Fraud in the Remote Workforce: Hiring, Security, and Compliance Best Practice

Danielle S. Urban | Fisher & Phillips LLP

Danielle Urban is a partner in the firm’s Denver office. She is a Certified Information Privacy Professional (CIPP/E) and has a national practice representing a wide range of employers in a global marketplace. Her practice involves representation of employers in wrongful termination, employment discrimination and harassment, Title VII, Family and Medical Leave Act (FMLA), Americans with Disabilities Act (ADA), and the Age Discrimination in Employment Act (ADEA), False Claims Act and state whistleblower actions, international employment issues, covenants not to compete, breach of employment agreements, and other employment disputes before courts and administrative agencies.

Danielle also advises clients on national and international data security laws, data breaches, and privacy policies. She has spoken on and written numerous articles about international employment laws, with special concentration in Canadian and European employment issues. She was listed in the Colorado Super Lawyer in 2019 and Colorado Super Lawyers – Rising Stars in the 2011 and 2012, as well as the 2017 through 2021 edition of Best Lawyers. She was also selected as a Client Service All-Star for 2016, an elite group of attorneys nominated by in-house counsel for their outstanding client service. BTI Consulting Group conducted the survey.

Prior to law school, Danielle worked for the Health Care Financing Administration (now CMS) overseeing Medicare managed care plans.

Daniel Pepper | Fisher & Phillips LLP

Dan is a partner in the firm’s Denver office, Chair of the firm’s Data Protection and Cybersecurity team, and Chair of the Technology Transactions practice group. He has three decades of legal experience navigating the complex and evolving landscape of data privacy, security, and technology both in-house and in private practice. As a Certified Information Privacy Professional (CIPP/US), he advises Fortune 500 companies on proactive data security practices, data breach incident response, data privacy and security regulatory compliance, and technology transactions. Dan leads responses to security incidents and interacts with federal and state agencies and forensic service providers, oversees investigations, and designs post-incident response notification and remediation plans. Dan also conducts artificial intelligence risk assessments and help clients establish AI ethics, governance, and compliance programs. He routinely advises on state, federal, and international data privacy and security laws, regulations, and standards, such as the California Consumer Privacy Act (CCPA) and the European Union’s General Data Protection Regulation (GDPR).

Dan regularly advises clients on matters involving emerging technology and connected device product and service rollouts, including regulatory licensing requirements for organizations partnering with OEMs for IoT offerings, FCC licensing requirements, and negotiating content, communications, and logistics contracts.

Prior to joining Fisher Phillips, Dan was a partner at a global AmLaw 100 firm where he focused on large, high-profile domestic and international data security incidents, overseeing forensic investigation, and managing interactions with state, federal, and international regulatory bodies and agencies. He formerly held senior in-house counsel roles at a Fortune 50 global media and technology company and, before that, one of the world’s largest telecommunications companies.

Dan is a frequent speaker and lecturer on data privacy, security, and information technology law for various bar and industry associations.

Session I – Remote Worker Fraud & Cyber Risk: Preventing Infiltration, Protecting Data, and Reducing Exposure | 1:00pm – 2:00pm

• Remote worker fraud as a cybersecurity and privacy problem
• Fraud tactics that create real security exposure
• From suspicion to incident: Spotting red flags and containing risk
• Privacy-forward investigation and evidence preservation
• Regulatory and contractual exposure trigger points
• Post-incident hardening: Tightening access, re-validating identity, improving monitoring

Break | 2:00pm – 2:10pm

Session II – Compliant Controls for Remote Hiring: Screening, Monitoring, and Access Governance Without Discrimination Pitfalls | 2:10pm – 3:10pm

• Control design principles: Risk-based, role-based, consistent
• Fraud-resistant hiring workflow that stays employment-law safe
• Anti-discrimination guardrails in screening and selection
• Monitoring and detection policies with privacy and fairness guardrails
• Access governance and lifecycle controls
• Governance: Training, metrics, and continuous improvement