Several years ago, the security software provider, Symantec, ran a field test to determine what happens to lost cell phones. The test results revealed that almost every time a lost cell phone was found, the finder attempted to access the personal information that was stored on the phone. The finders can be given the benefit of the doubt with an assumption that they were looking for the owner’s information so they could return the phone, but from a broader perspective, this limited test shows the vulnerability of personal information that is stored on a portable electronic device.
The anecdotal findings of this test are far from an isolated example. Shortly after the recent presidential election, a thief stole a secret service agent’s laptop computer from a car. That laptop contained sensitive government classified information, leading the secret service to work overtime to locate it.
The risks associated with losing a laptop, a cell phone, and other consumer technology are readily grasped, and most people go to great pains to keep these devices secured and away from a visible spot in a car or any other place that might tempt a thief. That sense of care might not extend to a few other types of portable electronic devices that can pose similar problems if they are lost or stolen.
USB memory sticks present a considerable security risk if they are lost or stolen. The convenience and portability of a USB stick make them ideal for storing and transporting files and data, but even if those files are password-protected, thieves can work to break the passwords and to access the data. An enterprising cybercriminal can even install a malware virus onto a found USB stick before returning it to its owner, and that virus can then give the thief an entry point into a corporate network or some other computer infrastructure.
SD cards present a similar risk. An SD card that is taken from a phone can give a cybercriminal a bounty of personal information, including access to email, social media, and financial accounts. An enterprising thief can remove an SD card from a phone and begin to collect data long before the phone’s owner is aware of the loss. A phone user should secure SD cards as well as he or she secures the phone itself.
People like the convenience and portability of e-book readers that allow them to carry several newspapers and different volumes of books without the weight and bulkiness of the physical products, but a lost e-book reader is as much of a security risk as a lost or stolen laptop or cell phone. A thief can readily derive credit card information from an e-book reader account. As e-book readers become more versatile and act as tools to access social media accounts, the information in those accounts is also exposed to an e-book reader thief.
Few, if any people will intentionally leave these and other electronic devices in their cars or in other places where they can be forgotten or stolen, but even highly-trained people (like the secret service agent whose laptop was taken from a car) are easily distracted. One simple mistake can lead to identity theft or a data breach of a corporate network. Organizations can protect themselves from the consequences of those mistakes with insurance that gives them cyber liability coverage for data breaches and unauthorized network incursions that flow from a lost or stolen electronic device.
When a data breach leads to losses and liabilities, cyber liability coverage can provide reimbursement for direct losses and can establish a reimbursement pool to compensate third parties whose personal information has been compromised through the breach. Your organization might not be able to recover a lost or stolen device, but it can use cyber liability coverage to limit the greater damage that can result from misappropriation of data on those lost or stolen devices.