Category Archives: Emerging Risk

Want to scan your crypto wallet for risks? Check: AML crypto BTC, USDT, ETH. Checking cryptocurrency wallets for dirty money.

67% of Hotel Websites Expose Guest Data, Study Finds

Posted on by

According to new research from cybersecurity company Symantec, 67% of hotel websites are leaking customer reservation details and other personal information. Candid Wueest, the company’s principal threat researcher, tested more than 1,500 hotels in 54 countries, including low-cost to high-cost hotels, as well as both chain and independent hotels.

buy tobradex online desiredsmiles.com/wp-content/uploads/2023/10/tobradex.html no prescription pharmacy

symantec hotel data exposureWhen a customer uses a hotel’s website to book a room, the site usually creates and sends them a link so that the customer can directly access  and manage their reservation.

buy desyrel online desiredsmiles.com/wp-content/uploads/2023/10/desyrel.html no prescription pharmacy

According to Symantec, part of the problem is that third-party advertisers on hotels’ booking websites and web analytics companies (which track web traffic) can access customers’ bookings because they also get those links. This means that advertisers and analytic companies – including any potential malicious actors among their employees – could access and steal the information that the customer entered when booking a room, and even change or cancel the reservation.

Symantec also found that more than a quarter of the hotel websites examined do not send secure, encrypted links in their confirmation emails. Encrypted links prevent anyone trying to hijack a customer’s data from being able to see that data. If a customer received a confirmation email while using an unprotected WiFi (a public network in a café or an airport, for example), a cybercriminal could intercept that customer’s emails and use the unencrypted hotel booking link to access the customer’s booking. Some of these automatically generated links also contain details like customers’ email addresses in the web address, which makes accessing their information even easier for cybercriminals.

Additionally, many hotel websites are vulnerable to a type of cyberattack called “brute forcing,” where an attacker can use the customer’s email address and guess their booking number to gain access to the reservation and personal information. In some cases, Symantec found that hotel websites did not even require an email address to access customers’ reservation information via brute forcing. Though this method would not be useful to gain access to large amounts of customer data, attackers could use it to target individuals, like a specific CEO or conference attendee.

Wueest noted that hotels have thus far been slow to respond to these data exposure risks, and some have not responded at all. When he alerted the hotels’ data privacy officers to the problems in their sites, 75% responded, and those who did took an average of 10 days. Hotels and their information security staff should promptly assess their booking processes to ensure they are minimizing the risk of potential data leaks and breaches.

buy elavil online desiredsmiles.com/wp-content/uploads/2023/10/elavil.html no prescription pharmacy

By leaving these gaps in their websites’ security, they are endangering their customers and opening themselves up to risk, including potential liabilities and reputational damage.

Symantec recommends that hotels use encrypted links, and ensure that the automatic links generated do not include information like customers’ email addresses. It also recommends that customers use Virtual Private Networks (VPNs, services that protects users’ internet traffic) when booking or accessing their reservations using public WiFi to prevent any cyberattacker from intercepting any information that would provide a way in.

The report should also serve as a reminder that corporate employees’ personal devices and personal information are popular targets for cybercriminals and can be especially vulnerable to risks while traveling. Any time an employee exposes their devices to unprotected networks or, in this case, insufficiently protected websites, it leaves both the employee and their employer at risk. Even if an employee is using their own device to conduct business, it still endangers their employer because it may expose valuable business information. Cybercriminals have particularly used the hospitality industry as a hunting ground for such attacks, for example, targeting individuals using hotel WiFi, tricking them into downloading malicious software and stealing their information or spying on their internet activity.

New Distracted Driving Data Shows Emergency Responders At High Risk

Posted on by

April is Distracted Driving Awareness Month, and the National Security Council (NSC) released new data this week that explores added transportation risks when emergency responders are en route to provide aid. It is clear that the mere presence of emergency personnel on the road can cause distractions for drivers and bystanders. To date, 16 emergency responders have been struck and killed by vehicles this year in the United States.

According to a survey released jointly by the NSC and the Emergency Responder Safety Institute (ERSI), 16 percent of respondents said they either have struck or nearly struck a first responder or emergency vehicle stopped on or near the road. Yet still, 89 percent of drivers say they believe distracted motorists are a major source of risk to first responders.

Key findings included:

  • 71% of drivers take photos and text while driving by emergency responders on the side of the road (this drops to 24% under normal driving conditions)
  • 60% take time to post to social media and 66% email about the situation
  • 80% admit to “rubbernecking” – that irritating, but also risky, practice of slowing down all traffic to get a better look
  • 49% say that possibly being struck by a vehicle is “just part of the risk” of being a first responder

As part of its #justdrive campaign, NSC has developed a free Safe Driving Kit to help employers keep their workers safe and is hosting a webinar on April 23, titled “You’re Not As Safe As You Think You Are,” to educate employers on the real risks of distracted driving and what safety-forward companies are doing to combat them.

