☰ Navigation

1-888-643-2217 Email ABEX
Keeping you updated

Category Archives: Cyber Risk Management

Cyber Crime’s Forgotten Victim—Your Company’s Reputation

Posted on by

Reputation 1Even though companies are finally starting to dedicate resources to prepare for cyber attacks, it’s possible that they may be overlooking a key exposure. While internal audits, hardware and software upgrades, and payouts to impacted customers can be costly, those costs can quickly be dwarfed by the damage a cyber attack can do to a company’s reputation.

The Dark Side of Social Media

Social media poses a huge threat to your company’s reputation. In the event of a data breach, traditional media coverage, blog posts and consumer reaction to the breach will dominate discussion of your company’s brand across social media platforms. Social media newsfeeds offer little to no distinction between legitimate news, biased reports, rumors and outright falsehoods, making the problem worse.

Additionally, social media is the perfect battleground for a competing interest to launch an attack on your brand. In fact, a white paper released by Hays suggests that the deliberate spread of false information about companies could be part of the next wave of cyber attacks launched by foreign governments.

Managing Your Reputation

In the wake of a cyber attack, it’s important to have a social media strategy in place and ready to roll out, as well as a team dedicated to monitoring social media in order to dispel any rumors and clarify any falsehoods. It’s also important to consider all avenues for mitigating your risk.

 

© Zywave, Inc. All rights reserved.

Are You Prepared for a Cyber Attack?

Posted on by

Cyber Attack Concept.In its annual Global Information Security Survey, Ernst & Young found that more than one-third of organizations worldwide lack confidence in their ability to detect sophisticated cyber attacks.

The survey was designed to take a closer look at some of the most important cyber security issues facing businesses, and it found that the majority of cyber attacks come from criminal syndicates and “hacktivists.”

In addition, the survey identified two major vulnerabilities that all companies face: careless or unaware employees and outdated information security controls.

To help limit these vulnerabilities, Ernst & Young suggests that businesses clearly define their cyber risks and prioritize their cyber-security investments.

 

© Zywave, Inc. All rights reserved.

U.S. Officials Charge Three in Massive Cyber Fraud Case

Posted on by

C

In what’s being touted as the largest cyber fraud case ever uncovered, three suspects have been tied to an estimated eight-year hacking scheme that targeted 100 million customers of over a dozen U.S. companies.

It is believed that the hackers were involved in a variety of illegal activities, including manipulating publicly traded stocks, stealing email accounts, processing payments for pharmaceutical suppliers and running online casinos.

Initial reports suggest that the hackers were able to steal hundreds of millions of dollars from companies like JPMorgan Chase & Co., E*Trade Financial Corp. and more by using about 200 fake identity documents, among other tactics.

The case, which is being described as a new frontier for cyber fraud, illustrates that even global companies that spend large amounts of money on cyber security aren’t immune to attacks. The accused hackers face 23 counts of fraud and other illegal activities.

 

© Zywave, Inc. All rights reserved.

Cyber Security Budgeting for Small Businesses

Posted on by

Security ConceptA recent study conducted by Cisco, a multinational technology firm, found that small businesses were particularly vulnerable to cyber attacks—with 60 per cent of the surveyed Canadian companies stating that they did not have cyber security strategies in place. This fact becomes increasingly alarming when you consider that, according to some experts, cyber criminals actively target small- to medium-sized businesses.

With this in mind, it’s particularly important for small businesses to plan their cyber security budgets accordingly if they want to mitigate their risk. As a good rule of thumb, approximately 15 per cent of IT budgets should go towards cyber security.

Budgets should be made following an in-depth risk assessment and typically include the following considerations:

Preparation: When planning a cyber-security budget, consider including items for training, technology upgrades and vulnerability assessments. Having policies and procedures in place related to cyber attacks could also help you respond quickly in the event that a hacker accesses any sensitive information. In addition, implementing a security-awareness program is a good option for most employers, and consulting firms can provide assistance for those having difficulty setting up preventative measures.

Detection: Having the proper detection tools in place could make all the difference, should a cyber attack occur. In your budget, ensure that funds have been allocated for penetration testing, which will verify that any protective software you have in place is effective.

Response: Following a cyber attack, there are a number of response items to consider. In response to a cyber attack, businesses will often need to cover the cost of public relations assistance, attorney fees and forensic specialist services. When properly implemented and planned for, these items can help businesses salvage their reputations and prepare for future attacks.

In addition to budget planning, there are a number of other steps businesses can take to limit the impact of cyber attacks. For example, identifying any trends in terms of what other companies are spending on cyber security will at least provide you with a good budget standard that you can compare your own pricing to. In many cases, cyber liability insurance can protect businesses from some of the above costs, in addition to any losses sustained as a result of a cyber attack. The amount of coverage you need is usually dependent on your overall risk.

 

© Zywave, Inc. All rights reserved.

Managing Cyber Security During a Merger or Acquisition

Posted on by

handshake-SDuring a merger or acquisition, insurance policies and finances need to be scrutinized and the future of employees addressed. Cyber security is often put on the back burner, which is unfortunate because this is a time when company data is at its most vulnerable.

Data transfers must proceed without a hitch, or else the companies risk damaging reputation, losing customers and hurting future sales. Additionally, legal responsibilities must be upheld before, during and after the data transfer process.

Use the following checklist to ensure you’ve covered all of your cyber security bases:

  1. Identify all data assets that will need to be transferred.
  2. Gather and merge all data standards, policies and processes from employees at both companies.
  3. Identify potential risks that could occur during data transfer.
  4. Prior to any data transfers, ensure data is backed up.
  5. Run background checks on any employee who will be involved in the data transfer process.
  6. Craft a business continuity plan to prepare for potential data loss or outages during the period when the transfer will be occurring.
  7. Assign a high-level person the job of overseeing all data transfers. They will have the task of dividing and conquering by assigning one person to each data asset that needs to be transferred.
  8. Legally transfer ownership of data assets as quickly and completely as reasonably possible.
  9. Host training sessions on new data standards, policies and processes.
  10. Update disaster recovery plans, business continuity plans and emergency plans to include newly acquired data assets.
  11. Update the risk profiles for newly acquired assets.

Preparing for Data Transfer

Planning for data transfer should begin as early in the merger or acquisition process as possible. It is wise to assign one person the task of overseeing all data transfers so that there is little room for miscommunication or error. That person can then delegate smaller tasks, such as identifying data assets, identifying potential risks during transfer and making sure the data transfer is in compliance with federal or provincial law, but the person in charge should be aware of the current status of all tasks at all times. This person should also manage the implementation of the interim business continuity plan so that daily operations are disturbed as little as possible.

Keep in mind that if the acquired company has already completed portions of the data transfer or consolidation tasks, you should review the work to ensure accuracy.

Consider relocating IT employees from the acquired company early so that they can help with the data transfer and risk identification process, as they will be more familiar with their data and systems. Sufficient time should be mapped out to allow any older data to be converted for use in newer software and programs.

Finally, ensure that your system configuration records are up to date prior to any data transfers or consolidations. This will help isolate any issues that might occur and allow for an effective fix.

Good Practices for Data Transfer

Even if your company is completely prepared for the data transfer, it’s still possible that issues will arise during the process. Here are some good practices your company can utilize to minimize these risks:

  • Try to avoid using any kind of removable media to transfer data from one place to another. If the only method you can use is removable media, then take extreme care to be sure all records are encrypted, especially if they involve personal information.
  • If you have any data that isn’t getting transferred, you should dispose of it safely and completely to ensure it cannot be stolen.
  • Do not try to move all data at one time. Set small goals to complete every day or week to prevent an overload on your system or large, messy mistakes.
  • Consider halting some of your company’s cyber services until all data has been switched over in order to protect the services from being adversely affected by the transfer. Another option would be to run a similar service until data has been transferred.
  • Increase protective monitoring systems to prepare for the possibility of a disgruntled employee. Mergers and acquisitions are scary, uncertain times for employees, whose roles are often modified or eliminated to accommodate a new company structure. Update all clearances and access capabilities for employees based on new roles and duties.

Safe and secure data transfer during a merger or acquisition is of utmost importance. Communication is crucial during this time and basic duties and responsibilities should be quickly laid out and assigned to employees before, during and after the transition. Data transfer is not just about preventing and managing a compromise or interruption to services; you also need to keep your customers’ and stakeholders’ needs in mind, and take their concerns into consideration. Most importantly, ensure your new and existing clients know that you’re keeping their data safe.

 

 

© Zywave, Inc. All rights reserved.

Blog

FOLLOW OUR BLOG

Receive notifications of new posts automatically.

ABEX - AFFILIATED BROKERS EXCHANGE IS ON FACEBOOK.

Like us on Facebook
Connect with us on LinkedIn

CONNECT WITH US ON LINKEDIN