☰ Navigation

1-888-643-2217 Email ABEX
  • Home
  • Resources
Keeping you updated

Scammers More Sophisticated, Warns Competition Bureau

Posted on by

phishing emailThe Competition Bureau reports that phishing is one of the growing scamming techniques, and users of social networking sites are especially vulnerable. Almost 95 per cent of fraud-related crimes in Canada go unreported, according to an estimate by the Canadian Anti-Fraud Centre. One glaring reason for this is because people are usually too embarrassed to admit that they fell for a fraud scam, especially one that happened on a social networking site.

A phishing scam is a phony email or pop-up message used to lure unsuspecting Internet users into divulging personal information, such as credit card numbers and account passwords, that will later be used by hackers for identity theft. A phisher’s email can be very persuasive and believable if he or she is impersonating a well-known organization or individual.

Keep employees safe from phishing scams by teaching them to:

  • Be extremely wary of urgent email requests for any personal or financial information (their information or a client’s).
  • Call the company or individual in question with the number listed on the corporate website or in the phone book. Avoid using phone numbers provided in the email, as they could be phony too.
  • Do not use the links included in the email unless you are certain that the email is legitimate.
  • Do not divulge personal or financial information on the Internet unless the site is secure (sites that start with “https”).
  • Never disable anti-virus software.

The only way that the authorities can keep tabs on new scams that pop up is if individuals report crimes when they happen. When these crimes go unreported, the public can’t be alerted to watch out for scams, which can in turn affect many more people.

A computer intrusion could cripple your company, costing you thousands or millions of dollars in lost sales and/or damages. Make sure your employees are alerting you when they encounter suspicious emails or websites.

 

 

© 2014 Zywave, Inc. All rights reserved

Facebook Bullying Grounds for Dismissal

Posted on by

BullyingA postal clerk in Canada was dismissed from her job in May after her employer discovered Facebook posts she had written that were described as contemptuous, undermining managerial authority, and so harmful to her managers that they needed to take time off work to seek medical care and ease their emotional distress.

The employee stated that she had believed her posts were private and that her toxic work environment was the reason she needed to vent on Facebook. The arbitrator of the case ruled that due to the content of the posts and the effect they had on her managers, the termination of the employee was justified.

This case brought to life an interesting dynamic of the modern workplace: Because of social media, workplace relationships, and sometimes workplace bullying, don’t solely occur at work anymore. After work, employees can still log on to social media sites and harass co-workers or managers, or post hostile things about them.

At a minimum, workplace bullying affects safety, productivity, trust and the workplace culture. Being bullied not only puts a huge emotional strain on someone, but in turn could put a financial strain on the company due to unhappy or less-productive employees.

There has been an increase in court cases pertaining to social media and its influence on the workplace, and the number is projected to get higher. This case demonstrates how an employee can be justly terminated for posting offensive content—more serious than just a normal negative critique—about his or her company, manager or co-workers on social media sites.

 

 

© 2014 Zywave, Inc. All rights reserved.

 

Simple Steps to Cyber Security

Posted on by

Security concept: data security on digital backgroundRecent Internet bugs and vulnerabilities have had a widespread impact, compromising the security of computers as well as personal information you may enter online.

Although you can’t stop criminals from attempting a cyber attack, you can take several steps to reduce your risk of having your personal information stolen, misused or deleted. Start by using strong passwords, avoiding malware and viruses, and protecting yourself against scams and security breaches.

Password security

  • Do not use the same password for multiple accounts, especially important accounts such as online banking or an online store with your credit card on file.
  • Passwords should not be a word found in the dictionary or a combination easily guessed by a friend; be creative and mix up letters, numbers and symbols to make a strong password.
  • Passwords should be periodically changed, especially in the wake of the Heartbleed bug that left much encrypted information vulnerable to exploitation.

Malware

  • Don’t click on links or download attachments in unsolicited emails.
  • Don’t download anything from sites you don’t trust.
  • Don’t enter personal information on a website if you clicked on a link; instead, type the URL into the address bar to make sure you go to the site you want.
  • Scan all external devices, such as USB flash drives, for viruses and malicious software (malware) before using.
  • Install antivirus security software.

Scams and other security breaches

  • Never email personal information on an unsecured Wi-Fi network; the network can be hacked and the information accessed by unauthorized users.
  • Don’t disclose private information unless necessary, and always verify the source if asked to input sensitive information into a website or email.
  • Before entering credit card numbers or other payment information when shopping online, double-check that you’re on the website you think you are and check the URL for “https,” which is a general indication that the page is encrypted for your security. Some browsers also display a “lock” icon to indicate that a website is secure.

