Category Archives: Cyber Crime

Immediate Vault

On Data Privacy Day, Catch Up on These Critical Risk Management and Data Security Issues

Posted on by

Happy Data Privacy Day! Whether it is cyberrisk, regulatory risk or reputation risk, data privacy is increasingly intertwined with some of the most critical challenges risk professionals face every day, and ensuring security and compliance of data assets is a make or break for businesses.

buy prevacid online www.soundviewmed.com/wp-content/uploads/2023/10/jpg/prevacid.html no prescription pharmacy

In Cisco’s new 2021 Data Privacy Benchmark Report, 74% of the 4,400 security professionals surveyed saw a direct correlation between privacy investments and the ability to mitigate security losses. The current climate is also casting more of a spotlight on privacy work, with 60% of organizations reporting they were not prepared for the privacy and security requirements to manage risks with the shift to remote work and 93% turning to privacy teams to help navigate these pandemic-related challenges. Amid COVID-19 response, headline-making data breaches and worldwide regulatory activity, data privacy is also a critical competency area for risk professionals in executive leadership and board roles, with 90% of organizations now asking for reporting on privacy metrics to their C-suites and boards.

“Privacy has come of age—recognized as a fundamental human right and rising to a mission-critical priority for executive management,” according to Harvey Jang, vice president and chief privacy officer at Cisco. “And with the accelerated move to work from anywhere, privacy has taken on greater importance in driving digitization, corporate resiliency, agility, and innovation.”

In honor of Data Privacy Day, check out some of Risk Management’s recent coverage of data privacy and data security:

CPRA and the Evolution of Data Compliance Risks

Also known as Proposition 24, the new California Privacy Rights Act (CPRA) aims to enhance consumer privacy protections by clarifying and building on the expectations and obligations of the California Consumer Privacy Act (CCPA).

Frameworks for Data Privacy Compliance

As new privacy regulations are introduced, organizations that conduct business and have employees in different states and countries are subject to an increasing number of privacy laws, making the task of maintaining compliance more complex. While these laws require organizations to administer reasonable security implementations, they do not outline what specific actions should be taken. Proven security frameworks like Center for Internet Security (CIS) Top 20, HITRUST CSF, and the National Institute of Standards and Technology (NIST) Framework can provide guidance.

Protecting Privacy by Minimizing Data

New obligations under data privacy regulation in the United States and Europe require organizations not only to rein in data collection practices, but also to reduce the data already held. Furthering this imperative, over-retention of records or other information can lead to increased fines in the case of a data breach.

buy ocuflox online www.soundviewmed.com/wp-content/uploads/2023/10/jpg/ocuflox.html no prescription pharmacy

As a result, organizations are moving away from the practice of collecting all the data they can toward a model of “if you can’t protect it, don’t collect it.”

3 Tips for Protecting Remote Employees’ Data

As COVID-19 continues to force many employees to work from home, companies must take precautions to protect sensitive data from new cyberattack vulnerabilities. That means establishing organization-wide data-security policies that take remote workers into account and inform them of the risks and how to avoid them. These three tips can help keep your organization’s data safe during the work-from-home era.

What to Do After the EU-US Privacy Shield Ruling

It was previously thought that the EU-US Privacy Shield aligned with the EU’s General Data Protection Regulation (GDPR), but following the CJEU’s recent ruling, the Privacy Shield no longer provides a mechanism for legitimizing cross-border data flows to the United States. This has far-reaching consequences for all organizations that currently rely on it. In light of the new ruling, risk professionals must help their organizations to reevaluate data strategies and manage heightened regulatory risk going forward.

The Risks of School Surveillance Technology

Schools confront many challenges related to students’ safety, from illnesses, bullying and self-harm to mass shootings. To address these concerns, they are increasingly turning to a variety of technological options to track students and their activities. But while these tools may offer innovative ways to protect students, their inherent risks may outweigh the potential benefits. Tools like social media monitoring and facial recognition are creating new liabilities for schools.

2020 Cyberrisk Landscape

As regulations like CCPA and GDPR establish individuals’ rights to transparency and choice in the collection and use of their personal data, one can expect to see more people exercise these rights.

buy doxycycline online www.soundviewmed.com/wp-content/uploads/2023/10/jpg/doxycycline.html no prescription pharmacy

In turn, businesses need to ensure they have formal and efficient processes in place to comply with such requests in the clear terms and prompt manner these regulations require, or risk fines and reputation fallout. These processes will also need to provide sufficient documentation to attest to compliance, so if businesses have not yet already, they should be building auditable and iterative procedures for “data revocation.”

