Category Archives: Workplace

BYOD: Three Lessons for Mitigating Network Security Risks in 2015

Posted on by

Not too long ago, organizations fell into one of two camps when it came to personal mobile devices in the workplace – these devices were either connected to their networks or they weren’t.

But times have changed. Mobile devices have become so ubiquitous that every business has to acknowledge that employees will connect their personal devices to the corporate network, whether there’s a bring-your-own-device (BYOD) policy in place or not. So really, those two camps we mentioned earlier have evolved – the devices are a given, and now, it’s just a question of whether or not you choose to regulate them.

This decision has significant implications for network security. If you aren’t regulating the use of these devices, you could be putting the integrity of your entire network at risk. As data protection specialist Vinod Banerjee told CNBC, “You have employees doing more on a mobile device and doing it ad hoc here and there and perhaps therefore not thinking about some of the risks that are apparent.” What’s worse, this has the potential to happen on a wide scale – Gartner predicted that, by 2018, more than half of all mobile users will turn first to their phone or tablet to complete online tasks. The potential for substantial remote access vulnerabilities is high.

So what can risk practitioners within IT departments do to regain control over company-related information stored on employees’ personal devices? Here are three steps to improve network security:

1. Focus on the Increasing Number of Endpoints, Not New Types

Employees are expected to have returned from holiday time off with all sorts of new gadgets they received as gifts, from fitness trackers to smart cameras and other connected devices.

Although these personal connected devices do pose some network security risk if they’re used in the workplace, securing different network-enabled mobile endpoints is really nothing special for an IT security professional. It doesn’t matter if it’s a smartphone, a tablet or a smart toilet that connects to the network – in the end, all of these devices are computers and enterprises will treat them as such.

The real problem for IT departments involves the number of new network-enabled endpoints. With each additional endpoint comes more network traffic and, subsequently, more risk. Together, a high number of endpoints has the potential to create more severe remote access vulnerabilities within corporate networks.

To mitigate the risk that accompanies these endpoints, IT departments will rely on centralized authentication and authorization functions to ensure user access control and network policy adherence. Appropriate filtering of all the traffic, data and information that is sent into the network by users is also very important. Just as drivers create environmental waste every time they get behind the wheel, network users constantly send waste – in this case, private web and data traffic, as well as malicious software – into the network through their personal devices. Enterprises need to prepare their networks for this onslaught.

2. Raise the Base Level of Security

Another way that new endpoints could chip away at a network security infrastructure is if risk practitioners fall into a trap where they focus so much on securing new endpoints, such as phones and tablets, that they lose focus on securing devices like laptops and desktops that have been in use for much longer.

It’s not difficult to see how this could happen – information security professionals know that attackers constantly change their modus operandi as they look for security vulnerabilities, often through new, potentially unprotected devices. So, in response, IT departments pour more resources into protecting these devices. In a worst-case scenario, enterprises could find themselves lacking the resources to both pivot and mitigate new vulnerabilities, while still adequately protecting remote endpoints that have been attached to the corporate network for years.

To offset this concern, IT departments need to maintain a heightened level of security across the entire network. It’s not enough to address devices ad hoc. It’s about raising the floor of network security, to protect all devices – regardless of their shape or operating system.

3. Link IT and HR When Deprovisioning Users

Another area of concern around mobile devices involves ex-employees. Employee termination procedures now need to account for BYOD and remote access, in order to prevent former employees from accessing the corporate network after their last day on the job. This is particularly important because IT staff have minimal visibility over ex-employees who could be abusing their remote access capabilities.

As IT departments know, generally the best approach to network security is to adopt policies that are centrally managed and strictly enforced. In this case, by connecting the human resources database with the user deprovisioning process, a company ensures all access to corporate systems is denied from devices, across-the-board, as soon as the employee is marked “terminated” in the HR database. This eliminates any likelihood of remote access vulnerabilities.

Similarly, there also needs to be a process for removing all company data from an ex-employee’s personal mobile device. By implementing a mobile device management or container solution, which creates a distinct work environment on the device, you’ll have an easy-to-administer method of deleting all traces of corporate data whenever an employee leaves the company. This approach is doubly effective, as it also neatly handles situations when a device is lost or stolen.

