One in 10 IT pros would steal data if leaving a job

In addition, the survey found that 15% of participants would delete files or change passwords upon exiting.

While a number of organizations have invested in technologies to help detect and defend against external attackers, many companies are starting to better understand the risks from insider threats, which a recently published whitepaper said may actually be a larger issue.

https://resiliencepost.com/2017/07/18/more-than-half-of-ex-employees-still-have-access-to-corporate-networks/

According to the report insider attacks are more difficult to detect and prevent than external ones, with 91% of respondents in a similar survey of IT and security professionals reporting they feel vulnerable to both malicious and accidental insider threats.

Read entire post One in 10 IT pros would steal data if leaving a job | Kacy Zurkus | InfoSecurity
Advertisements

Orgs grapple with pros and cons of remote workers

Despite the growing number of employees that work remotely, security professionals fear that remote workers pose risks to the enterprise, according to a new study published by OpenVPN.

An overwhelming majority (90%) of survey respondents said that remote workers are a security risk to the organization, according to the report Remote Work Is the Future – But Is Your Organization Ready for It? The report’s findings are based on a survey of 250 IT leaders, from the manager level through the C-suite.

Still, 92% of respondents agreed that the benefits of remote work outweigh the security risks. “For employees, it provides greater efficiency and lower stress levels: 82% of telecommuters reported less stress and 30% said it allowed them to accomplish more work in less time,” the report said. In addition, companies reportedly save an average of $11,000 per year per remote employee.

Read entire post Orgs grapple with Pros and Cons of remote workers | Kacy Zurkus | InfoSecurity

ISO 30414 – New International Standard for human capital reporting

But measuring the true return on that investment can be a tricky business. It just got a lot easier with the first International Standard for human capital reporting.

It is well known that effective human resources (HR) strategies can have a positive impact on organizational performance. And with workforce costs making up to 70 % of an organization’s expenditure, it is important to get that strategy right.

ISO 30414, Human resource management – Guidelines for internal and external human capital reporting, is the first International Standard that allows an organization to get a clear view of the actual contribution of its human capital. Applicable to enterprises of all types and sizes, it provides guidelines on core HR areas such as organizational culture, recruitment and turnover, productivity, health and safety, and leadership.

Read entire post New ISO International Standard for human capital reporting | Clare Naden | ISO.org

Amazon investigating employees leaking data for bribes

Amazon is investigating reports of employees leaking confidential internal data and offering other services to sellers on its e-commerce platform in exchange for bribes, the Wall Street Journal reported Sunday.

Employees at the internet retailer are allegedly selling sales and search information to independent merchants selling products on the site, giving them an edge over competitors in violation of company policy, the newspaper reported. Brokers working as intermediaries for Amazon employees are also offering to delete negative reviews and restore banned accounts, the newspaper said, citing anonymous sellers, brokers and others familiar with the probe.

The investigation began in May after the company was tipped off to the practice taking place in China, where it’s said to be most prevalent, the Journal reported.

> Read entire article Amazon investigates employees leaking data for bribes | Steven Musil | CNet

Most IT Execs have zero control over password hygiene

Despite the clear danger that passwords pose to organizations, more than half of IT executives in a recent survey said they rely solely on employees to monitor their own password behavior.

Posted on InfoSecurity | By Tara Seals

Despite this, employees are struggling with the task: The survey from LastPass and Ovum, which queried a few hundred IT executives and corporate employees in EMEA, revealed that 76% of employees regularly have problems with password usage or management,and nearly a third of users need help desk support at least once every month.This onus on personal responsibility translates into companies wrestling with a lack of visibility and control. Yet the majority are not doing enough, if anything at all, to address the situation.

For instance, in terms of what organizations are doing to enforce strong passwords, 62% of IT executives rely exclusively on employee education. Employees are essentially on their own, with no technology in place to enforce any password strength requirement.

62% of IT executives rely exclusively on employee education

Read entire article Most IT Execs Have Zero Control Over Password Hygiene | InfoSecurity

1 of 4 UK employees have ‘purposefully leaked business data’

New research from Egress Software Technologies has revealed that one in four (24%) UK employees have intentionally shared confidential business information outside their organization, typically to competitors or new and previous employers.

