Для тех, кто интересуется безопасным доступом к онлайн-играм, наш партнер предлагает зеркало Вавады, которое позволяет обходить любые блокировки и сохранять доступ ко всем функциям казино.

Pregnancy-Tracking Apps Pose Challenges for Employees

As more companies embrace health-tracking apps to encourage healthier habits and drive down healthcare costs, some employees are becoming uncomfortable with the amount and types of data the apps are sharing with their employers, insurance companies and others.

This is especially true for apps that track fertility and pregnancy. As the Washington Post recently reported, these apps collect huge amounts of personal health information, and are not always transparent about who has access to it. The digital rights organization Electronic Frontier Foundation even published a paper in 2017 titled The Pregnancy Panopticon detailing the security and privacy issues with pregnancy-tracking apps. Employers can also pay extra for some pregnancy-tracking apps to provide them with employees’ health information directly, ostensibly to reduce health care spending and improve the company’s ability to plan for the future.

Given the documented workplace discrimination against women who are pregnant or planning to become pregnant, users may worry that the information they provide the apps could impact employment options or treatment by colleagues and managers. Pregnancy-tracking apps also collect infinitely more personal data than traditional health-tracking apps and devices like step-counters or heart rate monitors. This can include everything from what medications users are taking and when they are having sex or their periods, to the color of their cervical fluid and their doctors’ names and locations.

Citing discomfort with providing this level of information, the Washington Post reported some women have even taken steps to obscure their personal details when using the apps, for fear that their employers, insurance companies, health care providers or third parties may have access to their data and could use it against them in some way. They use fake names or fake email addresses and only give the apps select details or provide inaccurate information. Fearing the invasion of their newborn children’s privacy, some have even chosen not to report their children’s births on the apps, despite this impacting their ability to track their own health and that of their newborn on the app.

Like many other apps or online platforms, it may be difficult to parse out exactly what health-tracking apps are doing with users’ information and what you are agreeing to when you sign up. When employers get involved, these issues get even more difficult. By providing incentives—either in the form of tangible rewards like cash or gift cards, or intangible benefits such as looking like a team player—companies may actually discourage their employees from looking closely at the apps’ terms of use or other key details they need to fully inform the choice to participate or not.

While getting more information about employees’ health may offer ways to improve a workforce’s health and reduce treatment costs, companies encouraging their employees to use these apps are also opening themselves up to risks. As noted above, apps are not always transparent as to what information they are storing and how. Depending on the apps’ security practices, employees’ data may be susceptible to hacking or other misuse by third-party or malicious actors. For example, in January 2018, fitness-tracking app Strava released a map of users’ activity that inadvertently exposed sensitive information about military personnel’s locations, including in war zones. Given the kinds of personal details that some apps collect, health app data could also put users at risk of identity theft or other types of fraud.

Tracking, storing, and using workers’ personal health information also exposes employers and insurance companies to a number of risks and liabilities, including third-party data storage vulnerabilities and data breaches. This is especially important in places governed by stringent online data protection regulations like the European Union’s General Data Protection Regulation (GDPR). In addition to the risks of reputation damage, companies that are breached or otherwise expose employees’ personal information could face significant regulatory fines.

People using health-tracking apps, especially fertility-related apps, should weigh the costs and benefits of disclosing personal information against how apps and others are using this information. Companies who encourage their employees to use these apps and collect their personal health details should also be as transparent as possible about how they are using it, and implement measures to protect workers’ personal data to the fullest extent possible and ensure that managers are not using this data to discriminate against workers.

Should Companies Ban USBs?

Earlier this month, a Chinese woman was arrested after attempting to enter President Donald Trump’s Mar-a-Lago resort while in possession of a number of suspicious electronic devices, including a USB flash drive. Apparently, the drive contained code that allows malicious software to run immediately after being plugged in, though it is still unclear what kind of malware it was. According to news reports, law enforcement also found nine other USB drives in the woman’s hotel room. If someone was able to connect a USB device to a computer on the resort’s network, attackers might be able to access all sorts of sensitive information and potentially gain control of machines on the network.

Historically, USB use has also aided insider threats, whether in the form of employees inadvertently infecting a corporate device or network with a found USB drive, or purposefully causing an infection or removing sensitive information via USB. In perhaps one the most high-profile of such cases, Edward Snowden reportedly removed NSA documents from a Hawaii facility on a flash drive before fleeing the country and providing those documents to members of the media.

Beyond the headlines, these devices continue to pose everyday risks. People mindlessly plug in flash drives, or carry their business’s most important documents on them that could accidentally be left in a hotel room or at a conference packed with corporate rivals. As companies evaluate their security policies and how to best secure their data, many are moving away from using USB or even banning them outright.

In May 2018, IBM did just that. The company’s global chief information security officer Shamla Naidoo said that IBM “is expanding the practice of prohibiting data transfer to all removable portable storage devices (eg: USB, SD card, flash drive),” and that the prohibition would apply to IBM operations worldwide, who will now rely entirely on the company’s cloud-based storage. Naidoo cited the danger of missing storage devices leading to “financial and reputational damage” as the motivation for the prohibition going forward, and acknowledged that the move may be disruptive for some departments and employees.

A 2016 University of Illinois study also showed that the now-proverbial nightmare scenario of an employee inserting a USB they found in a parking lot is actually realistic. After dropping 297 flash drives on a university campus, researchers found that people opened one or more files on 45% of the drives without taking any precautions, and that people moved 98% of the drives from the drop locations. The study’s authors noted that their results suggested that people may have picked up the drives and opened files motivated by altruism (finding the owner) and curiosity. But regardless of intent, simply plugging a flash drive into company computer can unleash any number of viruses, malware, or other cyber maladies on the company’s network.

