California made news this summer when the state discussed a law that would require mandatory kill switches on smartphones, but as The Independent reports, Minnesota has just beaten the Golden State to the punch. Minnesota Governor Mark Dayton signed the bill, which requires all smartphones in the state to have this anti-theft feature.
Kill switches allow users (or their IT guy) to remotely kill a smartphone once it's been lost or stolen, essentially "bricking" the phone to prevent thieves from accessing user data. For an IT consultant, this feature can be a lifesaver as it prevents criminals from accessing client data and networks (which can prevent data breaches).
To understand how new mobile theft laws might impact IT small business liability, let's look at how the risks associated with smartphone theft are changing and how you can reduce them.
Smartphone Theft Doubled in 2013
This bill comes at a key time as researchers have found that smartphone theft has been growing at an alarming rate. How many smart phones are stolen each year? According to Consumer Reports, 3.1 million smartphones were stolen in 2013 – almost twice as many than the year before.
And that's only the number of stolen devices. Lost smartphones account for another 1.4 million unrecovered devices. Add those up, and you're looking at 4.5 million lost devices. That's 4.5 million potential data breaches.
To make matters worse, approximately one-third of smartphone users take no data security precautions on their phones. That means no screen lock, security software, or other safety features. The data is just there for the picking. Ouch.
(This article focuses exclusively on mobile theft, but if you'd like information on laptop theft, check out "Laptop Insurance: Secure and Protect Mobile Devices.")
Physical Theft: A Bigger Security Risk than Businesses Realize
Stealing iPhones and portable devices has become so common it's earned a clever nickname: “Apple picking.” While crooks have been taking advantage of consumers, businesses have been slow to adopt safety measures that limit the damage caused by device theft.
Why is device theft so dangerous?
First of all, when you think about a mobile device, don't think about it as a smartphone. Instead, think of it as a key that unlocks a client's network. If a client's employee loses their smartphone, the thief might have access to all sorts of private data, including your client's business data and information about their customers. Losing this data would not only mean a data breach (and possible identity theft lawsuits), but it could also severely damage your client's reputation.
Second, data breaches involving stolen mobile devices actually cost 11 percent more than the average breach, according to the Ponemon Institute's 2014 Cost of Data Breach Study.
What can your business do to prevent device theft data breaches?
Here's a shocking statistic: only 36 percent of smartphones use a PIN screen lock. Want an even scarier number? Only 7 percent of smartphone users encrypt the data on their phone.
It's astonishing how rarely people take basic security measures. If your clients let their employees use smartphones on their network or store work emails or data on their devices, you should absolutely require password protections and encryption on these devices.
While most small businesses don’t operate in a state that requires kill switch technology, you should strongly recommend similar mobile apps to secure client devices.
IT Liability: Why Client Device Security Matters to You
Millions of devices are stolen each year, many of which don't even have the most basic security features. As an IT consultant or tech small business, this should have you worried. Why? Because you can be liable for your clients' data security.
If a client's device is stolen, your business can be liable for the data breach / identity theft. IT small businesses can be sued for failing to inform their clients about basic security issues and failing to implement policies that protect and secure devices.
Now as a consultant, you're used to prioritizing certain aspects of your client's IT infrastructure. You know a client doesn't have money to spend on finding perfect solutions. But don't make the mistake of assuming a client doesn't have any money to invest in security.
At the very least, you need to explain these threats to them, and if you see non-secure mobile IT, you need to warn your clients about the potential risks. If not, you could be on the wrong end of a data breach lawsuit.
Errors and Omissions Insurance covers you from these and other lawsuits about what you do or fail to do. If you want lawsuit coverage for this and other IT liabilities, submit our online insurance application and we'll send you a free quote on IT Insurance.