“The cruel irony is, we are putting the people who are trying to improve safety in very unsafe situations,” said Nick Smith, interim president and CEO of the NSC. “Our emergency responders deserve the highest levels of protection as they grapple with situations that are not only tactically difficult but also emotionally taxing. Save your communications for off the road; disconnect and just drive.”

Already on the NTSB’s List

Earlier this year, Risk Management Monitor reported on the National Transportation Safety Board’s (NTSB) Most Wanted List of transportation safety improvements for 2019-2020, and “Eliminating Distractions” for all vehicle drivers is at its top.

In 2016, more than 3,100 fatal crashes on U.S. highways were attributed to driving-while-distracted. These crashes involved 3,210 distracted drivers, according to the National Highway Traffic Safety Administration (NHTSA), because some of them involved more than one distracted driver. Furthermore, the Virginia Tech Transportation Institute concluded that commercial drivers are at extremely high risk of a crash when texting—23 times greater than when otherwise engaged.

The NTSB states:

Contributing to the problem is the widespread belief by many drivers that they can multitask and still operate a vehicle safely. But multitasking is a myth; humans can only focus cognitive attention on one task at a time. That’s why executing any task other than driving is dangerous and risks a crash.

Personal electronic devices (PEDs), such as cell phones, are one of the greatest contributors to driver distraction and the NTSB recommends banding all PED use on U.S. roadways. The District of Columbia and 37 states restrict the use of cell phones by novice drivers, and 47 states, DC, Puerto Rico, Guam, and the US Virgin Islands ban text messaging for all drivers.

 

Tips to Prepare Your Organization For An Older Workforce

Posted on by

People are living and working longer today than in the agricultural and industrial ages. The growth in the number and percentage of individuals over 60 and 80 years of age is already having a global impact.

From 1980 to 2017, the number of individuals over the age of 60 doubled to roughly 900 million. This segment of the world’s population will double again by 2050 to nearly 2 billion, according to the 2017 World Population Prospects report by the Department of Economic and Social Affairs of the United Nations Secretariat.

Risk professionals can prepare their organizations for the coming changes and opportunities of an older workforce with the following strategies:

  1. Customize a workplace safety program. Organizations can utilize various levels and different methods of training to improve safety awareness.
    buy ocuflox online rxbio.com/images/milestones/jpg/ocuflox.html no prescription pharmacy

    These include new hire training, annual mandatory compliance refreshers, on-the-job training, shadowing and formal mentoring programs, educational programs, and certifications. Training can focus on areas such as safety awareness, new technology, ergonomics and workstation setup, life skills, and other soft knowledge. This will also help with safety in general among the entire staff.

  1. Update the education and onboarding process. An important consideration is how different generations of employees learn, so specific training methods tailored to each generational group can be offered. Where online training modules may work for younger employees, older employees may prefer on-the-job or in-person training. It is up to each company to best identify the methods for training its workforce so the content of the training is effectively delivered and understood by its intended audience.
  2. Review training styles. In addition to receiving ongoing training, older employees may feel more engaged if they are asked to teach newer or less experienced employees. One area often overlooked is training for managers who may have older employees under their supervision. Much has been written about training and approaching millennials, however, the reverse is an emerging risk. Companies should begin focusing efforts on how to relate to and the best way to supervise older workers. This is an area of opportunity to enhance a company’s culture and develop the employee-employer relationship.
  1. Know a role’s physical demands. Employers need to ensure they have a good understanding of the actual physical demands of each job position in addition to the physical limitations of individual employees.
    buy cymbalta online rxbio.com/images/milestones/jpg/cymbalta.html no prescription pharmacy

    Post-offer and pre-employment functional capacity exams are recommended for all age groups in industrial and manufacturing sectors. Job rotation is an important safety tool, and can be used for all age groups in an effort to break up the monotonous nature of the work, avoid fatigue, and ultimately develop a well-rounded staff that can cover gaps as needed.

