Three Ways to Reduce Insider Threat Risks During COVID-19

Posted on November 30, 2020 by Mike McKee

Months into the pandemic, organizations have recovered from the initial emergency of trying to ensure that their employees could safely work from home. They now realize that this remote reality will be extended—and they need to determine if they have the right cybersecurity protections in place. Most importantly, they need to stop insider threats, which account for more than 30% of all data breaches.

A long-term commitment to remote work requires a commitment to stopping data loss due to compromised, negligent, or malicious insiders. According to the Ponemon Institute, before the pandemic, the average annual global cost of insider threats rose by 31% in two years to $11.45 million, and the frequency of incidents spiked by 47% in the same period. Security teams are in a constant battle to stop cybercriminals from stealing employee credentials, prevent malicious employee action, and correct accidental user behaviors—all of which can result in unintended data loss. Three ways to reduce insider threat risk are:

1. Conduct a Comprehensive Insider Threat Risk Assessment

Each organization has a unique set of risks from insider threats. Be sure to complete a comprehensive risk assessment to identify your most important data and systems, who can access them, and the security controls you have in place to protect your organization. It is important to remember that data loss potential increases every time new information is created and stored. An organization’s most valuable assets (its people, including employees, contractors and partners) can also become its greatest vulnerability without sufficient data controls in place.

After assessing your environment, focus on identifying key risks and weaknesses to address. Successful elements include building a dedicated insider threat function to protect sensitive data, investing in training, and providing real-time policy reminders for users. Work with your HR team to educate and empower employees in subjects like secure data handling, security awareness, and vigilance. Following these steps will address and mitigate insider threats while establishing consistent, repeatable processes that are fair to all employees.

2. Place People at the Center

From a risk standpoint, organizations must place people at the center of their overall cybersecurity strategy—especially as the workforce becomes more distributed. According to Proofpoint, more than 99% of cyberattacks require human interaction to be successful. Chances of a successful attack only increase when employees are remote. Ultimately, data does not just get up and walk away—it requires someone to perform an action. So a people-centric security approach is necessary to mitigate critical risks across email, the cloud, social media and the web.

First, significantly limit access to non-essential data. Second, limit how long specific users can access the information they need to complete a task. For example, not everyone needs access to customer records. Be sure your security technology can differentiate between malicious acts, accidental behavior, and cybercriminal attacks using compromised employee accounts. This intelligence helps organizations respond according to the incident and provides context around the activities that took place.

Finally, detecting and preventing insider threats is a team sport. It is important to ensure the right stakeholders from each department are involved in your security program. This should include operations, human resources, IT, legal, and of course security.

3. Insider Threat Technology at Work

Organizations need to take a holistic approach to combating insider threats, especially during the pandemic. When assessing insider threat technology, be sure to first consider the performance impact of any solution and its associated scalability, ease of management, deployment, stability and flexibility. Select a solution that provides visibility into user behavior while complementing the tools your organization already uses.

A dedicated insider threat solution reduces threats by helping organizations identify user risk, prevent data loss, and accelerate incident response. This approach also distinguishes malicious acts from simply careless or negligent behavior.

online pharmacy amaryl with best prices today in the USA

A more comprehensive cybersecurity program, while also putting training in place, can address negligent behavior before it becomes a security concern.

In 2020, everything about how and where we work changed.

online pharmacy lexapro with best prices today in the USA

Unfortunately, both external and insider data breaches are accelerating. Organizations are losing more data due to compromised, negligent, or malicious insiders, so it is time to place people at the center of your cybersecurity strategy. Today’s COVID-19 reality weighs heavily on security teams.

online pharmacy biaxin with best prices today in the USA

An effective combination of people, process, and technology can help remediate one of the most critical risk factors facing organizations around the world today.

How Businesses Can Become More Eco-Responsible

Posted on November 13, 2020 by Lauren Consiglio

The Environmental Protection Agency (EPA) estimates that 75% of the U.S. waste stream is recyclable, yet only about 30% of it is recycled. Even though individuals can be more diligent in their daily lives, businesses can make a larger difference at a greater scale, while setting a precedent for people within their company. This weekend’s America Recycles Day, celebrated on November 15, is a great opportunity to take action.

In addition to the obvious positives for the planet, risk professionals should be aware that sustainability initiatives can also create business value—saving money, advancing reputation and building a better community of people, among other benefits. While sustainability risk management is a newer area of business strategy, many companies have proven how profit and success can align with green strategies and policies, as well as the negative effects of not complying.

As the global focus on sustainability continues to gain traction, creating good sustainability practices could be the way to future-proof businesses from tomorrow’s policies. Some tips on how to start making a difference right now include:

Instituting a Green Policy

A green policy is a company’s statement about its commitment to sustainability and environmental management. It should contain components such as a declaration, what the company is trying to achieve, and how it will accomplish these goals, all of which will help put the plans in place and achieve them. It will not only position the company well—showing both staff and prospective clients or customers where the company stands on the issue and how it intends to carry out its green objectives—but will also show that the company is trustworthy enough to be transparent in its efforts.

