☰ Navigation

1-888-643-2217 Email ABEX
Keeping you updated

Category Archives: Cyber Risk Management

Young Employees and IT Security

Posted on by

iStock_bus people w cell-000016828639SmallHiring young employees can bring fresh talent and innovation, giving your company an edge over your competitors. But that edge can quickly be erased, as young workers also bring additional technology risks. According to the 2011 Cisco Connected World Technology Report, a study involving almost 3,000 college students and young professionals under age 30, 70 per cent of young employees frequently ignore their company’s information technology (IT) policies.

Millennials have grown accustomed to sharing everything about their personal lives on Internet sites such as Facebook® and YouTube®. This poses a dilemma for an employer: If young employees don’t safeguard their own personal information, how can you entrust them with your company’s sensitive data? Companies with the need to be Internet-savvy must hire young talent, but are these employees worth the risk?

Eye-opening Statistics

The Cisco report says that 80 per cent of young employees either don’t know about their companies’ IT policies or they think they are outdated. Additionally, 25 per cent of those in the study had been a victim of identity theft before age 30.

Why are young employees negligent about IT security? The study found that some young employees’ attitudes and beliefs towards IT policies include the following:

  • They forget about the policies.
  • They think their bosses aren’t watching.
  • They believe the policies are inconvenient.
  • They think they don’t have time to remember the policies while they’re working.
  • They feel the need to access unauthorized programs to get their job done.
  • They believe security is the IT department’s responsibility, not their own.

Additional Risks to Consider

Young employees can compromise IT security by leaving their computers or other personal devices unattended, increasing the risk that that both the equipment and company data could be lost, stolen or misused. Sending work-related emails to personal email accounts and using computers and social networking sites for both work and personal reasons can also compromise IT security. Millennials are more apt to blur the line between using IT for both personal and work-related purposes, which can increase the risk of negligence.

Consider that not only young employees, but all employees can compromise IT security in the following ways:

  • USB flash drives. While these are convenient portable devices for storing information, they make it too easy to take sensitive information out of the office and can be misplaced easily because they are so small.
  • Wi-Fi networks. Whether it’s an employee’s personal Wi-Fi network at home or free Wi-Fi at the local coffee shop, it is important that employees use virtual private network (VPN) and take other security measures when they log in on networks outside of your company.
  • Laptop computers. Lightweight and handy for working remotely, laptops are also susceptible to viruses from improperly-secured Wi-Fi networks.
  • Smartphones. They provide information at your fingertips, but are also another portable way to take sensitive data out of the office.
  • Collaboration websites. Websites, such as a wiki or SharePoint® site, are great tools for employees working together on projects, but it’s critical that only authorized employees are logging in and accessing your company’s projects on these sites.
  • Social media tools. Sites such as Facebook and Twitter™ can benefit your business; however, negligent use, including sharing critical company information, can be a risk.
  • Other communication applications, such as peer-to-peer (P2P), Skype and instant messaging tools. These applications can be vectors for malware and a threat to information security.

Employers shouldn’t necessarily prohibit employees from using technology, as this list includes many tools they need to get the jobs done. It’s important to know the risks and educate young employees to use the technology properly.

Mitigating the Risks

Employers must find the balance between allowing young employees to use social networking websites and portable devices to do their jobs, while at the same time protecting company information. Employers should examine their exposures and consider what level of risk they are willing to accept. Other special considerations for managing young employees and mitigating the risk include:

  • Review your company’s IT policy. If it needs to be updated, ask recent graduates for advice on updating the policy to reflect current changes and trends in IT.
  • Make sure young employees (and all employees) are aware of your company’s IT policy and the consequences if the policy is not followed.
  • Create strong, trusting relationships between young employees and your IT department.
  • Create IT awareness materials so young employees are continually reminded of IT security risks and what they can to do prevent them.
  • Train new young employees on data protection and IT security risks, and provide refresher training for seasoned employees to ensure everyone is aware of the risks and the importance of safeguarding company information.

 

© Zywave, Inc. All rights reserved.

Cyber Crime’s Forgotten Victim—Your Company’s Reputation

Posted on by

Reputation 1Even though companies are finally starting to dedicate resources to prepare for cyber attacks, it’s possible that they may be overlooking a key exposure. While internal audits, hardware and software upgrades, and payouts to impacted customers can be costly, those costs can quickly be dwarfed by the damage a cyber attack can do to a company’s reputation.

