Connect with us

Top 10

CYBER SECURITY RISKS YOUR EMPLOYEES NEED TO KNOW WHEN WORKING FROM HOME

Published

on

Mike is the Editorial Director at Lendza

 

The landscape of labor is changing. Most of us have already seen it coming: the slow but impending digitization of everything. However, the global pandemic really sped things up, didn’t it? Recent statistics even suggest that most of the people who transitioned to remote working have no intention of returning to a traditional employment setting even after the health crisis.

There are definitely steps that we can do to influence our employees’ work setup as their employers, but the decision will still be up to them in the end. That’s why we believe that the best step for us is to come up with a crisis management plan that incorporates the risks involved in remote working. Taking a step further, we strongly feel that the biggest risk involves cybersecurity.

In this article, we seek to talk about two things. First, we want to list down the cybersecurity risks that employees can expect (and thus, need to know). Second, we also want to share with you some quick steps to mitigate them.

 

Top Remote Work Cybersecurity Risks

Here are the top three most common cybersecurity threats that remote workers and their clients (or employers) are faced with:

1.    Phishing

Phishing remains to be one of the most pressing cybersecurity problems for traditional and remote workers alike. It is a type of attack where a hacker creates a legitimate-looking website to trick people into entering their login credentials.

It can come in many forms. We’ve received reports of phishing in seemingly genuine employee portals and website login pages. It is still more common to get attacked via email, though.

To make matters worse, most of us (and our employees) already have an established idea of what a phishing email looks like. These assumptions can then influence our decision-making process, making it easier for us to fall prey to such attacks. In truth, there are a lot of phishing emails that look perfectly credible. Some of them are even sophisticated enough to deceive even the strictest email filters.

2.    Weak Network

A lot of companies place considerable investment into securing their networks. Most prefer the assistance of cybersecurity companies and consultants. After all, they already have established network security products and related services ready for their clients to sign up for.

There are some who prefer to keep things in-house instead. This is certainly a wise (and more affordable) move depending on the kind of talent you have.

The real challenge, though, is the fact that your remote workers won’t really have the same level of security. It doesn’t help that home router software is rarely updated. What’s worse is that a lot of us don’t even have a premium firewall at home. These certainly create a lot of opportunities that hackers can take advantage of.

3.    Human Error

Finally, there is a huge percentage of cyber attacks that happen just because of human error. It doesn’t matter whether you’re an employer, a traditional employee in an office cubicle, or a home-based freelancer.  Anyone can commit mistakes that can make them more vulnerable to cyber-attacks.

 

Here’s a quick list of the most common errors for your reference:

  • Creating weak passwords
  • Creating a universal password for all your logins
  • Writing your passwords on paper
  • Storing your passwords on an unsecured digital device
  • Entering your password on a shared computer
  • Letting others borrow your computer and other digital devices
  • Letting others borrow your credentials
  • Relying too much on the remember feature of your digital device for your logins
  • Leaving your digital devices unattended
  • Mistakenly posting the answers to your security questions on social media

There are definitely other circumstances out there that cybercriminals can exploit, but the ones we have listed above take the cake of being the most prevalent.

 

Quick Cybersecurity Steps

Anyway, let’s move on to the steps that even your remote workers can do at home to quickly minimize risks:

Training

Cybersecurity companies and consultants don’t just provide products and sound advice. Some of them also provide cybersecurity awareness programs. Advanced training on the subject can significantly decrease the risk of phishing and other cybercrimes.

While signing up for a ready-made curriculum remains to be the ideal option, this doesn’t mean that you can’t train your employees in-house. Even a simple PowerPoint presentation that you can distribute to your remote workers is better than absolutely nothing, after all.

Improved Network

The cheapest thing that you can do to decrease the risks of an unsecured home network is to simply require your remote workers to use a router equipped with the latest encryption features enabled.

This will encourage them to be more vigilant when it comes to updating their home routers.

The best decision, though, is to play a more active role in your remote worker’s network connection. Give your employees firewalls. Upgrade their network plans. Invest in your remote worker’s gear.

