Managing the threat of insider risks is a data security and legal concern for all organizations. As its name implies, an “insider threat” originates inside an organization and can be an activity by a “bad actor employee” that poses a threat to the security of information held by the organization.

In addition, an insider threat can arise from an innocent and inadvertent action by people inside an organization (such as an employee who unintentionally opens a phishing email or clicks on a malicious link).

Epstein Becker Green is a law firm that is distinguished in the field of information security. The firm’s Data Privacy, Cybersecurity & Data Asset Management practice includes industry-leading, credentialed privacy and cybersecurity attorneys with experience with workforce cybersecurity, insider threats, data loss prevention, and breach response. We counsel clients across a broad range of industries, including financial services, health care, and technology, on insider threat assessments and preventative programs and technologies compliant with applicable law.

Read more

Our team is made up of attorneys with a diverse spectrum of certifications and qualifications, including:

  • Certified Common Security Framework (CSF) Practitioners by the Health Information Trust (HITRUST)
  • Certified Information Systems Security Professionals (CISSP) by the International Information Systems Security Certification Consortium (see www.isc2.org)
  • Certified Professionals in Healthcare Information and Management Services (CPHIMS) by the Healthcare Information and Management Systems Society (HIMSS)
  • Certified Ethical Hacker (CEH) by EC-Council
  • Certified Information Privacy Professionals by the International Association of Privacy Professionals (IAPP)

Epstein Becker Green’s attorneys have served in high-level cybersecurity and data privacy positions with the Centers for Medicare & Medicaid Services and the National Security Agency, as well as Chief Information Security and Compliance Officers in health care and private organizations.

Our Services

Our legal services are directed at helping our clients (i) avoid a damaging loss of trade secrets, proprietary technologies, protected health and personally identifiable information, and other confidential business information and (ii) immediately respond to data loss incidents caused by malicious employees and other insiders, with advice grounded in our long-standing experience in these complex areas. We partner with our clients to prevent or mitigate losses from an insider data breach or theft, including reputational harm, lawsuits, regulatory actions, and loss of trust. We are a workforce management firm with distinguishing cybersecurity knowledge and significant experience in assessing and combatting threats posed by employees and third-party business partners to our clients’ data and proprietary technologies.

As a result of our risk management capabilities, we are able to provide legal advice on all aspects of cybersecurity. Our services include:

  • conducting formalized and well-documented insider threat and vulnerability assessments;
  • recommending policies and techniques to reduce the risk of damaging data breaches and the loss of valuable data and technologies;
  • providing workforce management policies and cybersecurity training designed to protect organizations from the loss of trade secrets and other critical business information;
  • reviewing vendor and contractor relationships and agreements for key protections;
  • assisting clients with responses to government audits and investigations into security and privacy breaches;
  • conducting forensic investigations into claims of misappropriation by employees and others of trade secrets and other data breaches, and litigating those claims;
  • responding to network hacking and security incidents caused by malevolent insiders and outsiders; and
  • advising on the international, federal, and state laws and regulations concerning data privacy, security, and breaches.

In addition, Epstein Becker Green is exceptionally well positioned to provide counseling on conducting robust risk assessments of administrative, physical, and technical safeguards around critical data, including personnel practices, and developing documentation of a defensible cybersecurity program. Our insider threat risk assessments are protected by the attorney-client privilege to the fullest extent permitted by law. If a breach or other security incident occurs, whether caused by an employee, business partner, or outsider, Epstein Becker Green can skillfully guide your organization through the ensuing investigation, documentation, and response.

Read less

Focus Areas





Jump to Page

Privacy Preference Center

When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.

Strictly Necessary Cookies

These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.

Performance Cookies

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.