What to Watch for When Avoiding Retail Cyberattacks – Part 3, Law360 Retail SeriesLaw360 August 19, 2015
Adam C. Solander and Brandon C. Ge, attorneys in the Health Care and Life Sciences practice, in the firm’s Washington, DC, office, authored part three of a three-part Law360 Retail Series, “What to Watch for When Avoiding Retail Cyberattacks.” (Read the full version – subscription required.)
Following is an excerpt:
Nearly all of the major breaches reported this year have had some element of social engineering associated with them. In general, social engineering involves an outsider manipulating employees into performing actions or divulging confidential information. The most common forms involve phishing emails and phone calls designed to trick employees into divulging their credentials to access company systems. While it is important for employers to have systems in place to filter emails from likely sources of social engineering attacks, no system is perfect and these messages will get through. Thus, employers cannot rely on technical safeguards and should develop training programs to educate employees on social engineering attacks and cybersecurity more generally. This training should be an ongoing process designed to keep employees up to date on the types of attacks happening and things to be on the lookout for.
See also Part 1 and Part 2 of the Law360 Retail Series: “Reading Into NLRB’s Amended Union Election Rules,” by Steven Swirsky, and “What Matters Most in EEOC’s Wellness Program Rules,” by August Emil Huelle.