HACKER DISASTERS

I write all the time about the need to draft policies and employee handbooks. However, how much consideration have you devoted to cybersecurity policies? According to a recent article in BusinessInsurance.com, more than half of all small and midsize companies in the United States have experience at least one data breach. The primary causes of those breaches were employee or contractor error, lost or stolen laptops, smart phones and storage media and procedural mistakes. The loss of critical and proprietary company information can produce enormous monetary loss as well as reputational harm.
What steps should an employer take?

1. Review your employee handbook. Does it include internet and security policies? If so, when were they last updated? Blanket prohibitions on access to the internet have been held to violate the collective action sections of the National Labor Relations Act. \

2. Consult with your insurance professional. Confirm that your company has sufficient coverage to protect against technology and cyber-privacy leaks. If not, consider purchasing appropriate coverage.

3. Develop internal policies and protocols to address employee data disclosure.

4. Determine whether you will permit employees to “BYOD”, meaning bring their own devices into the workplace. If not, this should be explicit in your policies.

5. Consult with an IT professional. I cannot emphasize enough the need to “burn” a “snapshot” of the hard drive of any worker leaving your employ.

6. Create a policy for how and to what extent you are required to notify employees, clients and others in the event of a data or privacy breach.