Category Archives: Security

Want to scan your crypto wallet for risks? Check: AML crypto BTC, USDT, ETH. Checking cryptocurrency wallets for dirty money.

Annual Data Privacy Day to Focus on Safeguarding Data

Posted on by

Last year was certainly a turning point in the history of online privacy and cyber security. Between ransomware attacks, the Equifax breach and the Federal Communication Commission’s vote to repeal net neutrality regulations—just to name a few high-profile incidents in the United States—businesses and citizens have more reasons than ever to safeguard their information.

To address this important issue, the annual Data Privacy Day (DPD) will be held Jan. 28, with online and in-person events leading up to it now that celebrate individual users’ rights to privacy and aim to prevent cyber theft and risk. DPD has been led by the National Cyber Security Alliance (NCSA) in the U.S. since 2011 and “highlights our ever-more connected lives and the critical roles consumers and businesses play in protecting personal information and online privacy,” said NCSA Executive Director Michael Kaiser.

DPD was created to commemorate the 1981 signing of Convention 108 by the Council of Europe and is observed by more than 47 countries. It was the first legally binding international treaty dealing with privacy and data protection and officially recognized privacy as a human right. NCSA also co-hosts National Cybersecurity Awareness Month and the Department of Homeland Security’s Stop.Think.Connect. campaign, which aims to increase the public’s understanding of cyber threats.

“Our personal information and our habits and interests fuel the next generation of technological advancement, like the Internet of Things, which will connect devices in our homes, schools and workplaces,” Kaiser said. “Consumers must learn how best to protect their information and businesses must ensure that they are transparent about the ways they handle and protect personal information.”
On Jan. 25, LinkedIn will live-stream an event from its San Francisco office exploring the theme of “Respecting Privacy, Safeguarding Data and Enabling Trust.” The broadcast will feature TED-style talks and panel discussions with experts focusing on the pressing issues that affect businesses and consumers. Additional DPD happenings include Twitter chats and networking gatherings to maintain a dialogue about the importance of privacy rights.
The relevance does not end on Jan. 29, noted Richard Purcell, DPD advisory board member and chief executive officer of Corporate Privacy Group. He has witnessed the event’s evolution and its impact on risk management and privacy professionals.

“The community of privacy professionals is not made up of private people. They want to share information,” noted Purcell, who was named Microsoft’s first corporate privacy officer in 2000. “They initiate a dialogue that the officers bring back to their companies. I have seen how it has stimulated events inside corporations and universities that were inspired by Data Privacy Day networking discussions. The professional development aspects of the day are profound.”
Newly released information from NCSA demonstrates how privacy is impacted in both personal and professional environments—from healthcare and retail to social media, home devices and parenting. Some statistics include:

  • In 2016, 2.2 billion data records were compromised and vulnerabilities were uncovered in internet of things products from leading brands.
  • 41% of Americans have been personally subjected to harassing behavior online and nearly one in five (18%) has been subjected to particularly severe forms of harassment online, such as physical threats, harassment over a sustained period, sexual harassment or stalking.
  • Nearly one-third of consumers do not know that many of the “free” online services they use are paid for via targeted advertising made possible by the tracking and collecting of their personal data.
  • About 78% of respondents to a recent survey of healthcare professionals said they have had either a malware and/or ransomware attack in the last 12 months.

Using ERM to Protect Your Business from The Equifax Fallout

Posted on by

As with many data breaches, the general conclusion of the Equifax attack is that personnel were not aware of the issue beforehand. This conclusion, however, is false.

In early September, I anticipated that a vulnerability in Equifax’s software was known ahead of time, and that this scandal was, therefore, entirely preventable. A month later, the NY Times reported that the Department of Homeland Security sent Equifax an alert about a critical vulnerability in their software. Equifax then sent out an internal email requesting its IT department to fix the software, but “an individual did not ensure communication got to the right person to manually patch the application.”

The Equifax data breach was a failure in risk management. As a credit bureau that deals with the personally identifiable information (PII) of 200 million U.S. customers, Equifax has a legal and moral responsibility to safeguard their customers’ security, and to adopt the proper systems to do so.

For instance, if Equifax had an enterprise risk management (ERM) system in place, the warning from Homeland Security would have been properly recorded and assigned out to the appropriate personnel. This system would have provided transparency over the status of the task in progress, and would have triggered reminders until the vulnerability was patched and verified by the right subject matter expert.

buy xtandi online www.suncoastseminars.com/assets/top/xtandi.html no prescription pharmacy

A Point of No Return

It’s my opinion that this scandal is a point of no return for risk management. While data breaches have abounded in recent years, there has never been one of this magnitude or one that provides every piece of information hackers need to steal our identities. Of course, lawsuits and penalties are piling up around the company’s negligence, but these financial losses are nothing compared to the reputational damages Equifax will suffer—shares fell by 18% following the breach and have yet to fully recover.

