At Black Hat USA 2014, the preeminent global information security conference for self-identified “black hat” hackers, IT security firm Thycotic surveyed 127 participants to determine what makes hackers tick. “Understanding why hackers do what they do is the first step toward better protecting your sensitive data from unsanctioned access,” the firm explained.

Most are motivated by thrill, Thycotic found, and profoundly few are worried about getting caught. What’s more, despite extensive media coverage, companies’ internal education efforts and all the security measures implemented by IT departments, 99% of hackers report that basic tactics like phishing are still effective. And almost half of them are working on more sophisticated approaches.

Check out the highlights from the firm’s Black Hat 2014 Survey:

Thycotic Hacker Infographic


An improving economy and updated business practices have contributed to companies sending more employees than ever on international business trips and expatriate assignments. Rising travel risks, however, require employers to take proactive measures to ensure the health and safety of their traveling employees. Many organizations, however, fail to implement a company-wide travel risk management plan until it is too late – causing serious consequences that could easily have been avoided.

The most effective crisis planning requires company-wide education before employees take off for their destinations. Designing a well-executed response plan and holding mandatory training for both administrators and traveling employees will ensure that everyone understands both company protocol and their specific roles during an emergency situation.

Additionally, businesses must be aware that Duty of Care legislation has become an integral consideration for travel risk management plans, holding companies liable for the health and safety of their employees, extending to mobile and field employees as well. To fulfill their Duty of Care obligations, organizations should incorporate the following policies within their travel risk management plan:

• A customized policy specific to the organization and the specific needs of traveling employees.

• Clearly communicated protocols that are enforced to help educate and protect the safety and health of traveling employees.

• Response plans and procedures for handling medical/health emergencies.

Proactive Resources for Your Traveling Employees

A travel risk management strategy can only be successful if your workforce is given the necessary resources well before travel occurs. An important part of any travel risk management strategy involves answering common questions employees may have regarding their upcoming travels. It’s also a good idea to provide them with follow-up information so they can be up-to-date.

Not only will a company-wide pro-active travel risk management plan empower employees with the information they need, but implementing such a plan can also help keep your company’s reputation and financial standing in check and prevent any liabilities against your business. The following resources can be useful as part of your overall travel risk management strategy:

  • Travel logistics such as hotel/meeting site location and reservations details, nearby pharmacies and medical clinics, and passport and/or visa arrangements. It is also crucial to share contact information in the event employees need help during an emergency – such as that of your travel assistance partner or internal emergency resources – and encourage them to add this information to their mobile phone contacts.
  • A medical overview is essential, especially if the host country requires visitors have documentation of specific vaccinations. Employees should understand and be up-to-date on all routine vaccinations (such as influenza, measles, and mumps). The CDC’s Travelers’ Health website has valuable information, such as worldwide health alerts, although a travel assistance partner can provide this information directly to your employees prior to travel. Additional insight your company can provide to traveling employees is information about health risks in their destination countries. This ensures employees are well aware of the quality of local food and drinking water as well as where to find quality medical care.

Also, since most health insurance plans do not cover members when they are traveling outside the U.S., businesses should purchase additional coverage. Even if their plans provide coverage outside the U.S., many health insurance policies aren’t able to mitigate all of the risks associated with business travel. It would only take one international medical evacuation (which can cost more than $100,000 from business hubs in Dubai, UAE to New York, or China to Texas) to make a serious impact, not just on your traveling employee but on your company as a whole.

  • A detailed synopsis of the destination’s political standing is crucial to keep your employees safe while traveling, as many regions of the world are experiencing political unrest and living under the very real threat of terrorism. It is important to ensure that your employee benefits package includes security coverage for employees traveling to high-risk areas.

Advance knowledge of the political status of a country will prepare employees should they face an unexpected issue abroad, as would these resources:

  •  American embassies and consulates at the destination country, as well as the State Department’s emergency contact numbers.
  • Travel alerts, which provide information on risks to the security of U.S. citizens. Though usually short-term, these alerts must be taken seriously.
  • The State Department’s Smart Traveler Enrollment Program (STEP) is an extremely reliable resource that provides up-to-date location-specific security updates to any employee enrolled for the destination as well as information on the nearest U.S. Embassy. The enrollment will help U.S. Embassy or nearest U.S. Consulate to be in contact with your traveler in the event of an emergency.

