For a long time, transportation safety advocates knew that seatbelts would save lives. However, it wasn't until the 1960s that manufacturers were required to install them in cars, and it wasn't until the 1980s that states began to require that people actually wear their seatbelt. You would think a device that prevents you from flying through a windshield would have been adopted faster!
The story of the seatbelt is not so different from basic data security features that still don't come standard with email. The Register reports that Google is trying to change that by introducing encryption for Gmail users who have the "End-to-End" Chrome plugin installed.
Google Flexes Its Email Security Muscles – Why Now?
After revelations about the NSA's email snooping, consumers have been concerned about their data security, and rightly so. Despite the fact that email encryption has long been possible, Google's transparency report estimates that only 70 percent of the email its servers send is encrypted in transit, while only 53 percent of the mail they receive is.
Email security now can be compared to car safety in the 1950s. Seatbelts were sometimes available, but were not required to come standard. It would be years until everyone was using this basic safety feature.
Google's End-to-End plugin will only affect Chrome users because it encrypts data sent through the browser. But we could see more companies adopt this basic level of security in order to compete.
Naturally, Google is hoping the End-to-End feature will increase its Chrome market share, but it has also been pushing for email encryption to become a new standard across the market. The web search giant has even called out a few email service providers who are especially far behind on their encryption standards.
What Google's New Email Means for IT Professionals (and Their Lawsuit Risk)
While these behind-the-scenes data security issues might not seem relevant to a small IT contractor, they actually affect your liability.
For instance, IT contractors who work with clients in the healthcare industry must follow HIPAA guidelines, which require encrypted transmissions of patient health records. If you rely on non-secure email, you're potentially exposing your business to a million-dollar lawsuit. (See "$1 Million HITECH Fine Highlights Risks for IT Contractors Working with Healthcare Clients" for a real-world example.)
But even if you don't work with doctors, lawyers, accountants, or other industries that have higher security standards, you can be sued when a client's data is exposed because they use non-secure webmail.
IT professionals are liable for protecting their clients’ data. Because you could have done more (i.e., set up a more secure email solution like the one soon to be offered by Google), you can be sued for relying on less secure email, even if it's standard practice.
How to Get Your Clients to Care about Security and Wear Their Data Seatbelt
Because there's no law that requires email providers to use encryption, your clients are regularly exposed weak email security. And because you're liable if your clients are hacked (assuming your professional work enabled or failed to prevent the hack in some way), you need to teach them the basics of email security.
We've outlined the basic ways to educate your clients about email security in our article "Make Your Clients Safer: A Lesson in Email," but you'll have to tailor an email security plan to fit your clients’ businesses, their industries, and the kind of data they send via email.
In essence, even though they aren't required to do so, you need to teach clients to wear their "data seatbelt." Sure, it's a cheesy metaphor. But if you can be sued for a client's security lapses, it makes sense to find a way to protect your business.
Insurance for Lawsuits: Errors and Omissions IT Liability Coverage
With all this talk about email security and IT lawsuits, you're probably wondering if your insurance protects you from client lawsuits. Errors and Omissions coverage (also called Professional Liability Insurance) can pay for data breach lawsuits and other lawsuits related to data security problems with email or IT solutions that you recommended, built, or helped implement.
To learn more about E&O for IT professionals (and receive free insurance quotes), submit an online insurance application.
