Data security and privacy too low on priority lists: Rudner
By AdvocateDaily.com Staff
“There’s no doubt that all of the technology we access makes our lives easier, but people don’t take the risks seriously enough,” says Rudner, founder of Rudner Law, explaining that the security of data, whether business-related or personal, should be a priority for everyone.
“Employers are giving out phones, laptops, tablets — all kinds of devices — without any significant policies or training in place as to how to safeguard privacy,” he adds. “People are left to figure it out on their own. This exposes personal and corporate information.”
Rudner says individual employees are frequently naïve about security when using work-issued gadgets, as he often discovers when they reach out to him about problems with their employers.
“It amazes me how often people contact us to discuss a potential claim against their employer via their corporate email account,” he says. “When I suggest they use a personal email address for privacy reasons, they push back and claim their employer either can’t or would never look at their email.”
According to Rudner, one of the biggest security threats for businesses comes with the disposal of old devices, something that happens routinely as technological advances render equipment obsolete.
“There’s a massive market for used devices, but people don’t know what precautions they should be taking when getting rid of one,” Rudner says. “Whether they’re giving an old phone to a nephew or just throwing it away, the chances are people are doing it without wiping the data on it, so they’re basically giving away their personal information, as well as the corporation’s.”
From the perspective of employers, he says the desire to save money frequently results in an inadequate response to suspicions of employee misconduct.
“When an employer thinks an employee may be sharing or stealing confidential information, I encourage them to hire a forensic investigator. But when they find out what it costs, they will often try their own amateur version, and end up trampling all over the data,” Rudner says.
“The employee may well be guilty, but none of the evidence will be admissible in court because it’s been unintentionally tainted internally when it was opened, moved around or manipulated during the investigation. People are penny wise and pound foolish when it comes to those kinds of allegations,” he adds.
Rudner says strong policies and training are crucial for employers who wish to improve data security practices at their firms, especially given the corporate embrace of the bring-your-own-device concept, in which employees are allowed to use their own mobile technology for work purposes.
“I’ve seen a number of cases where employers want to impose discipline for a data breach, but the employee can turn around and say they were never told the rules,” he says.
“Employees need to be aware of what’s expected of them. But, you can’t just hand them the policy and tell them to read it. It’s got to be implemented so that you’re showing them what they should and shouldn’t be doing.”
Another key vulnerability for businesses comes at the time of an employee’s termination, Rudner says.
“You wouldn’t believe how often people come to me days after being let go, and they’ve still got their corporate smartphone and email access,” he says. “It’s one thing to have a plan for retrieving devices and cutting off access before terminating someone, but, you also need to think about what you’re going to do when an executive hands in their resignation at 5 p.m. on a Friday.”