Businesses can use this accountability to inspire action. Packaging retailer RAJA’s operations director Mark O’Neill explained how this culpability helps the team to keep pushing sustainability efforts: “We recognise our responsibility to protect the environment and are committed to continual improvement in sustainability. Our business is internally audited once per year. This ensures we are accountable and aligned with our core green policy point, adopting best practices to our activities wherever practicable.”

An Eco-Training Program

Once the green policy is in place, the company will need its staff on board too. Generally, people wantto be responsible, but knowing what can be recycled, how to recycle it and where to recycle it can cause confusion. By educating employees on ways to be more eco-responsible, rather than just telling them they are expected to be, they can feel confident in their choices, and the impact that they can have.

America Recycles Day (November 15) or other environment-related occasions are the ideal time to work on these issues. For example, the company could send out a quick survey to staff beforehand, gauging gaps in their knowledge, then hold a kick-off event that will provide information that will be useful for their life both inside and outside of the office, while answering any questions they may have. The company can also incentivize eco-responsible behavior, reinforcing good habits around the office.

Greener Energy: Reduce and Renew

According to a recent Deloitte study, over half of U.S. businesses have increased their commitment to renewable energy in response to reports warning of a worsening climate crisis. There are also ways for businesses to reduce their overall energy use, regardless of whether it is renewable or not. The company can start as small as making its lighting eco-friendlier with energy-efficient LED lights and putting timers on the building’s thermostats to limit unneeded energy use.

buy naprosyn online https://hunterdonradiology.com/wp-content/uploads/2023/10/jpg/naprosyn.html no prescription pharmacy

And, ensure staff switch off monitors, projectors and TV screens at the end of the day to conserve energy through the night.

Having the business go remote can also help your business become greener. For one, people are traveling to and from work less during the COVID-19 pandemic.
buy udenafil online https://royalcitydrugs.com/udenafil.html no prescription
According to Global Workplace Analytics, if people worked from home just half the time, the nation could save over $700 billion per year. If the company’s staff is now working from home, it can be useful to pass on the same information for employees’ home offices, including tips on how to save energy by via their lights, thermostats and monitors.

Providing Staff Green Goods

Providing staff with gifts is a good way to incentivize them to become more eco-conscious, and it can help the company be greener as a community, too. It is estimated that somewhere between 4.8 million tons of plastic enters our oceans each year, taking hundreds of years to biodegrade, if at all. Two cost-effective items the company could provide its employees are a reusable water bottle and a reusable coffee cup. The United States is the leading consumer of coffee in the world, at 400 million cups of coffee a day, while studies suggest that Americans make their way through 2.5 million plastic bottles every hour. These two items, therefore, will help to make businesses more streamlined in its eco-responsibilities, while also addressing bigger environmental problems.

Applying the Pareto Principle for Personal and Professional Success

Posted on November 5, 2020 by Dr. Mark Farrell

Vilfredo Pareto, an Italian economist born in 1848, was apparently also a keen gardener, and like all keen gardeners, Vilfredo knew not all plants are created equal. Some of them produced a great crop of abundance, and some of them had very little to offer. In fact, legend has it that Vilfredo noticed that 20% of his pea plants were producing 80% of the healthy pea produce.

This realization set Vilfredo on a voyage of discovery of other uneven distributions in life, particularly in relation to wealth. His discovery that 80% of the wealth in Italy was owned by 20% of the population was later found to be broadly true across many cities, countries and other geographic areas. This uneven 80/20 distribution formed the basis of what we today call the “Pareto Principle” or the “80/20 rule,” in recognition of the more general imbalance of inputs and outputs in many aspects of life.

For example, it has been found that:

20% of employees are responsible for 80% of results
20% of customers account for 80% of profits
20% of content in content marketing produces 80% of traffic
80% of pollution originates from 20% of all factories

These rules are not set in stone and the ratio often will not be exactly 80/20, but this uneven distribution of the “vital few and trivial many” is found in many aspects of life and business.

So, why does this matter, and what are the practical implications for you as a risk manager and an individual managing your own personal life?

Risk Management Applications

Risk management often involves examining a seemingly never-ending list of things that can go wrong and may result in negative consequences. There are many different drivers that can increase either the likelihood or severity of a risk event and risk professionals are tasked with trying to prioritize the risks and focus on the key drivers.

The Pareto Principle can help to clarify prioritization in risk management. For example, the 80/20 rule has been evidenced within occupational health and safety, with 20% of hazards shown to account for 80% of injuries. Other cited examples include 80% of computer system crashes coming from 20% of reported bugs, and 20% of drivers causing 80% of accidents.

