Author Archives: Hilary Tuttle

About Hilary Tuttle

Hilary Tuttle is the managing editor of the Risk Management Monitor and Risk Management magazine.
Игроки всегда ценят удобный и стабильный доступ к играм. Для этого идеально подходит зеркало Вавады, которое позволяет обходить любые ограничения, обеспечивая доступ ко всем бонусам и слотам.

The bebe Hack: Guarding Against Cyberbreach During the Holiday Shopping Season

Posted on by

bebe data breach

On Friday, retail chain bebe announced that it had identified an attack on computers that operate the in-store payment processing system. The attack may have exposed data from cards swiped in retail locations in the U.S., Puerto Rico, and the U.S. Virgin Islands between Nov. 8 and Nov. 26, including cardholder name, account number, expiration date and verification code. The breach did not impact customers who shopped online or in other international locations, bebe reported, and the company has hired a security firm to stop and investigate the attack.

Almost exactly a year after the massive Target hack, this latest incident comes after a steady stream of sizable breaches among retailers, including Home Depot, JPMorgan Chase and eBay. Consumers have begun to find these hacks increasingly less surprising, and stopped paying as much attention – a phenomenon many are calling “breach fatigue.”

But companies are not entirely off the hook. While Target is on the rebound and subsequent breach victims have endured less damage to consumer perception, these cybersecurity incidents still demand a notable amount of contingency planning and mitigation.

According to public relations and social media firm Affect, there are four keys to protecting brand reputation in the event of a security breach:

1) Develop a Fully Locked and Loaded Response Plan

In the digital age, it is essential to have a cyber attack plan in place as part of an organization’s crisis management strategy. Companies can get ahead of a crisis by leveraging social media to diffuse damaging situations. In order to prepare, be sure to anticipate and understand the kinds of threats that could influence your business and your industry.

“There are four phases of crisis communications: readiness, response, reassurance and recovery,” said Sandra Fathi, president of Affect. “In order to properly respond to a crisis, each stage must be ready to go at a moment’s notice — develop materials such as messages and prepared statements, prepare delivery channels like hotlines and social media platforms and train employees regarding awareness and organizational procedures.
buy filitra online https://galenapharm.com/pharmacy/filitra.html no prescription

2) The Customer is Top Priority

Arguably the most important step in maintaining a brand’s image amid a breach is to be honest with customers and inform them about what has occurred — the sooner the better, especially if their personal information is at stake. In fact, 47 states have Security Breach Notification Laws that govern communication with customers in the face of a security breach including the timeline for those communications. Several weeks elapsed before Target released an official statement to their customers and as a result, experienced massive backlash from customers, other organizations and the media alike.

Adam Levin, chairman and founder of IDT911, a provider of data risk and identity management services, believes every company needs to demonstrate three things in the wake of a data breach.

buy amoxil online www.methanol.org/wp-content/uploads/2022/08/png/amoxil.html no prescription pharmacy

“Urgency, transparency, and empathy are all critical. I don’t think they [Target] showed enough of those three,” Levin said in an interview with ABCNews.com. Not being upfront with customers can result in a loss of confidence in the brand that can hinder not only the company’s reputation, but could lead to a loss in revenue.

buy flexeril online www.methanol.org/wp-content/uploads/2022/08/png/flexeril.html no prescription pharmacy

3) Monitor the Situation in Real-Time

Social media can be a powerful tool but “with great power comes great responsibility.” While positive engagements boost a brand’s respect, companies must always monitor for negative interactions in real-time and be even more stringent during a security breach, as customers will turn to social media to respond to situations, regardless of their allegiance to the brand. Develop a Social Media Response Map that outlines anticipated situations and correlated standard responses to avoid any last minute shuffle. Don’t shy away from angry customers that continuously post adverse comments.

buy zydena online www.methanol.org/wp-content/uploads/2022/08/png/zydena.html no prescription pharmacy

Depending on the situation, it may be worthwhile to engage with these individuals in a private forum and resolve their concerns, taking the negative sentiments offline.

4) Don’t Repeat the Same Mistakes

For brands, it is especially important to not make the same mistakes twice. Customers may or may not forgive a first offense, so a second go-around is even harder to rebound from. Companies must carefully document and analyze each breach to identify how it happened, why it happened and how to prevent such an event in the future. Consider changing security vendors, deploying new software, re-training staff and amending company policies. It is also important to communicate these changes to customer to reassure them that a similar breach will not reoccur.

Companies Report Increased Optimism and Risk Appetite

Posted on by

Heading into the fourth quarter, private companies reported higher profitability, greater risk appetite, and notable plans for growth in 2015, according to a survey from PwC.

buy cipro online greendalept.com/wp-content/uploads/2023/10/cipro.html no prescription pharmacy

The Q3 “Trendsetter Barometer” reports that more companies are seeing profitability increases, and optimism about the U.S. economy rose to 63%—the highest level since early 2011.

