The National Institute of Standards and Technology has published a self-assessment tool designed to help organizations gauge the impact and effectiveness of their cybersecurity risk management initiatives. The NIST Framework for Improving Critical Infrastructure Cybersecurity (the “Framework”) enables organizations to apply the principles and best practices of risk management to improving the security and resilience of critical infrastructure. The Framework is not intended to be a one-size-fits-all solution to cybersecuirity. Rather, the Framework will help an organization align its cybersecurity activities with its business requirements, risk tolerances, and resources.
Pearl Echo helps organizations satisfy portions of the Protect, Detect and Respond “Functions” of the Framework by focusing on the following Framework “Categories”: More...
Video conferencing, once the purview of the Fortune 500, has become ubiquitous thanks to the popularity of Skype and Facetime. But with most things Internet, there are frequently unintended consequences. Welcome the latest scam: The Romance Extortion.
In this scam, the target is lured into participating in cyber-sex using a webcam. The scammer records the video session and uses it to blackmail the target. Who would fall for that? Welcome Nebraska State Senator Bill Kintner.
Sen. Kintner began messaging with a woman who contacted him via his Facebook page. Their interaction grew over time from casual, to explicit, to the point where the woman convinced the married senator to contact her on Skype. While on travel, the senator used his state-issued laptop to engage in video cyber-sex. The woman soon after threatened to release the captured video unless the senator acquiesced to her extortion demands. Realizing he blew it, the senator decided to come clean and report his activity to state officials. Public officials in Nebraska who misuse state property can be charged with a misdemeanor. Sen. Kintner, perhaps due to his position, got off easy by paying a $1000 fine. More...
Three Part Blog
Part 2: The Internet and Employee Liability
In the previous article, we looked at productivity concerns related to employee use of the Internet. In this article we turn our attention to liabilities managers must consider when employees use company resources to access the Internet. So what new liabilities have you brought upon yourself since your company decided to connect to the ‘Net?
The term “hostile workplace” conjures up images of screaming supervisors publicly berating employees. Now, Sally walks past Fred’s cubicle and Fred has a provocative YouTube clip running on his screen. Then Fred, who has always had a weird sense of humor, email broadcasts an off-color joke that he thinks is a riot. Most of the recipients in the office think Fred’s joke is marginally funny, if that, but Sally, who is miserable to begin with, is now sent over the edge and decides to retire by slapping a hostile workplace lawsuit on you. Sound like an exaggeration? The Internet has broadened the definition of sexual harassment. Edward Jones, one of the world’s biggest brokerage firms, issued a memo demanding its workers disclose if they sent pornography or off-color jokes over the brokerage’s e-mail system. Forty-one employees who confessed were disciplined, but 19 who failed to come forward were fired. More...
It is strongly recommended that an Internet Acceptable Use Policy be
developed and communicated to all employees when an organization begins
using an Internet monitoring or web filtering product.
New Jersey Supreme Court issued an opinion in Stengart v. Loving Care
Agency, Inc. considering whether an employee had a reasonable
expectation of privacy in emails she exchanged with her attorney via her
web-based personal email account using a company laptop. In concluding
that the former employee did have an expectation of privacy, the Court
analyzed the adequacy of the notice provided by the company's electronic
communications policy and the important public policy concerns raised
by the attorney-client privilege. More...