their technology securely. Bad data security habits can lead to data breaches no matter how rigorous a company's IT is. That's why professional liability lawsuits are such a danger for IT consultants. You can be sued even if your IT is sound.
So what can you do to protect your company when your clients are always cutting corners on data security and tech companies are frequently dropping support for old software? To protect their business from data breach lawsuits, many IT professionals invest in Professional Liability Insurance, which can pay for lawyers' fees, legal costs, and damages you have to pay clients for breaches.