Everyone knows the holiday song "12 days of Christmas," but reports about the prevalence of data breaches over Christmas inspired us to rewrite the classic carol and give it a contemporary twist. Read on for the soon-to-be hit song, the 12 Days of Risk-mas, about all the data security risks technology brings to our businesses!
On the first day of cyber risks, my hacker gave to me…
A Data Breach on Client PCs
According to the Ponemom Institute's annual research, the average data breach involved 28,765 compromised records. When hackers break into one computer or networked device, the problem can "snowball" as they are able to breach others and download databases of private data.
2 Software Bugs
IT businesses have "third-party liability" for cyber crimes, which means they can be held legally responsible for data breaches on to a client’s system when they did work on the system (e.g., built the hacked software). Even when the attack happens on a customer's network, IT professionals can be sued.
3 iPhone Thefts
Mobile technology has been great for productivity, but bad for cyber breaches. In fact, a lost phone, laptop, or mobile device tends to lead to data breaches that are 18.8% more expensive.
4 Ransomware Attacks
2013 saw the rise of ransomware, a relatively new strain of malware, which encrypts your data and won't release it until you pay a "ransom."
5 Stolen IDs
After a data breach, the affected company will probably have to pay an independent firm to monitor the credit of customers whose data was compromised. With the average data breach affecting thousands of people, the cost of monitoring for identity theft can get expensive. If the breach happens on your clients’ computers, Cyber Liability Insurance will cover it. If they don’t have this insurance, they might sue you to recover their costs. Chances are, your E and O Insurance would pick up the tab.
6 Data Leaks-a-Leaking
There are many kinds of data breaches (also called data leaks, unintentional disclosures, or data spills) and you should have a plan for every variety. One commonly overlooked cause of a leak is lost intellectual property caused when employees leave the company for another job and take proprietary data with them.
7 Worms-a-Worming
Worms are self-replicating malware that often leave backdoors in computer networks that allow them to access computers at a later time (either to install other malware or to use as a "bot").
8 Software Testers-a-Testing Software testing was a burgeoning area of IT in 2013, and is expected to grow by 10 percent by 2016.
9 Emails Phishing
In October, the University of Washington's school of medicine leaked 90,000 patients' information after one employee clicked on a phishing email. Phishing is an example of how sometimes the simplest mistakes can lead to major data breaches. Phishing emails usually look innocuous, but have links or attachments that install malware.
10 Software Patches-a-Patching
Software updates are so important that Microsoft has actually designated a day called "Patch Tuesday" on the second Tuesday of every month. Remember to update your software and your clients' as soon as updates become available – or, to make things easier, on Patch Tuesday. Delays give hackers an advantage because they attack old software based on the exploits the new patch fixes.
11 Key Loggers Logging
Key loggers can be collect information via software or hardware (e.g., a criminal attaches a device to your keyboard cable) and record everything you type. Key logging attacks have led to numerous data breaches this year, ranging from a two-month credit card skimming scheme at Nordstrom to attacks on college computers to steal professors' passwords.
12 Lawyers Suing
On this blog, we recently examined "What to Do if You're Sued" and explained how and why lawsuits are so expensive (the short answer: they are complicated and even simple ones can take years). All of this means, you'll have to pay out of pocket for an expensive lawsuit for a long time if you don't have E and O Insurance.
Spreading the Data Breach Cheer
Singing this song about data security probably won't stir families with the same yuletide cheer as the original, but we strongly suggest singing it at your office to get folks in the holiday spirit. Just kidding, please don't do that.
If you'd like to do more than sing about data security and want to learn how to respond to a data breach, check out our Data Breach Response Guide.
May your holidays be joyous and all your data stay safe!