The firm quizzed 2000 workers whose jobs required them to frequently use email to shine a light on risks surrounding email misuse within the enterprise.
Half of respondents said they either had or would delete emails from their sent folder if they had sent information somewhere they shouldn’t, with more than a third (37%) admitting they do not always check emails before clicking send.
Of those who had sent an email to the wrong person by mistake, one in 10 admitted to leaking sensitive data such as bank details or customer information. Less crucially, but no less embarrassingly, 40% had also accidently insulted the recipient or included rude jokes, swear words or risqué messages.

It’s happening! Wisconsin company becomes first in the U.S. to microchip employees

A Wisconsin company called “Three Square Market” will have employees (voluntary) receive RFID (microchip) implants that will allow them to access doors, vending machines and other facilities around the workplace. This may sound good on paper, but could have very dangerous consequences in the future if RFID implants become accepted and mandatory worldwide.

The rice grain-sized $300 (£230) chip will allow them to open doors, log in to computers and even purchase food. And so far, 50 employees have signed up for the chance to become half-human, half-walking credit card.

But far from being some sort of dystopian nightmare, Three Square Market’s Patrick McMullan believes everyone will soon be wanting their own microchip.

“The international market place is wide open and we believe that the future trajectory of total market share is going to be driven by whoever captures this arena first,” Mr McMullan said.

Three Square Market are even working with a Swedish company, BioHax, to deliver the new technology, which they see as one day being simply another payment and identification method – only instead of a credit card or phone, there would be a microchip between your thumb and finger.

But how did employees react?

pexels-photo-259200
The microchip is like one you would find on a credit card.

While a large proportion of the world might think twice before putting a tiny chip in their hand, it seems those at Three Square Market had no such worries.

Out of 85 employees at the company’s head office, 50 have come forward, vice-president of international development Tony Danna told the BBC.

How does it go in – and how do you get it out?

maxresdefault1
Tony Danna hopes that will eventually replace everything you might have in your wallet – from your key fob to your credit card and ID.

The entire point of the chip is convenience, Mr Danna explained. But the convenience also stretches to installing and removing the chip.

“It takes about two seconds to put it in and to take it out,” he told the BBC. Putting it in is “like getting a shot” using a syringe, while taking it out it like removing a splinter.

“Easy in, easy out,” Mr Danna said.

Source: BBC

Read entire post grey

More than half of ex-employees still have access to corporate networks!

A new study by OneLogin has revealed that a large proportion of businesses fail to adequately protect their networks from the potential threat posed by ex-employees.

The firm surveyed more than 600 IT decision-makers in the UK and found respondents were aware that over half (58%) of former employees are still able to access corporate networks even after they’ve left a company. This is particularly concerning when you consider that OneLogin also discovered that almost a quarter (24%) of UK companies have suffered data breaches by former members of staff.

The study highlighted flaws in the security processes implemented by organizations when an employee leaves too. Almost all (92%) of those polled admitted to spending up to an hour on manually deprovisioning past workers from every corporate application. Whilst 50% were not using automated deprovisioning technology to ensure an employee’s access to corporate applications stops the moment they leave the business – this could explain why over a quarter of ex-employee’s corporate accounts remain active for a month or more.

“Our study suggests that many businesses are burying their heads in the sand when it comes to this basic, but significant, threat to valuable data, revenue and brand image,” said Alvaro Hoyos, chief information security officer at OneLogin. “With this in mind, businesses should proactively seek to close any open doors that could provide rogue ex-employees with opportunities to access and exploit corporate data.”

fired-reddit-employee-does-ama-former-boss-responds-1099471-twobyone
24% of UK companies have suffered data breaches by former members of staff

Speaking to Infosecurity, Steve Durbin, managing director, Information Security Forum Limited, explained that companies are becoming increasingly more aware of the issue but face challenges when it comes to handling it, as it requires an approach that combines both process and people skills with technology as a back up to effectively manage.

“Content management, identity and access management systems all have a role to play in monitoring activity but cultivating a culture of trust is likely to be the single most valuable management step in safeguarding an organization’s information assets,” he added. “How you treat your employees while they are with you will determine their mind set and approach once they have decided to leave.”

