April 2024 – Protecting Your Data – Deepfake Technology Used to Fool Employees


THE NEWEST cyber and financial fraud threat facing businesses is deepfake technology, which criminals are using to extract money from unsuspecting accounts payable personnel.
A finance worker at a multinational company in Hong Kong was duped into transferring $25 million to criminals who had used deepfake technology to pose as the business’s chief financial officer during a video conference call, according to local police.

A deepfake is an artificial image or video generated by a special kind of machine learning called “deep” learning. The creations have grown increasingly sophisticated and harder to detect.

How it happened

The worker received an e-mail from what he thought was the company CFO, inviting him to attend a teleconference with him, other company executives, and staff, according to Hong Kong police. The digitally recreated version of the CFO then ordered money transfers during the video conference call.
Based on instructions the employee got during that call, they transferred 200 million Hong Kong dollars ($25.6 million) to various Hong Kong bank accounts in a series of transactions.
The employee did not interact with the deepfakes during the video conference, and he later told police that others on the call looked and sounded like people he knew in the organization.
In fact, all of the other people on the call were fakes of real people in the company. The criminals had used deepfake tech to alter publicly available video and footage found online to create convincing digital versions of the others in the meeting.
Police said that the case was one of several recent incidents in which criminals had used deepfake technology to change publicly available video and other footage to steal from people and companies.

Warning to US businesses

This type of attack is essentially an extension of the wire transfer fraud, a threat that’s been growing in recent years.
These scams usually start with e-mails or even phone calls from scammers posing as someone higher up in an organization, a client or vendor. The end goal is to convince an employee with access to the company’s payment systems to transfer funds to the criminals.
Deepfake technology adds a dangerous new arrow to wiretransfer fraud criminals’ quivers, making the scam even easier to fall for.
To avoid being victimized, the law firm of Fischer Phillips recommended in a November 2023 blog that businesses:

Provide deepfake training to staff. You should already be training and providing refresher meetings on preventing cyber attacks of all sorts. Consider educating them about the dangers of deepfakes and provide the Hong Kong case as an example. Cover ways to spot deepfakes, including:
• Blurry details,
• Irregular lighting,
• Unnatural eye and facial movements,
• Mismatched audio, and
• Absence of emotion.

Urge staff to be suspicious. Your employees should be able to comfortably question the legitimacy of information and be urged to report suspicious activity.
Use strong authentication protocols. Put in place robust measures — like multi-factor authentication and similar tools — for accessing sensitive information and systems.

Insurance coverage

If your organization has a cyber insurance policy, it might cover a wire transfer fraud loss. The coverage provided by cyber insurance can vary significantly between insurance companies and policies. Some cyber policies may explicitly cover wire fraud, while others require additional endorsements or riders to provide adequate protection.
A commercial crime policy will cover losses resulting from the use of a computer to fraudulently transfer funds from inside the business premises or the insured’s bank to an outside party.
However, policies may only offer coverage if an employee was fraudulently involved in the wire transfer fraud. This type of funds transfer fraud is basically the only computer-related coverage that a crime policy offers.


April 2024 – Commercial Property Insurance – New Rules Aim to Ease Availability Crisis


WITH THE California commercial property market increasingly stressed with fewer and fewer insurers willing to write policies in the Golden State, the state insurance commissioner has floated a plan aimed at easing the crisis.
The main thrust of the new proposal is to make it easier for insurers to get their rate-hike requests approved, efforts that have been stifled due to laws that have been on the books since the early 1990s from a law known as Prop. 103. As well, insurers are limited in the types of data they can use to justify rate increases, which has constrained them from being able to ask for hikes that are adequate to cover their potential liabilities.
The proposed rule changes, along with others that are coming this year, are aimed at luring insurers back into the marketplace after one carrier after another has either stopped writing commercial property in the state altogether, or restricted how many policies they will write in California, and where.
While insurers are still writing policies in California, their numbers are shrinking, making renewals a difficult process for many businesses. Insurers have also gotten pickier about properties they are willing to cover, with some setting limits on the age of a building and taking into consideration whether the property owner has filed any claims in the last three years.

