Cybersecurity in the Workplace

Similar documents
Risk Management in the workplace: Human Resource s role

6 Steps For Avoiding Expensive Trade Secret

Social Media Policies After the NLRB Facebook Firing Case Settles: What are Employers to Do?

Standard Statement and Purpose

6 Ways To Protect Your Business From Data Breaches in 2017

Employee Defection: Tools and Strategies for Protecting Company Assets

DRAFT - WORKPLACE VIOLENCE & HARASSMENT POLICY

INSIDE. 2 Introduction 12 Conclusion 4 6. How Prepared Are Corporate Law Departments?

DHT HOLDINGS, INC. CODE OF BUSINESS CONDUCT AND ETHICS

FACC Social Media Guidelines & Policy

ACC L&E Roundtable Rick Albert Krista Cabrera Kamran Mirrafati Archana Acharya

SOCIAL MEDIA AND THE NLRB

Background Screening Best Practices & EEOC Guidance: A Compliance Tool for Employers

BIG LOTS, INC. CODE OF BUSINESS CONDUCT AND ETHICS

Guidelines and supervision on the use of IT tools of the University College

Managing Insider Risk through Training & Culture. Sponsored by Experian Data Breach Resolution

Social Media Policy. Reference: HR th December Induction CD/ Sharepoint/ EDRMS HR Site/ Website

Employee Clearance Procedure

Social Media. Guide for employees

Mid Year 2017 HR Compliance Trends

Mobile banking and payments: What are the US rules?

ClickStaff Orientation Training. Presented to: Contingent Workers Presented by: <Supplier ABC> Version Effective Date: June 20, 2012 Version: 8FINAL

Triple C Housing, Inc. Compliance Plan

Federal Compliance Checklists, Checklist: Conducting Employment Investigations

Managing Employees in an Increasingly Mobile World. December 15, 2016

Social Media on the Workplace

SOCIAL MEDIA RISKS. Of Healthcare Organizations. October Sponsored by:

TABLE OF CONTENTS ONLY

Guidelines for Information Asset Management: Roles and Responsibilities

PHILADELPHIA COLLEGE OF OSTEOPATHIC MEDICINE POLICIES AND PROCEDUES. Policy and Procedures Index

ASSOCIATED BANC-CORP CODE OF BUSINESS CONDUCT AND ETHICS

TRADE SECRET DISPUTES AND EMPLOYMENT RISKS

* SAKURA Rules * (Code of Conduct for the Terumo Group)

New Technology: Mission Impossible?

SOCIAL MEDIA AND THE WORKPLACE

Policy Work Health and Safety (WHS) RCPA Introduction WHS legislation

Managing Online Reputation in a Digital World

Corporate Legal Audit Program

DRAFT ISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Information security management system implementation guidance

Privacy and Social Networking in the Workplace

Southwest Airlines Co. Code of Ethics

Harassment and Hostile Workplace: What HR Directors Need to Know* prepared for

Insurance & Investments Simple. Fast. Easy. CODE OF BUSINESS CONDUCT

CODE OF CONDUCT Version 3 August 2016

Intuit Supplier Code of Conduct

General Counsel Report

California Roadmap: Employment Law Update

Personal Finance Unit 1 Chapter Glencoe/McGraw-Hill

ﺖﻴﻨﻣا ﺖﻳﺮﻳﺪﻣ ﻢﺘﺴﻴﺳ ﻲﺷزﻮﻣآ رﺎﻨﻴﻤﺳ يﺎﻫدراﺪﻧﺎﺘﺳا يﺎﻬﺘﺳﺎﻴﺳ ﻪﻳﺎﭘ ﺮﺑ تﺎﻋﻼﻃا BS7799 & BS15000 لوا ﻲﺷزﻮﻣآ رﺎﻨﻴﻤﺳ

Code of Business Conduct and Ethics

CODE OF ETHICS AND BUSINESS CONDUCT

Immigration Update: Strategies for Effective Corporate Compliance

General user conditions for supplier s applications and the AUMA supplier portal

QUALITY MANAGEMENT SYSTEM POLICIES AND PROCEDURES

ANNEX 2 Security Management Plan

SOCIAL MEDIA - POLICIES AND PROCEDURES

Security Monitoring Service Description

Creating a Job Search Program In Your Church, Synagogue Or Community Organization

RELM WIRELESS CORPORATION (the Company ) CODE OF BUSINESS CONDUCT AND ETHICS

Oilfield Service Co.

