Robert J. Hudock, a Member of the Firm in the Health Care and Life Sciences practice, in the firm’s Washington, DC, office, and Brian G. Cesaratto, a Member of the Firm in the Litigation and Employment, Labor & Workforce Management practices, in the firm’s New York office, were featured in an interview with Employee Benefit News, in “How Employers Can Protect Themselves from Hacks,” by Amanda Eisenberg.

Following is an excerpt:

Companies including Equifax, Target and JP Morgan Chase have been susceptible to large-scale data hacks in the past few years, which has a number of other employers concerned if they are the next target.

Epstein Becker Green attorneys Robert Hudock, a member in the Health Care and Life Sciences practice in Washington, D.C., and Brian Cesaratto, a member in the Employment, Labor & Workforce Management practice in New York City, spoke with Employee Benefit News to discuss the latest hacks, how employers can protect themselves from internal and external threats, and why the benefits department should be involved. …

EBN: Is it worth paying for them? Should these companies be buying cybersecurity tools?

Hudock: What you need to do is you need to think about the risk profile of your organization and what are the key vulnerabilities and threats to our mission or my mission in order to say, “Should I buy this tool? Should I not buy this tool?” What we try to do is every time a breach happens, we develop a library of cases so we can say when we’re working with executives: This is the type of situation that happened. This is how it happened. What if this happened to your organization? How would this be handled? And then try to estimate the likelihood that this could happen, and then you get into the tools.

Brian Cesaratto: The tools are one technique of part of a larger strategy for insiders like employees. You’re talking about policies, hiring, system use. In the benefits area, employers maintain benefits. That’s very sensitive data. Social security numbers, health information. What we see happening more and more with what’s happening in the news with the breaches, is that there’s an increased awareness that you need to look at, like your key data. Benefits information is one component of that. How do we safeguard it? What do we put in place? As Robert said, it’s the human element too, which is personnel. Looking at your personnel and putting in place policies and techniques to try and prevent it in the first instance.

Industries

Jump to Page

Privacy Preference Center

When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.

Strictly Necessary Cookies

These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.

Performance Cookies

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.