The 80/20 rule serves as an important reminder that not all risk drivers are equal and that a key aspect of risk management is the ability to truly understand the drivers behind risks so that we can focus our attention on those that matter most.

Personal Implications

Perhaps one of the most profound personal takeaways from the Pareto Principle is the application to personal time management. We all know that some people manage to achieve extraordinary success in life, despite the fact that we are all constrained by the same 24 hours in each day. Arguably, many of the most successful business people are masters of prioritization and applying the 80/20 rule to their own personal time management. They recognize that not all tasks are created equal and, hence, they will carefully think about which tasks are their top 20% that will result in an 80% output. Then they get to work doing these tasks and delete, delegate or defer the other 80%. So the next time you have a list of 10 things on your to-do list, make sure to carefully choose the top two and get to work on them.

Only 18% of IT Pros Confident in Current Password Risk Management

Posted on October 22, 2020 by Adam Jacobson

Many are having trouble maintaining the security of their employees’ log-in information, resulting in serious risks to their networks and private information. According to a recent LastPass and VansonBourne survey of 750 IT and security professionals in the United States, United Kingdom, France, Germany, Australia and Singapore, only 18% feel their company’s current access security is “fully secure and does not require improvement.” Risk management professionals have a significant role to play in determining how their organizations handle these risks and protect their data.

Some of the biggest ways that employees’ poor password management creates potential security threats to organizations’ data, according to the security professionals surveyed, are password reuse (according to 67%), weak passwords (65%), and not changing default passwords (36%), according to the security professionals surveyed. Nearly all respondents (95%) said that the risks that come along with using passwords create threats to the organization.

Given the importance of strong login information, companies often attempt to implement password rules to reduce security risks, such as requiring employees to choose complex passwords and change them frequently. However, these issues can lead to frustrations for both IT staff and employees. According to the LastPass/VansonBourne survey, the top frustrations for IT are employees reusing passwords for multiple applications, forgetting their passwords, and the time it takes to manage the company’s passwords. Employees are frustrated by having to regularly change their passwords, remember multiple passwords, and type long and complicated passwords.

The rapid increase in the number of employees working from home due to the COVID-19 pandemic has also exacerbated the risks, given a corresponding surge in cyberattacks on remote workers since March. Many employees are now working on home networks that may not have the protections that office networks offer, their passwords may not follow the stringent guidelines their companies would normally require, and they may store their passwords in less secure ways. In fact, Entrust Datacard released a survey showing that 42% of employees working from home kept passwords by physically writing them down, while 34% saved them in their phones and 27% kept them on their computers. The survey also found that almost 20% of employees reused passwords across multiple systems, which could make it easier for malicious actors to compromise those systems.

Maintaining Secure Logins

There are ways for risk professionals to help protect their companies’ systems and data. Experts recommend mandatory cybersecurity training for all employees, including instructions on how to choose adequate passwords, how often to change them and how to avoid cyber threats like phishing and malware.

There are also technological ways that risk managers can help secure their organizations’ passwords. As a first step, the National Institute for Standards and Technology (NIST) recommends that organizations ensure that employees’ passwords do not match those exposed in previous data breaches.

buy cipro online healthdirectionsinc.com/flash/swf/cipro.html no prescription pharmacy

There are publicly available services online that allow users to check whether email addresses and passwords have been compromised in breaches.

Additionally, the NIST recommends that employers restrict passwords to those that are not dictionary words, are not made up of repeated or sequential characters (such as 11111 or 12345 or qwerty), and do not contain specifics like the company’s name or the user’s name. NIST also suggests using multi-factor authentication (MFA), which would require employees to provide their login and password as well as a second piece of information, biometric data, or a physical device like a security key to verify their identity and log in.

With so many passwords to remember, a password manager—a program that stores and creates multiple complex passwords—may also be a good choice for organizations to protect their systems.

buy hydroxychloroquine online healthdirectionsinc.com/flash/swf/hydroxychloroquine.html no prescription pharmacy

Like all security precautions, password managers are not perfect. While still recommending their use, the Electronic Frontier Foundation warns that “using a password manager creates a single point of failure,” “password managers are an obvious target for adversaries” and “research suggests that many password managers have vulnerabilities.

buy tretiva online healthdirectionsinc.com/flash/swf/tretiva.html no prescription pharmacy

”

While a password manager or single sign-on technology can have benefits like faster authentication and letting employees remember fewer passwords, they also have downsides. The IT professionals surveyed by LastPass cited “the initial financial investment required to migrate to such solution,” “the regulations around the storage of the data required,” and “the initial time required to migrate to new types of methods” as the biggest challenges about using this technology. Additionally, 74% surveyed said that they thought employees at their companies would likely prefer to continue using passwords over passwordless methods because it was more familiar.

Risk Management Monitor

The Risk Management Blog