Small business owners nationwide may know all about the risks that a data breach can bring for their companies in general. However, what they may not be aware of is just how common these incidents are, and how easily they can happen at any time, through relatively innocuous circumstances, which only serves to underscore the need for some sort of tech insurance policy.
Something as simple as a stolen laptop or other type of mobile device can lead to massive data breach problems, and the former was what led to the University of South Carolina potentially exposing some 6,300 students’ Social Security numbers and other personal information last week, according to a report from the Greenville News. The laptop was stolen from the school’s physics department, and currently officials are unsure whether it actually held the information in question, but must, for the time being, act as though it did.
The potential breach came not long after the school began implementing a new security protocol that was supposed to lead to increased protection, the report said. That plan is still more than a year away from being fully completed, but even when it is, the organization concedes that real threats will still exist just due to the sheer size of its network; at any given time, more than 80,000 devices are connected to it.
With this incident, the laptop in question was used to create and grade physics tests, and was stolen out of a locked room toward the end of April, the report said. The university is only just revealing details of the theft because it needed time to gather information and contact the students in question, who took the physics courses between 2010 and this year, though the university is unsure exactly how much of their personal information was exposed.
“No one is immune to attack and with that, we have to be aware and realistic that the odds are against us,” Marcos Vieyra, USC’s chief information security officer, told the newspaper. “There are a lot of attackers. We have to be perfect every day, and all they have to do is find one hole, one vulnerability, and they’re in.”
What is being protected now?
The new security protocols were put into place after the school suffered six data breaches in the previous six years (this being the seventh), the report said. In all, these incidents have exposed some 87,000 records since 2006, including school employees as well as students. The new measures include more staff for data protection specifically, as well as increased encryption efforts and tighter controls over who can have access to certain data. Further, the school is trying to move away from using students’ Social Security numbers to identify them in its systems, which would help to avoid incidents that are specifically like this, but may be difficult to implement simply because of the scale of its network.
It should be noted, however, that in this specific incident, the school has no evidence that the personal information contained on it was misused, and indeed, the device was protected with a password that would have made it more difficult to access the data, the report said. In many cases such as these, the laptop is stolen not for the information contained on it, but simply for the value it holds on its own.
However, despite that fact, all data breaches of this type should be treated as though it could lead to significant exposure, and this is especially true for relatively small companies. For this reason, owners may want to look into small business insurance policies that help shield them from potentially massive remediation costs after such an incident.