Security & Cyber Risks
Human Error, Lax Security Procedures Open Data Breaches, Create Liabilities Better risk management, software solutions can help secure porous IT systems
What happens if backup computer tapes are lost en route to an offsite storage site and it is unclear whether the information on them is protected by encryption? Or what if, by mistake, a company sends out a bill to one customer that includes private information about other customers?
By Bob Ditmore
What if a professor loses his laptop containing sensitive information about students while he is on vacation in Africa? Or a company’s internal database with private employee information is inadvertently exposed to the world on an external Web site?
Contrary to what many might think, the common thread among these data breaches is not the hackers (outsiders who break into your computer system) and phishers (e-mail con artists who try to trick you into supplying private information) that people worry about when they think of stolen data.
Actually, the common problem is a lack of adequate risk management—most often lax company procedures and human error. These types of incidents have always been far more frequent than anyone likes to admit, but they are increasingly coming to our attention because of laws and regulations that require companies to notify people who are potentially affected when data goes astray.
As they fall under increasing regulatory scrutiny, companies need to focus on data security to avoid not only the cost of cleaning up security breaches but also the loss of reputation and trust that can affect future business growth. The simple approaches of the past— requiring employees to change passwords frequently, relying on firewalls to keep out hackers and encrypting sensitive data—are no longer enough.
Fortunately, as the threat of data loss has grown more complex, the technology tools designed to protect information have become increasingly more sophisticated. Combined with rigorous risk management policies and procedures, these tools can help companies avoid costly data breaches.
THREAT FROM WITHIN
Three trends are driving increasing efforts to protect private data.
First, more data about people is being collected than ever. With our information-intense economy and the continuing development of technology networks, personal data is housed by almost every business and government organization that touches our lives.
While most people believe the biggest threats to their privacy are evil computer hackers, the truth is usually far more mundane. In many cases, problems begin with an organization’s policy that backfires or an employee who makes a mistake. The solution to data breaches boils down to establishing smart policies, training employees on proper procedures, and then following up with frequent monitoring and enforcement.
Today’s sophisticated data security software can help an organization by “fingerprinting” sensitive data so it can be detected as it moves through and out of a system. Such software can also perform real-time scanning and analysis to detect unusual patterns of data use. And it can store events related to critical information in a searchable database to help with post-incident analysis if data is lost.
Today’s technology has opened the door to new risks, but it has also supplied tools to address that risk. However, in the end, common sense is the best guide to protecting private data.
Among the steps you can take:
However, also recognize that human error is not always avoidable. When something goes wrong despite your best efforts, make sure the company is protected from liability with insurance that specifically addresses electronic data losses. Companies need to focus on data security to avoid not only the cost of cleaning up security breaches but also the loss of reputation and trust that can affect future business growth.”
Bob Ditmore is senior vice president of global technology for Hartford-based Travelers. He can be reached at firstname.lastname@example.org.
(#14752) Reprinted with permission from National Underwriter P & C. Copyrighted 2007 by The National Underwriter Company. All Rights Reserved.