These steps would certainly require a hefty sum of investment especially if the majority of your workers are currently working at home. It’s still worth it, though.

Presence of Mind

Lastly, you can significantly decrease human error by just encouraging your employees to focus on their job and be more mindful of both their online and offline activities.

 

To match the previous section, here are some equally quick solutions to the problems we’ve posted earlier:

  • Create strong passwords by mixing alphanumeric symbols with special ones. Don’t make a password out of a word or statement. Make it random and impossible to guess.
  • Create different passwords for various online accounts, logins, and more.
  • Refrain from writing your password on paper. At the very least, don’t label that paper as “password”. It’s a rookie mistake.
  • Don’t use other people’s computers and electronic devices, especially if it will require you to log in to anything. On the other hand, don’t let others borrow your computer, digital device, or log-in credentials as well.
  • Don’t make a list of all your passwords and put it on a single device. You’ll be putting yourself into a significantly vulnerable spot should you somehow misplace that device by accident.
  • Lastly, don’t post anything related to your security questions online. Even something as simple as your dog’s name can be exploited at the hands of the wrong people.

 

Finance

HOW FINANCIAL ORGANIZATIONS CAN PROTECT THEIR DATA

Published

on

By

Yuval Wollman, President, CyberProof and Chief Cyber Officer, UST

 

Top executives from Wall Street’s largest banks pinpointed cybersecurity as the greatest threat to America’s financial system, at a Congressional hearing that took place in May.

The concern of financial industry leaders with cyber-attacks is neither surprising, nor new. The attraction of cybercriminals to banks and other financial institutions makes sense, given the fact that the financial sector functions as gatekeepers – not just of financial assets, but also of valuable Personally identifiable information (PII).

Threat actors are attracted to attack financial institutions to earn a profit through increasingly sophisticated attacks that range from ransomware attacks to identity theft. But while the threat continues to grow, there is much that can be done to mitigate the risks.

 

The Downsides of Digital Banking

The number of attacks on financial institutions increased sharply in the last two years due to the upheavals wrought by COVID-19, which prompted a dramatic rise in the number of online transactions.

With so much of today’s financial transactions done on both web and mobile devices, threat actors have more opportunities than ever before. Take, for example, the growing importance of Man in the Middle (MITM) Attacks, which impersonate another party online and give criminals access to personal data, passwords, and banking details.

With the widespread adoption of digital banking, consumers have become increasingly worried about cyber-attack. As a result, there’s growing demand to create better consumer protection laws that respond to the rapidly evolving technology. The U.S. Federal Trade Commission (FTC), for example, recently strengthened security safeguards for consumer financial information.

 

It’s Not “Just” About the Money

Financial organizations are at risk not just from threat actors looking for profit, but also from nation-states and hacktivists acting out of idealistic motives or as a means of achieving specific political ends.

The most famous examples of this type of attack include Russia’s 2016 attack on Ukraine’s electric grid and North Korea’s 2017 attack on Britain’s National Health Service.

Because of the extent of the damage that this type of attack could cause, NATO established cyberspace as the “fifth domain of warfare” in 2016. It developed a definition of when foreign factions are banned from attacking financial institutions, due to the fear that this type of attack could directly lead to a country’s destabilization.

 

Recognizing Risk Factors

The digital transformation of financial services helps banks and other financial institutions provide more a more convenient customer experience.

And while significant customer demand has led many banks to implement changes such as the transition from legacy to cloud-based solutions, these shifts also have the potential to create additional security risks.

For example, if we’re talking specifically about cloud migration, there’s need for additional security layers to protect organizations working with public cloud providers from the range of attacks targeting the financial sector: ransomware, account takeover, data theft and manipulation, phishing attacks, identity theft, and more.

Another example is the extensive use of third-party vendors, which has increased the risk of attack for organizations in the financial sector. Because third-party vendors enlarge the attack surface, they create more entry points to the system and make it harder to protect customer data.

 

Accelerating Detection & Response

By adopting an agile approach that supports continuous improvement, financial organizations can facilitate proactive identification of evolving threats and vulnerabilities in the wild. More specifically, by placing an emphasis on use case optimization – which starts by mapping out an organization’s threat detection gaps to a framework such as MITRE ATT&CK – enterprises can prioritize threats and invest their time and resources in mitigating risk more effectively.