  1. Consider the intersection of technology, comfort and well-being. There are many low- and no-cost ideas that can make the workload more manageable for older employees. For example, in its Dingolfing, Germany plant, BMW hires older workers on an auto assembly line with accommodations for their age such as larger computer screens, special shoes, and chairs for some operations. And Microsoft offers an online Guide for Individuals with Age-Related Impairments, showing older workers how to create slower-moving pointers or magnified screen displays by adjusting their computer’s settings. Standard workstations can be improved with ergonomics in mind. Features like built-in back support in office chairs, standing desks, lighting created to minimize shadows and dark zones, and desks that are easily adjustable all contribute to employees’ comfort and minimize discomfort. On-site clinics save time and are geared toward prevention as well as early disease detection. Investing in the health of all employees through wellness programs is a timeless and ageless benefit and will contribute to productivity and reduce costs.
    buy cenforce online rxbio.com/images/milestones/jpg/cenforce.html no prescription pharmacy

  1. Promote an age-diverse business culture by recognizing and appreciating the skills/values of older workers. There are common misunderstanding and stereotypes with older employees that they are less efficient than their younger co-workers. However, from the Organisation for Economic Co-operation (OECD) in 2016 that the working proficiency (in both literacy and numeracy) of older employees is actually not significantly lower than their younger peers. In countries like the U.S., the proficiency of older workers is even at the same level as younger employees (see below charts). A follow-up study in 2018 by OECD indicated that older employees are more likely to involve in more complex tasks, such as supervise colleagues, have higher task discretion, use planning skills and influence others, which makes them as valuable assets as their younger co-workers. So it is important to promote an age-diverse business culture to appreciate the skills and value of older workers.
  1. Improve training against discrimination and negative attitudes to older workers on hiring, termination, compensation, and promotion. As risk management professionals, it is important to remind your organizations to review and improve the policy against discrimination and negative attitudes to older employees, in order to mitigate the potential legal risk. A 2013 AARP study indicated that “64% of U.S. workers have either experienced or observed age discrimination.” Given this background, in 2016, EEOC received 20,857 charges of age discrimination, which counted for more than 20% of all discrimination charges received by EEOC.

As the global working population continue to grow older, corporations around the world could expect to see more age discrimination litigations to come. Risk managers can play an important role by taking initiatives to help their organizations against discrimination and negative attitudes to older employees.

Several members of the RIMS International Council contributed to this article.

RIMS Report: Making Sense of AI

Posted on by

The risk of not adopting some form of artificial intelligence (AI) can be much greater than the potential risks of implementation according to the new RIMS Professional Report: Making Sense of Artificial Intelligence and Its Impact on Risk Management.

Authored by RIMS Strategic and Enterprise Council member and director, Microsoft Enterprise Risk Management Tom Easthope, the report explores forms of AI available to organizations, common implementations scenarios for risk professionals to consider, as well as opportunities for those professionals to advance their careers in light of the emergence of AI technologies.

“While the discussions about the long-term impacts of artificial intelligence on society are important to understand and track, the more pressing issue is to understand the impacts on your industry, your organization and, ultimately, your career,” Easthope said.

buy antabuse online www.urologicalcare.com/wp-content/uploads/2023/10/jpg/antabuse.html no prescription pharmacy

“Risk professionals should find ways to participate in strategic discussions around AI and educate themselves on the world of possibilities it offers them and their organizations.”

The report explores AI’s foundational concepts, such as data and algorithms. It also discusses forms of AI, such as artificial general intelligence, (often referred to as “thinking machines” along the lines of C-3PO from the “Star Wars” films) and artificial narrow intelligence (ANI) which focuses on tasks that have major business impacts, including image recognition, credit card fraud detection and speech recognition. Citing research that AI-derived business value will be worth $3.9 trillion in the next three years, ANI presents risks and opportunities for risk professionals and their companies.

And while the report suggests that changes introduced by AI innovation and automation will impact jobs and tasks in the risk, compliance and insurance industry, it also presents methods to keep professionals less expendable, if they’re willing to embrace the technology.

buy rybelsus online www.urologicalcare.com/wp-content/uploads/2023/10/jpg/rybelsus.html no prescription pharmacy

“But while change is inevitable, it does not mean that your risk career must end,” the report said. “Essentially, if you understand the organization’s strategy and how it can enhance its operations with ANI or the context around data, then you have something to offer.”

RIMS Strategic and Enterprise Risk Management Council (SERMC) is organized to provide leadership on strategic and enterprise risk management research, practices, topics and issues, in alignment with RIMS’ vision, affiliations and partnerships. SERMC comprises RIMS members, academics, strategists, consultants and other practitioners who are experienced with strategic and enterprise risk management and related issues.

buy robaxin online www.urologicalcare.com/wp-content/uploads/2023/10/jpg/robaxin.html no prescription pharmacy

The report is currently available exclusively to RIMS members. To download the report, visit RIMS Risk Knowledge library at www.RIMS.org/RiskKnowledge. For more information about the Society and to learn about other RIMS publications, educational opportunities, conferences and resources, visit www.RIMS.org.