M-F 8:00AM TO 5:30PM CST
Better coverage. Better price.
Don't Risk IT

Don’t Forget to Floss Your Passwords: “Cyber Hygiene” Is the Latest in Data Breach Prevention

The former Homeland Security chief offers a warning about growing cyber threats. Here's his take, plus how you can get your clients to adopt better security.

Wednesday, May 21, 2014/Categories: cloud-security

The former head of Homeland Security Michael Chertoff knows a thing or two about security. So when he says that cyber attacks are occurring at "unprecedented" levels, our ears perk up.

In a recent Insurance Journal article, Chertoff suggests that Internet users should practice what he calls "cyber hygiene" and adopt a series of good habits that make your data more secure and protects your online accounts.

His health metaphor is an apt one. A healthy person takes precaution to eat well, avoid bad habits, and live hygienically. Similarly, "healthy" Internet users strengthen their online security and avoid the sites, emails, and apps that are prone to risk.

For starters, Chertoff recommends that users…

  1. Use unique passwords for every site that has important data on it.
  2. Use complex, hard-to-guess passwords.
  3. Refrain from answering security questions with obvious, easy-to-guess answers.
  4. Refrain from using untrustworthy WiFi (e.g., from coffee shops, hotels, and other public providers).

These are the simplest, most basic ways to improve data security. But what percentage of your clients (and their employees) do you think actually follow these recommendations? Chances are, it’s not 100 percent.

How to Get Clients to Improve Security Habits: Understand the Knowledge Gap

We've written a lot about the knowledge gap between IT experts like you and your clients (see "Client Education Resources for Fighting Data Breaches"). While you recognize strong cyber security habits and why they are important, your clients might not. Or if they do know that they should use better passwords or two-step verification, they may not think it's worth the effort and can't imagine they'd ever be hacked.

That's just the problem, though. If a client is breached, you can be sued. You're on the hook for your clients' cyber security habits. Because of this, you need to help clients understand what's at stake and properly institute better data security.

Take email security, for example. The cyber security company AppRiver issued a report on cyber attacks in the first quarter of 2014. The company's current data is astonishing, especially for its revelations about email threats:

  • In the first quarter of 2014, there was a 200 percent increase in malware-laced emails.
  • In January, nearly 1 in 10 emails contained malware.

Email threats are a great example of the divide between IT consultants and clients. When clients think about email threats, they think of the typical spam they receive. They know not to click on links or attachments in emails about erectile dysfunction drugs or Nigerian princes who need access to their bank accounts. These are obviously fake and easy to avoid.

What clients don't know is that email attacks have become more sophisticated. Spear phishing attacks are often designed to look like an email from an employee's boss. Other phishing schemes use emails and attachments that look like they are coming from a payroll vendor or someone else the company works with.

With the massive amount of information people post on their social media sites, hackers can use "social engineering," a process of scraping data from social media sites to build custom phishing emails.

Many clients are unaware of the sophistication of these attacks, and unfortunately, their ignorance can end up costing you.

How to Protect Your Business from Client Data Breaches and Attacks

In order to protect your business, you'll need to help your clients understand why and how they can improve their data security.

But as you know, you can't rely 100 percent on your clients, and even if you could, you simply can't prevent all data breaches. To protect your business from data breach lawsuits, you can invest in Errors and Omissions Insurance.

E & O Insurance pays for lawsuits about professional mistakes you make – or are accused of making. Whether it's a missed deadline, a performance issue, or a data breach, E & O Insurance can cover an IT professional’s legal expenses and pay for damages they owe to their clients.

Make sure to fill out our free online E&O Insurance application. Submit the application and our agents will send you free quotes on this crucial insurance policy.

The Small Business
Insurance Leader
800.688.1984 | 8 am - 5:30 pm CST | M-F
Customer Rating 4.9 out of 5
Read Customer Reviews


The Small Business Insurance Leader