The commissioner’s plan

Insurance Commissioner Ricardo Lara’s proposed regulations, one of those prongs, would allow insurers to use catastrophe models to better predict insurance rates for wildfire, terrorism and flooding. Currently, they are only allowed to use historical claims data, which is backward-looking and does not account for the surge in risk and costs that’s occurred during the last five to 10 years.

As well, they are not allowed to consider the growing risk caused by climate change, or wildfire risk mitigation measures taken by communities or regionally as a result of local, state and federal investments.
Mark Sektnan, vice president for state government relations for the American Property Casualty Insurance Association, said this change would go a long way towards addressing the insurance crisis in the state.
“As Californians grapple with record inflation and become increasingly vulnerable to climate-driven extreme weather, including catastrophic wildfires, this is a critically needed tool to help identify future risks more accurately and set rates that reflect our new reality,” he said. “More accurate ratemaking will help restore balance to the insurance market and ensure all Californians have access to the coverage they need.”
The trade-off for consumers will be the likelihood of more insurers coming back into the market to write commercial property and homeowner’s insurance in exchange for them asking for large rate hikes.
The latest proposed regulation follows another that was introduced in late February that would speed up approvals of rate-increase requests. These can sometimes take years if the Department
of Insurance asks for more supporting documentation, which can reset the rate approval process, delaying final approval.
Some insurers have waited more than two years to get their rate hikes even considered.
Current rules “lack clarity and fail to specify the exact materials and information required in a complete rate filing application given the change in times and increased complexity of filing,” according to the Department.
This proposed rule codifies clearer instructions for what supporting documentation insurers must submit when filing for rate increases.

The takeaway

A public hearing on the proposed catastrophe-modeling regulations will be held on April 23 and it’s the department’s plan to get these new rules implemented by the end of 2024, along with the rules on speeding up rate-increase requests.
In the coming months, the department plans to propose additional regulations as well as legislation in order to get insurers to write business in the state again.
If enacted, it’s hoped that the various planned changes will provide some relief to homeowners and businesses in the state.
We’ll keep you posted as this develops.


April 2024 – Workplace Safety – Overdose Meds May Be Coming to Your First Aid Kit


EFFORTS ARE afoot to create new laws and regulations that would require California employers to include the opioid overdose medication Narcan in their first aid kits. Cal/OSHA’s Standards Board has received a petition from a safety group asking it to create new regulations requiring workplaces to stock medications that can reverse opioid overdoses.

On the legislative front, two state assembly members have introduced bills that would require workplace first aid kits to include naloxone hydrochloride, the substance that can reverse overdoses.
More than 83,000 people died of an opioid overdose in 2022 in the U.S., including nearly 7,000 Californians, according to the Centers for Disease Control.
Naloxone, sold under the brand names Narcan and RiVive, is available in an over-the-counter nasal spray or as an injectable.
These medications temporarily reverse overdoses from prescription and illicit opioids, are not addictive, and are not harmful to people when administered.
In its Dec. 8 petition to Cal/OSHA’s Standards Board, the National Safety Council asked it to add naloxone to the list of required items in both construction sites as well as general industry workplaces.
“With the number of workplace overdose deaths on the rise, opioid overdose reversal medication is now an essential component of an adequate first-aid kit,” wrote Lorraine M. Martin, president and CEO of the NSC.

Legislation

Two bills are in play.
AB 1976: Authored by Assemblyman Matt Haney (D-San Francisco), this bill would require first aid kits on job sites to include Narcan. It would require the Standards Board to draft enabling regulations by Dec. 31, 2026.
AB 1996: Authored by Assemblyman Juan Alanis (D-Modesto), this measure would require operators of stadiums, concert venues and amusement parks to stock Narcan. It would not require Cal/OSHA to create new regulations as the measure is aimed at helping members of the public.

