Category Archives: Security

Want to scan your crypto wallet for risks? Check: AML check BTC, USDT, ETH. Checking cryptocurrency wallets for dirty money. You may not be aware of a risky transaction and at any moment, even can increase your AML rating into the red zone.

Most Companies Miss Easiest Ways to Boost Workplace Cybersecurity

Posted on by

Despite increasing attention to cybersecurity and a seemingly constant stream of high-profile data breaches, the primary security method used in businesses worldwide remains the simple password. According to a recent study, the average person now has 19 passwords to remember, so it is not surprising that the vast majority of passwords are, from a security perspective, irrefutably bad, including sequential numbers, dictionary words or a pet’s name.

A new report by software firm Software Advice found that 44% of employees are not confident about the strength of their passwords. While many felt their usage was either extremely or very secure, the group reported, “our findings suggest that users either remain unaware of the rules despite the hype, do not believe them to be good advice or simply find them too burdensome, and thus opt for less secure passwords.

online pharmacy advair with best prices today in the USA

Among the biggest password sins employees commit:

Employee Password Worst Practices

But company culture and IT leadership may be partly to blame. “If management is lax about enforcing best practices, then leadership must share the blame when workers take shortcuts—and perhaps even accept the lion’s share of it,” the report reads.

online pharmacy tobradex with best prices today in the USA

Only 54% of businesses require complex passwords, and other shortcomings in best practice enforcement include:

Enforced Workplace Password Best Practices

White House Cybersecurity Coordinator Michael Daniel has previously said that he “would love to kill the password dead as a primary security method,” and 14% of companies are leading the charge, using biometric identification instead. Clearly, however, there is plenty that IT departments can implement now to boost cybersecurity without adopting advanced and costly measures like retina scans or fingerprints.

online pharmacy buspar with best prices today in the USA

What Proposed Changes to U.K. Counter-Terror Laws Mean for Your K&R Policy

Posted on by

With insurers facing increased scrutiny over indemnity payments from the U.K. government, there could be consequences for companies who regularly put their employees into harm’s way.

When she announced plans for new laws in the Counter Terrorism and Security Bill, Home Secretary Theresa May cited UN estimates that ransom payments have raised up to £28 million ($42 million) for militant group ISIS in the past 12 months.

Observers often ask if the existence of kidnap and ransom (K&R) insurance itself encourages kidnapping for ransom. But for corporate risk managers, the debate is immaterial. They must protect employees and ensure that jobs in danger zones remain attractive to new recruits.

May’s bill amendments, which will be inserted into the Terrorism Act 2000 if passed, do present a potential challenge to the established order and highlight the pivotal role of response consultants (AKA hostage negotiators).

How does K&R actually work?

K&R insurance typically covers against losses related to kidnap incidents, particularly ransoms, lost earnings and the costs for an outsourced expert agency whose job is to handle the case and advise the policyholder on the negotiations. However, the indemnification is only paid out to the policyholders retrospectively, after the hostage situation is over. With such an approach, insurers on the one hand prevent ransom payments spiraling out of control and, on the other hand, remain in the grey area of section 17 of the Terrorism Act 2000.

The new amendments

Under May’s new section 17A, it is now clear that the insurer commits an offense if “it knows or has reasonable cause to suspect” that payments will be handed over in response to a demand made for the benefit of a proscribed organization.

The question for their response consultants will therefore be how much notice they can give their assureds as to whom they are dealing with. Historically, negotiations for release could be made without resorting to identifying the culprit, but now the insurer will have to make sure that they are not engaging with a terrorist on Whitehall’s blacklist.

As of Nov. 28, 2014, there were 74 international terrorist organizations listed under the Terrorism Act 2000. However, a large number of organizations associated with kidnappings are not on the list, which, with a few exceptions, focuses on organizations from Northern Ireland and those operating in the MENASA Region (Middle East, North Africa and South Asia). Of course, kidnappings have increased in the Middle East in recent years, but most kidnappings worldwide are still taking place in Central and South America and Central and Southern Africa. Although the new law only targets proscribed organizations from the MENASA region, insurers have to remain attentive since the home secretary may add organizations to the list at any time.

One thing which hopefully will remain protected are the fees and costs that hostage negotiators charge; this is a critical part of the industry’s service to a market believed to include at least 80% of the Fortune 500 as its clientele.

K&R still valid

From a company’s perspective, K&R is certainly still a valid class of business. There should not be any effect on pricing as the underlying risk has not changed.

However, if your policy is led by insurers domiciled in the U.K., those insurers may be less likely to indemnify kidnappings where the culprits may be loosely associated with a proscribed group. Equivalent insurers in other territories may be less restrained, so some insureds may elect to have their business placed outside the U.K., particularly if they have workers who are frequently operating in the MENASA region.

It is important to understand that corporations are also not allowed to fund payments. From a risk management perspective, where companies do wish to ensure they are able to lawfully pay ransom demands to release their employees, they need to consider in which jurisdictions they should be located so as to lawfully pay ransoms. On a practical level, they need to review with their response companies what protocols they use to identify or qualify the identity of kidnappers who allege, possibly incorrectly, that they are affiliated to terror groups.