Of course, doing away with USBs is also not a security panacea. As always, the user is the weakest part of any IT security plan, and even if a business does decide to ban USB storage devices and move their data storage to cloud-based options, employees should still be trained on password protection strategies and other security hygiene best practices. To make employee cyber-awareness training more effective, check out these tips from Risk Management.

67% of Hotel Websites Expose Guest Data, Study Finds

According to new research from cybersecurity company Symantec, 67% of hotel websites are leaking customer reservation details and other personal information. Candid Wueest, the company’s principal threat researcher, tested more than 1,500 hotels in 54 countries, including low-cost to high-cost hotels, as well as both chain and independent hotels.

buy tobradex online desiredsmiles.com/wp-content/uploads/2023/10/tobradex.html no prescription pharmacy

symantec hotel data exposureWhen a customer uses a hotel’s website to book a room, the site usually creates and sends them a link so that the customer can directly access  and manage their reservation.

buy desyrel online desiredsmiles.com/wp-content/uploads/2023/10/desyrel.html no prescription pharmacy

According to Symantec, part of the problem is that third-party advertisers on hotels’ booking websites and web analytics companies (which track web traffic) can access customers’ bookings because they also get those links. This means that advertisers and analytic companies – including any potential malicious actors among their employees – could access and steal the information that the customer entered when booking a room, and even change or cancel the reservation.

Symantec also found that more than a quarter of the hotel websites examined do not send secure, encrypted links in their confirmation emails. Encrypted links prevent anyone trying to hijack a customer’s data from being able to see that data. If a customer received a confirmation email while using an unprotected WiFi (a public network in a café or an airport, for example), a cybercriminal could intercept that customer’s emails and use the unencrypted hotel booking link to access the customer’s booking. Some of these automatically generated links also contain details like customers’ email addresses in the web address, which makes accessing their information even easier for cybercriminals.

Additionally, many hotel websites are vulnerable to a type of cyberattack called “brute forcing,” where an attacker can use the customer’s email address and guess their booking number to gain access to the reservation and personal information. In some cases, Symantec found that hotel websites did not even require an email address to access customers’ reservation information via brute forcing. Though this method would not be useful to gain access to large amounts of customer data, attackers could use it to target individuals, like a specific CEO or conference attendee.

Wueest noted that hotels have thus far been slow to respond to these data exposure risks, and some have not responded at all. When he alerted the hotels’ data privacy officers to the problems in their sites, 75% responded, and those who did took an average of 10 days. Hotels and their information security staff should promptly assess their booking processes to ensure they are minimizing the risk of potential data leaks and breaches.

buy elavil online desiredsmiles.com/wp-content/uploads/2023/10/elavil.html no prescription pharmacy

By leaving these gaps in their websites’ security, they are endangering their customers and opening themselves up to risk, including potential liabilities and reputational damage.

Symantec recommends that hotels use encrypted links, and ensure that the automatic links generated do not include information like customers’ email addresses. It also recommends that customers use Virtual Private Networks (VPNs, services that protects users’ internet traffic) when booking or accessing their reservations using public WiFi to prevent any cyberattacker from intercepting any information that would provide a way in.

The report should also serve as a reminder that corporate employees’ personal devices and personal information are popular targets for cybercriminals and can be especially vulnerable to risks while traveling. Any time an employee exposes their devices to unprotected networks or, in this case, insufficiently protected websites, it leaves both the employee and their employer at risk. Even if an employee is using their own device to conduct business, it still endangers their employer because it may expose valuable business information. Cybercriminals have particularly used the hospitality industry as a hunting ground for such attacks, for example, targeting individuals using hotel WiFi, tricking them into downloading malicious software and stealing their information or spying on their internet activity.

RIMS Report: Active Shooter Preparedness For Your Organization

More than 51 mass shootings have already been documented by GunViolenceArchive.org in 2019, many of which occurred in commercial settings and workplaces. It is clear that workplace shootings are occurring regularly in the United States. By customizing an active shooter plan that focuses on prevention, training, feedback and post-incident protocols, employees will be mentally and physically prepared to react to violent threats, according to a new RIMS Professional Report titled, “Active Shooter Preparedness for Your Organization.”

Authored by RIMS Business Content Writer Justin Smulison and featuring insight from workplace violence and business continuity experts, the report highlights opportunities for risk professionals and their organizations to identify warning signs of potential attacks, best practices in communication and pre-event training, as well as strategies to implement a coordinated effort that minimizes injuries, property damage and reduces uncertainties.

“Physical security measures are nothing more than deterrents,” said Steve Smith, founder and president of Guardian Defense and report contributor. “Every individual in the organization needs to know how to respond to an active threat in order to mitigate the situation. Risk professionals are well-positioned within their organizations to drive discussions, awareness and take a leading role in the development of a workplace violence prevention and response strategy.”

The report is currently available exclusively to RIMS members. To download the report, visit RIMS Risk Knowledge library at www.RIMS.org/RiskKnowledge. For more information about the Society and to learn about other RIMS publications, educational opportunities, conferences and resources, visit www.RIMS.org.

For more threat preparedness insight from Steve Smith, download his interview on RIMScast and read his Q&A about school preparedness on Risk Management Monitor.