Keep in mind that it is not just traveling employees – but also the employers – who need to be prepared for a travel-related emergency. Planning ahead and implementing company-wide crisis management education allows your workforce to be fully aware of the guidelines and protocols. Successfully mitigating a crisis without any communication missteps can prevent a crisis from spiraling into disaster.


As we previously blogged, most recently here, the U.S. Supreme Court’s decision to grant certiorari in Mach Mining, LLC v. EEOC could be a game changer in EEOC-related litigation. In Mach Mining, the Seventh Circuit ruled that an alleged failure to conciliate is not an affirmative defense to the merits of an employment discrimination suit and that it will not scrutinize the EEOC’s pre-suit obligations, so long as the EEOC’s complaint pleads it has complied with all procedures required under Title VII, and the relevant documents are facially sufficient. By granting certiorari, the Supreme Court is set to weigh in during its next term relative to conflicting rulings amongst the circuit courts about judicial authority and standards for reviewing the EEOC’s pre-suit conduct.

In the meantime, however, the show must go on! To that end, a recent decision out of the U.S. District Court for the Western District of Missouri highlights why the Supreme Court’s eventual ruling in Mach Mining is important. In EEOC v. New Prime, Inc., Judge Douglas Harpool granted, in part, the EEOC’s motion for summary judgment, finding that it satisfied its pre-suit investigation and conciliation obligation despite noting that the court was “underwhelmed by the EEOC’s attempt at conciliation.”


In EEOC v. New Prime, a trucking company maintained a company-wide “same-sex training policy” which required all applicants who did not meet Prime’s experience requirements to receive over-the-road training by an instructor and/or trainer who is the same gender as the applicant unless there is some pre-existing relationship between the female applicant and male instructor/trainer. The effect of this policy was that when a female applicant was ready to be assigned to a trainer or instructor in order to receive the necessary “over the road” training, a female driver had to be available. However, based on the number of female drivers available to train, Prime would place female applicants on a “female waiting list” when drivers were not available. Prime implemented this policy after it was involved in a sexual harassment case brought by three female truck driver trainees.

A female job applicant brought a charge with the Missouri Commission on Human Rights (MCHR) and alleged that Prime told her that her application had been accepted, but she could not be hired because she was female and that no female trainers were available then or in the near future.

After the MCHR issued a Probable Cause finding, it transferred the case to the EEOC for further investigation. On April 1, 2010, the EEOC sent Prime a letter stating “the EEOC’s investigation of this charge is nation-wide in scope.” One year later the EEOC issued its Letter of Determination, which stated “[b]ased on the foregoing, there is reasonable cause to believe that Respondent has subjected Charging Party and a class of female trainees to unlawful discrimination by adopting a policy that denies female trainees training and employment opportunities that are not denied to similarly-situated male trainees.” On this same date, the EEOC sent its letter regarding conciliation that focused on relief not only for the party who brought the charge, but also “all identified and still-to-be identified victims.”

On June 7, 2011, Prime submitted its response to the conciliation proposal, which indicated that it was “not interested” in engaging in class-wide conciliation and would only negotiate concerning the individual who filed the EEOC charge. One week later the EEOC informed Prime that conciliation failed and subsequently brought suit in federal court.

The Decision

Both the EEOC and Prime argued that they were entitled to summary judgment on the merits as well as on several evidentiary (e.g. spoliation) and damage (punitive damages) issues. However, especially relevant with Mach Mining on the horizon is the fact that the EEOC decided to move for summary judgment on whether all conditions precedent to the filing of the lawsuit were met. Prime filed its own motion on this point, arguing that the EEOC failed to adequately investigate and conciliation the matter before filing suit.