For organizations transitioning to the cloud, what’s key is managing the migration process in a way that provides optimal visibility in the cloud and supports ongoing optimization at the enterprise level. Digital playbooks are a crucial tool in providing improved detection and response, creating automated or guided responses that allow faster, more effective, collaborative action.

The development and regular review of incident response plans similarly allows for efficient response in emergency situations and helps reduce the business impact of cyber-attacks.

 

Targeted Threat Intelligence

Threat intelligence that’s tailored to the financial services sector is another key component of timely detection and response. By working with expert Cyber Threat Intelligence (CTI) services, organizations can obtain up-to-date information about industry-specific threats in real time – information that is a highly valuable tool in strengthening the defense of an enterprise.

 

Cyber Hygiene

Employees make mistakes; after all, it’s only human. But these errors can lead to massive data breaches. For example, when someone clicks on a phishing email or leaves passwords for a company computer on a slip of paper that’s easily seen by the wrong person, the damage can be astronomical.

Providing regular cybersecurity training programs for employees can help minimize the risk of an accidental or careless action leading to cyber-attack. To be effective, training programs should not only explain how to spot cybersecurity risks like phishing emails but should also discuss how and where it’s safe to access company information.

Aside from employee training, there are fundamental cybersecurity-related decisions that should be implemented at the enterprise level such as Zero Trust, DevSecOps, and multi-factor authentication (MFA). From a policy perspective, for example, it’s crucial to enforce MFA for all applications. Moreover, technology-related vulnerabilities can be minimized through frequent patching and updates for systems. Audits, as well as vulnerability and penetration tests, must be conducted regularly.

 

For the Financial Sector, “Best Practices” are Key

With the growth in number and complexity of cybersecurity attacks on financial organizations and the increased risk of nation-state attacks, proactively approaching the question of cybersecurity and implementing “best practices” makes the difference in reducing the degree of risk to an enterprise.

By modernizing the SOC with a carefully navigated migration to the cloud, adopting continuous improvement of use cases and the development of digital playbooks that improve detection and response – as well as by leveraging targeted threat intelligence and maintaining strong cyber hygiene – enterprises can put themselves in a stronger position to minimize the potential business impact of a cyber-attack on their organizations.

 

Continue Reading

Top 10

IF IT’S A LOSS, YOU’RE TOO LATE – WHY THE INSURANCE INDUSTRY NEEDS TO FOCUS ON FIRST NOTIFICATION OF RISK

Published

on

By

Simon Dicks, Insurance Channel Manager EMEA, Lytx

 

Insuring commercial fleets can be an expensive business. Average repair costs have increased by up to 40% in the past 8 years and disputes about who was responsible can drive up expenditure for both fleets and insurers.

Part of the problem is that the insurance industry hasn’t had the tools to forecast costs and premiums accurately enough in this sector. Underwriting decisions are still made in the same way they always have been, by looking back at historical data from previous years. This approach simply isn’t giving insurance companies an accurate indication of potential risk – or a proper indication of the impact of driver behaviour.

Technology is helping insurers to an extent by providing information about First Notification of Loss (FNOL) – automatically sending notifications when unusual G-force readings are captured within a black box tracking device as a result of sudden braking or impact. This is good, but far better is the ability to use proactive technology to detect when an incident is at risk of occurring and when a driver is distracted.

The only way to address this is to put a highly accurate level of camera technology both inside and outside cabs, supported by sophisticated technologies such as Machine Vision (ML) and Artificial Intelligence (AI). This way, we can see not just that an incident has happened, but why it happened. What’s more, we can assess risk before an accident happens at all and prevent it happening in the first place. We call this First Notification of Risk (FNOR) – and it’s a whole step up from FNOL.

