With much being made lately of cyber attacks and security threats that leave big businesses counting the cost of data breaches, it seems that one cause of so much vulnerability can't be attributed to computer error. According to the Information Commissioner’s Office, some 335 incidents of data being breached occurred between April and June in the first quarter of this financial year. 175 of those 335 incidents – that’s slightly more than half – were due to data being “disclosed in error” by human action.
Writing on the ICO blog, Sally-Anne Poole puts these errors down to a variety of occurrences such as emails being sent to the wrong people, or certain information being disclosed by mistake in response to a request. Other failings include lost, stolen or inadequately disposed-of paperwork, as well as the theft or loss of hardware.
While the theft of sensitive data isn’t necessarily something that can be completely eradicated overnight – computer criminals’ methods are becoming just as sophisticated as those of the very best security companies – human error is a factor which can be more easily overcome, provided that staff are given the appropriate level of training for dealing with data safely and securely.
A press release by online security firm Symantec outlines the basic steps to be taken in the handling of sensitive information by any company. This includes the training of staff, use of capable security software, encryption and authentication of the data at either end when it is being sent, and a prompt reaction and response plan in case any sensitive information is incorrectly disclosed.
In case data that could damage a company’s finances or reputation is disclosed, any firm which counts data handling among its day-to-day responsibilities should consider taking on a form of professional indemnity insurance that would protect them in the worst-case scenarios such as the errors caused in this quarter alone.
However egregious the fault, human error in the disclosure of data can damage a company’s reputation and perhaps make it liable to pay damages – as the Bank of Scotland did following their mistakes. Any company that provides a similar service should consider taking out a form of liability insurance which protects them from legal action, a scenario that can be easily avoided by taking more care with data disclosure.
In the worst case though, professional indemnity insurance can provide a company with cover against the legal costs incurred in making a mistake for which their clients or customers can suffer heavy losses. It is imperative that you choose an insurer that specialises in IT professionals’ indemnity insurance as most generic indemnity cover does not provide adequate cover for the IT professional.
This article has been written by Markel Direct UK