Data Breach Q&A Business Liability

Posted on October 3, 2016 by Daniel McKenna

Published in the Union Tribune 10/03/2016

Question:  With at least 500 million Yahoo users having their information stolen by hackers, do you think email is becoming a liability for businesses?

Phil Blair

Phil Blair, Manpower

NO: I think this is clearly a motivator for businesses to continue to develop ongoing software to protect their data and especially their customers’ data.  Much like counterfeiting currency was years ago, this is the new iteration.

Kelly Cunningham

Kelly Cunningham, National University System

NO: Email is just another form of communication that can significantly facilitate business operations. Problems may arise in how it is distributed or retained, just as with any other form of communication. Email creates a record that is subject to being hacked or falling into fraudulent, adversarial uses. Postal mail, phone, or other forms of communication are susceptible to being misused as well. Businesses obviously should carefully monitor how their private communications are delivered and secured.

David Ely

David Ely, San Diego State University

YES: The threat that cyber criminals will successfully breach a businesses’ network through an email scam is very real. Any inappropriate release of financial and strategic data has the potential to harm customers, employees, and suppliers.  Even as the attacks become more sophisticated, businesses are expected to respond with increased safeguards and employee training.  Targeted businesses that fall short will see their reputations damaged.

Gina Champion-Cain

Gina Champion-Cain, American Investments

NO: One could go as far as to say that business could not function in today’s fast paced economy without email. I can’t fathom what an email free work day would look like. The efficiency and scale gained due to the ease of email communication make email indispensable. The risks and negatives are monumentally outweighed by the positive powers of email.

Alan Gin

Alan Gin, University of San Diego

NO: Yes, there are some vulnerabilities with using email.  But the benefits far outweigh the costs. The ease and immediacy of communication, the low cost, the ability to send attachments, etc., all make email a valuable tool.  Even though there are new technologies such as texting and document sharing, email will continue to be important for the foreseeable future. What needs to done is to improve the security surrounding the use of email.

James Hamilton

James Hamilton, UC San Diego

YES:  If a company becomes involved in litigation, email records can be a treasure trove for the opposing side’s lawyers.  So much gets said casually in email that it’s not hard for a lawyer to put pieces together in a way that can look damaging. In addition, answering email has become a major time sink.  I get so many inquiries that it would take up all of my day just to try to answer them all.

Gary London

Gary London, London Group of Realty Advisors

NO: While it’s not nice to be hacked, this is increasingly becoming much ado about nothing. Most emails do not contain information that would matter (including Hillary Clinton’s emails). Businesses and their employees are instructed to not include sensitive information in their emails. Confidential information is most often uploaded in coded drop boxes and the like.

Jamie Moraga

Jamie Moraga, IntelliSolutions

NO:  It’s already a liability.  Email is essential to most businesses and in the world of data breaches and cyberattacks it shines a spotlight on how a company and its employees need to become more cyber secure. Companies must have a cyber plan and be able to detect and respond quickly to mitigate any damage.  Several companies now employ a chief information security officer (CISO) that report to the CEO. A company must have a cyberplan in place and be ready to do some cyberoffensive and defensive measures.

Gail Naughton

Gail Naughton, Histogen

YES: The predominant form of communication in most businesses today is email and it is virtually impossible to avoid the use of the internet and email in this cyber climate.  A business that is the victim of hackers can suffer from a loss in valuation, the stealing of intellectual property, class-action lawsuits, and compromised user accounts. The problem is exacerbated by employee misuse of the company email which further exposes it to increased liabilities.

Austin Neudecker

Austin Neudecker, Rev

YES: Email is generally an insecure communications channel. Companies regularly rely on email to conduct business and individuals increasingly use email for their finances, medical, and personal lives. The frequency and severity of attacks will only increase as the potential bounties grow. Legislation is unlikely to keep pace, however, the demand for security innovations will also grow. Thus, the unending arms race between hackers and security solutions continues. We all must remain vigilant and updated.

Bob Rauch, R.A. Rauch & Associates

YES: Email needs to be handled with care as hacking and cyber liability are of increasing concern to organizations. Businesses should implement strict policies about content sent via email, potential use of encryption technology, and remember that email content is generally discoverable in a court of law. Every employee needs to be part of the solution to minimize liabilities and companies should consider adding cyber liability to their insurance policies.

Lynn Reaser

Lynn Reaser, Point Loma Nazarene University

YES: The magnitude of the threat does need to be put in perspective. A recent Rand Corporation study found that data breaches cost a typical firm only 0.4 percent of its annual revenues versus losses from theft, corruption, or fraud that can run as high as 5 percent. This fact may be causing firms to underinvest in cybersecurity. As a result, advances in the technology and methods used by cyberattackers could outpace the building of defenses against those attacks.

John Sarkisian

John Sarkisian, SKLZ

YES: Email can become a liability as is any other form of communication or asset of a company. It should treated no different than a document, bank accounts, or physical assets of a company. There should be policies, procedures and programs in place to protect all forms of communication. If emails cannot be protected then they should not be used to communicate sensitive or valuable company information.

Dan Seiver

Dan Seiver, San Diego State University

YES: It is not just email, though. Employees with access to sensitive information of any kind are often bombarded with malware of all types. Much of it is easy to see through if you passed high school English, but some of the phishers are clever. This is a problem for government as well as business. The need for communication of all types will continue to grow, far faster than our attempts to make communications and data secure.

Chris Van Gorder

Chris Van Gorder, Scripps Health

NO: Fortunately or unfortunately, email has become a way of life and business. I think the risk for business is mitigated because corporate email servers are generally more secure than the free offerings with Yahoo, AOL and Google. Businesses usually enforce stronger passwords, force frequent changes and employ encryption technologies. I trust that technology will eventually make all digital communication even more secure and that penalties for theft will become more severe nationally and internationally.

About Daniel McKenna

Dan McKenna
This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.