Heads up: Data breaches could be getting more costly

What’s the cost of a few stolen laptops? Try $3 million, thanks to a controversial data breach settlement. AvMed, a Florida insurer had several laptops stolen. These laptops contained sensitive data for many of its clients, but that data was unencrypted.

A class-action lawsuit was filed by clients and dismissed twice.

Class-actions often fail

Having a class-action data breach case dismissed isn’t unusual. Most of these lawsuits never go anywhere legally.

The reason is that for a lawsuit to succeed, plaintiffs generally have to have suffered direct consequences. It’s not enough to say their data might have been compromised, they have to show that they had their data stolen and suffered financial losses as a result.

But in this case the company, the company paid out regardless of whether any actual financial damage was shown. It also had to:

  • implement new password protocols
  • install disk encryption on company laptops, and
  • put GPS tracking on its company laptops.

Protect mobile devices

One case doesn’t make a trend. There’s no reason to believe that other courts will start being similarly broad with data breach settlements.

But this case does highlight a very important fact: The cost of a stolen device isn’t just what you pay for a replacement.

From IT’s end:

  • Invest in encryption. This measure can help protect files from causing untold damage and protects you in case a laptop, phone or tablet falls into the wrong person’s hands.
  • Consider remote wipe. For mobile devices, this is a good measure for preventing further damage if a device gets lost or stolen. It’s an option for company-owned or BYOD devices (if users know about it in your policies.)
  • Strengthen password protections. Require stricter and more complex passwords that are frequently changed for your most sensitive equipment and services.

On the users’ side:

  • Remind users never to leave their devices in a public place or visible in a car – even if they’ll “only be gone a minute.”
  • Stress the importance of reporting lost and stolen devices immediately, and
  • Train them on good security awareness, such as avoiding services that work around your data transfer policies altogether.

 

Make Smarter Tech Decisions

Get the latest IT news, trends, and insights - delivered weekly.

Privacy Policy