Before we talk about a new malware threat that targets WiFi users, let's discuss IT contractor liability. To do so, we'll use a metaphor. Let's imagine you're an electrician.
You're hired to wire a new expansion a client just built on their home. As you begin the project, you realize that the house's wiring is dangerously out-of-date. An electrical fire could happen at any time. The safety of your client's home is seriously at risk. What would you do?
Without question, you'd warn the client about the hazard and offer your services for hire. But what would happen if you didn't say anything? Simply put, you could be sued. If the client's house burned down, their lawyers would likely target your electrical business, arguing that your work led to the fire or that you ignored hazards you should have warned the client about.
Hopefully, you'll forgive the long metaphor, but you can see where we're going. As an IT contractor, you're liable not just for doing your job, but for calling your client's attention to serious security lapses.
Let's look at why WiFi users continue to be at risk and what you should do to warn your clients.
New WiFi Phishing Malware Posted for Free Online
The crowd open-sourced software community is a software developer's utopia – except when users on GitHub post malware that can hack your client's WiFi.
ThreatPost details how this new malware, called "wifiphisher," can be launched on WiFi networks and trick users into giving up their logins and passwords. The malware…
- Disrupts users' Internet access.
- Disconnects them.
- Launches a fake WPA login page.
Gullible users will think they need to log into the WiFi and likely enter their network ID and password. This allows the malicious user to access their secure data and potentially set up a man-in-the-middle attack.
Cyber Liability Lessons: Why You Need To Warn Clients about Phishing Attacks
When IT consultants teach their clients about network security, they have to walk a fine line. It's easy to sound paranoid. If you freak out about every new malware, clients will stop paying attention. It's a classic boy-cries-wolf problem.
To avoid this, emphasize that cyber security is a habitual practice. Just as good drivers develop safe habits, good web users should know what to avoid. A sys admin might use this new malware as an example of the kind of problems a user might stumble into.
It's possible that some of your client's employees have never heard about phishing attacks and have no idea why they should never type their login info into any window that looks unfamiliar to them, even if it is disguised to look like there's been a network error and they need to reconnect.
Professional Liability Insurance: Coverage for Emerging Cyber Threats
Even as new malware is posted online and new tools are developed to attack your clients' WiFi, devices, and networks, IT consulting Professional Liability Insurance can cover your risk exposure.
Professional Liability Insurance (also called Errors and Omissions Insurance) offers third-party Cyber Liability coverage, which pays for lawsuits when a client's network security is compromised and they file a lawsuit against you.
If a client's data is breached after a phishing attack, you could be sued for damages. Remember that metaphor above? Like electricians, IT consultants are responsible for recognizing potential hazards and warning clients about them. So make sure you speak up if you notice that a client's data security standards are subpar.
To learn more about covering your professional liabilities, check out TechInsurance's sample insurance quotes for IT contractors.