Home Page For Business For Home For Life FYI -News/Events e-Services About Us Careers

Upcoming Events
NIA in the News
Articles by Topic

High-Profile Laptop Thefts Demonstrate Need to Bolster Data Security, Employee Training

Protecting Sensitive Data Before It Walks Out the Door

Businesses are finding out the hard way that the biggest threat to losing confidential data, like customer social security numbers and trade secrets, is not necessarily from in-house networks, but rather from commonly-used mobile devices like laptops and cell phones. This year, well-recognized companies like Ameriprise, Ernst & Young, Fidelity Investments, and Electronic Data Systems have publicly disclosed security breaches of lost or stolen laptops containing confidential information.  The public disclosures were made in compliance with a 2003 California law that requires companies to notify customers if their data has been compromised.

Did you know?

“Many businesses assume that a security breach is most likely to occur inside the organization as the result of a hacker attack or computer virus infiltrating a network system,” says Elio Vecchiarelli, Vice President and Insurance Advisor for The NIA Group’s Technology Division.   “However, the biggest threats are the ones that seem the most innocuous and happen off-site, like taking a company laptop off-premise and leaving it unattended, using a handheld to log into the company network remotely after hours or simply leaving a laptop alone – and unlocked – overnight at a client site. Laptops, in combination with a lax or poorly enforced security policy, are one of the biggest threats companies face in keeping confidential data secure.”

Encryption Can Shield Lost or Stolen Data

The biggest problem with laptop thefts like the two that occurred at Ameriprise and Fidelity Investments is that the laptops stolen were password protected, but not encrypted.  Encryption, which is the act of scrambling data that can be read only with a special pass-code or key, provides added security protection to the most sensitive data, should an intruder or stranger gain access to it.

Teach and Communicate Security

What’s interesting and alarming about the Ameriprise incident is that Ameriprise requires encryption as company policy, but the laptop in question was not encrypted.  “Employees must be knowledgeable of their company’s security procedures when it comes to handling intangible and tangible property, whether on or off-site,” says Beth Romanowski, CIC, AU, an Insurance Marketer and Technology Specialist for The NIA Group’s Technology Division.  “Some of the most serious data breaches occur not because of malfeasance, but because of negligence on the part of employees.”  Romanowski advises that companies educate and update employees regularly on the latest data security risks and remedies, and hold employees accountable for not complying with corporate procedures.

When All Else Fails: Have Liability Insurance to Cover Legal Fees / Settlements

Even with the proper loss control and risk management techniques in place, security breaches can still occur. In the case of the Ameriprise employee whose laptop was stolen and not encrypted, the names and account numbers of 158,000 Ameriprise clients were put at risk.  Should any of these customers decide to bring suit, Ameriprise could face costly litigation fees.

Romanowski recommends companies that store highly sensitive information, such as customer or employee data, electronically invest in business insurance designed specifically to cover damages, legal fees and claims arising from suits involving lost or stolen data.  These include:

Network Security Liability Insurance - Covers damages and defense costs suffered by others in the wake of a computer attack upon the insured’s network, including liability caused by transmission of a computer virus, unauthorized access, denial of service, disclosure of confidential information and identity theft.

Physical Theft of Data Insurance - Covers liabilities associated with physical theft of computer hardware or firmware containing information assets.

Information Asset Insurance - Covers damage, destruction, corruption or theft of important information assets due to a covered computer attack.

Need Help Determining Coverage?
Contact your NIA insurance advisor or Elio Vecchiarelli, vice president of sales management, today at 866.270.0937 or eliov@niagroup.com.

Elio Vecchiarelli
Elio Vecchiarelli
© The NIA Group