What makes this scandal so unique, and therefore a point of no return, is that these reputational damages reach far beyond Equifax. Consumers can’t always choose whether they’re a customer of Equifax, but they can choose whether to do business with the institutions that gave away their information to Equifax in the first place.

I also believe that consumers’ outrage with this scandal will cause them to shift their money, loyalty, and trust to institutions that can demonstrate effective risk management. CEOs and boards of every company will have to prove their organizations have adequate enterprise risk management systems in place. They’ll find that more effective risk management and governance programs are necessary to keep their market shares up and their reputation clean.

Where to Go from Here

While this breach may appear to be an event of the distant past, we are in the eye of the storm. Stolen information can lie dormant for months or years as criminals wait to make their move, and when they do, you’ll have either taken this period of calm as a chance to forget the scandal, finding yourself ill-prepared, or a chance to get to higher ground, finding yourself fully protected.

To protect themselves, businesses must:

  • First, to determine where to focus your security resources, recognize that people, processes, and procedures are now the biggest risks. Businesses need to perform risk assessments across all departments to determine who has access to sensitive information and authentication processes, and what the business impact would be if these employees were to be impersonated.
  • Next, to address these risks, businesses must rewrite their procedures for authenticating the people involved in sensitive requests and actions both verbally and electronically. With so much PII now in the public domain, it is no longer safe to rely on traditional authentication based on these pieces of information.
    buy robaxin online www.suncoastseminars.com/assets/top/robaxin.html no prescription pharmacy

    For example, the security question “What was your first car?” is not effective because the answer is now easily accessible.

    buy vilitra online www.suncoastseminars.com/assets/top/vilitra.html no prescription pharmacy

    A more effective question would be “Who was your best friend in elementary school?”

  • Finally, it is important to keep your third-party vendors in mind. Vendors often have access to sensitive information and processes, which could have an enormous impact on your company. It is crucial, therefore, to extend your internal authentication procedures out to your third parties so that they are authorizing sensitive requests and actions as securely as your own organization.

Our world, including the business world, is becoming increasingly transparent, meaning it’s up to you to act with integrity and protect your stakeholders. Keeping the Equifax data breach in mind, along with enacting these tactical steps, will help you stay ahead of the competition and out of glaring social media headlines.

Risk and Crisis Management Explored at Cyber Event

Posted on by

NEW YORK—Cyberattacks and data security need to be high priorities for all businesses, experts stressed at ALM’s cyberSecure 2017 event here, Dec. 4 and 5. In fact, not only is failing to prepare for an attack or breach risky, it’s foolish, Kathleen McGee, internet & technology bureau chief for the Office of the Attorney General of the State of New York said in Monday’s opening address. She added that not reporting a breach in a timely fashion has its own set of legal and reputational risks, referring to the SHIELD Act (the Stop Hacks and Improve Electronic Data Security Act), introduced to New York State legislature by Attorney General Eric Schneiderman in November.

“Under the SHIELD Act, companies would have a legal responsibility to adopt reasonable, administrative, physical and technical safeguards for sensitive data,” she said Monday, adding that the standards would apply to any business holding data of New Yorkers, whether or not they do business in the state.

McGee noted that even though a company may not have all the details in the first 72 hours following a breach, reporting it to the New York Department of Financial Services (NYDFS) or another regulator is crucial. It is a legal requirement as part of the NYDFS Cybersecurity Requirements for Financial Services Companies, and even if all the pertinent information about an attack is not yet available, divulging what is known will prevent further enforcement action from the state.

“For some companies, data is the only commodity,” she said. “But in the past 10 years, risk assessments have not evolved as quickly as data collection.”

That observation lent itself to a segue for the next session, “Integrating Periodic Risk Assessment to Avoid Becoming the Next Target of a High-Profile Cyberattack.” Panelists covered the importance of formal risk assessments, which will be legally required by regulators like the NYDFS and the General Data Protection Regulation (GDPR) in Europe and goes into effect in 2018.

Moderator Eric Hodge, director of consulting at CyberScout, said education charts the path to a positive assessment and suggested using non-traditional training methods to onboard clients and employees over the course of a year.

“There are a lot of ways to educate other than the traditional annual training session set in a typical conference room,” Hodge said. “You can try white hat phishing to trap people in a safe way. Share your stories every month and be honest about your own failures. There are ways beyond just checking a box.”

eHarmony Vice President and General Counsel Ronald Sarian said his company has learned from its past incidents to better prepare and to update its ERM framework. The dating and compatibility company’s site was breached in 2012, before he joined the group.

“You need to do a data impact assessment and ask: What are your family jewels?” noted Sarian, who said he aims to implement ISO27001 as the ERM framework to secure eHarmony’s international and cyber presence. “We had so much in place already that I thought we should take a shot at it. It takes at least a year but so far it’s working for us.”

