Companies including Equifax, Target and JP Morgan Chase have been susceptible to large-scale data hacks in the past few years, which has a number of other employers concerned if they are the next target.
Epstein Becker Green attorneys Robert Hudock, a member in the Health Care and Life Sciences practice in Washington, D.C., and Brian Cesaratto, a member in the Employment, Labor & Workforce Management practice in New York City, spoke with Employee Benefit News to discuss the latest hacks, how employers can protect themselves from internal and external threats, and why the benefits department should be involved. …
EBN: Is it worth paying for them? Should these companies be buying cybersecurity tools?
Hudock: What you need to do is you need to think about the risk profile of your organization and what are the key vulnerabilities and threats to our mission or my mission in order to say, “Should I buy this tool? Should I not buy this tool?” What we try to do is every time a breach happens, we develop a library of cases so we can say when we’re working with executives: This is the type of situation that happened. This is how it happened. What if this happened to your organization? How would this be handled? And then try to estimate the likelihood that this could happen, and then you get into the tools.
Brian Cesaratto: The tools are one technique of part of a larger strategy for insiders like employees. You’re talking about policies, hiring, system use. In the benefits area, employers maintain benefits. That’s very sensitive data. Social security numbers, health information. What we see happening more and more with what’s happening in the news with the breaches, is that there’s an increased awareness that you need to look at, like your key data. Benefits information is one component of that. How do we safeguard it? What do we put in place? As Robert said, it’s the human element too, which is personnel. Looking at your personnel and putting in place policies and techniques to try and prevent it in the first instance.