The rapid growth of technology has created new threats for businesses around the world, and made it easier than ever to lose money and damage a firm's brand or reputation. Each week, our new Cyber Monday series will analyze these risks and discuss solutions designed to keep companies safe. Today, we take a look at cybercriminals who don’t need high-tech skills to obtain sensitive data.
When you mention cyber risk, most people immediately think of computer hackers stealing someone’s confidential information — such as their personally identifiable information (PII), including name, address, credit card number, or Social Security number, or their protected health information (PHI), such as healthcare policy number and medical records.
The truth is that criminals don’t need high-tech skills to obtain this sensitive data. They can steal it the old-fashioned way: with a bag and a plan.
Thieves can gain access to PII and PHI without ever running into a firewall. Take a look at the following examples, each of which might be considered a data breach under a cyber-liability policy:
- Storing patient records: Over the past several years, thieves have stolen thousands of medical films from hospitals, imaging facilities, and warehouses with the intent to sell them for their silver content. Those films, however, often contain personal information printed on them, including a patient’s name and birth date.
- Forgetting to shred: Businesses discard papers all the time that contain customers’ and employees’ personal information. If they don’t shred or ensure destruction of the sensitive documents, businesses could easily become victims of a data breach.
- Recycled photocopiers and printers: When you use a photocopier or all-in-one printer/copier/scanner, the image of the original document is often stored on the machine’s hard drive. If you return a leased copier or recycle an old printer/copier/scanner without first clearing the equipment’s hard drive or memory, someone may gain unauthorized access to huge amounts of PII or PHI.
The bottom line: Companies looking to increase their cybersecurity need to remember that sensitive data isn’t always online. Sometimes it’s in the places you’d least expect.
Stay tuned for the next blog post in our Cyber Monday Series.