The adage that information is power seems to carry more weight now than ever before. Healthcare is moving towards data driven analytics, mobile banking is hitting its stride, and sports at all levels are utilizing advanced statistics to improve competition. However, one major downfall is that all this data must be stored somewhere, thereby creating a risk of breach to the data holder. Hackers are well aware that information is power and data breaches seemingly occur at non-stop rates.
In the most recent data hacking event, the hackers are not who you’d think. This past week, as reported by the Wall Street Journal, Gemalto, a cell-phone SIM-card manufacturer was subject to a 2010 hack by the combined efforts of the United Kingdom’s Government Communications Headquarters and the United States’ National Security Agency. It is alleged that the group accessed Gemalto networks and hacked encryption keys to hundreds of millions of SIM cards, enabling further access to the devices in which the cards are later contained. While there is more to this story that has yet to be discovered, it appears that any device with a Gemalto SIM card is now at risk.
Of course, these allegations are extremely disconcerting given the entities involved and the reach of those effected, but it also means that there could be far more nefarious groups doing the same thing. It is important that businesses have a plan should a data hack occur. In preparing, the business should ensure it is taking the proper mitigation steps in avoiding a data breach and then have further mitigation plans in place should a breach occur.
Technology security is a booming industry and there is no shortage of firms available to aid businesses in establishing protected networks. Businesses should have sound data access restrictions, including protocols for the use of portable electronic devices. In the Gemalto case, employee cell phones are at risk and it is important that no protected information be shared over these devices unless it is through securely encrypted methods. The use of communication over encrypted servers provides an additional layer of protection that could deter hackers. Companies should consider a mobile device management solution that will allow for greater control of company owned or employees’ personal devices. Such controls can included Enterprise data wipe if the device is lost or stolen, enforcement of unlock pins and application restrictions. These are just a few of the means with which a company can begin to ensure the safety of their data.
Should a breach occur, a business should also have a plan in place on how to respond. As mentioned above, remote disabling would be among the first steps followed by deciphering what data is most at risk. There are technology firms, specifically, focused on dealing with a data breach and how to mitigate all loses stemming from such a breach. Additionally, there is now a wide range of Cyber Liability Insurance, designed to insure against data breaches of this nature. The possible insurable losses include far more than you might think and we have reached a time where the majority of firms have rethought their approach to Cyber Liability Insurance. It would be prudent for those firms considering such coverage to fully assess all possible risk exposure to ensure that no coverage gaps exist.
An independent risk management assessment of any firm’s operations is an extremely useful tool for organization to validate their risk management process. If you need help conducting such a review or putting together a plan of response please feel free to contact us.
Click here to request more information about The ALS Group or for help managing your insurance program.