An IT consultant's work includes more than just installing software and setting up hardware. You may not realize it, but you are also responsible for teaching clients about cyber security. Take the example of a recent data breach at the University of Washington's medical school.
A UW employee opened an attachment to a phishing email. The malicious software contained in the attachment led to a data breach of over 90,000 records containing social security numbers and payment information. In response, the medical school has had to hire a cyber security crisis management firm to review its network security and contact patients who have been affected – all because of one opened email.
This news story highlights two important points about data breaches:
- Many data breaches can by caused by simple, preventable mistakes.
- After a data breach, you may go through an exhaustive and expensive process of contacting affected customers, setting up a call center to handle their concerns, reviewing client security, and hiring credit monitoring services for customers.
3 Essential Things to Know about Educating Clients
Educating your clients is one of the simplest and most direct ways to reduce the risk of a data breach (and the expensive lawsuit that can follow). To understand how client education achieves this, it helps to be familiar with the answers to three questions:
- What is third-party liability? IT professionals have "third-party liability," which means that if a hacker breaks into a client network, you – the third-party consultant or contractor who installed the network or software – can be sued. As an IT professional, you are responsible for taking reasonable precautions to secure client networks. In addition to installing secure software, those “reasonable precautions” might also include educating clients. If you don't, a client can take you to court claiming you didn't adequately prepare them for using software or hardware in a secure way.
- What are the risks posed by uninformed clients? According to the Ponemon Institute's comprehensive survey of data security, 33% of all data breaches happen because of employee errors, making in-house mistakes the second most common cause of breaches. IT consultants should educate clients about proper password usage, the dangers of using mobile devices on unsecured networks, and other general security advice.
- Where does an IT professional's liability stop? You're not liable for everything. After all, if a client makes a mistake, it might be their fault. Although you might not be responsible, it's important to remember that you can still be sued, go to court, and have to defend your case. The judge might rule in your favor, but that will still mean months of legal bills.
So what does this all mean for small-business owners? IT startups and small businesses need to protect their liabilities by educating customers, doing high-quality work, and taking advantage of the protection offered by business insurance.
Whether an employee error causes a data breach or a cyber criminal targets your software, Cyber Liability Insurance can cover your business from a data breach lawsuit. This insurance covers many of the complicated costs of a data breach, including customer notification and crisis management.
Want to learn more about the different ways Cyber Risk Insurance can protect your business? Check out "Third Party vs. First Party Cyber Risk Insurance: Protect Your IT Firm Right."