Data Privacy Governance in the Age of GDPR

As personal information has become a monetizable asset, risk, compliance and data experts have increasingly been forced to address the regulatory and operational ramifications of the rapid, mass availability of personal customer and employee data circulated both inside and outside of organizations. With new data protection regulations, Canadian and U.S. companies must reassess how they process and safeguard personal information.

Key Features of India’s New Data Protection Law

Among the new data protection laws on the horizon is India’s Personal Data Protection Bill. While the legislation has not yet been approved and is likely to undergo changes before it is enacted, its fundamental structure and broad compliance obligations are expected to remain the same. Companies both inside and outside India should familiarize themselves with its requirements and begin preparing for how it will impact their data processing activities.

After COVID, Cyberrisks Top Agenda for Risk Professionals in India, Marsh and RIMS Report

Posted on by

For risk professionals in India, the COVID-19 pandemic has underscored the critical need to build business resilience and develop mature yet flexible business continuity plans to address both short- and long-term threats. In the new Marsh and RIMS report Excellence in Risk Management India 2020, Spotlight on Resilience: Risk Management During COVID-19, 63% of risk professionals in India said a new pandemic or continued fallout from COVID-19 was a top risk facing their organization, followed by cyberattacks (56%), data fraud or theft (36%), failure of critical infrastructure (33%), fiscal crises (31%), and extreme weather events (25%).

This mix of top risks illustrates the critical task before risk professionals heading into 2021: ensuring capability and procedures to respond to fast-emerging disasters, while not losing sight of the critical work to boost baseline resilience against foreseeable risks across the enterprise.

“Organizations need to balance their focus between longstanding and emerging risks,” said Sanjay Kedia, country head and CEO of Marsh India. “While there has long been an awareness of weather-related risks, low-frequency risks generally receive less attention. The pandemic has underlined the need for risk managers to keep all perils on their radar.”

Indeed, Marsh and RIMS found risk assessment and modeling are critical gaps for India-based risk professionals to focus on to mature their risk management programs. “As businesses recover from COVID-19, many senior leaders are shifting attention to questions of resilience.

buy nizoral online greendalept.com/wp-content/uploads/2023/10/nizoral.html no prescription pharmacy

But, as our survey shows, the use of advanced risk management techniques in India remains limited—for example, more than one-fifth of respondents do not assess or model emerging risks,” the report noted.

This is particularly the case with emerging cyberrisks. Cyberattacks and data loss or theft ranked among the top three threats, and the pandemic escalated the already rising number of cyberthreats to companies in India with the shift to remote work, online business, and ransomware attacks. Indeed, the report noted that the pandemic led to a surge in cyberattacks against Indian companies, with New Delhi among the top 10 most often attacked cities with regard to ransomware in 2020, and more than a third of Indian respondents to a June survey by Microsoft reporting they had fallen prey to a pandemic-related phishing email. Yet only a third of respondents to the Marsh/RIMS report said they model potential cyber loss scenarios, and only 26% plan to do so in the next year. Key cyberrisk management measures and the rate of implementation among Indian companies include:

Whether it is phishing attacks on employees or internet outages interrupting operations in the supply chain, the report notes that the next major event for Indian companies could well be a cyberattack. Focusing on building cyber resilience was one of the report’s four key recommendations, noting “organizations should shift their focus from solely trying to prevent an attack to accepting the inevitability of a cyber event and taking action to mitigate its effect.”

The report’s other top recommendations for risk professionals in India were:

  • Regularly review existing business continuity plans – “Companies should carefully review and refine their business continuity plans. They should ensure their plans enable them to respond effectively to threats that bring short-term pain and long-term and widespread challenges, as is the case with COVID-19.”
  • Embrace the changing working environment – “Lockdowns intended to stem the spread of COVID-19 required many companies to quickly move to remote working, change their business models, and implement new safety measures upon return to the workplace. Other perils, like a natural disaster, could necessitate and precipitate such shifts, even if shorter in duration. Businesses should invest in structures that allow employees to work remotely effectively, efficiently, and safely and should educate employees on new ways of working under changing circumstances.”
  • Remap and remodel your supply chain – “The COVID-19 pandemic emphasizes the need to re-examine supply chains regularly, with special focus on understanding the resilience and reliance of vendors. Companies would benefit from understanding their vendors’ ecosystems; both to provide a clearer view of how they could be affected by different risks and to review contracts to better understand liabilities.
    buy inderal online greendalept.com/wp-content/uploads/2023/10/inderal.html no prescription pharmacy

Moving forward, there is considerable room for risk professionals to be more involved in scenario analysis and strategy

In December, RIMS introduced additional resources specifically for risk professionals in India looking to elevate their risk practice. The report was released around the recent RIMS Virtual Risk Forum India 2020, which brought together hundreds of risk and insurance professionals from across India and around the world. Soon thereafter, the risk management society also announced the official formation of a RIMS India Chapter.

