Manage Pressing Risks with

A one-stop hub for practical, timely and actionable insights, tools and training that may save thousands of dollars by minimizing potential loss exposures, human resources expenses, training costs, and attorney fees.

Stay on top of current workplace issues, legislation, and employment trends with:
  • Articles, News Briefs, and Checklists
  • Interactive Training Modules
  • Model Handbook with 100+ Template HR Policies, Procedures, and forms

Today's Workplace

Ask Jack: Can Trusted Agents And Contractors Play An Unknowing Part In E-Mail Compromise Attacks?

Are internal breaches the main concern for email compromise attacks? Jack explains why such attacks go beyond office walls.

Continue Reading

Ask Jack: Is Disconnecting From The Internet A Smart Move If You Think You Opened Malware?

Jack explains the value of disconnecting and shutting down if you think you have selected a bad link or opened a questionable attachment.

Continue Reading

Ask Jack: What E-Mail Attachments Are Red Flags?

Are some email attachments riskier than others? Jack explores.

Continue Reading

Ask Jack: Are We Done Yet With Passwords?

By Jack McCalmon, The McCalmon Group, Inc.

I really like using my finger to access my computer and even some of my accounts. It seems like more and more accounts are allowing me to access them that way instead of typing in a password. Are we done with passwords?


No, we are not done with passwords. The biometric access you are referring to is a feature of your equipment and your equipment/software/accounts are simply allowing you to use that feature for easier access. However, if you were to create a new account on a piece of equipment or an application, you will be asked to provide a password.

The fact is cybersecurity still revolves around passwords and will for a period of time, especially considering the privacy liability surrounding biometrics.

In time, biometrics and other identity features will improve and allow more access, but until then you should focus on password security. Passwords continue to be a weak link in cybersecurity. Even after training, most people still reuse passwords and more than 62 percent use a variation of the same password.

This is problematic because cybercriminals are using AI to learn our passwords.

The takeaway is that passwords, whether we like them or hate them (no one "loves" passwords) will be with us for a while. So, it is important to use longer and more complex passwords and/or use a safe and secure password manager.

Jack McCalmon, Leslie Zieren, and Emily Brodzinski are attorneys with more than 50 years combined experience assisting employers in lowering their risk, including answering questions, like the one above, through the McCalmon Group's Best Practices Help Line. The Best Practice Help Line is a service of The McCalmon Group, Inc. Your organization may have access to The Best Practice Help Line or a similar service from another provider at no cost to you or at a discount. For questions about The Best Practice Help Line or what similar services are available to you via this Platform, call 888.712.7667.

If you have a question that you would like Jack McCalmon, Leslie Zieren, or Emily Brodzinski to consider for this column, please submit it to Please note that The McCalmon Group cannot guarantee that your question will be answered. Answers are based on generally accepted risk management best practices. They are not, and should not be considered, legal advice. If you need an answer immediately or desire legal advice, please call your local legal counsel.


Finally, your opinion is important to us. Please complete the opinion survey: