DALLAS–LAWFUEL – US Legal News Daily –“It was recently disclosed that the personal data of hundreds of thousands of consumers may have been compromised as a result of a data security breaches at companies such as GE, Ernst & Young, Fidelity Investments, Boeing and Ameriprise Financial. In response, legal and technology services firm Scott & Scott wishes to remind businesses that there is no such thing as a secure network. Every enterprise with electronic data is at risk of a data security breach, largely as a result of several factors:
Mobile Devices: The dramatic increase in the use of laptops and personal digital assistants puts enterprises at significant risk of a security breach, because the equipment is often lost or stolen
Employees: One-third of all employees steal from their employers; included in this statistic is the theft of corporate information
FTP (File Transfer Protocol): While FTP sites offer convenient remote access to files, they also provide the most direct route into a server. Carelessness can disable an entire network in seconds
E-mail: 75-95% of all corporate e-mail traffic is dangerous. Any employee who opens a personal e-mail at work can download a virus, leaving the network highly vulnerable to data security breaches
Scott & Scott recommends that companies equip every device containing confidential information with desktop security protection, including proper authentication and encryption technology. Further, encrypting data eliminates the need in many states for enterprises to alert their customers in the event of a data security breach, which is significant to avoiding the potentially catastrophic business implications associated with legally required breach notifications.
These breaches also highlight the need for companies to investigate and consider purchasing insurance to cover the strong potential for a security breach. Many forward-looking insurance providers, including AIG, have filled the void in network security insurance coverage, providing legal defense and reimbursement of expenses associated with breach notification, defending civil actions and defending regulatory administrative proceedings, as well as covering the costs associated with crisis management services and providing credit monitoring to impacted customers.
Even the few businesses that have implemented the most aggressive encryption, firewall and authentication technologies are well advised to consider obtaining data security and privacy insurance coverage in order to mitigate the financial risks of a network security breach. Those that are less prepared should strongly consider it.”
Editor’s Note: Julie Machal-Fulks is an expert in IT compliance management and focuses her practice on IT asset management, network security, and privacy. Julie graduated with honors from Texas A&M – Corpus Christi, earning a B.A. in English. She received her law degree from The University of Houston Law Center where she was inducted into the Order of the Barristers. Julie’s article, “Privacy, Network Security, and the Law,” was recently published in the IT Compliance Journal.
Scott & Scott (www.scottandscottllp.com) is a leading law and technology services firm dedicated to helping senior executives prepare for, mitigate the risks of and respond to network security breaches. Scott & Scott’s legal and technology professionals provide network security and privacy solutions, all protected by attorney-client and work-product privileges.
