One of the hottest areas in the law right now is cybersecurity. Companies are routinely hacked. Millions of Americans have become victims of identity theft. And even cities are finding themselves the victim of ransomware. Most of these incidents are preventable and can be linked to poor computer hygiene. When banks, government contractors or public companies are involved there may be the opportunity to earn a large cash cybersecurity whistleblower reward.
Reporting cybersecurity breaches or inadequate systems is certainly the right thing to do. By becoming a cyber whistleblower you are protecting others and often taxpayers too. If done correctly, you may receive a reward. In this post we examine 8 common mistakes made by cybersecurity whistleblowers.
Mistake #1: Failing to contact a lawyer immediately
The advice and guidance of a cybersecurity whistleblower lawyer is critical from the moment you suspect your employer or other company of misconduct. Whistleblowers who report their concerns to some source other than a lawyer could lose their eligibility for a cash award. Worse, if you improperly take documents to prove your case you could be the one in trouble!
Your lawyer is there to protect you, your original source information, your rights as a whistleblower and the success of your claim. This protection should begin immediately upon the discovery of a potential violation.
Mistake #2: Reporting information to a government program or hotline
Would-be whistleblowers who make the unfortunate mistake of contacting a government program or hotline with their concerns before consulting with their lawyer are at high-risk for losing their eligibility for a cash award. Any information you supply to an outside source may no longer be considered “original information” and may cause you to forfeit your rights and protections as a whistleblower. You may also lose your place in line as “first to report” if you choose to call a government hotline number.
The only way to collect a reward is by following the strict reporting requirements under the law. Calling a hotline or speaking with a government investigator does not qualify you for a reward. There are specific forms and disclosures that need to be made to make you eligible.
Mistake #3: Reporting concerns internally before speaking with your lawyer
Reporting knowledge of a potential violation of law to a supervisor, co-worker or other company personnel before speaking with your lawyer can result in any number of problems. Employer retaliation is common. Even when an employee raises a simple concern about a potential company wrongdoing, it can set off a cascade of events that may damage your career.
Because the cybersecurity whistleblower laws have first to file requirements, speaking to a co-worker could lead to someone else filing first and claiming what should be your reward.
Your lawyer can help you navigate these situations in a way that protects your rights and safeguards your reputation and career.
Mistake #4: Waiting too long to report your information to a lawyer
Another common mistake made by potential whistleblowers is putting off the call to a lawyer, even for a few hours or days. Chances are, if you have discovered a potential cybersecurity violation or unreported breach, someone else has too. And, by law, only the first to report an incidence of misconduct is eligible to collect a whistleblower award. It can be devastating to lose a potential million-dollar cash award for saying “I’ll just wait until tomorrow to contact a lawyer.”
Mistake #5: Speaking about your information with coworkers or friends
Discussing your concerns about potential company misconduct with co-workers almost guarantees your original source information will no longer be “original source.” Word spreads fast in the workplace. It is best to refrain from mentioning anything about your information to anyone without consulting your lawyer first. Even seemingly innocent discussions with friends can lead to a potential news media leak that may harm your eligibility for a whistleblower award. It can also lead to the company self-reporting which eliminates the ability to collect a reward.
Mistake #6: Taking protected documents from work, or making copies or scans, before consulting with your lawyer
Be careful when gathering evidence to support your information. Whistleblowers must follow proper procedures when collecting documents, data, media or other evidence to support their case. We can help you determine what documents or evidence are helpful for your case and whether you can legally take these documents from the workplace. Any evidence taken in violation of the law may not be admissible and may get you into trouble.
Mistake #7: Failing to keep a detailed (and private) diary of information
From the moment you suspect misconduct, create a safe place to log information, including specific dates, times, incidents, phone numbers, computer IDs, places and names of relevant individuals that have any relationship to your suspicions. These details can be critical to proving your case. Remember to safeguard this information carefully. Do not keep your diary at work or in a public computer and do not send any information via your work email account.
Mistake #8: Emailing or calling your lawyer from a company email account or work phone
From the moment they suspect a violation, cybersecurity whistleblowers are on the phone with or emailing their lawyer. Be sure not to make the mistake of picking up your work phone to contact your lawyer or typing out a quick email on your company account. Anytime you have a question, step out of the office and use your personal phone or switch to a personal email account. And insure the computer or device you are using is does not belong to the company or rely on a company network for connectivity to the Internet.
More Questions On Cybersecurity Whistleblowers?
To learn more, please visit our cybersecurity whistleblower page. Ready to see if you have a case? Contact the cybersecurity whistleblower lawyers at MahanyLaw online, by email at or by phone at +1.202.800.9791. All inquiries are protected by the attorney – client privilege and kept strictly confidential. Cases accepted worldwide.