The takeaway

In light of the opioid overdose epidemic, more and more employers and operators of facilities that cater to the public have started stocking naloxone.
With opioid overdoses so prevalent in U.S. workplaces (18% in California alone), the simple addition of this over-the-counter medication can save the life of a worker.
Narcan is available for around $40 at most major retail pharmacies. It’s a simple and inexpensive addition to a first aid kit for any employer. It would be good practice to keep a pack in your safety kit… just in case.
Meanwhile, if any of the legislative and possible regulatory efforts become law or regulation, we’ll let you know.


October 2023 – Transportation Hiring Alert – Always Check New Drivers’ Clearinghouse Record


FLEET OPERATORS face an increased risk of potential liability if they are not diligent about checking their drivers’ moving violation records with the state Department of Motor Vehicles, in addition to the Federal Motor Carrier Safety Administration’s Drug and Alcohol Clearinghouse.

As of 2020, it became mandatory that all motor carriers sign up their drivers in the Clearinghouse and run their driver rosters through the system to clear them for duty. But many companies are skipping this step and only checking their drivers’ records with the DMV, which may not reflect any suspensions issued by the Clearinghouse.

Clearinghouse rules require that drivers be tested for drugs prior to being hired and randomly throughout the year. This helps employers weed out drivers who may be at higher risk of both moving violations and accidents.

The Clearinghouse

The Clearinghouse was created to keep commercial drivers who have violated federal drug and alcohol rules from lying about those results and getting a job with another motor carrier.
This electronic database tracks commercial drivers’ license holders who have tested positive for prohibited drug or alcohol use, as well as refusals to take required drug tests, and other drug and alcohol violations.

The Clearinghouse tracks a driver’s drug and alcohol tests and bars them from operating commercial vehicles after they fail a test. If they want to return to driving, they must successfully pass a return-to-duty process that includes substance abuse treatment and a test to evaluate their readiness.

The restriction can be lifted if the driver signs up for a Clearinghouse program that will test them 14 times in two years, with the first 12 tests having to occur in the first year.
This cost all comes out of the driver’s pocket.
This system is an important check on drivers and helps employers reduce their exposure.
The Department of Motor Vehicles is required to check the Clearinghouse before issuing a new or renewing a commercial driver’s license.

The takeaway

While it is the law that employers follow Clearinghouse procedures, because it’s a new system, many companies are failing to follow the rules.
If you are relying only on pulling a driver’s moving violation record and not the Clearinghouse, you are in breach of regulations and could leave your firm exposed.
If you employ a driver who is under suspension from driving by the Clearinghouse and they are involved in an accident, the victims could build a case that your organization was negligent in letting the individual drive and not checking the Clearinghouse first.
If they can prove negligence on a fleet operator’s part, the business could be in for a hefty court judgment.


July 2023 – EEOC Guidance – New Rules for Using AI in Employment Decisions


The Equal Employment Opportunity Commission has issued new guidance on how employers can properly use software, algorithms and artificial intelligence-driven decision-making tools when screening job applicants and selecting candidates.
The EEOC has grown concerned about possible adverse impacts of these technologies that can help employers with a wide range of employment matters, like hiring decisions, recruitment, retention, monitoring performance, and determining pay, promotions, demotions, dismissals and referrals.
The guidance follows the EEOC’s recent announcement that it would pursue enforcement of violations of Title VII of the Civil Rights Act of 1964 and other statutes under its jurisdiction arising from use of AI in employment decisions.

The new guidance includes a series of questions and answers to help employers prevent the use of AI and other technologies from leading to discrimination on the basis of on race, color, religion, sex or national origin, in violation of Title VII.

Main points of the guidance:

Responsibility: Employers are ultimately responsible for discriminatory decisions rendered by algorithmic decisionmaking tools, even if they are administered by another entity,
such as a software vendor.
Assessment: Employers should assess whether their use of technology has an adverse impact on a particular protected group by checking whether use of the procedure causes a selection rate for individuals in the group that is “substantially” less than the selection rate for individuals in another group.

