Ever wonder how secure the WiFi network is at your hotel? A recent WatchGuard survey reports that 71 percent of restaurants, hotels, and cafés have inadequate security on their WiFi networks. And more than half of these networks don't even monitor for suspicious applications.
The risks here are obvious. While traveling, your clients are going to open their laptop and log on to café and hotel WiFi networks without giving a second thought to their data security. How does that affect your professional liability as an IT contractor?
Remember that as an IT consultant, you can be sued if your clients are hacked. In cyber liability lawsuits, clients often contend that their contractor's software didn't protect them from a cyber attack. Can you really be sued if a client is hacked over open WiFi? Let's look at an example.
Case Study: IT Contractor Lawsuits and WiFi Vulnerabilities
ThreatPost reports that a few weeks ago a devious developer posted malware on GitHub that was specifically designed to target users on open WiFi and trick them into divulging their login information.
Let's say one of your clients falls for this attack:
- Your client accidentally gives up their password and login information.
- The business's secure VPN can suddenly be accessed by hackers.
- Gigs of private data are exposed.
Could you really be sued for that? Yes, you can.
In the case of a WiFi phishing attack, a client could blame you if you didn't enable two-factor authentication or use other methods to protect their VPN that would have minimized the risk of a data breach. You're not responsible for the actual phishing attack, but because your security procedures didn't stop hackers who used the stolen credentials, you can be found liable.
Insurance for Tech: Cyber Liability and Professional Liability Insurance
From a risk management perspective, it doesn't matter whether you're guilty or innocent. All that matters is the cost of a lawsuit.
If a client's lax security policy leads to a data breach, the cost of the lawsuit could be enough to put you out of business. Even if the judge ruled that you weren't to blame, you could have to pay thousands of dollars in legal expenses and waste a year of your life worrying about the lawsuit.
Your IT risk management plan will need to take this into consideration. Fortunately, Professional Liability Insurance can pay for lawsuits related to your work – whether you've made a mistake or your client merely alleges you have.
Professional Liability Insurance can cover…
- Legal defense fees.
- An out-of-court settlement.
- Any damages you owe a client if you lose a lawsuit.
In addition to this coverage, many IT consultants recommend that their client invest in Data Breach Insurance (also called Cyber Liability Insurance). When clients have this policy, their insurer can cover many of the costs associated with a breach, including…
- PR expenses.
- Forensic investigation fees.
- Credit monitoring expenses.
- Client outreach costs.
If your clients have transactional, medical, or private data on their networks, it's smart to recommend that they purchase Cyber Liability Insurance. When their insurance covers most of their data breach costs, they'll be less likely to sue you for damages.