In last week’s blog post, "Black Hat Security Conference: Hackers Can Steal Your Car,” we looked at how new technology – the Internet-of-Things and Internet-enabled cars – exposed consumers to greater cyber risk. But today, let’s focus on older technology.
CBS News reports on how one Black Hat security conference presenter discovered that the hotel where he was staying offered Wi-Fi that was exceptionally vulnerable to cyber attacks.
Everyone knows that non-secure Wi-Fi can expose their business to risk, but security researcher Jesus Molina found that this network was using KNX, a protocol only designed to secure wired networks.
A hotel using outdated IT on its Wi-Fi isn't the kind of story that makes headlines. It's probably fairly common. In fact, you might have seen similar issues with your clients. Because of this, it's helpful to examine…
- Why small businesses use obsolete technology.
- How it exposes them to risk.
- Why your business can be blamed if obsolete technology wreaks havoc.
Obsolete Technology at Small Businesses Is a Big Risk
Many small- and medium-sized businesses have piecemeal IT solutions. Some of their software is current and robust, but some is outdated. Smaller companies – like your clients – often don't have the money to completely overhaul their IT. Instead, they sometimes rely on software that's no longer supported or use an IT solution in a way that it shouldn’t be used.
When Molina's hotel used KNX to secure its Wi-Fi, it was simply doing what many other small businesses do: attempting to save money by patching together IT solutions. Unfortunately, these outdated IT solutions expose businesses to data breaches, and when that happens, IT consultants often pay the price.
Can You Be Sued for Data Breaches on Obsolete Technology? (Hint: Yes)
Imagine you're an electrician. You're hired to rewire some lights on a house. While doing so, you notice that another part of the wiring isn't done properly and could lead to an electrical fire. Though you were only hired for a specific task, you have a responsibility to tell your client that their house is at risk.
The same idea holds true for IT professionals. Say you were hired to install new software at the hotel we discussed above. If you noticed a security problem with the hotel's Wi-Fi, you are obligated to inform the business about the risk. If you don’t, you can be sued for professional negligence if it suffers a data breach.
Because old technology exposes both you and your client to losses, you’d think it would be easy to convince clients to go with advanced solutions. But many clients don't have the money to upgrade software, which puts you in a hard place. If you install a series of less-than-ideal solutions, you must brace yourself for the chance of a lawsuit.
IT Consultant Insurance: Why E&O Never Gets Old
Though some clients' technology and software might be ancient, your Errors & Omissions Insurance never gets old. E&O coverage pays for the cost of lawsuits over data breaches and other IT problems, including…
- Compatibility issues.
- Data loss.
- Performance issues.
- Software flaws.
E & O can cover new liabilities (such as cloud security) and data security issues from obsolete technology. From an insurance perspective, it doesn't matter what type of technology led to a data breach. So long as you keep your policy in force, your coverage can pay for lawyer fees, legal expenses, settlement costs, and judgments, which can amount to a veritable fortune.
For free insurance quotes on Errors and Omissions Insurance for IT professionals, submit an online insurance application.