“The exchange of knowledge and experience drives the risk management profession, allowing practitioners to more effectively enhance corporate decision-making, strengthen resiliency and leverage new and exciting opportunities for their organizations,” said Roop Kumar, chief of risk at SBI Life and inaugural president of the India chapter’s board of directors. “RIMS India Chapter will quickly become an exceptional resource for all business leaders. We look forward to delivering cutting-edge risk management insight to support our members as they advance their programs and their careers.”

Other members of the inaugural board of the India chapter include: Keerthana Mainkar, head ERM at Infosys; Amol Padhye, head of market risk at HDFC Bank; Amber Gupta, head legal and corporate secretary at Birla Sunlife Insurance; Anand Shirur, CEO of Digitangle Consulting PVT, Ltd; Steward Doss, associate professor at National Insurance Academy; Monika Mittal, professor at BIMTECH; Shibyanshu Sharma, vice president of risk management at SBI Life; and Yogesh Ghorpade, head of ERM and insurance lead at Thermax Industries.

“RIMS India’s Board of Directors truly represent a cross-section of the country’s risk management community,” said Gopal Krishnan K S, head of RIMS India Operations. “The Society looks forward to learning from their unique experiences and welcoming others to contribute so that, together, we can develop the highest standard of risk management education to address corporate India’s biggest concerns.

buy cozaar online greendalept.com/wp-content/uploads/2023/10/cozaar.html no prescription pharmacy

Three Ways to Reduce Insider Threat Risks During COVID-19

Posted on by

Months into the pandemic, organizations have recovered from the initial emergency of trying to ensure that their employees could safely work from home. They now realize that this remote reality will be extended—and they need to determine if they have the right cybersecurity protections in place. Most importantly, they need to stop insider threats, which account for more than 30% of all data breaches.

A long-term commitment to remote work requires a commitment to stopping data loss due to compromised, negligent, or malicious insiders. According to the Ponemon Institute, before the pandemic, the average annual global cost of insider threats rose by 31% in two years to $11.45 million, and the frequency of incidents spiked by 47% in the same period. Security teams are in a constant battle to stop cybercriminals from stealing employee credentials, prevent malicious employee action, and correct accidental user behaviors—all of which can result in unintended data loss. Three ways to reduce insider threat risk are:

1. Conduct a Comprehensive Insider Threat Risk Assessment

Each organization has a unique set of risks from insider threats. Be sure to complete a comprehensive risk assessment to identify your most important data and systems, who can access them, and the security controls you have in place to protect your organization. It is important to remember that data loss potential increases every time new information is created and stored. An organization’s most valuable assets (its people, including employees, contractors and partners) can also become its greatest vulnerability without sufficient data controls in place.

After assessing your environment, focus on identifying key risks and weaknesses to address. Successful elements include building a dedicated insider threat function to protect sensitive data, investing in training, and providing real-time policy reminders for users. Work with your HR team to educate and empower employees in subjects like secure data handling, security awareness, and vigilance. Following these steps will address and mitigate insider threats while establishing consistent, repeatable processes that are fair to all employees.

2. Place People at the Center

From a risk standpoint, organizations must place people at the center of their overall cybersecurity strategy—especially as the workforce becomes more distributed. According to Proofpoint, more than 99% of cyberattacks require human interaction to be successful. Chances of a successful attack only increase when employees are remote. Ultimately, data does not just get up and walk away—it requires someone to perform an action. So a people-centric security approach is necessary to mitigate critical risks across email, the cloud, social media and the web.

First, significantly limit access to non-essential data. Second, limit how long specific users can access the information they need to complete a task. For example, not everyone needs access to customer records. Be sure your security technology can differentiate between malicious acts, accidental behavior, and cybercriminal attacks using compromised employee accounts. This intelligence helps organizations respond according to the incident and provides context around the activities that took place.

Finally, detecting and preventing insider threats is a team sport. It is important to ensure the right stakeholders from each department are involved in your security program. This should include operations, human resources, IT, legal, and of course security.

3. Insider Threat Technology at Work

Organizations need to take a holistic approach to combating insider threats, especially during the pandemic. When assessing insider threat technology, be sure to first consider the performance impact of any solution and its associated scalability, ease of management, deployment, stability and flexibility. Select a solution that provides visibility into user behavior while complementing the tools your organization already uses.