The court acknowledged that the EEOC is obligated to conciliate in good faith, and that in order to satisfy the statutory requirement of good faith conciliation, the EEOC must “(1) outline to the employer the reasonable cause for its belief that the law has been violated; (2) offer an opportunity for voluntary compliance; and (3) respond in a reasonable and flexible manner to the reasonable attitudes of the employer.” Furthermore, the court held that whether the EEOC adequately fulfilled its obligation to conciliate is dependent upon the “reasonableness and responsiveness of the [EEOC’s] conduct under all the circumstances.”

With respect to its investigatory function, the court held that the EEOC’s initial letters put Prime on notice that it was investigating on behalf of “similarly situated individuals with regard to the same-sex training policy.” Furthermore, Prime was put on notice through the initial charge and the subsequent investigation that any females who were subject to the policy, or more specifically put on the waiting list, were part of the EEOC’s investigation. Since it held that “the EEOC’s scope of the investigation in this matter was clear – it pertained to the same-sex training policy implemented by Prime, including the female waiting list for potential applicants, trainees and potential employees,” the court held that the EEOC adequately investigated the matter with respect to its class-wide claims prior to filing suit.

With respect to conciliation, the court found that the EEOC met the “low hurdle of attempting a reasonable and responsive conciliation process” despite shutting down conciliation one week after Prime submitted its initial response to the EEOC. The court was “not persuaded that this is enough to prevent the case from meeting the requirements for the filing of the instant lawsuit” given that Prime expressed no interest in considering compensation for any women affected by the policy – which is something the EEOC informed Prime it sought as a result of the company-wide alleged discriminatory policy. Accordingly, the court granted the EEOC’s motion for summary judgment, finding that it satisfied all conditions precedent to filing this lawsuit.

Implication for Employers

As this case demonstrates, the eventual ruling by the Supreme Court in Mach Mining has the potential to be a game changer for any employer dealing with the EEOC. If federal courts cannot review its pre-lawsuit conciliation efforts, the EEOC, in effect, will have free reign to pay mere lip service to its conciliation obligations and approach any negotiations in a “take-it-or-leave-it” manner. We will continue to follow developments as the parties and amicus groups file their briefs, and keep our readers informed.

This blog previously appeared on the Seyfarth Shaw website on the EEOC Countdown blog here.


Consumer complaints about pet insurance to the California Department of Insurance have prompted a new look at setting guidelines to regulate the coverage.

If passed by the Senate and signed into law by the governor, California would be the first state to impose requirements on this line of insurance. Assembly Bill 2056, introduced by Rep. Matt Dababneh, D-Los Angeles, would make policies more transparent, with disclosure requirements and a 30-day trial period for policyholders.

In support of the legislation, Rep. Dababneh stated, “Pet health policies are similar to other insurance policies; typically they have premiums, deductibles, co-pays, coverage limits and benefit schedules.” He added, however, that “policyholders have difficulty ascertaining the coverage limits, benefit schedules, preexisting conditions and other limitations of pet insurance policies, and can receive less for their claims than they expect.”

Under the legislation, pet insurance would be defined as a separate line within the insurance code, distinct from other miscellaneous lines. If passed, the law would establish required policy terms for all pet insurance policies serving California residents, and it would add clarity for consumers on what their policy covers.

Insurers would be required to disclose all exemptions up-front. Currently there are 21 exemptions, including neutering, hereditary diseases and treatment of fleas and worms, the Sacramento Bee reported.

The legislation would also:

• Require a pet insurer to disclose, in the policy and on the main page of its website, whether the policy excludes coverage due to preexisting conditions, hereditary disorders, or congenital anomalies or disorders.

• Require a pet insurer to reasonably disclose any policy provision that limits coverage through a deductible.

• Mandate a waiting period, coinsurance, or annual or lifetime policy limits.

• Require a pet insurer to reasonably disclose wither it varies coverage or premiums based on claims experience during the preceding policy period.

• Require a pet insurer that bases claim payments on usual and customary fees, or other limitations based on prevailing veterinary service provider charges, to include a provision in the policy that clearly explains how the claim will be calculated and disclose this information via a link of the main page of its website.

The pet insurance industry, made up of about 10 primary providers, has not taken a position on the potential legislation. Supporters of the new disclosure requirements, however, say they have a key endorsement from Veterinary Pet Insurance, the largest provider in the U.S., the Bee reported.