As Mobile Devices Catch On with Businesses, Data Breach Risks Grow

The rise of mobile devices has created uncertainties regarding what authority a company has over an employee’s personal device if it is also used for work-related activities, and what actions a company must take if a device is lost or stolen, according to experts.

Mobile devices are vulnerable to cyber attacks just like desktop computers and laptops are, according to Larry Collins, vice president, e-solutions, risk engineering at Zurich NA. Speaking today during Advisen’s webinar, “Cyber Security: The Growing Liability of Handheld & Mobile Devices,” Collins explained that these devices are essentially mini or micro computers, and he added that any computer system that has a networked connection or software system can be broken into and hacked.

Additionally, because devices such as smartphones and tablets are small and portable, they are easily misplaced. John Mullen, a partner with Nelson, Levine, de Luca & Hamilton, said during the webinar that the TSA had to lease a new warehouse just to store devices misplaced and left behind at airports.

If a mobile device is misplaced by a high-ranking employee connected to sensitive data, and that employee does not immediately report the device as lost, the company could be facing a large problem by the time the issue comes to light, Mullen said.

Even if a lower-ranking employee loses a device, problems can arise, Mullen noted. That employee may have information stored on the device including contacts, photos, call history, and notes and personal information about contacts. 

If the employee works in the healthcare field, theft of such information could trigger Health Insurance Portability and Accountability Act (HIPAA) violations, Mullen said. 

Mullen pointed to another emerging risk tied to mobile devices: a “bring your own device” philosophy developing at many companies. He says there are some advantages to such a policy, such as cost savings if employees are spending their own money on smartphones and tablets that are constantly evolving and being updated. 

However, he said such a policy can raise questions regarding who owns the data on the phone when company data is mixed with personal data. For example, Mullen asked if the company would have the authority to wipe the information from the phone when the employee leaves the company.

Mullen said that if an employee connects a personal device to a company network, the company just inherited responsibility for that device.

Despite the risks, though, Catherine Mulligan, senior vice president, Zurich NA, said that in an age where employees take advantage of 24/7 connectivity, a mix of personal and company information on personal devices “feels pretty inevitable.”

In order to address the risks around mobile devices, the webinar panel said companies must enact comprehensive risk-management plans that include training employees on how to respond if a device is lost or stolen.

Mulligan said c-suite executives and risk managers cannot assume that IT departments will be responsible for all security measures. Plans have to be enterprise-wide, she said. Risk management, she explained, starts with IT controls such as VPN (virtual private network) usage, encryption, and having a plan to track down lost devices and react.

But beyond the IT department, employees should know who to call if a device is lost or stolen, and the person the employee calls should know what to do once notified, said Mulligan. She said companies should provide regular training in which all employees using personal devices must participate on annual basis. 

Mullen added that response to a lost device can become “surprisingly simple” if a company has the proper procedures in place. 

Mulligan said insurance for devices is also available. Coverage, she said, is not much different for mobile devices than for any other type of data breach. She said there is liability coverage that deals with legal costs and third-party expertise such as forensics firms to analyze a breach and call centers to provide information and public relations. Coverage also may include services, such as access to tools to estimate costs, a checklist for a company’s planned response, and access to experts who can answer questions and review a company’s policies and procedures. 

About the Author
Phil Gusman, PropertyCasualty360.com

Phil Gusman, PropertyCasualty360.com

Phil Gusman is Managing Editor of PropertyCasualty360.com. Prior to joining National Underwriter in 2008, he was Editor of Insurance Advocate. Gusman has also served as Associate Editor of Crackdown!, an insurance fraud publication, and Assistant Editor of Empire State Report, which covers New York politics. He graduated in 2002 from Plattsburgh State University in New York. Gusman may be reached at pgusman@summitpronets.com. Follow him on Twitter: pgusman and PC360_Markets

Comments

Resource Center

View All »

Complimentary Case Study: Helping achieve your financial goals By:...

Find out how a Special Investigation Union used TLOxp to save the company money and...

Do Your Clients Hold The Right CDL License?

Learn about the various classes of CDL Licenses and the industries that are impacted by...

Integrated Content & Communications: A Key Business Issue For Insurers

Insurers are renewing their focus on top line growth, and many are learning that growth...

High Risk Insurance Coverage in the E&S Market

Experts discuss market conditions, trends and projected growth in a rapidly changing niche.

Top E-Signature Security Requirements

This white paper covers the most important security features to look for when evaluating e-signatures...

EPLI Programs Crafted Just For Your Clients

Bring us your restaurant clients, associations and other groups and we’ll help you win more...

Is It Time To Step Up And Own An Agency?

Download this eBook for insight on how to determine if owning an agency is right...

Claims - The Good The Bad And The Ugly

Fraudulent claims cost the industry and the public thousands of dollars in losses. This article...

Leveraging BI for Improved Claims Performance and Results

If claims organizations do not avail themselves of the latest business intelligence (BI) tools, they...

Top 10 Legal Requirements for E-Signatures in Insurance

Want to make sure you’ve covered all your bases when adopting e-signatures? Learn how to...

Looking for Markets?

Search Kirschner’s Insurance Directory to help service your hard to place risks.

497 Risk Categories | 70,000 P&C Insurance Markets

kirschners
Specialty Markets Insight eNewsletter

Receive updates and analyses on hard to place and challenging coverages. Sign Up Now!

Advertisement. Closing in 15 seconds.