In recent days, we've seen a slew of new mobile devices and apps designed to prevent data breaches. Last week's RSA conference in San Francisco provided developers, engineers, and tech companies a chance to display the latest in cyber security, cryptography, and other hacking-prevention technology.
An NPR report highlights one particular piece of new technology: a mobile device called the Blackphone, designed with security in mind. The phone is a product of a joint effort between two smaller phone companies: Geeksphone and Silent Circle. This Android device isn't hack-proof, but it has some added safety features that protect its users.
For starters, the phone's default settings prohibit apps from sending some private information back to the app developers. For instance, it won't send your physical location to apps you've downloaded (unless you modify the settings). The phone can also encrypt texts and phone calls when they are sent in network.
But will these new, smarter smartphones actually protect consumers? Maybe. Is any phone hack-proof? That answer is obviously no.
Business Liabilities for Security Consultants and App Developers
These new phones, while an improvement, will expose IT companies to the same data breach lawsuits and risks they currently face. Furthermore, mobile technology is becoming a web of interconnected liabilities. If a phone is hacked, the following people can all be named in a lawsuit…
- The phone maker.
- The IT consultant who recommended that his client buy the phone.
- The mobile apple developer whose app was targeted in the breach.
Each of these parties can be sued when a mobile device is hacked. A data breach is pretty much a lawsuit party. Everyone's invited. So, how do courts determine who is responsible?
If you're sued, courts will examine your case, asking whether you could have done more to prevent the attack. They'll also want to know if another tech professional in your shoes would have foreseen these security weaknesses.
These are hard questions to answer. But a data breach lawsuit hinges on them. One of the benefits of having Errors and Omissions Insurance is that in addition to paying for your legal expenses, it can also cover the cost of hiring expert witnesses. Your insurance company pays for a tech expert to testify at your trial and explain why you shouldn't be held liable for a data breach.
Bad News: Small Businesses Are Gateways for Hackers
Small businesses are affected by cyber liabilities as much as big businesses. In fact, a recent Washington Post article reminds small tech firm of the disconcerting truth that they’re prime targets for hackers.
Hackers see small businesses as a gateway to larger businesses. Hackers might target a small business (because it has fewer resources to spend on IT infrastructure) and then use the data / passwords they steal to attack larger companies the small business contracts with.
This is precisely what happened in the Target attack. Hackers were able to break into Target's network only after they hacked a contractor who worked on Target's ventilation system. In an interconnected world, cyber liabilities are also interconnected.
Security? Yes, There's an App for That.
If your clients are curious about these new phones (or you are), it's important to weigh the costs and benefits of new hardware. How much added protection will a more secure smartphone really offer?
The truth is that many of the Blackphone's security features can be found in mobile apps (which are much less expensive). And as always, a phone is only secure when the person using it knows how to use it properly.
Downloading security apps might be a more cost-effective way to improve client data security than purchasing a $600 phone. And so is client education. Simply teaching clients how to use their phones more securely can save you from a costly lawsuit. (For tips on how to talk with your clients, see Client Education Resources for Fighting Data Breaches on our blog.)
New Technology, Old Risks: Cover Your Business with E&O Insurance
Every few months new technology comes along that promises to revolutionize the tech industry, but unfortunately, there haven't been any major breakthroughs in data security that will protect IT contractors from data breach lawsuits.
To learn more about protecting your company with small business insurance, see our article What Is the Cost of E&O Insurance?