 

© 2014 Zywave, Inc. All rights reserved.

 

Policies to Manage Cyber Risk

Posted on by

Security concept:: Protection key on keyboardAll companies should develop and maintain clear and robust policies for safeguarding critical business data and sensitive information, protecting their reputations and discouraging inappropriate behaviour by employees. Many companies already have these types of policies in place, but they may need to be tailored to reflect the increasing impact of cyber risk on everyday transactions, both professional and personal. As with any other business document, cyber security policies should follow good design and governance practices—not so long that they become unusable, not so vague that they become meaningless, and reviewed regularly to ensure that they stay pertinent as your business’ needs change.

Establish security roles and responsibilities. One of the most effective and least expensive means of preventing serious cyber security incidents is to establish a policy that clearly defines the separation of roles and responsibilities with regard to systems and the information they contain. Many systems are designed to provide for strong role-based access control (RBAC), but this tool is of little use without well-defined procedures and policies to govern the assignment of roles and their associated constraints. At a minimum, such policies need to clearly identify company data ownership and employee roles for security oversight and their inherent privileges, including:

  • Necessary roles, and the privileges and constraints accorded to those roles
  • The types of employees who should be allowed to assume the various roles
  • How long an employee may hold a role before access rights must be reviewed
  • If employees may hold multiple roles, the conditions defining when to adopt one role over another

Depending on the types of data regularly handled by your business, it may also make sense to create separate policies governing who is responsible for certain types of data. For example, a business that handles large volumes of personal information from its customers may benefit from identifying a chief steward for customers’ privacy information. The steward could serve not only as a subject matter expert on all matters of privacy, but also as the champion for process and technical improvements to handling of personally identifiable information (PII).

Develop a privacy policy. Privacy is important for your business and your customers. Continued trust in your business practices, products and secure handling of your clients’ unique information impacts your profitability. Your privacy policy is a pledge to your customers that you will use and protect their information in ways that they expect and that adhere to your legal obligations. Your policy should start with a simple, clear statement describing the information you collect about your customers (physical addresses, email addresses, browsing history, etc.) and what you do with it. It’s important to create your privacy policy with care and post it clearly on your website. It’s also important to share your privacy policies, rules and expectations with all employees and partners who may come into contact with that information. Your employees need to be familiar with your privacy policy and what it means for their daily work routines.

Establish an employee Internet usage policy. The limits on employee Internet usage in the workplace vary widely from business to business. Your guidelines should allow employees the maximum degree of freedom they require to be productive (for example, short breaks to surf the Web or perform personal tasks online have been shown to increase productivity). At the same time, rules for behaviour are necessary to ensure that all employees are aware of boundaries, both to keep themselves safe and to keep your company successful. Some guidelines to consider:

  • Personal breaks to surf the Web should be limited to a reasonable amount of time and to certain types of activities.
  • If you use a Web filtering system, employees should have clear knowledge of how and why their Web activities will be monitored, and what types of sites are deemed unacceptable by your policy.
  • Workplace rules for behaviour should be clear, concise and easy to follow. Employees should feel comfortable performing both personal and professional tasks online without making judgment calls as to what may or may not be deemed appropriate. Businesses may want to include a splash warning upon network sign-on that advises employees about the company’s Internet usage policy so that all employees are on notice.

Establish a social media policy. Social networking applications present a number of risks that are difficult to address using technical or procedural solutions. A strong social media policy is crucial for any business that seeks to use social networking to promote its activities and communicate with its customers. At a minimum, a social media policy should clearly include the following:

  • Specific guidance on when to disclose company activities using social media, and what kinds of details can be discussed in a public forum
  • Additional rules of behaviour for employees using personal social networking accounts to make clear what kinds of discussion topics or posts could cause risk for the company
  • Guidance on the acceptability of using a company email address to register for, or get notices from, social media sites
  • Guidance on selecting long, strong passwords for social networking accounts, since very few social media sites enforce strong authentication policies for users

All users of social media need to be aware of the risks associated with social networking tools and the types of data that can be automatically disclosed online when using social media. Taking the time to educate your employees on the potential pitfalls of social media use, especially sites with geo-location services, may be the most beneficial social networking security practice of all.

