kapnicktagline1
Kapnick Insurance Group

Insurance and Wellness Blog

New Perils in a Connected World - Data Breaches of the Month

Posted by kapnick on Sep 12, 2011 5:26:02 AM

New Perils in a Connected World - by Stew Nelson

Data breaches announced in August at the University of Wisconsin-Milwaukee and Yale University compromised Personal Information consisting of names and Social Security numbers of almost 120,000 individuals. These breaches could potentially cost $500,000 just to provide credit monitoring for two years for everyone affected. If you add $10 to send a registered letter of notification it will add another $1.2 million to the remediation costs! It is not hard to imagine the total cost of these two breaches to exceed $2 million in total costs. Serious money!

Lessons we can learn

The breach in Milwaukee was caused by malware installed by an unknown individual. It could be that an insider installed the malware in the affected server but it is equally likely that the malware infected someone's computer when they visited an infected website. No matter how much security you install, a rogue employee can always do damage. But if the malware was caused by someone web surfing it is much more preventable with education of employees and strict usage policies of university or corporate computers. As hackers become more sophisticated they are setting traps in what appear to be innocuous websites, employees home computers and even cell phones. So using personal computers for work or personal cell phone for work can compromise an entire network.

The breach in New Haven Connecticut at Yale University appears to be a case of negligence (As most breaches are!) that left a server containing names addresses and Social Security numbers from former employees, employees and students from 1999 connected to the Internet. So wouldn't you know along came a Google spider and found the data file that did the damage. The issue here is why the server was connected to the Internet to begin with as there probably wasn't much immediate need to retrieve information from this legacy database. The lesson to be learned is that all data that is stored by an organization needs to be assessed and evaluated for confidentiality and stored accordingly. As I have mentioned in previous posts if you don't need to store it….. shredded it!

Universities typically are self-insured for these type of liabilities however, you don't have to be. Each of these situations could have been fully insured at very reasonable prices. Talk to your agent about cyber liability insurance.

Topics: Cyber Liability Insurance, Featured Posts

Keeping you in the know

From health & wellness to all things insurance

The Kapnick Insurance and Wellness Blog posts all kinds of interesting and timely blog posts on a weekly basis. We will keep you up to speed on all things insurance and keep you healthy at the same time!

What to expect:

  • Wellness tips
  • Videos
  • Insurance tips
  • Timely information
  • Special Offers
  • Events and more!

Subscribe to Email Updates

Recent Posts

Posts by Topic

see all
 

 © Kapnick Insurance Group. | Privacy Policy & Compensation