New Risks, New Resolutions

As the network security landscape continues to shift, the BYOD and remote access policies and processes of yesterday will no longer be sufficient for IT departments to manage the personal devices of employees. The New Year brings with it new challenges, and risk practitioners need new approaches to keep their networks safe and secure.

 

Frigid Weather Heightens Ice Hazards

Posted on by

Freezing weather now sweeping across much of the U.S. brings a greater risk of ice storms and underlines the need for careful planning and heightened safety measures.

In fact, it does not take much ice to create disaster conditions.

buy symbicort online rebalancenyc.com/wp-content/uploads/2023/10/jpg/symbicort.html no prescription pharmacy

Even a thin coat of ice can create dangerous conditions on roads. Add strong winds and you have a recipe for downed trees and power lines, bringing outages that can last for days.

buy lexapro online rebalancenyc.com/wp-content/uploads/2023/10/jpg/lexapro.html no prescription pharmacy

According to The Weather Channel:

The Weather Channel also categorizes ice storms as nuisance, disruptive or crippling. A nuisance event is usually one of less than a 1/4 inch of ice. While these lighter accumulations are considered a nuisance, travel can still be extremely dangerous. A disruptive ice storm typically has 1/4 to 1/2 inch of ice accumulation, with ice starting to damage trees and power lines. Crippling ice storms, which have widespread accumulations of more than 1/2 inch, can cause severe tree damage resulting in power outages. The most devastating storms contain ice accumulation of an inch or more.

A special hazard to drivers is black ice, caused when moisture in the air freezes when it comes in contact with a much colder roadway, or when a sudden drop in temperature causes an already wet roadway to quickly freeze.

Fleet group ARI cautions against driving on black ice, which it said is most commonly found on overpasses and on roads that wind around bodies of water such as lakes and rivers.

ARI offers these tips for drivers:

  1. Drive slowly – The best way to avoid skidding out of control is to operate your vehicle at a slower speed. A slower speed will even give you more time to react to the effects of black ice
  2. Don’t slam the brakes – While it may be a natural instinct to slam on your brakes, this will only cause your car to lose control and slide even more. Tap the brake pedal lightly instead of pushing down hard on it.
  3. Maintain a safe following distance – In situations like this, you need to extend you following distance to ensure you will have ample time to react to the motorist ahead especially if they begin to lose control.
  4. Look for trouble spots ahead – If you have an idea that there may be black ice ahead (if you see cars ahead of you sliding, for example), downshift to a lower gear before you come onto the black ice. The lower gear will force you to drive more slowly and it will give you better control of your car.
  5. As soon as your car begins to slide on black ice, take your foot off the gas pedal – In fact, the last thing you want to do is give your vehicle more gas. It is very important to slow down when you are driving on black ice or in any other winter road conditions.

Staying Safe During the Holidays

Posted on by

Whether in the office or at home, everyone needs to be extra careful and alert during the holidays. Because people are trying to pack so much into their day, accidents can happen.

At home, Allstate cautions to be alert to fire hazards, which can lead to substantial losses.

The LiVe Well Intermountain Trauma Managers Group lists some steps that can be taken to promote a safe environment:

Avoid Falls

  1. Keep sidewalks, driveways and entrances free of snow and ice. Falling on icy sidewalks is the number one cause for visits to the emergency department. Use sand or ice melt to prevent slipping.
  2. Falls while putting up lights and decorations is another. Do not use stools or chairs for hard-to-reach areas. Rather, use a sturdy ladder and have additional help.
  3. Ensure that your office or home is free from items that may cause people to trip or stumble, especially around a Christmas tree or other decorations with extension cords and light strands.

Safety Checks

  1. Check your furnace. It should be cleaned and checked regularly by professionals.
  2. Inspect fireplaces for safe operations. Use a screen or glass front, never leave a fireplace unattended and don’t burn gift wrappings, tissue, or evergreens in the fireplace.
  3. Make sure circuits are not overloaded.
  4. Check cords and plugs for wear, frayed insulation, cracks, and loose connections.
  5. Place a tree away from heat sources and open flames. Check the lights before placing them on the tree. Look for loose sockets or broken and frayed wires.
  6. Turn lights off when you leave.
  7. Never use a regular string of lights on a metal tree. The danger of shock is great. Rather, use a spotlight to illuminate a metal tree.