The selection rate for a group of applicants or candidates is calculated by dividing the number of persons hired, promoted or otherwise selected from the group by the total number of candidates in that group.
If an employer is in the process of implementing a selection tool and discovers that using it would have an adverse impact on individuals of a protected class, it can take steps to reduce
the impact or select a different tool, per the guidance.
If an employer fails to adopt a less discriminatory algorithm than that which was considered during the implementation process, it could result in liability, according to the EEOC.

The takeaway

Employers using algorithmic decision-making tools for employment decisions need to take the same care as they do when making employment moves without assistance from technology.
Firms should not implement these technologies without considering possible adverse decision-making that could lead to violations of the law and prompt litigation and regulatory
action by the EEOC.
Experts advise that you move forward carefully and work with the vendor to ensure the technology doesn’t get your organization in trouble.


April 2023 – Law Barring Mandatory Agreements Shot Down


A U.S. COURT of Appeals has struck down a landmark California law that prohibits employers from requiring their workers to sign agreements to arbitrate any disputes arising from their employment.
The ruling clears the way for employers to continue using arbitration agreements without risking criminal liability that the law – AB 51 – calls for. The law took effect Jan. 1, 2020, but after a coalition of employers led by the California Chamber of Commerce sued to block the measure’s implementation, a lower-court judge issued a temporary restraining order, halting enforcement until the matter could be resolved by the courts.
Arbitration agreements usually require both the employer and employee to submit any employment-related disputes to arbitration, rather than to the traditional court process. They are designed to reduce tension and save both parties money and time.
The Chamber said the Feb. 15, 2023 ruling by the Ninth U.S. Circuit Court of Appeals invalidating the law was a win for the state’s employers. The business advocacy group had asserted that the law contradicted federal legislation and would result in increased litigation and higher costs for employers and workers alike.
The ruling by the Ninth Circuit upheld a lower court’s preliminary injunction order and holding that AB 51 is preempted by the Federal Arbitration Act (FAA).

What did AB 51 require?

The law made it a criminal misdemeanor for an employer to require an existing employee or a job applicant to sign an arbitration agreement as a condition of employment.
However, due to a quirk in the law, even though an employer could be subject to criminal prosecution if it required employees to sign arbitration agreements, the contracts, if signed, would still be enforceable.
The law was written in this way to avoid conflicting with the FAA. But in the end, the court opined that AB 51 was preempted by the federal law after all.

The takeaway

The ruling paves the way for employers to continue using arbitration agreements with employees in the Golden State. That said, if you are using such agreements or plan to, you should consult with your legal counsel to ensure your agreement is up to date.
If the case is not appealed, the court’s opinion will likely lead to the law being nullified.
But an appeal would be an uphill battle, legal observers say. “SCOTUS (the U.S. Supreme Court) has clearly said that state rules burdening the formation of arbitration agreements are at odds with the FAA,” the law firm of Fisher Phillips wrote in a blog about the ruling.
One important note: The Ninth Circuit’s decision does not affect the federal Forced Arbitration of Sexual Assault and Sexual Harassment Act of 2021, which gives employees the right to opt for arbitration agreements and class- or collective-action waivers if they are making sexual assault or sexual harassment claims.


January 2023 – Ransomware Fallout – Firms That Pay Ransom Often Hit Again


A new report found that one-third of companies who are hit with ransomware and pay the hackers to unlock their systems, are often likely to be targeted a second time.

And after they pay, they are often faced with significant consequences, including system rebuilding costs, their data still being leaked and financial consequences, according to the “2022 Cyber Readiness Report” by Hiscox. The eye-opening results of the study come as the number of businesses hit by cyber attacks continues growing.

