How Trust Affects IT Security and Subcontractors
Recently T-Mobile used Experian, a subcontractor, to do the credit reporting for consumers who signed up for the company's mobile services. More than 15 million applicants had their personal information stolen by hackers from a server maintained by Experian.
No one knows exactly how the hack occurred. We do know that the stolen data included Social Security numbers, driver's license numbers and dates of birth, and this kind of information is gold to an identity thief. Unfortunately, the data may not have been encrypted on Experian's server.
These data crooks can open new credit lines, file bogus tax returns and in many other ways steal identities for profit. A breach that "only" compromises credit card information can be remedied by cancelling the card, whereas personal information is, well, personal!
Factoring Data Breach Costs
Data breach costs can range from class action lawsuits and fines to the deployment of new IT measures and the education of employees. But the biggest cost is the loss of revenue that can result from the loss of trust. As a result, information security is an issue that is now addressed in corporate boardrooms.
According to the Ponemon Institute, the average cost of a data breach is at least $3.5 million per company. Costs include class action lawsuits, fines, deployment of new IT measures and the training of employees. But these costs pale in comparison to the loss of trust. It can lead to both short-term and long-term damage. In fact, some companies never recover from the loss of trust.
Hence, it is clear that a company's most valuable asset is its reputation. How can it best be protected?
What About Laptop Security?
Industry estimates are that six out of ten breaches emanate from a lost or stolen laptop. The more information we store in the cloud, the more we need to secure the endpoints. Especially since user names and passwords are stored in the browser, a hacked laptop could mean giving away the keys to the kingdom, and it often goes unnoticed...until real damage is done.
Encryption to the Rescue
Many companies such as those in the insurance and financial services industries, given the sensitive nature of the data to which they have access, are obligated to leverage third-party protection to the highest possible standard: full disk encryption. But there is a problem, especially in small- to mid-sized organizations. When it comes to the installation of full disk encryption, deployment and management are typically the responsibility of an IT department.
But small firms don't have IT departments, and the employees themselves are busy with day-to-day responsibilities and don't have the resources or the skills to handle this themselves. The ideal solution for these firms is to rely on a provider of endpoint security as-a-service to handle encryption deployment and management.
Trust me.