The proposed offence aimed at insurers provides:

17A Insurance against payments made in response to terrorist demands

(1) The insurer under an insurance contract commits an offence if –

(A) the insurer makes a payment under the contract or purportedly under it,

(B) the payment is made in respect of any money or other property that has been or is to be, handed over in response to a demand made wholly or partly for the purposes of terrorism, and

(C) the insurer or the person authorising the payment on the insurer’s behalf knows or has reasonably cause to suspect that the money or other property has been, or is to be, handed over in response to such a demand.

This article was originally posted at Airmic.com

Biggest Bank Robberies of the 21st Century

Posted on by

Many of the top perceived risks in the banking industry are focused on new developments. According to last year’s Protiviti survey “Executive Perspective on Top Risks for 2014,” financial services industry professionals projected that the biggest risks would be regulatory changes, cyber threats, and protecting the privacy and security of their customers amid greater use of cloud computing, social media and mobile technology.

One of the oldest threats banks face, however, still packs quite a punch for the bottom line. As Ross Smith of Fast Locksmith illustrates in the infographic below, bank robberies may be more closely associated with the days of Bonnie and Clyde and Old West sheriffs, but they have cost the industry billions since 2000. Check out some of the biggest bank robberies of the 21st century:

Bank Robbery Infographic

 

New Year Resolutions for Better Enterprise Security

Posted on by

Forecasting what the IT security landscape will look like in the year ahead has become an annual technology tradition, and following 2014 as the Year of the Data Breach, I think anyone could make a fairly accurate guess as to what the major trend of the New Year will be: more data breaches.

Forty-three percent of organizations reported a data breach in the past year, a figure that Forrester predicts will rise up to 60% in 2015. And it’s not just the frequency of breaches that we will see escalate in the year ahead, but also that malware will be increasingly difficult to dismantle. P2P, darknet and tor communications will become more prevalent, and forums selling malware and stolen data will retreat further into hidden corners of the Internet in an attempt to avoid infiltration.

By now, it is no longer a matter of if your business is going to be breached, but when. The last thing any organization needs as we enter another year of risk, is a blind side. The good news, though, is that there are ways to prevent them if we act immediately.

We know that an increase in cyber-attacks by stealthier hackers and more sophisticated malware is a sensible prediction – more important, now, is thinking about our resolutions, and how to prepare against what may be lurking ahead.

Here are my top New Year Resolutions for better enterprise security in 2015:

Layer Proactive Defenses

In 2014, many businesses were bitten by data breaches despite spending millions on state-of-the-art, next-generation solutions. In 2015, organizations will have to think smarter and build security from the ground up, layering defenses rather than relying on next-gen panaceas.

Furthermore, this kind of multi-layered approach should encompass more proactive measures – reactive “detective” tactics no longer cut it. Malware has always been hard to detect, and yet I see company after company relying too closely on detection technologies like antivirus (which, believe it or not, works only 50% of the time at best).

Lock Down Data

Following widespread data losses in 2014, businesses should resolve to lock down access to corporate systems and data. This starts with implementing greater control over user accounts and administrative privileges. Employees should always be logging onto systems as a standard user, and even then, businesses need to continue to control and monitor access to files and databases with active anomaly detection. Regular reviews of user roles and their access requirements should become a standard practice.

Ask More Questions

Heartbleed, Shellshock and recently, SChannel attacks have all shaken our confidence in common protocols that underpin much of the internet. Organizations need to practice greater scrutiny in evaluating what is offered by their selected vendors to ensure patching is swift and targeted. Far more questions should be asked around vendors’ processes for code auditing and testing.

Look to Two-Factor Authentication

Many of the attacks of 2014 could have been prevented by two-factor authentication, from the iCloud breach to the eBay compromise. Organizations should be looking to implement two-factor authentication as a way to prevent stolen or shared credentials being used against them. While this method is not a comprehensive solution to address all the security threats we’ll likely face, it does introduce a much needed layer of security.

Don’t Let Security Get in the Way

Stringent security practices are absolutely essential, but they can become a double-edged sword. Locking down system access for instance, although it significantly boosts the organization’s overall security posture, can strike a serious blow to end user productivity. Security must always be top of mind for IT organizations, but you’d be surprised at how quickly appetite to risk changes when its implementation reduces employees’ freedom and flexibility. Here is where deploying strategies like least privilege and sandboxing can have a significant impact by creating a productive and positive working experience for users, without compromising security.

In 2015, businesses should resolve to think smarter about their approach to security. It’s easy to become enamored by the latest glitzy perimeter solutions and invest heavily in next-gen antivirus and firewalls. But, making the most of those investments means thinking more strategically about how they can be layered with more proactive measures and additional safety nets to create a truly defense-in-depth framework. Most of all, we must strive to act on the greatest good principle. After all, IT isn’t the only business stakeholder, and finding a security solution that allows for a seamless user experience is what will most effectively drive adoption – and greater security success.