Protecting Executives

Uniquely exposed and privy to the most sensitive information, executives should be a key focus of technologically-savvy employment lawyers. They are at risk on the road, targeted by adversaries at home, subject to the most vile forms of retaliation, are the victims of concerted spear-phishing and are required to act as if their emails are, in fact, public.

The world of managing cyber risk demands nothing less than a sharp focus on execs, including recognizing that every denizen of the c-suite should be carefully subject to the principle of least privilege and that executive agreements require careful drafting to include technology and data both during work and after termination.   Here are a number of pieces on the subject, with many more to follow.

Home Networks & the Corporate Computing Environment

Attacks against employees (and by extension, against your company) can extend to their homes (see here on doxing and swatting executives).

One concern is home Wi-Fi systems – which can present an open threat vector when an employee links corporate assets to it.   Some thoughts on ensuring that home networks do not become a major cyber threat:

Continue reading “Home Networks & the Corporate Computing Environment”

See you at Hofstra Law!

Looking forward to speaking at Hofstra Law’s Labor & Employment Law Journal’s “Spring 2016 Symposium: Technology in the Workplace.”    I am joining a very impressive panel on Cyber Security and Electronic Employment Records.   I will be talking about the need for employment lawyers to be active participants in cybersecurity-related discussions — and to share some thoughts on how to do so.

The program is Friday, April, 15 2016 | 9 a.m.-3 p.m.   Details follow.

Continue reading “See you at Hofstra Law!”

A short note on ransomware.

News of a new OS X ransomware has brought ransomware to the forefront.  Indeed, TrendMicro thinks ransomware attacks are one of the biggest threats this year.  Why?  Despite increasing sophistication in prevention, according to Security Magazine, “greater numbers of inexperienced cybercriminals will leverage ransomware-as-a-service offerings which could further accelerate the growth of ransomware.”

And one way these criminals will attack your enterprise is through your employees.

Continue reading “A short note on ransomware.”

Easier than Stealing a Base: Lessons From the MLB Hack

A Computer Fraud and Abuse Act case involving the Houston Astros and St. Louis Cardinals provides some key lessons for employers and their lawyers about cybersecurity.  While this case is getting press because it involves Major League Baseball, nothing in this matter is surprising and everything was avoidable.


Continue reading “Easier than Stealing a Base: Lessons From the MLB Hack”

Building a Privacy Program, Part 2

Earlier this month, I wrote Building a Privacy Program; today I appeared in Epstein Becker Green’s Employment Law This Week to discuss the the topic:


The full video can be found here (and the Tip of the Week starts here).


FTC Report on Big Data / Chief Employment Law and Technology Officer?

The FTC’s new report Big Data: A Tool for Inclusion or Exclusion? [pdf.] is an important read from an increasingly powerful regulator in this area.  Its important to employers is in two areas: use of big data in EEO contexts and use of big data and, I would argue, as the basis of workplace policies concerning the use of big data.  Both bear more discussion in detail.

I am only being partly facetious by saying employers need a Chief Employment Law and Technology Officer.   The fact is, though,  employment lawyers must become tech-savvy and stats-savvy enough to play a meaningful role in the internal regulation of these technologies and methodologies as they are being developed.

Continue reading “FTC Report on Big Data / Chief Employment Law and Technology Officer?”

Building a Privacy Compliance Program

I take the (perhaps uncontroversial) view the privacy and security are intertwined.  While easier said than done, here are some steps for establishing a privacy compliance program.

Continue reading “Building a Privacy Compliance Program”

NLRB’S Roadmap for Tech & Comms

The NLRB has banned employer rules that “unqualifiedly prohibit all workplace recording.”  This opinion explicitly makes the NLRB’s position on workplace recordings consistent with its hostility to policies that purport to limit employee’s use of social media (something I suggested in 2014 would happen).

Continue reading “NLRB’S Roadmap for Tech & Comms”