Tag Archive for: employees

Only 34% of small and medium-sized business employees report receiving mandatory cyber security awareness training

/in


 New IBC report card shows there is room for improvement in cyber security awareness

TORONTO, Sept. 22, 2022 /CNW/ – New Insurance Bureau of Canada (IBC) research has found that small and medium-sized Canadian businesses have been slow to adapt to increasingly frequent and sophisticated cyber attacks. The results are featured in IBC’s first Cyber Savvy Report Card, which assigned Canadians a “C” letter-grade for cyber safety actions and knowledge.

IBC’s report card is informed by the results of a survey of 1,525 Canadians that work at small and medium-sized businesses (defined as businesses with fewer than 500 employees). The survey revealed a number of startling findings:

  • Two-in-five of employees surveyed (42%) say they have seen an increase in cyber scam attempts over the last year.
  • Only a third of surveyed employees (34%) report that their company provides mandatory cyber security awareness training.
  • Only half (50%) of employees surveyed report that their organization has introduced multi-factor authentication, a critical cyber security defence mechanism that requires a user to provide two or more verification factors to access a corporate network or application.
  • Only a quarter of employees surveyed (24%) report that their employer conducts phishing email simulations to help promote cyber vigilance.

“As cyber criminals get savvier, it’s our collective responsibility to stay one step ahead,” said Celyeste Power, Executive Vice-President, Strategic Initiatives and Advocacy, IBC. “That’s why IBC has launched cybersavvycanada.ca, a new cyber education initiative to help small business owners and their employees better understand the threat of cyber attacks and what they can do to reduce their risk.”

Employees’ actions increase their company’s cyber security risk

IBC’s survey also revealed that 7 in 10 employees of small and medium-sized businesses (72%) reported at least one behaviour that could allow a cyber criminal to gain access to their company’s computer systems. This strengthens the argument for more employers to take action to reduce cyber threats. According to survey respondents:

  • 27% use one password to access multiple websites they use for work;
  • 23% access public…

Source…

Uber Hack Was So Huge Employees Thought It Was a Prank

/in


“I think IT would appreciate less memes while they handle the breach.”

Not A Joke

When a hacker announced that they had breached Uber’s security, some of the ride-sharing company’s employees reportedly thought they were being pranked.

As screenshots provided to The Washington Post show that when the still-unknown hacker announced themselves via a company Slack channel, many employees responded with emoji reactions that suggest they thought someone was playing a joke.

As the WaPo noted, there were others who took the hack announcement a bit more seriously.

“Sorry to be a stick in the mud,” the person whose messages were reviewed by WaPo wrote, “but I think IT would appreciate less memes while they handle the breach.”

Trolling, Trolling, Trolling

Further details that have since been revealed about the Uber hack, which was initially confirmed by the New York Times, reveal that the person who took credit for the hack claimed they are 18 years old, and that they had an, er, interesting way of trolling the company.

An Uber employee who spoke to Fortune told the magazine that when they opened their work computer, the company’s internal website displayed an “erect penis” along with text that read “FUCK YOU WANKERS.”

This reporting seems to corroborate details provided to Yuga Labs security engineer Sam Curry, who tweeted yesterday that Uber employees said they found themselves redirected to web pages that featured “a pornographic image” and the same “wanker” epithet.

As Ars Technica and other outlets have reported, the hacker appears to have accessed Uber’s internals via a successful phishing attack they took out on an employee via WhatsApp.

The company told Reuters that it’s investigating the breach and claims no sensitive user data had been accessed. Until the company — or the hacker — provide more updates, we won’t really know what happened or why the hacker went after the ride-sharing giant. But it’s clear, at least, that it was not a joke.

READ MORE: Uber was breached to its core, purportedly by an 18-year-old. Here are the basics [Ars Technica]

More Uberism: The Disgraced Uber Guy Is Back With a Fun New Plan to Kill Restaurants

And more hack news: Parent-Teacher Messaging App Hacked…

Source…

How HR can protect employees’ personal information

/in


HR possesses some of a company’s most valuable data, including employees’ Social Security numbers and other personal information that a company must work to protect. Though some may believe HR professionals are mainly responsible for carrying out personnel decisions and benefits management, HR staff can and must help protect their organization from cybersecurity attacks.

HR staff can make many contributions to help fortify their organization’s data security program and help keep the company resilient against attacks. Some of these include working on employee training and identifying sensitive HR records.

Here’s how HR professionals can help bolster data security efforts.

Help establish and communicate established security policies

HR professionals should serve on the organization’s IT and security governance committee and help create security rules.

HR staff should then communicate their organization’s acceptable usage policy and confidentiality and nondisclosure requirements to employees. These may exist in standalone documents or as part of an employee handbook.

Organize security training

HR staff should ensure that all employees are receiving the necessary corporate training, which includes expectations around computer and internet usage. HR staff should also consider implementing periodic tests to ensure that security stays on top of employees’ minds.

Work on data standards

HR staff should work with technical professionals and legal staff to establish company data classification and retention standards, as well as policies that meet state and federal legal requirements. They should also collaborate with tech professionals and legal staff to decide on wording for vendor, business partner and customer contracts.

In addition, HR should work with technical professionals to ensure they are properly destroying employee records in accordance with corporate policies around data retention.

Identify sensitive HR records

HR staff should work with technical professionals to discover sensitive HR records across the local network and in the cloud to help ensure those data assets are properly protected. They should also evaluate existing and emerging compliance requirements…

Source…

FBI reports rise in cybercrimes against higher ed targets; employees must remain vigilant to protect WVU credentials | E-News

/in


A recent FBI report on an uptick in cybercrimes in the higher education sector is a reminder to all employees that protecting University systems and data is a shared responsibility, and everyone has a role to play. While WVU has taken many steps to secure networks, computers and data, the threats are constantly changing, and faculty and staff must remain vigilant.

Here are some ways you can help defend WVU’s data:

  • Never use your WVU Login username and/or password on non-WVU sites. When those credentials are stolen from Netflix or Facebook, cybercriminals can use them to open a door into WVU systems.

  • Secure your WVU Login password. Don’t share it with anyone or write it down for someone to find.

  • Use a strong password or phrase. Ten characters is good, 12 even better. Use these tips to create strong passwords.

  • Be skeptical. Receive a suspicious-looking email? Don’t reply or click any links. Use the Report Message button in Outlook email or forward it as an attachment to [email protected].

WVU has already implemented many of the FBI’s recommended security measures to secure networks, computers and data, including: implementing two-factor authentication systemwide; limiting remote access to WVU systems, devices and data; enabling remote, automatic security updates to all WVU-owned and -managed computers; training and conducting phishing simulations; restricting access for people with administrative privileges on databases and servers; and segmenting networks to prevent unauthorized access.

“Security-related changes to the way WVU works are just part of the modern reality,” says Interim Chief Information Officer Brice Knotts. “Research universities like ours are data-rich targets for bad guys, and the threats are relentless and constantly changing. We need to be proactive in addressing them.”

That’s why developing a comprehensive, long-range Information Security Strategy is one of the foundational projects in the WVU Modernization Program,” Knotts said.

According to the report from the FBI’s Internet Crime Complaint Center (IC3), Russian cybercriminals in January 2022 sold or shared public access to college and university networks across the…

Source…