Considering the potential damage to your organization if your systems are compromised in the aftermath of a ransomware attack, even if you have cyber insurance to pay recovery costs, it’s best to take steps to thwart attacks in the first place.

More than ransom

It’s clear that paying a ransom often doesn’t mean the recovery for an affected business will be smooth, according to the report, which covers the poll results of 5,000 organizations.

The risk

Nearly half (47%) of firms reported that they had been hit by a cyber attack during the past 12 months, up from 40% in 2021. Of those who were attacked, 17% were ransomware victims.
The median cost of an attack has risen 29% to just under $17,000.
Small firms can no longer expect to fly under the radar as the criminals increasingly have them in their sights.

 

What you can do

Some firms have little exposure to a cyber attack, particularly if they don’t handle customer data or are not techdriven operations. Each firm has a different exposure level.
For companies that have cyber exposure, protecting their organization requires a multi-pronged approach that includes cyber insurance and strong data security protocols.
Cyber insurance may cover the cost of a paid ransom as well as recovery and rebuilding costs. If your organization has exposure, please give us a call to review your risk and see if cyber insurance is right for your business.

Besides that, Hiscox recommends taking a number of steps to protect against an attack and be able to recover from one faster:

  1. Keep all of your software up to date to include the installation of all the latest security patches.
  2. Frequently back up your data on a server that is not hooked up to the cloud.
  3. Train workers on how to recognize and avoid common social engineering attacks that criminals use to trick them into revealing sensitive information about themselves or their company.
  4. Teach your staff how to detect potentially dangerous e-mails that try to get them to click on a malicious link that can unleash ransomware or other malware.

January 2023 – Top 10 California Laws, Regs for 2023


A slew of new laws and regulations that will affect California businesses are taking effect for 2023.

Last year was a busy one, with ground-breaking new laws on employee pay disclosures, a law prohibiting discrimination against cannabis-using employees and another expanding the circumstances when employees can take leave to care for a loved one. The following are the top 10 laws and regulations that employers in the Golden State need to stay on top of.

1.  Pay disclosure

This sweeping law in part requires more disclosure of pay information by employers. Under current law, employers are required to provide the pay scale for a position upon reasonable request by a job applicant. SB 1162 goes a step further by:

  • Requiring employers, upon request by a current employee, to provide the pay scale of the position they are employed in.
  • Requiring employers with 15 or more workers to include pay scale in any job postings for open positions.
  • Requiring employers to maintain records of job titles and wage rate history for each employee while employed for the company, as well as three years after their employment ceases.

Note: The law defines “pay scale” as the salary or hourly wage range that the employer “reasonably expects” to pay for the position. Penalties range from $100 to $10,000 per violation. This law took effect Jan. 1, 2023.

 

 2.  State of emergency and staff

This new law, SB 1044, bars an employer, in the event of a state of emergency or emergency condition, from taking or threatening adverse action against workers who refuse to report to, or leave, a workplace because they feel unsafe. “Emergency condition” is defined as:

  • Conditions of disaster or extreme peril to the safety of persons or property caused by natural forces or a criminal act.
  • An order to evacuate a workplace, worksite or worker’s home, or the school of a worker’s child due to a natural disaster or a criminal act.

SB 1044 also bars employers from preventing employees from using their mobile phones to seek emergency assistance, assess the safety of the situation or communicate with another person to confirm their safety. The law, which took effect Jan. 1, 2023, does not cover first responders and health care workers.

 

3. Cannabis use and discrimination

This law bars employers from discriminating in hiring, termination or other conditions of employment based on employees using cannabis while off duty. The bill’s author says the legislation is necessary because THC (tetrahydrocannabinol), the active ingredient in marijuana, can stay in a person’s system after they are no longer impaired. As a result, drug testing may detect THC in an employee’s system even if they used it weeks earlier and it is having no effect on their job performance. AB 2188 does not require employers to permit employees to be high while working. The bill would exempt construction trade employees and would not preempt state or federal laws that require employees to submit to drug testing. This law takes effect Jan. 1, 2024.

