When it comes to cybersecurity, personnel are often the weakest link in the chain. “Employees are at the root of most cyber breaches,” said Judy Selby, a partner at BakerHostetler LLP. Selby moderated “The Weakest Link: Employee Practices Around Cybersecurity” panel at Legaltech in early February. A lack of training is the main root cause of these types of breaches; most breaches result from well-intentioned employees making mistakes, rather than acting maliciously. The panel had several recommendations for businesses to protect themselves. First, passwords should be strengthened and placed on every device—the longer the password, the better. Next, email should be managed. To mitigate risk, company policy should direct the automatic deletion of emails on a pre-established timetable. Employees should also be trained to identify phishing emails and messages that may contain malware. Specific consequences should be put in place for employees who introduce malicious programs into the organization’s network. Employers should also limit employee use of removable media, instead of providing encrypted devices. Finally, the use of web-based applications should be limited and highly regulated.