• It’s the Little Things That Count in Cybersecurity
  • October 18, 2017 | Authors: Seth L. Laver; Andrew P. Carroll; Michael P. Kandler
  • Law Firms: Goldberg Segalla LLP - White Plains Office; Goldberg Segalla LLP - Philadelphia Office
  • Today it seems as though cyber-security protections are always a half-step behind hackers. For every patch that quietly protects from one type of ransomware, there’s another WannaCry infecting a major company or financial institution. Of course, cyber-security is an important concern for all businesses, including professionals, a point which is still gaining awareness across the country. As these less technologically sophisticated businesses learn more about the importance of cyber-security in the modern world, it can be easy to forget that there are many everyday protections that are just as valuable as the software that protects your data.

    A large health insurer recently found this out the hard way when it was discovered that the envelopes it was sending to policyholders revealed sensitive personal information. As is common in most mass corporate mailings, the company sent out information using an envelope with a small window that displayed the portion of the letter that listed the recipient’s address. However, a small part of the actual message to the customer could also be seen through the window. This part, while small, revealed just enough private information about the intended recipient to cause a major privacy breach for the company.

    Incidents like these should be treated as stark reminders that when it comes to cybersecurity, the little things really do count. Even if you aren’t technologically savvy, there are many basic ways to protect your data. Do not write down your passwords on a ledger that could be the key to all of your electronic data. Do not leave physical documents with personally identifying information in unlocked areas. Stay off of public wifi networks, even if they are partially secured by a password; i.e. in hotels. Taking these steps are far from the minimum necessary to protect you and your clients’ data, but failing to take them could render even the most sophisticated cyber protections useless.