WHITE PAPER. IoT-enabled Banking Services

Code of Conduct STANDARD PRACTICE 150

GIRL GUIDES AUSTRALIA (GGA) SOCIAL MEDIA POLICY

Pamela H. Salgado. Focus Areas. Overview

Information Governance Policy and Management Framework

1. an Employee's private interests interfere, or even appear to interfere, with the interests of the Company;

Language that Helps; Language that Hurts George H. Faulkner, Esq.

Status Update: Developments On Social Media In The Workplace

C. MCCMH Hardware and Systems: MCCMH owned or leased equipment, facilities, internet addresses or domain names registered to MCCMH.

Toyota Material Handling UK Code of Conduct

Rich S. Falcone. Focus Areas. Overview

INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES

ISO 28002: RESILIENCE IN THE SUPPLY CHAIN: REQUIREMENTS WITH GUIDANCE FOR USE

INTERWORLD SRL FREIGHT FORWARDING CO. CODE OF CONDUCT

LEGAL ISSUES IN SOCIAL MEDIA FOR CHARITIES

Volunteer Handbook

2017 Cost of Data Breach Study

STATEMENT OF BUSINESS ETHICS

S.D.F ELECTRICAL PTY LTD ABN EMPLOYEE POLICY BOOKLET

CODE OF BUSINESS CONDUCT AND ETHICS. FRONTIER AIRLINES, INC. Adopted May 27, 2004

User Manual. I-9 Management

MAVI S PEOPLE AND ITS PRINCIPLES

Other legal considerations for your website content can include: Using proper company logos and listing trademarks and registered trademarks

Social Media and the New Workplace: Are Your Brand and Reputation Protected? Wednesday, March 8, 2017

The NLRB and the Non-Union Employer

Husch Blackwell s ediscovery Solutions Team

NOTE TO PERSONNEL FILE

2017 Cost of Data Breach Study

HR Compliance Updates for 2017 The Executive's Roadmap to Best-in-Class HR Strategy

Living Our Purpose and Core Values CODE. Code of Business Ethics and Conduct for Vendors

SUITABLE FOR FNSBKG401. Financial Services Training

BRANDING POLICY MARCH 2012

Procurement Assistance Software & Support, LLC. The USA Buyers eprocurement Marketplace

BCD SEMICONDUCTOR MANUFACTURING LIMITED CODE OF CONDUCT AND ETHICS. (As adopted on, 2010)

CARNIVAL CORPORATION & PLC

1. OWNERSHIP AND USE OF SITE MATERIAL

CODE OF CONDUCT FOR DOING BUSINESS WITH LINKEDIN

Policy Outsourcing and Cloud-Based File Sharing

The Bank of Elk River: Digital Wallet Terms and Conditions

Transcription:

Cybersecurity in the Workplace Stephanie K. Rawitt, Esq. Jonathan D. Klein, Esq. ARIZONA CALIFORNIA DELAWARE ILLINOIS MICHIGAN NEVADA NEW JERSEY PENNSYLVANIA WASHINGTON D.C. WEST VIRGINIA IRELAND

Fun Fact: The #1 greatest cyber threat to your business is your very own employees. 2

Anatomy of an Employee Threat 3

The Most Dangerous Employees The Innocent Employee: An employee who makes an honest mistake during the course of his or her employment at your business, but nonetheless makes a mistake that could still have dyer consequences for your business. The Careless Employee: An employee who knows what should be done to protect your business yet does not take action, potentially causing harm. The Malicious Employee: An employee who, despite training and institutional policies in place at your business, knowingly and intentionally takes adverse action to harm your business for an illicit reason. 4

Key Security Questions Have you performed a risk assessment of your business? Do you have the appropriate policies/plans in place? Do you have an actionable incident response plan? Have you trained your employees lately on cybersecurity? Have you updated your privacy policy? Do you have a recent terms & conditions on your site? Would you consider your business security aware? If you answered NO to any of these, why is that? 5

Security Is a Team Effort Management Information Technology (IT) Staff Human Resources (HR) Staff Employees 6

What Does Risk Assessment Mean? Step 1: Identity Information Assets (data, software, hardware, appliances, infrastructure) Step 2: Classify Information Assets Step 3: Identify Security Requirements (statutes/regulations, contracts, common law, business needs) Step 4: Identify Risks 7

What Policies Should You Consider? Non-Compete/Non-Solicitation Policies Cybersecurity Employment Policy Employee Social Media Policy Computer-Issued Technology Equipment Policies Employee Privacy Rights Workplace Computer Policy Employee Exit Protocol Cybersecurity Incident Response Plan Privacy Policy/Terms of Use 8

Non-Compete/Non-Solicitation Policies Allows you to hire, contract, and otherwise operate your business without fear that business knowledge and advantages will soon be used against business! Provides a degree of protection for your business related to employees; Trade secrets and confidential information are protected; Prevents the following illicit actions by current and former employees: Going to work in a similar role for a competitor; Contacting your customers; and Using confidential information about you/your customers after they leave. 9

