A few weeks ago, we explored the hacking industry in the article "Is Hacking for Hire Covered by Professional Liability Insurance." We warned that IT consultants who offered these services could see an increase in their professional liability.
Our warning isn't without merit. The FBI is cracking down on hacking-for-hire – the practice of hiring tech firms to break into personal and business accounts. Why would someone hire a hacker? Sometimes it's for petty jealousy (to see if a spouse is cheating), other times it's to gain an advantage against the competition. Lawyers have even used hacking-for-hire to get access to evidence.
Allow us to state the obvious: accessing someone's data without permission is still illegal. And an Errors and Omissions Insurance policy won't cover illegal activities like fraud and unauthorized hacking. So it's crucial that you avoid any shady business.
Don't Get Caught in a Legal Mire, Avoid Hacking for Hire
The New York Times reports that hacking-for-hire consultants can face serious jail time. The FBI has specifically been going after hacking-for-hire firms, so now isn't exactly the best time to offer this service.
While it may seem obvious that hacking is illegal, some private investigators have incorporated this strategy into their business, which makes some sense. Private investigators follow people and snoop around to get information. That's essentially what low-level hacking-for-hire is. However, these digital Humphrey Bogarts can face serious legal consequences.
If a client asks you to do anything sketchy, it's worth your time to contact a lawyer before proceeding (or simply refuse to do it).
It might sound like we're making a mountain out of a mole hill, but the 21st century workplace frequently blurs the line between business and personal. What if a client asked you to access a Facebook account that an employee used for business? Or what if a client needed to access an employee laptop that was locked by a password?
When clients run a BYOD workplace or have loose social media policies, it can be hard to know whether you're infringing on an employee's rights by accessing accounts or devices that are used in both personal and professional ways.
What Errors and Omissions Insurance Won't Cover
The story of hacking-for-hire offers a good opportunity to point out what isn't covered by Errors and Omissions Insurance, including…
- Fraud. While you'd never commit fraud, remember that your business is also responsible for employee behavior. Fraud, theft, and illegal access of data committed by your employees won't be covered by E&O.
- False advertising. If a client sues you for misrepresenting your IT qualifications or services offered, an Errors and Omissions Insurance policy won't cover you.
- Property damage. If you damage a client's property, your Professional Liability coverage won't pay for it. (This is covered by a General Liability Insurance policy.)
Don't think that your insurance covers everything. Errors and Omissions Insurance only covers professional mistakes, not crimes. The law won't forgive you for your ignorance. Consult with a lawyer before agreeing to do any sketchy hacking or security work.