People outside of the tech industry get more than a little confused when you talk about data breaches, identity theft, and pretty much any of the technical aspects of data security. Unfortunately, this means that consumers and clients might not take data breaches seriously, which can lead to more problems for IT professionals.
According to a press release on PRWeb, bestIDtheftcompanys.com, a review site for identity protection services, surveyed 1,000 consumers about how they would respond to a data breach that might have exposed their data. Shockingly, respondents were unconcerned about data security. Only 16 percent said that they would sign up for credit monitoring, while more than a third said they would ignore it completely.
We'll take this survey as a starting point for analyzing what IT professionals can do about clients and consumers who take a haphazard approach to data security.
Heartbleed Case Study: Clients Slow to Upgrade, Quick to Lawsuits
The recent news about Heartbleed provides more evidence about the dangers of lax security standards. A week after news about the Heartbleed flaw spread, more than seven percent of websites with OpenSSL still hadn't upgraded their software. In other words, despite the fact that everyone in IT is talking about this free-to-fix security flaw, seven percent of these websites are still vulnerable. (You can track these upgrades on zmap.com's Heartbleed Bug tracker).
As an IT consultant or network consultant, let's say you advised a client to upgrade their server software, but they were slow to do so. Their network encryption keys are compromised in a Heartbleed hack, and suddenly you're looking at lawsuits for a data breach involving 100,000 personal records.
If clients don't take these risks seriously and don't move quickly to update their software, you (and their businesses) will be exposed to more risk. It's your responsibility to make sure clients understand the importance of upgrades and maintain high security standards.
Tech-Illiterate Clients, Consumers, and Employees Expose Your Business to Lawsuits
Client education is one of the most underrated ways of reducing IT risks. Many clients simply don't know how to use their devices securely. As the research we referenced suggests, many users don't see the importance of data security because they assume data breaches won't affect them.
A client's employee may have the same attitude, leading them to adopt unsafe data security practices. Here are some common pitfalls clients and users often fall into:
- Choosing easy-to-crack passwords.
- Using the same passwords on many accounts.
- Having bring-your-own-device (BYOD) workplaces, where employees can use personal devices on the company network.
- Using unsecured Wi-Fi.
- Storing company data on personal devices.
As you work with clients, make sure they institute strong IT standards at the company-wide level. For a more thorough analysis of ways to prevent client-side data breaches, see the article "Client Education Resources for Fighting Data Breaches."
Protect Your Business with Professional Liability Insurance
Because IT professionals are exposed to risk from their clients’ use of technology (which they might not always completely understand), Professional Liability Insurance (also called E&O Insurance) is a vital component of small business risk management.
E & O Insurance covers your legal expenses when you're sued for a client-side data breach or other problem with the software or hardware you service.