Machine Vision scans the internal and external environment of the vehicle to identify distracted driving behaviours such as mobile phone use, eating, drinking, smoking, inattentive behaviour or failure to wear a seatbelt. AI, comparing the behaviour against a vast bank of accumulated data, is then able to determine the riskiness of that situation and whether it needs to be flagged to the fleet manager, driver, or insurer via a short video clip. The big difference in this approach is that it’s proactive, not reactive. For the first time, fleets and insurers can identify adverse driving and distracted driving in real-time for the first time.

This includes the ability to alert drivers of any momentary slip-ups or distracted behaviours. Using the same technology, drivers will receive an audio or visual alert to help keep them on track and to lessen the likelihood of a moment’s distraction becoming anything more.

When insurers have access to these insights, they can also start to see patterns from the data over time. For example, a fleet manager might start to see that there’s a peak in risky driving behaviours on a Friday afternoon when lots of drivers are rushing to finish for the weekend. As a result, they may decide to spread the shifts differently so as to avoid that pattern of behaviour.

When insurers are only looking at FNOL, it’s already too late. A driver could be unthinkingly driving whilst smoking, on their phone, and nobody would never know. Whereas with FNOR, both managers and insurers are provided with insights that remove the guesswork, and underwriters have the information they need to assess risk with far greater precision.

There’s still a long way to go in making the move towards FNOR. With so many different companies selling cameras and telematics systems and producing information in hundreds of different formats, claims data will have to be standardised before the sector can really transform. However, by starting to embrace ideas like FNOR, the industry can move towards a solution that saves them time, money and lives.

To find out more, visit  www.lytx.com/FNOR

Continue Reading

Magazine

Trending

Business22 hours ago

IS SCARCITY OF TALENT THREATENING THE UK’S FINTECH CROWN?

Opinion From Rafa Plantier, Head of UK and Ireland at Tink   From the Square Mile to Canary Wharf, London...

SET YOUR BUSINESS UP FOR SALES SUCCESS IN A POST-PANDEMIC WORLD SET YOUR BUSINESS UP FOR SALES SUCCESS IN A POST-PANDEMIC WORLD
Business3 days ago

SET YOUR BUSINESS UP FOR SALES SUCCESS IN A POST-PANDEMIC WORLD

Dean Fiveash, Head of FinTech Sales, IFX Without doubt the Coronavirus pandemic impacted every aspect of our lives and fundamentally...

THE EVOLVING TECHNOLOGY NEEDS OF THE FINANCE DEPARTMENT THE EVOLVING TECHNOLOGY NEEDS OF THE FINANCE DEPARTMENT
Business3 days ago

THE EVOLVING TECHNOLOGY NEEDS OF THE FINANCE DEPARTMENT

Jennifer Sims, Senior Consultant at Xledger   The world of finance software is evolving quickly, but with many new software...

HOW RETURNS ABUSE AFFECTS RETAILERS HOW RETURNS ABUSE AFFECTS RETAILERS
Business3 days ago

HOW RETURNS ABUSE AFFECTS RETAILERS

By Aaron Begner, EMEA GM at Forter   Accompanying the significant growth in ecommerce over the past 12 months, is the...

TINTRA PLC FINALISES JOINT VENTURE WITH ARTIFICIAL INTELLIGENCE PARTNER TINTRA PLC FINALISES JOINT VENTURE WITH ARTIFICIAL INTELLIGENCE PARTNER
News3 days ago

TINTRA PLC FINALISES JOINT VENTURE WITH ARTIFICIAL INTELLIGENCE PARTNER TO BUILD INDUSTRY CHANGING REGULATORY TECHNOLOGY

Innovative fintech company, Tintra PLC(https://tintra.com/), has formed a joint venture with award-winning Artificial Intelligence and Machine Learning business, TMC2, via...

CELLPOINT DIGITAL PARTNERS WITH VYNE TO ENABLE INSTANT OPEN BANKING PAYMENTS FOR MERCHANTS CELLPOINT DIGITAL PARTNERS WITH VYNE TO ENABLE INSTANT OPEN BANKING PAYMENTS FOR MERCHANTS
News3 days ago

CELLPOINT DIGITAL PARTNERS WITH VYNE TO ENABLE INSTANT OPEN BANKING PAYMENTS FOR MERCHANTS

The partnership will allow CellPoint Digital customers to incorporate Vyne into its payment ecosystem and access instant payments without a...

