What We Can Learn About Cybersecurity From Tomi Lahren And Glenn Beck's Dispute

Tech columnist Jeff Bennion explains how to protect client information when employees go rogue.

Tomi Lahren (by Gage Skidmore via Wikimedia)

Tomi Lahren (by Gage Skidmore via Wikimedia)

For those of you who don’t know who Tomi Lahren is, she’s a child who has become popular saying dumb, uneducated things like Black Lives Matter is the new KKK and climate change is not real. Mostly, she just rants about how everyone but her is a whiner and dumb and how white people are the real victims. Until recently, she was the host of a show owned by Glenn Beck that she used as a platform for her rants. Now, Tomi Lahren and Glenn Beck are suing each other.

Here is the history as told with excerpts from the complaint and cross-complaint. The cross-complaint was filed yesterday.

Under the employment contract, Lahren was hired for a fixed term:

1

Here are the things that she could get fired for. This is her contract, which is attached as an exhibit to her complaint:

2

Sponsored

On or about March 17, 2017, Lahren went on The View and stated that she is pro-choice because she is for limited government, and doesn’t think the government should be able to tell her what to do with her body. That is actually a very logical statement, but apparently her employer felt that it went against the show’s demographic:

3

The defendants also point out that Lahren is the hypocrite because just three months earlier, she said people who are pro-choice are “straight-up baby-killers.”

4

That is a logical thing for her employer to point out, although they are not taking into account that it’s only hypocritical if she means “baby-killers” in a bad way.

Sponsored

After her appearance on The View, she was put on suspension, then told to never come back again, and they told her they were not renewing her contract. So, she’s still under contract and still getting paid until her contract expires in September of this year.

Here’s her employer’s online payroll portal that shows she just got paid last Friday (Exhibit C to cross-complaint).

5

She’s now suing for breach of contract and because Glenn Beck has said the same kind of mean things about her political views and opinions that she used his show to say about other people’s political views and opinions, but this crosses the line and is actionable because it’s costing her Twitter followers (her complaint, page 5):

6

There are a lot of other interesting things in the complaint and cross-complaint, like an entire page of bullet point items about how everyone in the production of the show hated her (cross-complaint, page 3), and how there’s actually an arbitration provision (something conservatives love, if she’s read any of Scalia’s opinions on arbitration provisions), but it shouldn’t count because it’s not fair. Obviously, she doesn’t read my articles, since I talked about that in a previous article here.

It’s a complete clown show, and honestly, I look forward to them distracting each other and wasting attorney’s fees for the next year at least. But, there are some very valuable things that lawyers can learn from how this went down in regard to cybersecurity.

Enterprise-Level Controls Can Help You When Whiny Past Employees Leave

I have written about the benefits of enterprise-level control in 2015, 2016, and 2017. In short, enterprise-level control is when an admin can turn on or off users’ access to the network. So, if my firm’s email address is bestlawyer@aol.com and my associate uses bestassociate@gmail.com to communicate with clients, if that person leaves, I cannot control access to his or her email control. If I had it set up right with enterprise-level controls, I could log in from my phone and disable that person’s email, reassign it to someone else, set it to forward to my email, or do any number of other things to make sure people on the way out don’t cause more harm.

Here is a screenshot from attachment D to the cross-complaint:

7

This is a login from an Office 365 admin page who has enterprise-level control. You can see the admin’s name is at the top corner blurred out. They have an E3 plan (that’s what I use!). This is the page of admin settings where they can change the settings for user Lahren, Tomi. They can delete her account, lock her out by setting sign-in status to “not allowed” (she’s suing because she says they locked her out and this is a screenshot showing that they have not), and control her other access.

Properly Manage Social Media

One of the other allegations is that the defendants unlawfully control her Facebook page and won’t give her admin access to her own page.

8

Like, literally millions.

Here’s how defendants put it:

9

Plaintiff says that she wants control of the Facebook profile page defendants made for her. Defendants respond by saying that she has access to it, but only editor access to the business Facebook page, not admin access, and she should not have admin access. Here is a screenshot from the cross-complaint that shows Tomi Lahren is not an admin, but an “editor” of the business page.:

10

They are kind of talking past each other a little, but it raises a good point. I’ve written about lawyers using social media a lot (in particular, here and here about Facebook). Social media remains something that a lot of attorneys turn over to younger people to handle. A lot of firms don’t have business Facebook pages (and they should). This lawsuit highlights the importance of how to set up social media in your office.

Let’s say you have a personal Facebook page, but no business page. You hire a young associate who has a Facebook page. You both decide that the associate should run the Facebook page. The associate sets up the Facebook page for your law office and makes him or herself the admin. Then, when the associate gets tired of billing 1,800 hours for $55,000 a year, they leave and take with them the admin controls to your law firm’s Facebook page.

Just like with enterprise-level user controls, you need to set up your social media to cut off user access after associates leave. Business Facebook pages have multiple levels of control. There are admins, who can make other people admins, and editors, who can post and edit posts on the page. In the scenario described above, the senior lawyer should be set as the firm admin and the associate as an “editor.” That way they have enough keys to post to the page and interact with visitors in the name of the page, but they can’t lock you out, and you get to control when they lose those privileges if they get fired or leave.

Conclusion

You can guess how this might have turned out differently if defendants did not retain enterprise-level controls and admin access to social media accounts. If handled improperly, we could let a lot of control and client information go when employees go rogue.


Jeff Bennion is a solo practitioner at the Law Office of Jeff Bennion. He serves as a member of the Board of Directors of San Diego’s plaintiffs’ trial lawyers association, Consumer Attorneys of San Diego. He is also the Education Chair and Executive Committee member of the State Bar of California’s Law Practice Management and Technology section. He is a member of the Advisory Council and instructor at UCSD’s Litigation Technology Management program. His opinions are his own. Follow him on Twitter here or on Facebook here, or contact him by email at jeff@trial.technology.

CRM Banner