An IT consultant can install the same software for two different clients but have completely different professional liabilities for each. That's because your risk isn't determined solely by your work; it's also determined by what your clients do. Not only that, but your risks could increase after you complete your contract.
For instance, if a client merges with another business, their data will be shared differently. Your work could come under renewed scrutiny or be exposed to new threats.
In this article, we'll look at three client risk factors that increase your professional liability exposure. First, you'll need to understand what your main risks are and how technology insurance can protect small business IT companies.
Technology Insurance for IT Professionals: Protection from Lawsuit Costs
What is technology insurance? It's a nickname some IT professionals give for their Professional Liability Insurance (also called Errors and Omission Insurance). This insurance coverage pays for legal expenses when a client sues you over your work.
But these lawsuits aren't just disputes about missed deadlines and poor performance. Because IT professionals are involved in their clients' data security, they can be sued for…
- Data breaches.
- Accidental disclosures.
- Failure to perform duties.
You can even be sued if you're only peripherally involved in the client's security breach.
Say you recommend a web app to handle sales information for a client. What would happen if the web app is hacked and the client's data is exposed? Even when the software in question was written and hosted by someone else, you can be liable simply for recommending it.
For this reason, many IT consultants need to have Professional Liability Insurance. Exposure to such a wide range of risks means they need lawsuit protection. Some clients will require this insurance before you sign a contract.
3 Ways Your Clients Can Put Your Business at Risk of a Lawsuit
New York Times analyzes how JP Morgan was hacked, and it turns out the company (and its IT department) should share some of the blame.
Hackers stole login credentials but wouldn't have been able to access the bank's servers if it had consistently used two-factor authentication. Some servers required 2FA, but others hadn't been upgraded to do so.
The company's inconsistent data security is a prime example of how your clients' failures could increase their risk of a data breach, thereby increasing your risk of a lawsuit. Here are three ways clients increase your professional liability exposure:
- Not using two-factor identification on all servers. Inconsistently implementing 2FA is nearly as bad as not doing it at all. Given how often login credentials are stolen (see: "eBay Hack Could Lead to Spear Phishing"), 2FA should be used by companies when they access protected data.
- Acquiring or merging with other companies. Mergers and acquisitions are transitional times for businesses. Because a company's data will likely be shared in a merger, a massive amount of protected information will be at risk. Whether it's by granting access to new users or upgrading legacy IT, new risks arise when a merger or acquisition changes the way protected data is accessed.
- Having turnover in security / IT roles. Consistency is key to IT. As we saw in "IT Professional's Firing Would Have Been a Lawsuit for IT Contractor," when professionals at an Arizona community college district didn't know their roles, the organization's data security suffered. Key updates were not made and breaches went unnoticed. Changes in IT personnel and uncertainty about roles create havoc for security. If you notice that a company's tech personnel need clearer roles, warn your clients that this could lead to problems down the road.
Working in IT is made more difficult by the fact that your clients' habits can expose you to more risk. Be on the lookout for these risk factors, and protect yourself by investing in Professional Liability Insurance.