WHY A MULTI-ACQUIRER STRATEGY IS KEY TO GLOBAL GROWTH WHY A MULTI-ACQUIRER STRATEGY IS KEY TO GLOBAL GROWTH
Business6 days ago

WHY A MULTI-ACQUIRER STRATEGY IS KEY TO GLOBAL GROWTH

As online business grows exponentially, finally fulfilling the internet’s promise of a ‘global village’ in which anyone can buy and...

Business6 days ago

TAKE THE NO-CODE LEAP TO DIGITAL INNOVATION WITH A FUSION TEAM

Chris Obdam, CEO, Betty Blocks   In the last couple of years, a new sector has emerged alongside enterprise financial...

Finance6 days ago

HOW FINANCIAL ORGANIZATIONS CAN PROTECT THEIR DATA

Yuval Wollman, President, CyberProof and Chief Cyber Officer, UST   Top executives from Wall Street’s largest banks pinpointed cybersecurity as the...

Top 106 days ago

IF IT’S A LOSS, YOU’RE TOO LATE – WHY THE INSURANCE INDUSTRY NEEDS TO FOCUS ON FIRST NOTIFICATION OF RISK

Simon Dicks, Insurance Channel Manager EMEA, Lytx   Insuring commercial fleets can be an expensive business. Average repair costs have...

Business6 days ago

IDENTITY SECURITY IN THE ERA OF SOX

By Steve Bradford, Senior Vice President, EMEA, SailPoint   The Sarbanes-Oxley Act (SOX) is a federal law that mandates practices...

News6 days ago

EXPERIAN LAUNCHES VERIFICATION SERVICE TO SUPPORT FASTER, MORE ACCURATE LENDING DECISIONS

Work Report™ is the UK’s first service that automates the digital sharing of payroll information on behalf of the consumer...

News1 week ago

TENUREX AND ELUCIDATE PARTNER TO INCREASE FINANCIAL INCLUSION WORLDWIDE

TenureX and Elucidate have announced a strategic partnership with a mission to increase financial inclusion worldwide and tackle the laborious...

Banking1 week ago

WHY THE TIME IS NOW TO BANK BEYOND BORDERS

by Lili Metodieva, MD of Monneo   As our world becomes more interconnected, so too does the need for banking...

News1 week ago

PAYCAST PARTNERS WITH MARQETA AND MASTERCARD FOR NEW MARKETPLACE PAYMENT SOLUTION

Paycast will leverage Marqeta’s modern card issuing platform and the Mastercard network to empower marketplaces with payment solutions that help...

Finance1 week ago

HOW FS ORGANISATIONS CAN USE API-DRIVEN DATA AUTOMATION TO JOIN THE OPEN BANKING REVOLUTION

By Steve Barrett, Senior Vice President, International Operations at Delphix    Technology is rapidly transforming all industries across the world. However, for the...

Banking1 week ago

IT’S TIME FOR BANKS TO SIT THEIR CUSTOMERS DOWN AND TALK OPEN BANKING

Eugene Danilkis, CEO at Mambu   We are living in an experience economy, and banking is no different. Customers need...

Banking1 week ago

WILL CHALLENGER OR TRADITIONAL BANKS WIN THE SECURE CARD PAYMENTS BATTLE?

By Vince Graziani, CEO, IDEX Biometrics ASA   Challenger banks have shaken up the payment ecosystem in the last decade....

Banking1 week ago

TOP ITALIAN BANK ROLLS OUT FIRST OF ITS FULLY DIGITAL BRANCHES WITH AURIGA

Banca Carige Smart, the new intelligent branch model enabled by Auriga #NextGenBranch solutions , combines digitalisation with a human touch...

Banking1 week ago

HOW BANKS CAN PROTECT THEMSELVES AGAINST RANSOMWARE

Jay Ralph, Managed Cloud Global Sales Lead at SoftwareONE   We’ve seen a slew of high-profile ransomware attacks in 2021. From hackers...

Trending