Identify potential reputation risks. All organizations should take the time to identify potential risks to their reputations and develop a strategy to mitigate those risks with policies or other measures as available. Specific types of reputation risks include:

  • Being impersonated online by a criminal organization (e.g., an illegitimate website spoofing your business name and copying your site design, then attempting to defraud potential customers via phishing scams or other methods)
  • Having sensitive company or customer information leaked to the public via the Web
  • Having sensitive or inappropriate employee actions made public via the Web or social media sites

All businesses should set a policy for managing these types of risks and plan to address such incidents if and when they occur. Such a policy should cover a regular process for identifying potential risks to the company’s reputation in cyber space, practical measures to prevent those risks from materializing and plans to respond and recover from incidents as soon as they occur. Precept Insurance & Risk Management has numerous sample cyber security policies available to our clients upon request. These policies are a great starting point for your policy-creation efforts and can be modified to fit the unique needs of your business.

 

© 2014 Zywave, Inc. All rights reserved.

Cybercrime and espionage costs $445 billion annually

Posted on by

Cyber FraudSource: WashingtonPost

A Washington think tank has estimated the likely annual cost of cybercrime and economic espionage to the world economy at more than $445 billion — or almost 1 percent of global income.

The estimate by the Center for Strategic and International Studies is lower than the eye-popping $1 trillion figure cited by President Obama, but it nonetheless puts cybercrime in the ranks of drug trafficking in terms of worldwide economic harm.

“This is a global problem and we aren’t doing enough to manage risk,” said James A. Lewis, CSIS senior fellow and co-author of the report, released Monday.

The report, funded by the security firm McAfee, which is part of Intel Security, represents one of the first efforts to analyze the costs, drawing on a variety of data.

“Cybercrime costs are big, and they’re growing,” said Stewart A. Baker, a former Department of Homeland Security policy official and a co-author of the report. “The more that governments understand what those costs are, the more likely they are to bring their laws and policies into line with preventing those sorts of losses.”

According to the report, the most advanced economies suffered the greatest losses. The United States, Germany and China together accounted for about $200 billion of the total in 2013. Much of that was due to theft of intellectual property by foreign governments.

Though the report does not break out a figure for that, or name countries behind such theft, the U.S. government has publicly named China as the major perpetrator of cyber economic espionage against the United States.

The Chinese government has accused the United States of being one of the biggest perpetrators of cyber-espionage, but the U.S. government has always objected that it does not steal intellectual property and hand it to its own industries to give them a competitive advantage.

CSIS estimated that the United States lost about $100 billion. Germany was second with $60 billion, and China followed with $45 billion.

In both the United States and China, the losses represent about 0.6 percent of their economies, while Germany’s loss is 1.6 percent.

Japan, the world’s fourth largest economy, reported losses of $1 billion, which researchers said was extremely low and not credible.

Valuing intellectual property is an art form, based on estimating future revenues the intellectual property will produce or the value the market places on it, the report said. Putting a price tag on it is difficult but not impossible, it said.

Intellectual-property theft lessens companies’ abilities to gain a full return on their inventions, and so they turn to other activities to make a profit, the report states. That depresses overall global rates of innovation, it said.

The report stated that countries appear to tolerate cybercrime losses as long as they stay at less than 2 percent of their national income. If losses rise above 2 percent, “we assume it would prompt much stronger calls for action as companies and societies find the burden unacceptable,” it said.

The report breaks the harm into three categories, without giving figures. The largest, it said, is intellectual property theft. The second is financial crime, or the theft of credit card and other types of data largely by criminal rings. The third is theft of confidential business information to gain an advantage in commercial negotiations or business deals.

CSIS used several methods to arrive at a range of estimates, from $375 billion to as much as $575 billion. Researchers looked for published data from governments around the world. They interviewed officials in 17 major countries. And they came up with a predictive model based on a CSIS report last year that estimated the cost of cybercrime to the U.S. economy. Their figures also included the cost of recovering from cyberattacks.

The main assumption they used was that the cost of cybercrime is a constant share of national income — at least in countries with similar levels of development.

In less developed countries, that cost is about 0.2 percent of gross domestic product, and in advanced economies it is almost 1 percent.

In 2009, McAfee issued a news release that pegged global economic losses at more than $1 trillion. The figure was cited by the White House and then-National Security Agency director Gen. Keith B. Alexander. But this year’s CSIS report concluded that it was unlikely that cybercrime cost more than $600 billion, which is the cost of the global drug trade.

The researchers said cybercrime and economic espionage require a response on par with global efforts to reduce drug trafficking. Besides better cybersecurity technologies, they said, governments need to devote resources to building defenses and to commit to observing existing international commitments to protect intellectual property.

 

Blog

FOLLOW OUR BLOG

Receive notifications of new posts automatically.

ABEX - AFFILIATED BROKERS EXCHANGE IS ON FACEBOOK.

Like us on Facebook
Connect with us on LinkedIn

CONNECT WITH US ON LINKEDIN