Cybersecurity Employment Policy Applies to all employees, contractors, volunteers, etc. who has permanent or even temporary access to your business systems and hardware; Emphasizes the importance of cybersecurity (including risks); Should outline effective password management; Describes phishing emails and scams employees may experience; Helps employees understand how to protect sensitive information; Highlights security protocols when not using business hardware; Outlines what to do if business hardware is lost or stolen; and Explains to employees to use common sense and take an active role in security. 10

Employee Social Media Policy It is important for your business to keep track of what employees are doing, especially on issues that pertain to the workplace! Outlines how your employees should conduct themselves online; Helps safeguard business reputation while encouraging responsible online use; Should be considered a living document as social media changes fast; Defends against legal trouble and security risks; Empowers employees to share your business message to the public; Creates consistency across social media platforms; and Focus on the big picture so as to stay current with social media trends. 11

Computer-Based Equipment Policy Applies to any technology provided by your business to an employee; Should set out guidelines for approved use; Should outline security risks and rules related thereto/expectations; Should identify prohibited use (careful not to run afoul of the NLRB); Should remind employees that equipment is that of the business and clarify privacy expectations or lack thereof; Security login procedures/process; Even not a cyber issue, address off the clock policies; and Discipline for violations.

Employee Privacy Rights Policy Comprehensive, state-dependent written policies can defeat employee s expectation of privacy when it comes to the use of workplace technology; Reiterates that employees have no expectation of privacy in connection with data stored in or transmitted via computer, email, phones, cell phones; Discusses that your business, as the employer, have the right to monitor any work-issued device (e.g., workplace computer, laptop, cell phone); Highlights that your business, as the employer, may monitor sites depending on content/subject-matter of site visited on work technology; and Notes that your business, as the employer, has the ability to, and can, monitor incoming and outgoing phone calls placed on work-issued technology. 13

Workplace Computer Policy Considers Internet usage, site management, and website blockage; Policy limits computer use to work-related activities; Applies universally to all employees (unless express permission granted); Discusses employee privacy rights (as noted previously) or lack thereof; Outlines before or after work, lunchtime, and other off-the-clock issues; and Reiterates procedures for employee exist and post-employment issues. 14

Employee Exit Protocol Outlines procedures when an employee resigns/is terminated; Should include, but is not limited to, the following: Knowledge transfer meeting; Procedure to collecting workplace items; Outlines transition period and plan; Highlights requirements on last day of employment Contains checklist for ensuring all business information protected; Reviews information for exiting employee; and Discusses preservation of employee electronic data. 15

Cybersecurity Incident Response Plan Preparing for WHEN your business may experience a cyber-related breach and/or incident, not IF your business may be breached. Words to Live by: Identify & Protect + Detect, Respond & Recover 16

Privacy Policies Essentially a consumer notice on your business website; Provides details about business procedures related to information collection; Drafted by lawyers, made for laypersons visiting your business website; Requires consultation between business/lawyers; NO ONE SIZE FITS ALL must be tailored to your business; Should contain information demonstrating regulatory compliance; Must be published conspicuously on your business website; and Periodic review and updating of privacy policy is the norm. 17

Terms of Use/Terms & Conditions Essentially a contract between your business and a visitor to the site; Sets the rules for any person visiting your business website to follow; Contains prohibited activities for any person visiting your business website; Even though may not be required, a smart page to have on your website; Can limit liability, set governing law, even set arbitration v. litigation; Contains notice provisions for copyright infringement, legal action, etc.; Protects your right to the content on your business website; NO ONE SIZE FITS ALL must be tailored to your business; and Periodic review and updating of terms is the norm. 18

19 Cybersecurity Insurance Even with appropriate protections and tools in place, your business should still consider cybersecurity insurance as a fail safe to protect your business from cyber risks. Some basics about cybersecurity insurance: Standalone coverage usually; Helps business recover faster from data loss; Transfers some of financial risk of security breach; Investigate current coverage before you apply; and Know the limitations of your coverage (likely will not cover theft of IP). 19

Cybersecurity Exercise Consider the following scenario: Your business has a network engineer or IT professional (as the case may be) in his mid-50s who you have decided to fire for cause. Somehow (and unrelated to this exercise), the network engineer or IT professional finds out that he is going to be imminently fired and decides to reset your business servers to their factory settings. What policies should govern the employee s actions? What do you do now?

QUESTIONS? Stephanie K. Rawitt 215.640.8515 srawitt@clarkhill.com Jonathan D. Klein 215.640.8535 jklein@clarkhill.com 21

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback