Insider Threat Risk Management

At Epstein Becker Green (“EBG”), we have a dedicated team of attorneys who provide legal advice on cybersecurity, data loss prevention, and breach response. We counsel clients on a daily basis regarding the myriad laws and regulations related to information security risk assessments, employee and insider threats, data privacy, and computer forensic investigations. Our legal services are directed at helping our clients avoid a damaging loss of trade secrets, protected health and personally identifiable information, and other confidential business information and immediately respond to data loss incidents, with advice grounded in decades of experience in these complex areas.

EBG is the only law firm designated by the Health Information Trust (HITRUST) Alliance as a Common Security Framework (CSF) Assessor Organization.[i] Our cybersecurity team includes lawyers who are Certified Information Systems Security Professionals (CISSP), having been awarded this information technology and security audit certification by the International Information Systems Security Certification Consortium (see, and have other information security certifications and training.

Our Services

As a result of our risk management capabilities, we are able to provide legal advice on all aspects of cybersecurity. Our services include:

  • Conducting insider threat and vulnerability assessments
  • Recommending policies and techniques to reduce the risk of damaging data breaches
  • Providing workforce management policies and training designed to protect organizations from loss of trade secrets and other critical business information
  • Reviewing vendor and contractor relationships and agreements for key protections
  • Assisting clients with responses to government audits and investigations into security and privacy breaches
  • Conducting forensic investigations into claims of misappropriation by employees and others of trade secrets and other data breaches, and litigating those claims
  • Responding to network hacking and security incidents caused by malevolent outsiders
  • Advising on the international, federal, and state laws and regulations concerning data privacy, security, and breaches

In addition, EBG is exceptionally well positioned to provide counseling on conducting robust assessments of administrative, physical, and technical safeguards around critical data, as well as developing documentation of a defensible security program. Our risk assessments are protected by the attorney-client privilege to the fullest extent permitted by law. If a breach or other security incident occurs, whether caused by an employee, business partner, or outsider, EBG can skillfully guide your organization through the ensuing investigation, documentation, and response.


[i] The CSF brings together security laws, regulations, and standards, including the Health Information Technology for Economic and Clinical Health (HITECH) Act, Health Insurance Portability and Accountability Act (HIPAA), the Payment Card Industry (PCI), the Joint Commission on Accreditation of Healthcare (JCAHO), Centers for Medicare & Medicaid Services (CMS), the International Organization for Standardization (ISO), the National Institute of Standards and Technology (NIST), and various other federal, state, and business requirements. EBG acquired this designation to better serve our client base of health care, life sciences, and health information technology companies, as well as our business partners (e.g., HIPAA-covered entities and business associates) that use protected health information.