The New York Times reports on a surprising change in the world of hacking: rather than merely being the conduits of cyber crime, hackers are now being hired for personal attacks, small business disputes, and other minor quarrels.
The new website Hacker's List – à la Craigslist – allows individuals to hire hackers on the cheap to break into the data of friends, competitors, and other third parties. Anyone can log on to the site, post a job, and negotiate with hackers over fees. Users have posted jobs for…
- Hacking email or Facebook accounts.
- Hacking social media accounts to remove disparaging posts.
- Hacking school websites to change student grades.
- Hacking websites or databases in order to generate leads for a salesperson.
These hacking requests all have one thing in common: they're small-scale. These aren't the kind of cyber crimes that make headline news. Instead, Hacker's List is a forum for jealous boyfriends, enterprising salesmen, and slacker students looking to change their English 101 grade.
The Cottage Cyber Crime Industry: Like Uber, but for Hacking
Many small-business owners have been shy about investing in cyber security in part because they don't think that hackers will target them. While that's a mistaken impression (and shows how little SBOs may know about cyber liability), these small-scale hacks show that anyone who has a bone to pick with your clients now has access to tools that will allow them to break through a client's security.
If a client's competitor wants to steal IP, sales databases, information on upcoming projects, or other data, they could simply hire one of these hackers – usually for just $500 to $2,000.
At TechInsurance, we know it's easy to overreact to stories about new vulnerabilities and hacking techniques. Nonetheless, it's important to remember that it's you, the IT consultant, who is liable for these cyber risks. To help you understand your cyber liability, let's look at what issues could come up in a lawsuit.
IT Consultant Liability: Why You Can Be Sued for Client Data Breaches
Say a client's database is hacked when a competitor hires a hacker to steal sales data. A client could sue you for…
- Repair expenses for their IT.
- Lost sales revenue.
- Damage to their reputation among current customers.
These costs could be significant, ranging up to five- to six-figures for a small business. Would you really be liable for all these things? That depends on the specifics of the case and the leanings of the judge, but in theory, a cyber liability lawsuit could include all of these damages and more.
You're probably thinking about the technical side of this problem. If a client is hacked, that means someone has stolen their login credentials or used malware to remotely access their data. These security vulnerabilities are often caused by…
- Weak passwords.
- Poor data security habits.
- Problems with a third-party's software.
Can you be liable for those things?
Yes, you can. IT consultants are liable for the software they install for their clients, even if they didn't write the code. If the web service or software is hacked, you can be sued simply for recommending it to your client.
Takeaway: Cyber Liability Is Always Increasing
The story of Hacker's List is remarkable, but not all that surprising. Every day, we hear about ingenious ways hackers are outsmarting security professionals. It's only natural that someone would find a way to lower the cost of hacking.
In an environment where you're always exposed to more cyber liability, it's crucial for IT consultants to invest in Errors and Omissions Insurance. This coverage pays for your legal costs when clients sue you over issues in your work – including data breaches, cyber crime, and other security problems.