It's nice when someone does the work for you. This week, the Consumer Protection Bureau released a guide to preventing consumer data breaches, which is a helpful resource to use with clients.
The resource is written more for the consumer than the IT professional, so it makes a good resource you can distribute to clients, particularly those who have general questions about data security, and want to know what to do after a breach like the one at Target.
We've outline how to improve client communication in "How to Talk Cyber Security Issues with your Clients," but let's go into more detail about the kinds of questions clients might have and the resources you can use to explain data security issues.
Data Security 101: How to Explain Basic Cyber Security to Clients
The Consumer Protection Bureau's guide is a good outline of the basic concerns most consumers have about their data security. But you might need to put together more detailed resources for your clients.
Whether you make a data security FAQ or just talk to your clients, these are the concerns you'll have to address…
- Explain the difference between a data breach and identity theft. A data breach just means a third party unlawfully accessed information. It doesn't mean that they have used it – or will use it – to make illegal purchases. When someone uses stolen data to make a purchase, that’s when identity theft occurs. TechRepublic offers more detail on this in its infographic on what happens after a data breach.
- Outline what to do after a breach. Clients should keep an eye on their bank accounts (always a good habit) and check for any unauthorized purchases.
- Reassure clients they aren't responsible for purchases resulting from identity theft. Clients should always alert their banks immediately after they notice a suspicious transaction on their account. If they catch the unauthorized purchase within six months, their bank should reimburse them.
Breaking down a Client’s Data Breach Liabilities in Plain English (and more Infographics)
As an IT consultant, project manager, systems admin, or other tech professional, you have to remember that your liabilities are tied up with your client's. If your clients don't practice strong cyber security and get hacked, you can be sued. You have a vested interest in making sure they understand the basics of data security.
Here are some resources and ways to increase your client's security.
- Improve their passwords. Lifehacker posted this password infographic that explains the best and most secure ways to choose a password. Use this or other visual tools to convince your clients of the importance of a strong password.
- Explain when and how to use the cloud / VPNs. Some clients might not understand that cloud computing and VPNs are used for security as well as practical reasons. Make sure they know not to download sensitive data from the cloud or a VPN onto personal devices that aren't protected by the company's firewall.
- Emphasize mobile risk. Mobile devices introduce major security risks. When an employee takes their laptop out of the office, they expose it to all sorts of risks from unsecured WiFi and malware. TechJounral summarizes this threat in an infographic about mobile data breaches.
- Teach proper email security. Numerous data breaches are caused by preventable errors. One of the most common occurs when an employee opens a phishing email or other email with malware. Teach clients to be suspicious of any unknown emails or emails that ask you to "verify" your account information. These are often just fronts for hackers.
Realistically, you can't watch over your clients' shoulders, making sure they follow proper data security protocol. For this reason, you'll not only need to teach them good habits, but you'll also need to cover your business with Professional Liability Insurance.
Professional Liability coverage (also called Errors and Omissions Insurance) covers data breach lawsuits, when the breach occurs on your client's computers, devices, VPNs, or other technology. Check out our sample E&O Insurance quotes for IT consultants, web designers, and freelancers.