4.  Leaves of absence

The California Family Rights Act and the state’s paid sick leave law allow employees to take leave to care for a family member, defined as a spouse, registered domestic partner, child, parent, parent-in-law, grandparent, grandchild or sibling. The definition has been expanded to include “any individual related by blood or whose association with the employee is equivalent of a family relationship.”

5.  Contractor workers’ comp

Starting July 1, the following contractors must carry workers’ compensation coverage regardless of if they have employees or not:

  • Concrete (C-8 license)
  • Heating and air conditioning (C-20)
  • Asbestos abatement (C-22), and
  • Tree service (D-49).

Starting Jan. 1, 2026, all licensed contractors must have coverage.

6.  OSHA citation postings

Under current law, employers that receive citations and orders from OSHA are required to post them in or near the place the violation occurred, in order to warn employees about a potential hazard. Starting Jan. 1, 2023, they must post the notice not only in English, but also: Spanish, Chinese (Cantonese, Mandarin), Vietnamese, Tagalog, Korean, Armenian and Punjabi.

7.  Permanent COVID standard

Cal/OSHA has a permanent COVID-19 prevention standard that will sunset in 2024. The new standard, which replaces the temporary emergency standard the agency had implemented, should provide more certainty for prevention procedures and practices. Here are the main takeaways:

  • Employers are no longer required to pay employees while they are excluded from work due to COVID-19, or to screen employees daily.
  • Employers must still notify and provide paid testing to employees who had a close contact in the workplace.
  • Employers can now incorporate written COVID-19 procedures into their Injury and Illness Prevention Programs.

8.  CalSavers expanded

SB 1126 requires any person or entity with at least one employee to either provide them with access to a retirement program like a 401(k) plan or enroll them in the state-run CalSavers program. Prior to this new law only companies with five or more employees that do not offer a retirement plan are required to enroll their workers in CalSavers.

9.  Bereavement leave

Employers with five or more workers are required to provide up to five days of bereavement leave upon the death of a family member, under a new law starting in 2023. This leave may be unpaid, but the law allows workers to use existing paid leave available to them, such as accrued vacation days, paid time off or sick leave. Employers are authorized to require documentation to support the request for leave.

10.  PFL wage replacement

This law was passed last year but does not take effect until 2025. Existing California law allows employees to apply for Paid Family Leave and State Disability Insurance, both of which provide partial wage replacement benefits when employees take time off work for various reasons under the California Family Rights Act. Starting in 2025, low-wage earners (those who earn up to 70% of the state average quarterly wage) will be eligible for a higher percentage of their regular wages under the state’s PFL and SDI benefit programs.


October 2022 – Commercial Property Insurance – Coverage Gets Scarce in At-Risk Areas


AS WILDFIRES grow in number, intensity and scope, the cost of paying for the resulting claims is causing a property insurance crisis in some parts of the state that shows no sign of disappearing anytime soon.
Commercial property insurance rates have skyrocketed for businesses in areas exposed to wildfire risks. Many have received non-renewal notices and have had to secure coverage with the market of last resort, the California FAIR Plan. Here’s what’s going on and what your options are if your commercial property policy is non-renewed.

What insurers are doing

While rates are increasing nominally in most of California’s larger cities due to higher construction costs, it’s a different story in smaller cities and towns.
Insurers are responding. Some are pulling out of the state or ceasing to write policies in areas they deem high risk and are issuing non-renewal notices. Those that continue to write business in high-risk areas are taking steps to rein in their risk:
Increasing rates – Many carriers have more than doubled rates for at-risk properties.
Hiking deductibles – Many carriers are raising deductibles in wildfire-prone areas.
Stricter terms – Some insurers are limiting the amount they will pay out if a building is destroyed. That can sometimes be as low as 20% of the value, meaning the rest would have to be covered out of pocket by the property owner.

