I was hanging out with my friend this weekend, both catching up on emails from a coffee shop. After a while, he turned to me. “Well sh*t. Looks like my social security number might be on the dark web.”...more
Cyber incidents have surged in recent years, with attacks more than doubling since 2020 and the number of victims totaling in the hundreds of millions in 2023 alone. These incidents can cost organizations millions or even...more
We’ve previously written on the need for law firms to scrutinize the data security protections in place at all third-party vendors who have access to client confidential information. Clearly, that’s still good advice....more
Multi-employer plan participants involved in an Employee Retirement Income Security Act of 1974 (ERISA) class action lawsuit against Horizon Actuarial Services LLC (Horizon), a national retirement services firm, have entered...more
As the news reports show, the sudden shift to employees working from home poses new cybersecurity risks for businesses and the employees who work remotely. Below are 10 important measures that can help mitigate these...more
Although organizations have dealt with privacy issues for years, only in the past decade have they begun to view the complexities of privacy as requiring formal organizational structure, dedicated employees, and/or dedicated...more
Many companies permit their employees to use personal mobile devices, such as smartphones and tablets, to access company-specific information, such as email, under a Bring Your Own Device (“BYOD”) policy. BYOD policies can be...more
In as little as 13 seconds, all of a company's data can be stolen by simply plugging in a USB drive. Intelligence agencies famously used this approach when uploading the Stuxnet worm at an Iranian nuclear facility, but...more
This is the sixth instalment in our Top 10 Issues for Employers series. OVERVIEW - The workplace practice of bring your own device (BYOD) has hit the mainstream as more and more employees use their own mobile...more
The U.S. Department of Homeland Security (DHS) has designed October as National Cyber Security Awareness Month. But as we leave October, remember that data security is an ongoing challenge that requires continued vigilance...more
In a much anticipated decision, the Third Circuit Court of Appeals affirmed the authority of the Federal Trade Commission (FTC) to enforce actions against companies who have been subject to a data breach. The FTC sued...more
An organization’s information can be put at risk when staff begin to bring their own devices and use them in the workplace. As a result, in such cases, an organization should consider adopting an appropriate “bring your own...more
Employees are the front line of your information security defense. While technological protections are essential (for example, anti- virus software, firewalls, spam filters, etc.), none are as effective as a vigilant end...more
On June 30, 2015, the Federal Trade Commission (FTC) published “Start with Security: A Guide for Businesses” (the Guide). The Guide is based on 10 “lessons learned” from the FTC’s more than 50 data-security...more
With all of the privacy and data security enforcement actions brought by the Federal Trade Commission in recent years, and with all of the guidance distributed by the FTC in that time frame, it is easy to get caught up in...more
Many have heard that “it is not a matter of if a company will be attacked, but when.” Statements like this used to be met with skepticism – companies would say we do not have information hackers want, we outsource our...more