A dedicated insider threat solution reduces threats by helping organizations identify user risk, prevent data loss, and accelerate incident response. This approach also distinguishes malicious acts from simply careless or negligent behavior.

online pharmacy amaryl with best prices today in the USA

A more comprehensive cybersecurity program, while also putting training in place, can address negligent behavior before it becomes a security concern.

In 2020, everything about how and where we work changed.

online pharmacy lexapro with best prices today in the USA

Unfortunately, both external and insider data breaches are accelerating. Organizations are losing more data due to compromised, negligent, or malicious insiders, so it is time to place people at the center of your cybersecurity strategy. Today’s COVID-19 reality weighs heavily on security teams.
online pharmacy biaxin with best prices today in the USA

An effective combination of people, process, and technology can help remediate one of the most critical risk factors facing organizations around the world today.

Only 18% of IT Pros Confident in Current Password Risk Management

Posted on by

Many are having trouble maintaining the security of their employees’ log-in information, resulting in serious risks to their networks and private information. According to a recent LastPass and VansonBourne survey of 750 IT and security professionals in the United States, United Kingdom, France, Germany, Australia and Singapore, only 18% feel their company’s current access security is “fully secure and does not require improvement.” Risk management professionals have a significant role to play in determining how their organizations handle these risks and protect their data.

Some of the biggest ways that employees’ poor password management creates potential security threats to organizations’ data, according to the security professionals surveyed, are password reuse (according to 67%), weak passwords (65%), and not changing default passwords (36%), according to the security professionals surveyed. Nearly all respondents (95%) said that the risks that come along with using passwords create threats to the organization.

Given the importance of strong login information, companies often attempt to implement password rules to reduce security risks, such as requiring employees to choose complex passwords and change them frequently. However, these issues can lead to frustrations for both IT staff and employees. According to the LastPass/VansonBourne survey, the top frustrations for IT are employees reusing passwords for multiple applications, forgetting their passwords, and the time it takes to manage the company’s passwords. Employees are frustrated by having to regularly change their passwords, remember multiple passwords, and type long and complicated passwords.

The rapid increase in the number of employees working from home due to the COVID-19 pandemic has also exacerbated the risks, given a corresponding surge in cyberattacks on remote workers since March. Many employees are now working on home networks that may not have the protections that office networks offer, their passwords may not follow the stringent guidelines their companies would normally require, and they may store their passwords in less secure ways. In fact, Entrust Datacard released a survey showing that 42% of employees working from home kept passwords by physically writing them down, while 34% saved them in their phones and 27% kept them on their computers. The survey also found that almost 20% of employees reused passwords across multiple systems, which could make it easier for malicious actors to compromise those systems.

Maintaining Secure Logins

There are ways for risk professionals to help protect their companies’ systems and data. Experts recommend mandatory cybersecurity training for all employees, including instructions on how to choose adequate passwords, how often to change them and how to avoid cyber threats like phishing and malware.

There are also technological ways that risk managers can help secure their organizations’ passwords. As a first step, the National Institute for Standards and Technology (NIST) recommends that organizations ensure that employees’ passwords do not match those exposed in previous data breaches.

buy cipro online healthdirectionsinc.com/flash/swf/cipro.html no prescription pharmacy

There are publicly available services online that allow users to check whether email addresses and passwords have been compromised in breaches.

Additionally, the NIST recommends that employers restrict passwords to those that are not dictionary words, are not made up of repeated or sequential characters (such as 11111 or 12345 or qwerty), and do not contain specifics like the company’s name or the user’s name. NIST also suggests using multi-factor authentication (MFA), which would require employees to provide their login and password as well as a second piece of information, biometric data, or a physical device like a security key to verify their identity and log in.

With so many passwords to remember, a password manager—a program that stores and creates multiple complex passwords—may also be a good choice for organizations to protect their systems.

buy hydroxychloroquine online healthdirectionsinc.com/flash/swf/hydroxychloroquine.html no prescription pharmacy

Like all security precautions, password managers are not perfect. While still recommending their use, the Electronic Frontier Foundation warns that “using a password manager creates a single point of failure,” “password managers are an obvious target for adversaries” and “research suggests that many password managers have vulnerabilities.
buy tretiva online healthdirectionsinc.com/flash/swf/tretiva.html no prescription pharmacy

While a password manager or single sign-on technology can have benefits like faster authentication and letting employees remember fewer passwords, they also have downsides. The IT professionals surveyed by LastPass cited “the initial financial investment required to migrate to such solution,” “the regulations around the storage of the data required,” and “the initial time required to migrate to new types of methods” as the biggest challenges about using this technology. Additionally, 74% surveyed said that they thought employees at their companies would likely prefer to continue using passwords over passwordless methods because it was more familiar.