In today’s IT-rich world, blue chip end users are under more pressure than ever before to make sure that, when it comes to safeguarding their lifeblood (ie critical corporate data), no amount of protection can be too much. And that encompasses data wherever it may be held – either on laptops, mainframes, PCs or hand-held devices.
The upshot is that major issues surrounding encryption and access control have assumed an even greater importance in recent times. Without such protection, so-called ‘e-economy’ end users will discover that they can’t obtain insurance. If they can do so, it will be via exorbitant premiums.
In truth, obtaining insurance cover to protect critical data stored on wireless devices is still very much in its infancy. Most insurers and corporations have not yet recognised the greater and increased risks caused by changes in working practices.
The top electronic systems providers have been busying themselves in the race to produce the ultimate pocket PC. Those available have memory capacities up to 64 Mb, expandable up to +1 Gb. This enables the individual end user to access, download and store up-to-the-minute information from corporate databases, powerpoint presentations and Excel spreadsheets.
The pocket PC thus becomes an ideal personal computer. Yet if they are stolen or lost and do not have adequate encryption, access control or anti-virus software built-in, they could seriously compromise a given company’s legal or financial position.
If the security manager cannot adequately insure against information security breaches, what else can they do? For those companies that need to ensure their data never passes
into the wrong hands, encryption and access control are the best methods of protection. And – given their increased popularity and power – personal digital assistants (or PDAs) must be incorporated within a company’s overall corporate security strategy.
Adopting a three-point ‘protection triangle’ is vital. The first point of action is to ensure that all systems are physically secure. That means adopting high level encryption and access control. Second, put legal safeguards in place within the company with respect to individual employee access to any given data, and how data might be used if access is indeed granted. The third area to be considered – money – comprises financial issues and cover. This is where the insurance factor comes in.
Is there an insurance standard?
Many specialists in the risk management field – from directors through to lawyers and insurers themselves – are now re-reading their insurance policies to make sure they are adequately covered. Many are not!
According to Stephen Reid, managing director at insurance broker Marsh McLennan, there is no recognised standard when it comes to the protection you can give your company’s business. Indeed, it’s now very much commonplace for underwriters to assess companies on a one-off basis.
"By adopting measures such as encryption and access control, the end user is demonstrating a firm commitment to the security of business data," said Reid. "Once upon a time, such an approach might have gained them insurance discounts. Now, it’s merely a way of guaranteeing that an insurer will take a company under its wing."
