As the issue of Cyber Security in the heats up let’s offer some clarity on at least one important point that can minimize occurrences, increase the likelihood of proper security and ensure you minimize cost when purchasing cyber liability and data breach insurance policy.
Company Ownership The argument for retaining ownership of your employee’s mobile devices is cut and dried as far as I’m concerned. Even for firms such as virtual assistant companies and others with 1099 employees. So why is this so?
Security More than 60% of all data breaches involve employee negligence. Not actual piracy. Not actual theft. Simply put, it is more likely that you or an employee will leave a laptop, iPad or other mobile device in an airport, a coffee shop, a rental car. If that device, laden with customer or company data is exposed to a liability risk it is easier to ensure prevention of an actual breach if ownership of the device and therefore the password, the way the device is used, etc. is retained by the company. Add to this scenario proper usage and privacy policies in place and you can reduce your insurance costs and increase the likelihood of preventing a problem in the first place.
Viruses Wireless device apps can contain or pass on viruses and worms just like computer applications and emails. With easy access to the network these disasters can spread. Properly implemented virus protection is very difficult to implement and almost impossible to maintain on an ongoing basis with personally managed devices. With corporate devices the protection can be installed before issuance and ungraded through centralized initiatives.
Privacy Policy Violation A wireless device can hold a multitude of company files. Without an enforceable password policy and the ability to ‘wipe’ the device when lost, stolen, or no longer used, the files can easily become accessible by the public. In nearly all cases this would be a violation of the company’s Privacy Policy assuming one is in place. It could expose the company to unknown liability due to a lack of ability to control the device and subject the private asset to the policy.
In conclusion The best scenario for your data-oriented business is to have a well-designed privacy policy in place, properly train employees on your best practices and to mitigate any outstanding risk with comprehensive coverage purchased through an insurance professional who is educated in the latest cyber and privacy policy information.
Scott Graves is passionate about helping business owners. Tune in to his show ’The No Boundaries Radio Hour’ with co-Host Dennis Mannone on the No Boundaries Radio Network. Meet him at the crossroads between strategy and innovation at scott@smgravesassociates.com or twitter @smgcreative.