Insider Threats

Managing the threat of insider risks is a data security concern for all organizations. As its name implies, an “insider threat” originates inside an organization and can be an activity by a “bad actor employee” that poses a threat to the security of information held by the organization. In addition, an insider threat can arise from an innocent and inadvertent action by people inside an organization (such as an employee who unintentionally opens a phishing email or clicks on a malicious link).

Epstein Becker Green is a law firm distinguished in the field of information security. The firm’s Data Privacy, Cybersecurity, and Data Asset Management Group includes industry-leading, credentialed privacy and cybersecurity attorneys having experience with workforce cybersecurity, insider threats, data loss prevention, and breach response. We counsel clients across a broad range of industries, including financial services, health care, and technology, on insider threat assessments and preventative programs, and technologies compliant with applicable law.

Our team is made up of attorneys with a diverse spectrum of certifications and qualifications, including:

  • Certified Common Security Framework (CSF) Practitioners by the Health Information Trust (HITRUST)
  • Certified Information Systems Security Professionals (CISSP) by the International Information Systems Security Certification Consortium (see
  • Certified Professionals in Healthcare Information and Management Services (CPHIMS) by the Healthcare Information and Management Systems Society (HIMSS)
  • Certified Ethical Hackers (CEH) by EC-Council
  • Certified Information Privacy Professionals by the International Association of Privacy Professionals (IAPP)

Epstein Becker Green’s attorneys have served in high-level cybersecurity and data privacy positions with the Centers for Medicare & Medicaid Services and the National Security Agency, and as Chief Information Security and Compliance Officers in health care and private organizations.

Our Services

Our legal services are directed at helping our clients avoid a damaging loss of trade secrets, proprietary technologies, protected health and personally identifiable information, and other confidential business information and immediately respond to data loss incidents caused by malicious employees and other insiders, with advice grounded in our longstanding experience in these complex areas. We partner with our clients to prevent or mitigate losses resulting from insider data breach or theft, including reputational harm, lawsuits, regulatory actions, and loss of trust. We are a workforce management firm with distinguishing cybersecurity knowledge and significant experience in assessing and combatting threats posed by employees and third-party business partners to our clients’ data and proprietary technologies.

As a result of our risk management capabilities, we are able to provide legal advice on all aspects of cybersecurity. Our services include:

  • Conducting formalized and well-documented insider threat and vulnerability assessments
  • Recommending policies and techniques to reduce the risk of damaging data breaches and the loss of valuable data and technologies
  • Providing workforce management policies and cybersecurity training designed to protect organizations from the loss of trade secrets and other critical business information
  • Reviewing vendor and contractor relationships and agreements for key protections
  • Assisting clients with responses to government audits and investigations into security and privacy breaches
  • Conducting forensic investigations into claims of misappropriation by employees and others of trade secrets and other data breaches, and litigating those claims
  • Responding to network hacking and security incidents caused by malevolent insiders and outsiders
  • Advising on the international, federal, and state laws and regulations concerning data privacy, security, and breaches

In addition, Epstein Becker Green is exceptionally well positioned to provide counseling on conducting robust risk assessments of administrative, physical, and technical safeguards around critical data, including personnel practices, and developing documentation of a defensible cybersecurity program. Our insider threat risk assessments are protected by the attorney-client privilege to the fullest extent permitted by law. If a breach or other security incident occurs, whether caused by an employee, business partner, or outsider, Epstein Becker Green can skillfully guide your organization through the ensuing investigation, documentation, and response.