2022 Vol. 106 No. 2

Hoosier Banker 25 CHICAGO INDIANAPOLIS ST.LOUIS MILWAUKEE 201 North Illinois Street, Suite 1400 Capital Center, South Tower Indianapolis, Indiana 46204-4212 T: 317.464.4100 • F: 317.464.4101 • salawus.com No challenge too great… we’ll get you there. The information in this article is provided for general information purposes only and does not constitute legal advice or an opinion of any kind. You should consult with PIKEP GSYRWIP JSV EHZMGI SR ]SYV MRWXMXYXMSRŭW WTIGMƤG PIKEP issues. * 18 U.S.C. §1030(a)(2) Although the CFAA may not provide a remedy for misuse of the company’s computer systems, information or networks, employers still have other avenues for relief, both civil and criminal. On the civil side, those avenues may include (depending upon the nature of the computer offense and information at issue) the Indiana Uniform Trade Secrets Act, the federal Defend Trade Secrets Act, computer trespass and other legal transgressions, as well as common law torts and breach of contract (if the person had a contract covering such matters). Of course, an employee may also be terminated for violating the company’s policies, rules or procedures. An employer should have proper plans, policies and procedures in place to guard against inside threats, including: % Have clear, updated confidentiality policies and procedures. % Limit access to employees in sensitive positions or when necessary for their roles. Determine what information is necessary for employees, and establish purpose-based restrictions on access to information and use of computer systems. % Include password protection or encryption for confidential or highly sensitive information, and only allow access to those employees who have legitimate business reasons for it. % Protect the company’s passwords to its programs. The company’s master passwords list should not be accessible to all employees. Be cognizant about who has access to what passwords and why. Consider assigning unique passwords to individual users in order to allow your company to quickly block access to specific users when necessary. % Ensure data is regularly backed up, archived properly and with a recovery plan in place. % Use confidentiality/nondisclosure agreements for employees who have access to sensitive information. % Manage mobile and other electronic devices used for company business (whether personal or company-owned). Have clear policies and procedures in place, including allowing the company to remotely wipe devices upon the occurrence of certain events, such as termination of employment. % Establish procedures for employee termination. Closely monitor employees who announce their resignations or are terminated, and implement a process for cutting off their access to the company’s network upon termination. To deter departing employees from deleting, transferring or taking sensitive or confidential company information, review their computer access for any suspicious activity, including downloading or deletion of information. HB

RkJQdWJsaXNoZXIy MTg3NDExNQ==