Source: Info Security

Read entire post grey  Related Training grey

BlackBerry expands crisis communications services

To help federal managers communicate with their teams during an emergency, BlackBerry announced additional capabilities for its AtHoc crisis communication solution, which automates safety and availability status updates of people before, during and after an event.

The new AtHoc Account combines input from managers regarding their teams, information from call center operators, data feeds from human resource departments and travel systems as well as self-reporting from individuals, making it easier for managers to account for and communicate with their teams.

“Accountability today is a manual process that is quite inefficient,” AtHoc General Manager Sanjay Saini said.  “We are introducing AtHoc Account to provide real-time capability for organizations to be able to inform all of the necessary people so real-time decisions can be made.”

RELATED: A new Twitter feature to make life easier for emergency managers!

The BlackBerry AtHoc cloud service was authorized by the Federal Risk and Authorization Management Program at the moderate impact level in March. Besides AtHoc Account, the service includes AtHoc Alert, which allows for multichannel, bi-directional mass notifications via secure mobile apps and other mass notification channels, and AtHoc Connect, which allows agencies to more easily communicate with each other during crisis.

The new AtHoc Account combines input for managers making it easier to account for and communicate with their teams.

The Department of Energy, Department of Transportation and Federal Aviation Administration are currently using the AtHoc Alert service for notifications via BlackBerry’s private cloud platform. They are using a hybrid implementation model where the AtHoc SaaS platform runs behind their firewalls on premise.

More than 70 percent of federal government personnel are currently using AtHoc services in some capacity, including Department of the Treasury, Department of Veterans Affairs and U.S. Coast Guard.

BlackBerry’s AtHoc services are part of the company’s evolution from a government mobile phone provider to become a software-focused enterprise company.

Source: GCN

What are your thoughts on these features? Please leave a comment below!

Read entire post grey  Related Training grey

Other ways to get ISO trained and ISO certified

In-house training, self-training and hosted public training.

Yes, we offer public classes. But sometimes timing, location, budget, availability simply do not work for you.

Yet, there are many other ways to get the ISO training and the ISO certifications you need.

In-house trainingin house training.jpg

Get your team together at your location and at a time that fits your calendar. We will go pretty much anywhere and at anytime to deliver your training for a group of 5 or more participants.

Save on travel expenses and get a discount growing with the size of your group.

> CONTACT US TO ORGANISE YOUR IN-HOUSE TRAINING


Self-trainingself training.jpg

Acquire ISO certification from the comfort of your home or on the beach this summer. Learn at your own speed and on your own schedule.

Self-Training is now available for participants based in Canada, the USA, the United Kingdom and the rest of Europe.

> SEE HOW THE SELF-TRAINING WORKS
>> REGISTER AND START YOUR SELF-TRAINING


Hosted public traininghosted training.jpg

You have space for us to deliver training but not quite enough participants from your organisation. You can host a scheduled public training. You can also create your own group of interested professionals in your city and organise with us your hosted public training.

Save on travel expenses and get a discount for hosting the public training.

> CONTACT US TO HOST A PUBLIC TRAINING ACTIVITY


Why training?

A recent survey showed that training budgets for 2017 varied greatly among organizations. However, 90% of organisations surveyed indicated that employee development was a very important element in their organizations.

In the same survey, the 3 most frequently intended outcomes from training expenses are, in order:

  1. Improving employee proficiency
  2. Increased job satisfaction
  3. Compliance

Did you know the story of the CFO complaining to the CEO about the cost of training? The CFO says “Look at all we spend on this. What will happen if we train them and then they go?”.

With a concerned look, the CEO says to the CFO: “What will happen if we do not train them and they stay?”

Tap into the power of in-house training

Provide internal training to develop the knowledge and skills of your employees.

In-house training offers employers and employees advantages that are not found when you send an employee to an external training program or seminar. Training transfer occurs more naturally and employees cement learning through training other employees.

Internal training uses real life examples, problems and challenges that participants encounter every day at work. Successful internal training identifies the exact skills and knowledge that participants need to succeed in their jobs. It also prepares employees for success in their next job.

