You’ve probably heard this one before: a company spends substantial time and capital developing network security measures that they believe will protect their clients and vital company data. But they’ve overlooked the possibility of an “inside job,” and an employee makes off with supposedly secure data without even trying that hard:
“A recent case in which an employee at Progressive Casualty Insurance Co. wrongfully accessed information on foreclosure properties she was interested in buying highlights again the dangers posed to corporate security by insiders.
Progressive officials today confirmed that the company sent out letters in January to 13 people informing them that confidential information, including names, Social Security numbers, birth dates and property addresses had been wrongfully accessed by an employee who has since been fired.” (From Computerworld)
In fairness, the Progressive employee appears more guilty of poor judgment than outright malice, and only a small number of people were affected. That’s not quite as scary as an insider hacking into secure data stores, stealing thousands of personal records, and reselling them to identity thieves. Nonetheless, any security breach can hurt a company, and in the insurance and financial industry it can be deadly. Clients entrust their financial futures to insurers, and a breach of that trust can literally kill the company.
“For insurance companies, a data breach spells instant trouble - the least of which is potential loss of reputation, brand and revenue. If a court of law rules the insurance company is negligent, a data breach has the potential of ultimately shutting the carrier’s doors.
Recent research by the Chief Marketing Officer Council, Palo Alto, Calif., revealed that a company loses, on average, from 0.63% to 2.10% value in stock price when a breach is reported - equivalent to a loss in market capitalization of $860 million to $1.65 billion per incident.” (From Insurance Networking)
Insurance companies, investment firms, banks, and other financial service providers simply can’t afford to leave data unprotected. Unfortunately, traditional IT solutions leave insiders too many opportunities to access, duplicate, and potentially lose confidential information.
Ultimately, the safety of corporate data depends on three things: people, process and technology. An educated and ethical workforce can go a long way toward protecting client records, sensitive information, and intellectual property. Most companies have established processes around determining what information is sensitive and keeping it secure, but without eliminating the old box PC set-up and shifting to a centralized PC Blade solution, the IT organization cannot guarantee enforcement of those processes, security policies and access control privileges. The chances of data wandering off - intentionally or not - go down significantly when it all lives in one secure location.
Discussion
What do you think? Leave a comment. Alternatively, write a post on your own weblog; this blog accepts trackbacks.
Leave a Reply