The Dark Side of Social Media

Social media poses a huge threat to your company’s reputation. In the event of a data breach, traditional media coverage, blog posts and consumer reaction to the breach will dominate discussion of your company’s brand across social media platforms. Social media newsfeeds offer little to no distinction between legitimate news, biased reports, rumors and outright falsehoods, making the problem worse.

Additionally, social media is the perfect battleground for a competing interest to launch an attack on your brand. In fact, a white paper released by Hays suggests that the deliberate spread of false information about companies could be part of the next wave of cyber attacks launched by foreign governments.

Managing Your Reputation

In the wake of a cyber attack, it’s important to have a social media strategy in place and ready to roll out, as well as a team dedicated to monitoring social media in order to dispel any rumors and clarify any falsehoods. It’s also important to consider all avenues for mitigating your risk.

 

© Zywave, Inc. All rights reserved.

Are You Prepared for a Cyber Attack?

Posted on by

Cyber Attack Concept.In its annual Global Information Security Survey, Ernst & Young found that more than one-third of organizations worldwide lack confidence in their ability to detect sophisticated cyber attacks.

The survey was designed to take a closer look at some of the most important cyber security issues facing businesses, and it found that the majority of cyber attacks come from criminal syndicates and “hacktivists.”

In addition, the survey identified two major vulnerabilities that all companies face: careless or unaware employees and outdated information security controls.

To help limit these vulnerabilities, Ernst & Young suggests that businesses clearly define their cyber risks and prioritize their cyber-security investments.

 

© Zywave, Inc. All rights reserved.

U.S. Officials Charge Three in Massive Cyber Fraud Case

Posted on by

C

In what’s being touted as the largest cyber fraud case ever uncovered, three suspects have been tied to an estimated eight-year hacking scheme that targeted 100 million customers of over a dozen U.S. companies.

It is believed that the hackers were involved in a variety of illegal activities, including manipulating publicly traded stocks, stealing email accounts, processing payments for pharmaceutical suppliers and running online casinos.

Initial reports suggest that the hackers were able to steal hundreds of millions of dollars from companies like JPMorgan Chase & Co., E*Trade Financial Corp. and more by using about 200 fake identity documents, among other tactics.

The case, which is being described as a new frontier for cyber fraud, illustrates that even global companies that spend large amounts of money on cyber security aren’t immune to attacks. The accused hackers face 23 counts of fraud and other illegal activities.

 

© Zywave, Inc. All rights reserved.

Cyber Security Budgeting for Small Businesses

Posted on by

Security ConceptA recent study conducted by Cisco, a multinational technology firm, found that small businesses were particularly vulnerable to cyber attacks—with 60 per cent of the surveyed Canadian companies stating that they did not have cyber security strategies in place. This fact becomes increasingly alarming when you consider that, according to some experts, cyber criminals actively target small- to medium-sized businesses.

With this in mind, it’s particularly important for small businesses to plan their cyber security budgets accordingly if they want to mitigate their risk. As a good rule of thumb, approximately 15 per cent of IT budgets should go towards cyber security.

Budgets should be made following an in-depth risk assessment and typically include the following considerations:

Preparation: When planning a cyber-security budget, consider including items for training, technology upgrades and vulnerability assessments. Having policies and procedures in place related to cyber attacks could also help you respond quickly in the event that a hacker accesses any sensitive information. In addition, implementing a security-awareness program is a good option for most employers, and consulting firms can provide assistance for those having difficulty setting up preventative measures.

Detection: Having the proper detection tools in place could make all the difference, should a cyber attack occur. In your budget, ensure that funds have been allocated for penetration testing, which will verify that any protective software you have in place is effective.

Response: Following a cyber attack, there are a number of response items to consider. In response to a cyber attack, businesses will often need to cover the cost of public relations assistance, attorney fees and forensic specialist services. When properly implemented and planned for, these items can help businesses salvage their reputations and prepare for future attacks.

In addition to budget planning, there are a number of other steps businesses can take to limit the impact of cyber attacks. For example, identifying any trends in terms of what other companies are spending on cyber security will at least provide you with a good budget standard that you can compare your own pricing to. In many cases, cyber liability insurance can protect businesses from some of the above costs, in addition to any losses sustained as a result of a cyber attack. The amount of coverage you need is usually dependent on your overall risk.

 

© Zywave, Inc. All rights reserved.

Blog

FOLLOW OUR BLOG

Receive notifications of new posts automatically.

ABEX - AFFILIATED BROKERS EXCHANGE IS ON FACEBOOK.

Like us on Facebook
Connect with us on LinkedIn

CONNECT WITH US ON LINKEDIN