Holiday Driving

  1. Allow extra time for heavy traffic and poor weather conditions.
  2. Be courteous and respect the rights of pedestrians and other drivers.
  3. Be on the look-out for inebriated drivers.
  4. Expect the unexpected from pedestrians carrying large holiday packages.

 

 

Amicus Supports Government’s Position in Mach Mining vs. EEOC

Posted on by

On Nov. 3, six advocacy groups representing the interests of workers and plaintiffs’ class action lawyers filed an amicus brief with the U.S. Supreme Court in Mach Mining v. EEOC, No. 13-1019. A copy is here.

Authored by the Civil Rights Clinic of the Dickinson School of Law and The Impact Fund, the amicus brief represents the collective views of multiple public interest organizations, including the National Employment Lawyers Association, The Impact Fund, the American Association of Retired Person, the Asian Americans Advancing Justice-Asian Law Caucus, Disability Rights California and Public Counsel.

The amicus brief was filed in support of the U.S. Equal Employment Opportunity Commission, which filed its Reply Brief with the SCOTUS on Oct. 27, 2014. In supporting the government’s position, the amicus asserted that the brief represents the “perspective of the victims of workplace discrimination whom Title VII is intended to protect.”

Given the importance of this case and the issue presented, the new amicus brief is well worth a read by employers.

The Context and the Stakes

Mach Mining v. EEOC is a big case for employers and for government enforcement litigation. In a game-changing decision in December 2013, the U.S. Court of Appeals for the Seventh Circuit ruled that an alleged failure to conciliate is not an affirmative defense to the merits of an employment discrimination suit brought by the EEOC.

That decision had far-reaching, real world significance to the employment community, for it means the EEOC is virtually immune from review in terms of the settlement positions it takes prior to suing employers: “pay millions or we will sue and announce it in a media release.”

We have blogged on this case at various points before, as the litigation winded through the lower courts and culminated in the precedent-setting decision of the Seventh Circuit reported at 738 F.3d 171 (7th Cir. 2013). Readers can find the previous posts here and here and here.

In essence, the Seventh Circuit determined that the EEOC’s pre-lawsuit conduct in the context of conciliation activities cannot be judicially reviewed. Subsequently, in what many SCOTUS watchers found ironic, even though the EEOC prevailed in the Seventh Circuit, the Government also backed Mach Mining’s request for SCOTUS review to resolve the disagreement among the courts of appeals regarding the EEOC’s conciliation obligations. Given the stakes, the SCOTUS accepted Mach Mining’s petition for certiorari in short order to resolve this issue.

Amicus Briefs for the Defense

Employer groups have lined up behind Mach Mining to support reversal of the Seventh Circuit’s decision. Seyfarth Shaw LLP submitted an amicus brief to the U.S. Supreme Court on behalf of the American Insurance Association in Mach Mining. For blog readers interested in our amicus brief, a copy is here.

Amicus Brief Filed In Support of the EEOC

The amicus submission to the Supreme Court asserts that interpreting Title VII to allow judicial review of conciliation efforts by the EEOC would harm alleged victims of discrimination by violating the mandate of the statute that conciliation remain confidential. Judicial review, the amicus brief asserts, would chill full and frank settlement discussions; expose sensitive information about pre-lawsuit negotiations to the public, and hurt the cases of allegedly injured workers because federal judges might be potentially influenced by irrelevant settlement communications. The amicus brief also argues that if the SCOTUS interprets the statute to allow judicial review of pre-lawsuit conciliation efforts by the EEOC, dismissal is an overly harsh remedy where those efforts are determined to be inadequate (and instead the parties should be ordered to engage in further settlement negotiations).

The point of the amicus brief about compromising the impartiality of federal judges—by exposing the court to settlement discussions in conciliation—is somewhat surprising. Federal judges conduct mediations and settlement conferences as a matter of course, and are “exposed” to settlement discussions routinely.

Next Up on the Docket

Mach Mining’s answering brief is due on Nov. 26, 2014, and then the SCOTUS will set the case for oral argument for January 2015. We will keep our readers updated as developments occur in this litigation.

This post was previously published on the Seyfarth Shaw website here.