Authentic8 Blog Category: Policy

Risk Management and Employee Cybersecurity

Risk management will be a central topic at the 3rd annual ALM cyberSecure conference in New York City this year.

The cross-industry gathering of thought leaders on December 4-5 aims to facilitate a holistic approach to data security, risk management and data governance.

Influential business leaders from the cybersecurity industry and high-ranking law enforcement officials will be convening with corporate risk management, compliance and law department leaders at the conference, which features speakers from numerous Fortune 100 companies.

Authentic8 Co-Founder and CEO Scott Petry will moderate a discussion panel on “Revamping Employee Cybersecurity Policies and Training to Mitigate Legal Risks” on December 4th.

Scott Petry will be joined on stage by Daniel Pepper, Vice President and Deputy General Counsel at Comcast; Adam Rubin, General Counsel of PrizeLogic; and Allen Brandt, Executive Director, Associate General Counsel and Chief Privacy Officer at the Depository Trust & Clearing Corporation.

Balancing IT security, data protection and privacy

Balancing IT security and data protection with the needs

ISPs & Privacy: Why it Matters, and How to Cover Your A$$

Illustration: ISPs & Privacy: Why it Matter, and How to Cover Your A$$NEWS, POLICY

Both the US Senate and the House of Representatives have cleared the way to remove privacy rules for internet service providers (ISPs) like AT&T, Charter, Comcast and Verizon. The President  signed the executive order to repeal these rules, which were originally put in place by the FCC in 2016 to protect consumers on the web. 

While the nation’s largest ISPs have pushed hard for this move, most internet users in the U.S. are only now learning that their entire web browsing history may be collected, sold, and/or used for marketing purposes - no  “opt-in” or other permission required.

This is a good time to take a step back and assess what it all means. The privacy rules were fairly recent and had not yet been enacted.  And, it's not back to the old state - the lawmakers went a step further, issuing a joint resolution that aims to ensure that the FCC will be barred

Personal Email at Work - the "Hillary Factor"

Illustration: Personal Email at Work - the Hillary Factor (blog post)Security, Policy

Hillary Clinton’s personal email workarounds during her term as Secretary of State have received much scrutiny in Washington and in the media.

All the political rhetoric aside, a question remains:

Why was she allowed to run her own email server? How could an employee dictate email security policy to IT?

Ready for the answer? Special treatment isn’t reserved only for senior politicians. Personal email workarounds could come back to haunt your organization, too.


Whatever happened (or not) on the privately hosted server that Hillary Clinton used to keep her personal email apart from official missives while she was serving as Secretary of State, one issue deserves more attention:

Why was she allowed to set up her own server in the first place?

Until today, nobody had really asked that question.  Cybersecurity pioneer Gene Spafford (Purdue University), whose interview with Bank Info Security I highly recommend, highlights the fact that policies are out of sync with users.

Like any

Smart Nation. Dumb Move.

Image: Singapore SkylineSECURITY, POLICY

Singapore is awesome. Since starting Authentic8, I haven’t been back, but I was lucky enough to visit regularly in previous jobs. The island city-state is known for taking care of business and of its citizens, as well as for its “Smart Nation” technology initiative.

But now Singapore has announced that it plans to block internet access for 100,000 government workers, in the name of cybersecurity.  It’s not clear that this approach is a practical way of ‘taking care of business’.

It doesn’t look like the smartest move to me. And Singapore’s Prime Minister already seems to have second thoughts, too. I wonder why?


According to the Gallup organization, 84% of Singapore’s residents have expressed confidence in the pragmatic and speedy approach their government takes to steering the affairs of the nation.

But that’s from a survey that was taken a while back, long before this week’s announcement by the nation’s Infocomm

It sucks to be caught in the middle, but there’s a way out.



That was my big takeaway from last week’s ILTACON hosted by the International Legal Technology Association. My team and I came to the annual event to talk to InfoSec pros who work at law firms. Just about all our conversations centered around to the same theme:

Law firm IT departments feel trapped.

That’s because they face two opposing demands: On the one hand, clients want their law firms to implement robust network security measures -- like blocking access to personal web content -- in order to protect privileged information. On the other hand, attorneys and staff demand access to the web in order to maintain a work-life balance.

To satisfy clients, legal IT teams are considering every option.

In one conversation, the firm was planning to turn off Web mail altogether. We’ll see how popular that decision is when it goes into effect. Another firm was playing whack-a-mole at the firewall by blocking access to some sites and