When considering ransomware, experts from healthcare, insurance and electronic payments companies spoke passionately during a dedicated session about how they mitigate risks. Christopher Frenz, director of infrastructure at the Interfaith Medical Center strongly advocated for network segmentation, which he uses at the center, in an effort to keep intrusions contained.

As previously reported, Advisen’s recent Information Security and Cyber Risk Management Survey indicated that, for the first time in the seven years of the survey, there has been a decline in how seriously C-Suite executives view cyberrisk. With that trend in mind, panelist Christopher Pierson, Ph.D., chief security officer & general counsel of ViewPost, a provider of electronic invoice and payment services to businesses, outlined his approach to eliciting a response from board members.

“You can’t tell the board that [paying] is not an option unless it’s illegal,” Pierson said. “Educate the board and explain that it is an option to pay terrorists and criminal syndicates. You’ll see the looks on their faces and then you’ll get them [to want to take action].”

For more information about GDPR, read Risk Management magazine’s coverage.

Open Offices and Holidays: A Parade of Risks

Posted on by

‘Tis the season for many businesses to stay open through the holidays and for some to take part in the tradition of partying or watching a parade warmly from behind office windows. That’s why businesses located near public events should inform employees of how their offices will be impacted during the holiday season.

Parades pose various operational risks to property owners and businesses, both inside and outside their buildings. On Nov. 23 alone, at least five large parades will inch their way through the streets of major cities like Chicago and Detroit. Macy’s anticipates 3.5 million spectators to pack New York City’s streets for its annual Thanksgiving Day Parade. That means 2.5 miles of barriers and street closings in the “frozen zone” between 77th and 34th streets, and businesses in the country’s most congested city should prepare for some disruption.

Theresa Morzello, the managing director for asset services for CBRE in New York City, has advised many companies who stay open or host events coinciding with parades and holidays. She said the first steps in mitigating disruption involve communicating with the event organizers and disseminating that information to tenants.

“This way they’ll know, for example, if one of their building’s entrances will close because of a parade,” Morzello said. “We also make sure that employees and their guests know the protocol for providing documentation for entering and exiting. That is usually handled in advance and lists are provided to security. And there are protocols for what to do when someone doesn’t have it. These are all things we do on a daily basis, but amped up a few levels because of the holidays.”

Morzello also said that property managers often try to utilize vacant office space because there is less potential for damage or disruption there. Wherever the gathering takes place within CBRE’s properties, she advises tenants to consider the following:

Hire elevator operators to help keep guests on their assigned floors.

  • Obtain a temporary alcohol license, if necessary.
  • Confirm that outside caterers are insured.
  • Address if the windows are operable and ensure they are kept closed.

But parades and crowded events are not relegated to big cities, as many major retailers take part in the festivities. Acadia Realty Trust manages hundreds of retail and office properties in the U.S. and Kellie Shapiro, vice president of risk management said clearing a physical path is the first step to mitigate safety risks during a high-traffic season.

“We issue a moratorium on any work during the holiday season. We email tenants reminding them to get everything done before Thanksgiving,” she said. “From then until New Year’s is not the time to have scaffolding and things like that.” She added that capital improvements are suspended across most of Acadia’s portfolio to avoid interfering with tenants’ operations during their busiest season.

Businesses can easily lose track of who’s coming and going during the busy holiday season, Shapiro noted. Acadia’s focus is on knowing its vendors, and she reminds tenants to be diligent about vetting third-party contractors for the sake of safety and reputation.

“You can protect your company by being diligent about who you bring in to your site. You should know who your contractors are – you don’t want to let some criminal just walk right in because you handed over the keys to your building,” Shapiro said. “You would hope tenants, if they saw something suspicious, would pick up the phone. We’d all like to secure something 100% but you have to know your limitations.”

Public safety in the U.S. has been headline news, considering the recent high-profile violence involving weapons and automobiles in just the last two months in Las Vegas, California, Texas and Manhattan. In a recent interview with Risk Management Monitor, Rezwan Ali, risk solutions group head of security at Falck Global Assistance, discussed how businesses and employees should review their emergency plans during high-volume times. He maintained, however, that the odds of being impacted by a terror attack is very low.

“When participating in larger events, such as the Thanksgiving Day Parade in New York, people tend to focus only on the parade and their phones taking pictures and posting on social media,” said Ali. “However, it is important to stay alert and aware of one’s surroundings. Not just to be prepared for terror, but also to prevent being a victim of crime.

buy singulair online https://silvermancare.com/wp-content/uploads/2023/10/jpg/singulair.html no prescription pharmacy

It is recommended to download apps either provided by the authorities or by media outlets that generate alerts allowing you to get direct notifications should anything happen in your vicinity.”