Financialweek.com is reporting that theft of data is fueling interest in errors and omissions insurance, also known as E&O insurance. What exactly is E&O insurance? The name makes it pretty self?evident: it’s insurance to cover any accidents or mistakes you may make (or the client perceives you have made) while providing a service. Depending on the profession, it may be called malpractice insurance (medicine) or professional liability insurance (lawyers, architects, etc.)
E&O actually covers more than the results of mistakes, however. It also covers defense costs as well, according to the insurancejournal.com. And why are companies looking for this type of insurance? Because accidents happen, especially when it comes to data. Even with the implementation of best practices in risk assessment and management, there is no way to account for all the vicissitudes that life presents you and your company.
What has all of this got to do with full disk encryption? Well, one of the reasons quoted in the insurancejournal.com article for the need of E&O insurance is that one needs to think about reputations, both for one’s company as well as his clients’. Now, I don’t see how insurance can help in keeping reputations intact, especially when it comes to data theft or loss; maybe it’s because I’m not a lawyer.
A data security breach—there’s no way for insurance to mend one’s damaged reputation once you’ve had such an incident, although I can see how such insurance would give affected parties the wherewithal to survive and rebuild their reputations. However, I can see how E&O can be a valuable part of a company’s risk management arsenal. Such insurance has been around for years (possibly centuries?), and people instinctively understand the need for it.
What is more pressing than getting insurance, however, is the need to make sure that data is not breached in the first place. After all, it’s generally easier for a good reputation to be preserved than to rebuild it from scratch, which is what one will do in the event of a data breach. There are different approaches to ensure information security, many of them complementary.
Data redaction is one, meaning you don’t save any unnecessary data on your computers. For example, universities are going through the process of using something other than students’ Social Security numbers for tracking purposes. This way, even if a hacker successfully gets into the school’s network, he can’t steal SSNs. Or, a company could set up policies so that sensitive customer information is available only via an intranet, never to be downloaded to a local computer. However, the problem with this approach to data security is that you will have people ignoring such rules, either due to ignorance, convenience, or other reasons.
The most convenient, and from a risk management standpoint, the best option may be encryption, especially full disk encryption. AlertBoot’s full disk encryption works by encrypting the contents of the entire disk. So, if a particular computer has any files that shouldn’t be there, they’re protected as well as everything else on the computer itself. Due to its all?encompassing nature, many businesses are deploying full disk encryption for their company laptops, since these machines are at a high risk of getting lost or stolen. The vicissitudes of life strike deeply when you’re outside the company’s security perimeters.
Of course, this does not mean that computers that always remain within the perimeters don’t require encryption. There is less of an impetus because the risk of loss is reduced, but it’s still a good idea to encrypt desktops as well. After all, you don’t chuck your home safe just because you decided to sign up with ADT’s security service.