bring your own device

Security Concerns for Personal Devices in the Workplace (BYOD)

Russell W. Gilmore, CISSP, CISM, EnCE Security Planning, Security Policy and Procedure Development, Uncategorized

We first addressed personal devices in the workplace back in 2018. That seems like such a long time ago now. With record numbers of employees now working from home due to COVID, how should we think about personal devices in the workplace? What are some of the security concerns that you should address? When work occurs on personal devices, how …

HPG article

Truth or Consequences? Choose Investigators Wisely

Tasha Dyson, CFE Compliance, Corporate Compliance

A recent article from HPG provided excellent information about how companies and organizations can take a proactive stand against harassment (read the original article here). As part of the precautions to take, the article recommended an investigation of the complaint. We couldn’t agree more. Few organizations realize that private investigators offer a vast and virtually untapped pool of investigative talent. …

GDPR and EU Flag

What is GDPR and does it affect me?

Jerry T. Blanchard, Jr., CPP Compliance, News, Security System Lifespan Management

GDPR is the General Data Protection Regulation adopted by the European Union (EU) in 2016. This just became enforceable as of May 2018. Does it affect me? The short answer is “Yes”. This law may affect you if you have an enterprise class system that collects and shares data around the world. What is GDPR? In a nutshell, GDPR is …

circuitboard with keys

More Than Half of Ex-Employees Still Have Access to Corporate Networks

Christine L. Peterson, CPP, ISP Security Planning, Security Policy and Procedure Development, Security Program Development

In today’s security programs, we often lose sight of the forest for the trees and forget the basics. Removing an employee’s ability to access company property – whether physical access or access to corporate networks – is so basic that it too often gets overlooked. This article from InfoSecurity is a painful reminder of how lax many security programs are. …

High Stakes Cyber article

Companies Can be Liable for Failing to Maintain Adequate Cyber Security

Christine L. Peterson, CPP, ISP Compliance, Corporate Compliance, Intellectual Property, News, Security Policy and Procedure Development

How much customer data do you have? Is it secure? If so, you should read High Stakes Cyber as published in Security Management. In brief, the FTC can hold companies liable for failing to maintain adequate cybersecurity, even though the commission has not defined minimum cybersecurity standards through rules or regulations. Even in this case, the court did not articulate …

locked computer

Data Security: Where There Is Data, There Should Be Policy

Russell W. Gilmore, CISSP, CISM, EnCE Business Continuity Planning, Compliance, Computer Forensics, Corporate Compliance, Crisis Management Planning, Electronic Data Recovery, Security Policy and Procedure Development, Security Program Development

The recent report by the Wall Street Journal about the Morgan Stanley data security breach scares me as an employee. Reportedly, Morgan Stanley terminated Galen Marsh, a financial adviser, for allegedly stealing account information from about 350,000 wealth management clients and posting some of it online. Federal law enforcement officials are focusing their probe on the possibility that Marsh’s computer …

power shift button

Held Hostage by a Dishonest Employee

Russell W. Gilmore, CISSP, CISM, EnCE Compliance, Computer Forensics, Corporate Compliance, Security Policy and Procedure Development, Security Program Development, Theft, Theft, Embezzlement, and Fraud

I recently was involved in a case in which a company employee was discovered using a company credit card for personal reasons. This happens occasionally, and one would think that immediately terminating the dishonest employee would resolve the issue. But what happens when the employee is the one and only IT person for the company? Many companies have only one person …

pink slip

Terminating an Employee and Company Data

Russell W. Gilmore, CISSP, CISM, EnCE Computer Forensics, Corporate Compliance, Theft, Theft, Embezzlement, and Fraud

Having to terminate an employee is never easy. To make the process even more difficult, consider the recent survey conducted by Harris Interactive on behalf of Courion which stated that 19% of employees age 18 to 34 would take company data with them if they knew they were about to be fired. Read the full story here. Depending on the …

Security Consulting

Security in the Office – A Checklist

Christine L. Peterson, CPP, ISP Embezzlement, Fraud, Security Planning, Security Policy and Procedure Development, Security Program Development, Theft, Theft, Embezzlement, and Fraud, Training

How is your security? The following checklist illustrates the necessary aspects of security that must be addressed for a secure environment. Comply with and support your company’s safety and security program and regulations, and insist that others do the same. Protect wallets, keys, purses, and other personal valuables on the job. This especially includes smartphones and tablets. Challenge strangers in …

new model of leakage

Employment Law: Can You Police Social Media?

Protus3 Compliance

Guest blogger Mimi Soule specializes in employment law at the Soule Law Firm in Raleigh, North Carolina. This article was originally published on the website of Forrest Firm. Lately, the National Labor Relations Board (NLRB) is taking a particularly active interest in employer polices regarding social media. For those of us living and working in a Right-to-Work state like North …