The Cybersecurity Law Report

Incisive intelligence on cybersecurity law and regulation

Articles By Topic

By Topic: BYOD

  • From Vol. 3 No.7 (Apr. 5, 2017)

    Effective and Compliant Employee Monitoring (Part One of Two) 

    When can companies “spy” on their employees? Monitoring data systems and employee digital activity is critical to reducing the significant cybersecurity risks that employees pose (either inadvertently or maliciously), but companies do need to make sure they comply with consent and other legal requirements when implementing surveillance programs. This first part of a two-part series on the topic addresses the role of data monitoring, effective notice, legal considerations, and specific policies regarding BYOD, termination and remote employees – including stories from the trenches. Part two will provide operational guidance on implementing effective and compliant monitoring programs, and discuss privacy concerns in different types of employee surveillance, including the contrasting rules and approaches in Europe. See also “Strategies for Preventing and Handling Cybersecurity Threats From Employees” (Apr. 8, 2015).

    Read Full Article …
  • From Vol. 2 No.19 (Sep. 21, 2016)

    Staying Cybersecure Without Mobile Device Management

    Control over employees’ devices can offer companies reassurance that they are protecting sensitive information. Many organizations, however, find they must proceed without mobile device management or enterprise mobility management due to cost or employee pushback over privacy concerns. At a recent Gartner webinar, Rob Smith, a research director at Gartner, examined factors organizations should consider as they decide whether to purchase and deploy MDM and EMM solutions. He also explained the pros and cons of other security approaches for organizations looking for alternatives. See also “Legal and Regulatory Expectations for Mobile Device Privacy and Security” Part One (Feb. 3, 2016); Part Two (Feb. 17, 2016).

    Read Full Article …
  • From Vol. 1 No.18 (Dec. 9, 2015)

    The Multifaceted Role of In-House Counsel in Cybersecurity 

    To effectively advise corporations on cybersecurity issues, in-house counsel must navigate myriad issues that can vary across industries, state and international jurisdictions as well as privacy and information security contexts.  A recent PLI program brought together privacy and information security counsel from various industries to share insights on the role of in-house counsel charged with securing business-critical and confidential data and technology.  They discussed the different responsibilities for data privacy and cybersecurity professionals, international data privacy and protection laws, and offered strategies for in-house counsel to prevent internal cybersecurity threats, develop breach prevention and response policies and handle vendors.  The panel was moderated by Lori E. Lesser, a partner at Simpson Thacher, and included top practitioners Rick Borden, chief privacy officer at the Depository Trust & Clearing Corporation; Nur-ul-Haq, U.S. privacy counsel at NBCUniversal Media; Michelle Ifill, senior vice president at Verizon and general counsel of Verizon Corporate Services; and Michelle Perez, assistant general counsel of privacy for Interpublic Group.  See “Analyzing and Complying with Cyber Law from Different Vantage Points (Part One of Two),” The Cybersecurity Law Report, Vol. 1, No. 8 (Jul. 15, 2015); and Part Two, Vol. 1, No. 9 (Jul. 29, 2015).

    Read Full Article …
  • From Vol. 1 No.16 (Nov. 11, 2015)

    How to Reduce Cybersecurity Risks of Bring Your Own Device Policies (Part Two of Two)

    The now-common practice of employees bringing their own devices into the office offers companies savings, but use of these devices comes with complex risks that must be addressed.  Part one of our two-part series discussed these risks and recommended BYOD policies and training to mitigate the risks.  This second article in the series explores how mobile device management programs and proper protocols for outgoing employees and lost devices can further reduce BYOD risks.  It also explains how BYOD policies can impact litigation, and even result in significant sanctions. 

    Read Full Article …
  • From Vol. 1 No.14 (Oct. 14, 2015)

    How to Reduce the Cybersecurity Risks of Bring Your Own Device Policies (Part One of Two)

    Many companies now allow employees to use their own devices for work email and other work-related functions.  Allowing employees to “bring your own device,” or BYOD, provides companies with cost savings and employees with flexibility, but also presents serious cybersecurity challenges.  This first article in our two-part series on designing cybersecure BYOD policies discusses BYOD risks and recommends strategies to reduce these risks, including employee training.  Part two will discuss mobile device management tools and software as well as handling lost devices, outgoing employees and discovery.  See “Strategies for Preventing and Handling Cybersecurity Threats from Employees,” The Cybersecurity Law Report, Vol. 1, No. 1 (Apr. 8, 2015).

    Read Full Article …
  • From Vol. 1 No.1 (Apr. 8, 2015)

    Strategies for Preventing and Handling Cybersecurity Threats from Employees

    Not all data breaches stem from trained cybercriminals – in fact, many cybersecurity incidents come from the inside.  They are initiated by an employee’s inadvertent mistake or intentional act.  In this interview with The Cybersecurity Law Report, Holly Weiss, a partner in the Employment & Employee Benefits Group, and Robert Kiesel, a partner and chair of the Intellectual Property, Sourcing & Technology Group, at Schulte Roth & Zabel, discuss: the two categories of internal cybersecurity threats (inadvertent and intentional); specific ways to protect against those threats, including effective training methods and “bring your own device” policies; and the effect of relevant regulations.

    Read Full Article …