Protective measures insurers may require

Defensible space: Maintain a defensible space around your building, usually all the way to the property line. You can find a thorough description of how to create a defensible space here.
Non-combustible materials and other measures: Use only non-combustible building materials, such as fire-proof shingles for your roof. The insurer may require you to shore up roofs, gutters, vents and siding and ensure there are no gaps that would allow embers to penetrate.
They may require exterior wall cladding made of non-combustible siding materials.
Reliable water supply: Insurers are requiring property owners to have clear access to a reliable water supply, including proximity to public hydrants and the possible installation of private-site yard hydrants. The availability of a reliable water supply is critical and should be evaluated frequently.
You may also consider installing a back-up water supply, such as a fire pump and tank.
Routine clearing: Insurers are requiring property owners to have a routine property clearing regimen that includes regularly removing dried vegetation from the property and removing debris or other flammable materials. Debris and vegetation are the tinder for large fires.

Your options if canceled

If you’ve been cancelled by your insurer, we can mount a search for replacement coverage. If all California licensed insurers that we have access to
reject your policy, we have two choices:
The non-admitted market – These are insurers that are not licensed in the state of California, but they are viable insurance companies nonetheless. They can offer policies that may not cover everything a homeowner’s policy from an admitted insurer would have. Policies can often be customized for the insured.

California FAIR Plan – We can only go to the FAIR Plan if you’ve thoroughly exhausted the options available through the voluntary market and been denied coverage.
If only one admitted insurance company is willing to write your policy, no matter how steep the premium is, you cannot go to the FAIR Plan for coverage.
Not only are FAIR Plans more expensive, but they offer fewer coverage options and lower policy limits. That said, the limits have doubled in 2022 to $6.8 million per policy.


July 2022 – Privacy Liability – Companies Bleed Data as Workers Move It Offsite


THE MORE employees are working from home, the greater the risk that their employers’ sensitive data is also being stored on their poorly secured devices and laptops.
A new study by Symantec Corp. found many workers are sharing, moving, and exposing sensitive company data as part of carrying out the requirements of their jobs, and they may not realize they could be compromising the information or that what they are doing is wrong.
More worrisome, the study found that half of all employees surveyed who left or lost their jobs in the prior 12 months had kept confidential company data. When that happens, the departing worker, your company, and the new employer are all put at risk.

 

 

 

 

Worse still, the majority of employees put these files at further risk because they don’t take steps to delete the data after transferring it. “In most cases, the employee is not a malicious insider,” writes Symantec, “but merely negligent or careless about securing IP. However, the consequences remain. The IP theft occurs when an employee takes any confidential information from a former employer.”

 

 

 

 

 

What you can do

Symantec suggests attacking the problem from multiple angles:
• Educate employees – You should take steps to ensure that IP migration and theft awareness is a regular and integral part of security-awareness training. Create and enforce policies dictating how they can and cannot use company data in the workplace and when working remotely. Help employees understand that sensitive information should remain on corporate-owned devices and databases. Also, new employees must be told that they are not to bring data from a former employer to your company.

• Enforce non-disclosure agreements – If you have not done so already, you need to craft new employment agreements to ensure they include specific language on company data.
They should include language that the employee is responsible for safeguarding sensitive and confidential information (and define what that is).
For employees that are leaving your employ, conduct focused conversations during exit interviews and make sure they review the original IP agreement.
Include and describe, in checklist form, descriptions of data that may and may not transfer with a departing employee.

• Track your data – You need to know where your data is going and how you can find out by using monitoring technology. One option is to install data-loss-prevention software that notifies managers and employees in real-time when sensitive information is inappropriately sent, copied, or otherwise improperly exposed.
Also, introduce a data protection policy that monitors inappropriate access or use of company data and notifies the employee and you of violations.
This increases security awareness and deters theft. When you know how data is leaving your company, you can then take steps to prevent it from seeping out.


Request a Wholistic Mindful Analysis

Ask us how we can help your organization