A corporate-data security company, an insurance broker, and a human-resources service, all based here, are working together to help clients across the country prevent the loss or theft of sensitive information, or survive such a loss if it occurs.
Contineo Technologies Inc., a Spokane-based data-security consulting firm, formed the strategic alliance earlier this year with Spokane-based ICR Bridge LLC, a Spokane-based identity-theft risk analyzer and insurance broker to expand their services to client-network and loss-prevention security, says Craig Sanders, Contineo's CEO.
ICR also has a working relationship with Red & Associates LLC, a Spokane Valley human-resources service provider that's involved in the collaborative effort, and Contineo draws on ICR's relationship with Red & Associates.
Pam DeCounter, a principal at Red & Associates, says that company produces industry-specific, online privacy-security training programs for employees of ICR Bridge's clients. After viewing a presentation, employees take a quiz they are required to pass before they work with sensitive data.
Individually, Contineo provides data-network assessment and mitigation services, while ICR analyses risks and brokers insurance plans for its clients, Sanders says.
The alliance is designed to generate added business for the companies, and doesn't involve the exchange of assets or relocation of employees.
"Joining our resources allows us to identify risks, remediate them, and provide appropriate insurance," Sanders says.
Contineo, which was founded in 2000, implements data-intrusion-prevention systems and, after a loss or theft of data, can help a client identify how the loss occurred and who was behind it.
ICR Bridge analyzes data security policies and procedures and provides insurance coverage, says Tami Carter, the company's head of national sales. ICR is a subsidiary of Moloney+O'Neill Benefits LLC, a longtime Spokane employer-employee group insurance broker.
Sensitive data that the companies seek to protect include proprietary corporate information and the private information of individual clients and customers.
The online training programs that Red & Associates provides cover privacy issues and security practices involving laptop computers, cell phones, and other electronic data-storage devices, DeCounter says.
All three companies say they're growing.
"We've experienced growth every year, even in tough economic times," Sanders says. "We're happy."
Contineo's main office is at 159 S. Lincoln. The company has 14 employees, four of whom work in its satellite offices in Seattle and Fort Worth, Texas. It has clients in 18 states, and they range from small law offices to major corporations, including banks and hospitals, he says.
"We target primarily the regulated environment, which includes any corporation that has a duty to protect customers' data," Sanders says. "We do assessments for about 200 customers a year."
ICR Bridge's main office is in the Lincoln Building downtown, at 818 W. Riverside. The company has three employees here, and is represented by more than 30 insurance agents across the countrya number that Carter says is growing steadily.
Most clients realize the need for data protection and have been receiving protection services before there is a problem, Sanders says. Less than 5 percent of prospective clients approach Contineo for the first time after a breach in online security, he says.
"If they already had a breach, we help identify what was lost and who took it," Sanders says.
Sanders declines to name any of Contineo's clients, but says that in one such case, a bank sought the company's services after one of its customers reported an unexplained withdrawal of $150,000 from an account. Contineo's cyber-detective work found that an employee of the bank's customer had obtained a password and transferred money into a personal account. While that theft wasn't the bank's fault, it underscored the importance of security procedures for bank customers as well as the bank itself.
"The bank's customer wasn't handling passwords properly," Sanders says. "On the bank's end, the only way to alleviate that is to require additional verification from the customer."
The San Diego-based Identity Theft Resource Center reported that 222 million private or otherwise sensitive records were known to have been compromised in 2009, up steeply from 35 million records compromised a year earlier. Also in 2009, malicious attacks accounted for more breaches than human error for the first time in three years, the center said.
Carter says the loss of sensitive data can be expensive. In addition to initial losses, a breach in confidential information can force a company to shut down an electronic business and also can undermine public confidence in the company, she says.
Many states require companies to notify their customers if a breach occurs that could compromise privacy. That notification process can cost up to $30 a customer, she says.
"Cyber" insurance can cover costs related to privacy notification, crisis management, and disaster recovery, she adds. Corporate cyber insurance policies start at a premium of $5,000 a year and go up from there.