Internal training is presented in the language and terminology that participants understand and can relate to. Internal training develops the skills of employees and cements their own knowledge of the topic.

On-the-job training that enhances an employee’s skills and ensures her readiness for the next promotion, is generally far superior to a public seminar.

Tips about in-house training for employees

In-house, on-the-job training includes such activities as:

  • Invite the employee to contribute to department or company-wide decisions and planning.
  • Provide the employee access to higher level, more strategic, meetings.
  • Provide more information by including the employee on specific mailing lists, in company briefings, and in your confidence.
  • Enable the employee to establish goals, priorities, and measurements.
  • Assign the responsibility of teaching machine operation, quality standards, production standards, and safety practices to employees who train new employees or employees who are new to the work area.
  • Assign supervisory or team leader responsibilities, or function as an assistant lead while learning.
  • Assign the employee to head up projects or teams, or function as an assistant lead while learning.
  • Enable the employee to spend more time with his or her boss in a coaching / mentoring relationship. Set goals for employee development as a team.
  • Provide the opportunity for the employee to cross-train in other roles and responsibilities.

RELATED: Other ways to get ISO trained and ISO certified (in-house, self-training and hosted public training)

Mentoring and Coaching

Mentoring, coaching, and field trips, both inside and outside the company, help employees develop their skills and knowledge. Employees who “teach others” most effectively incorporate the knowledge and skills themselves.

In-house training sessions

Internal training sessions and methods are effective. Especially if they offer employees new skills and ideas, internal training, reading, and meeting can replace much external training in organizations. Internal training is also cost effective and the training facilitator or resource remains available daily to participants following the training session.

Source: The Balance

Read entire post grey

6 tips for employee theft prevention in your distribution centre

With maybe hundreds of thousands of saleable products and materials in storage, distribution centres are tempting targets for theft by internal and external perpetrators. Effective prevention means guarding against theft by both external and internal perpetrators. However it’s the threat from within your warehouse walls which probably needs the most attention.

It’s a sad fact that the risk of theft by employees is greater than that posed by external parties. Unless your perimeter security is very poor, your storage facilities are much more likely to lose inventory through the misdeeds of staff than as a result of a break-in.

RELATED: Supply chain: Theft in distribution centers is a growing threat

If you’re looking for some ways to improve theft prevention in your distribution centre, the following six tips will help you keep internal or external employees from helping themselves to inventory:

1. Implement manned checkpoints at site entrances

All vehicles leaving your distribution centre should be inspected before being allowed to exit the site. In a smaller site, where security checkpoints are not practical, have a manager or supervisor regularly stop exiting vehicles at random, to carry out inspections.

2. Separate receiving and shipping docks

If possible, try to have a physical barrier between receiving and shipping areas. If you can’t physically separate the two areas, you should at least keep some distance between them; unless of course you are operating a cross-docking operation.

pexels-photo-209251

In most warehouse scenarios, you want to make it difficult for goods to come off an inbound truck and disappear straight onto an outbound one.

3. Keep stored inventory away from loading/unloading docks

Maintain a clear distance of at least ten feet between your cargo doors and any pick faces or inventory storage areas. The only goods that should be near to your shipping and receiving doors are those which are part of inbound or outbound orders.

4. Locate warehouse manager’s office for maximum visibility

An elevated office within the warehouse will provide your warehouse managers with a broad field of view across the floor. This will help with theft prevention in your distribution centre, not only because of the improved visibility for managers, but also because employees know they might be under observation at any time.

5. Keep private vehicles out of the yard

Locate employee and visitor parking in a separate lot, separated from the operational areas of your DC by a fence or wall with controlled access and egress.

6. Provide an enclosed facility for drivers

Visiting truck drivers should not be allowed to hang around in your warehouse, yard or on loading docks. Provide them with a lounge or similar facility and insist they remain there while their vehicles are loaded or unloaded. Keeping all but essential operatives from storage areas is a vital part of theft prevention in your distribution centre.

Source: Logistics Bureau Group

Read entire post grey  Related Training grey

Do you have any other tips to about distribution center security? Please share in the comment section below!