The study’s most notable findings include:

PwC Trendsetter Barometer

About 80% of companies expect revenue growth in 2015, with almost a third projecting double-digit change. When planning for that success, the biggest anticipated challenges reported will include direct hits to the supply chain and the workforce:

PwC Growth

How Retailers Can Better Mitigate Black Friday Risks

Posted on by

Black Friday Shopping Risks

With the biggest shopping events of the season, retailers face tremendous amounts of both risk and reward as sales and door-busters draw in eager consumers all week. In 2013, Thanksgiving deals brought in 92.1 million shoppers to spend over $50 billion in a single weekend, the National Retail Federation reports.

The National Retail Federation issued crowd management guidelines for retailers and mall management officials to use when planning special events, including Black Friday, product launches, celebrity appearances and promotional sales. General considerations to plan for and curtail any crowd control issues include:

  • Remind and retrain all employees about your store’s emergency protocols to address potential risks facing employees and customers.
  • Dedicate knowledgeable employees to communicate and manage crowds, from arrival to departure, and resolve any potential conflicts that may arise.
  • Strategically place sale items throughout the store to help disperse crowds and manage traffic flow.
  • Request the assistance of local law enforcement if large crowds are expected and arrange for additional security services.
  • Educate employees about relevant policies and procedures and advise them who to contact in the event of a situation.

Last week, the U.S. Department of Labor’s Occupational Safety and Health Administration also issued a public letter to retailers urging companies to plan ahead for better in-store safety for both employees and customers. According to OSHA’s “Crowd Management Safety Guidelines for Retailers,” crowd management plans should, at least, include:

  • On-site trained security personnel or police officers
  • Barricades or rope lines for pedestrians that do not start right in front of the store’s entrance
  • The implementation of crowd control measures well in advance of customers arriving at the store
  • Emergency procedures in place to address potential dangers
  • Methods for explaining approach and entrance procedures to the arriving public
  • Not allowing additional customers to enter the store when it reaches its maximum occupancy level
  • Not blocking or locking exit doors

Brick-and-mortar retailers are not the only ones at greater risk. Companies that operate call centers must also be prepared for a drastic increase in customer inquiries and purchases. According to communications intelligence firm Cognia, 69% of U.S. contact centers carry out credit card payments over the phone and 84% record calls, making their archives particularly vulnerable to potential breaches.

“The first thing to highlight with respect to call center compliance at peak times is that this pressure is unlikely to create new issues, but will amplify existing ones. Attackers / threat actors (the bad guys) will also be aware that this is the time at which procedures are most likely to slip, and social engineering vulnerabilities that have previously been identified can be exploited,” said Tom Evans, Cognia’s chief security officer.

“There are challenges but, from a risk perspective, there is also an opportunity to fine-tune the risk management system under pressure. At these peak times, issues will be visible that would go undetected during business as usual operation,” Evans noted. “There is an opportunity to be proactive and to use the pressure around these peak sales times to identify bad practice that, during less pressured periods, is probably limited to one or two individuals or occasional occurrences, and therefore very hard to spot. Even the most dependable employee under the pressure on big queues may resort to a shortcut to get the job done. Identifying these means that controls can be put in place to prevent them being used again, and therefore the overall risk management position improved.”

To improve security and PCI compliance, Evans recommends that companies focus on areas that have lower security controls overall. For example, seasonal employees, over-spill call centers, and work at home agents may all be components of a contingency plan for peak periods that introduce vulnerability that can be mitigated.

DDoS Attacks Cost Businesses $40,000 an Hour

Posted on by

One of the most common weapons in the cybercriminal’s arsenal is the DDoS attack.

buy zoloft online thecifhw.com/wp-content/uploads/2023/10/jpg/zoloft.html no prescription pharmacy

According to the network security experts at Digital Attack Map, “A Distributed Denial of Service (DDoS) attack is an attempt to make an online service unavailable by overwhelming it with traffic from multiple sources. They target a wide variety of important resources, from banks to news websites, and present a major challenge to making sure people can publish and access important information.

buy suhagra online thecifhw.com/wp-content/uploads/2023/10/jpg/suhagra.html no prescription pharmacy

While many have heard of these attacks or suffered from the outages they cause, most people do not understand the true business risks these incidents pose. To get a better picture of the threat, Internet security firm Incapsula surveyed 270 firms across the U.S. and Canada about their experiences with DDoS attacks. On average, they found, 49% of DDoS attacks last between 6 and 24 hours.

buy atarax online thecifhw.com/wp-content/uploads/2023/10/jpg/atarax.html no prescription pharmacy

“This means that, with an estimated cost of $40,000 per hour, the average DDoS cost can be assessed at about $500,000—with some running significantly higher,” the company reported. “Costs are not limited to the IT group; they also have a large impact on units such as security and risk management, customer service, and sales.”

Check out the infographic below for more of Incapsula’s findings on the actual costs of DDoS attacks: