Skip to main content

Home/ WPPS C-Suite News/ Group items tagged business

Rss Feed Group items tagged

sandy ingram

Few businesses are likely to be insured against the result of cyber attacks - Security ... - 0 views

  • Businesses are advised to thoroughly review risk management procedures and insurance programmes to ensure they have adequate and relevant cover in place: “The responsibility to get the house in order should lie with an organisation’s Managing Director or Finance Director, and not the IT department alone,” says Simon. “IT defences whilst vital only react to known problems and are not guaranteed to be 100 percent secure. Protection for the whole business and its sustainability is without doubt the safest option.”
  • “The economic downturn has resulted in people of all levels and responsibilities losing their jobs, and those with a detailed knowledge of their former employers’ IT and operating systems may well present a real potential threat, and turn to extortion as a way of taking revenge on their former employer, and of making some money at the same time.
  • According to The Wilson Organisation, insurers and underwriters are predicting a rise in white collar extortion as the recession continues to bite and unemployment figures increase. Worryingly many businesses do not have insurance cover for data or business loss.
  •  
    According to The Wilson Organisation, insurers and underwriters are predicting a rise in white collar extortion as the recession continues to bite and unemployment figures increase. Worryingly many businesses do not have insurance cover for data or business loss. "According to a DTI Information Security Breaches Survey, a third of UK businesses think general business insurance provides full cover for damage to the business arising from data loss," comments Wilsons' Simon Hoare, "but the reality is quite different, with very few businesses likely to be insured against the result of cyber attacks on its most crucial management and business tool - corporate and customer information, most of which is today held on corporate IT systems. "For public company directors, this is in fact in breach of their duties under the Turnbull Report, which requires them to identify, manage and take an informed opinion on the transfer of risks for the business."
sandy ingram

Study Finds U.S. Small Businesses Lack Cybersecurity Awareness and Policies | Reuters - 0 views

  • Small business owners' cybersecurity policies and actions are not adequate enough to ensure the safety of their employees, intellectual property and customer data, according to the 2009 National Small Business Cybersecurity Study. The study, co-sponsored by the National Cyber Security Alliance (NCSA) and Symantec [Nasdaq: SYMC], as part of this year's National Cyber Security Awareness Month, surveyed nearly 1,500 small business owners across the United States about their cybersecurity awareness policies and practices.
  • The survey shows discrepancies between needs and actions regarding security policies and employee education on security best practices.
  • The study found that while more than 9 in 10 small businesses said they believe they are safe from malware and viruses based on the security practices they have in place, only 53 percent of firms check their computers on a weekly basis to ensure that anti-virus, anti-spyware, firewalls and operating systems are up-to-date and 11 percent never check them.
  • ...7 more annotations...
  • "The 20 million small businesses in the U.S. are a critical part of the nation's economy. While small business owners may understandably be focused on growing their business and the bottom line, it is imperative to understand that a cybersecurity incident can be disruptive and expensive,"
  • small businesses seem out of sync with some Internet security risks. 75 percent of small businesses said that they use the Internet to communicate with customers yet only 6 percent fear the loss of customer data and only 42 percent believe that their customers are concerned about the IT security of their business.
  • Laptops, PDAs and wireless networks are great conveniences to businesses, yet they carry with them an added responsibility to ensure the data is secure. Today, more than 66 percent of employees take computers or PDAs containing sensitive information off-site.
  • Wireless networks are gateways for hackers and cyber criminals and must be secured by complex passwords
  • "Security threats are becoming more complex and employees of small businesses are increasingly the target of attacks that expose their organizations to data loss,"
  • "Security awareness and education, combined with a comprehensive security solution, can empower small businesses and their employees to protect themselves and their information."
  • The demographic makeup of the small business polled
  •  
    "Small business owners' cybersecurity policies and actions are not adequate enough to ensure the safety of their employees, intellectual property and customer data, according to the 2009 National Small Business Cybersecurity Study. The study, co-sponsored by the National Cyber Security Alliance (NCSA) and Symantec [Nasdaq: SYMC], as part of this year's National Cyber Security Awareness Month, surveyed nearly 1,500 small business owners across the United States about their cybersecurity awareness policies and practices."
sandy ingram

SURVEY BY KROLL ONTRACK: One out of Two businesses do not erase sensitive data. - 0 views

  • "Three-fourths of businesses are deleting files, reformatting or destroying drives, or 'do not know' how they are erasing sensitive data. Deleting files from a hard drive only marks the files to be rewritten, which may never occur. Furthermore, reformatting the drive only removes the entries in the index or table of contents that point to the data. And, physically destroying a drive is not a guaranteed method of protection, as Kroll Ontrack has been recovering data from severely damaged drives, such as the Columbia space shuttle, for more than 25 years.
  • "Surveying more than 1,500 participants from 12 countries across North America, Europe and Asia Pacific regarding their data wiping practices also revealed that four in 10 businesses gave away their used hard drive to another individual and 22 percent do not know what happened to their old computer.
  • Only 19 percent of businesses deploy data eraser software and fewer, 6 percent, use a degausser to erase media. When asked if and how businesses verify their data has been deleted, very few (16 percent) reported relying on a product or service report to confirm all of their data had been wiped.
  • ...1 more annotation...
  • "Reports that verify or confirm what the tool and/or service did are critical," concluded Reinert. "Not only do they inform you of what has been wiped, but they should identify the serial number as well as the make and model information of the wiped hard drive, the date and time of when the information was wiped, and a listing of how much information was wiped."
  •  
    "According to a recent global survey on data wiping practices, Kroll Ontrack, the leading provider of information management, data recovery, and legal technology products and services, found less than half of businesses regularly deploy a method of erasing sensitive data from old computers and hard drives. Of the 49 percent of businesses that are systematically deploying a data eraser method, 75 percent do not delete data securely, leaving most organizations highly susceptible to data breaches, which plague businesses at least once a year according to the 2010 Kroll Ontrack Annual ESI Trends Survey and cost an organization an average of $6.75 million per breach according to the 2009 Ponemon Cost of Data Breach Study."
sandy ingram

For Small Businesses, Account Fraud Adds Up - 0 views

  • Now, in a survey of more than 600 small business owners and executives, the Ponemon Institute has tried to put a number on the cost of credit card account fraud for those vulnerable targets, comparing the damage with the cost of physical theft by employees or burglars. The result: While identity theft takes less from businesses per incident than either robberies or crooked employees, it hits them often enough that it's an equally costly or even costlier problem. According to Ponemon's study, the median account fraud incident costs a business $5,136. That's much less than the $9,913 the respondents attributed to the median cost of a burglary or $17,517, the cost they attributed to an employee theft case. But take the frequency of those incidents into account, and the pain adds up. About 86% of businesses have suffered from account fraud, more than the 77% who have been robbed or the 63% whose employees have stolen from them. And among those victims, most businesses experience employee theft either once (32%) or zero times a year (41%). Robberies are less costly but more frequent: Most businesses report them either once (29%) or between two and five times a year (38%). Account fraud is far more frequent: 45% of businesses have been digitally defrauded two to five times in the last year, and 38% have been defrauded more than five times.
  •  
    Small businesses, by contrast, don't always share those protections. And that means they often feel the full brunt of cybercrime
sandy ingram

Small Business Facts and Figures - 0 views

  •  
    What is a small business? The Ofce of Advocacy denes a small business as an in- dependent business having fewer than 500 employees. (The denition of "small business" used in government programs and contracting varies by industry; seewww.sba.gov/size.)
sandy ingram

HITECH now specifically requires the business associate to notify their partner so that... - 0 views

  • The total impact to the institution is difficult to quantify. Obviously no organization wants the negative press. It's the kind of thing that loses patients and makes the institution less appealing when trying to attract physicians.
  • Under the breach notification requirements of the HITECH Act (Title XIII of the American Recovery and Reinvestment Act), lost or stolen unencrypted records such as these requires notification to Health and Human Services for the public posting of the institution to HHS' "wall of shame," or public list of breaches involving more than 500 individuals. If you go to the HHS website right now, you'll see this incident listed there -- along with an ever-increasing laundry list of other institutions in the same boat.
  • This very public example of HITECH in action underscores just one of the many ways that the law has altered the way that healthcare does business. While the full impact of the law won't be seen for quite some time to come, we're starting to see some radical changes in the way that hospitals approach security and compliance.
  • ...7 more annotations...
  • Security Breaches From a provider point of view, probably the biggest impact from a security and compliance standpoint stems from the relatively strict breach disclosure requirements within the law. Covered entities not only need to notify in writing the individuals whose data was lost, but they also are required to notify HHS of the data loss.
  • Vendor Impact In addition to expanded disclosure provisions for business associates, HITECH also changes the landscape for them in that they now have a higher bar to meet in terms of their own security requirements
  • Under the law, business associates now have to meet the same bar as covered entities when it comes to the security rule.
  • However, covered entities are not alone in shouldering the burden of these more stringent rules. Business associates also have a role to play under the new provisions. Business associates now need to make sure that they report possible breaches to partners/customers and that they provide enough data for the covered entities to tell who was impacted and what type of data it was -- in other words, enough data for covered entities to fulfill their disclosure obligations. Whereas in the past a breach might occur at a business associate with nobody at the covered entity the wiser
  • HITECH now specifically requires the business associate to notify their partner so that the individuals impacted can be apprised.
  • Clearly, as applications move outside of the provider (for example, due to cloud computing) and more and more vendors move in to participate, rising numbers of vendors, hosting providers, and other service providers find themselves becoming "business associates" and inheriting security requirements that they're unfamiliar with. Even vendors not specifically targeting the healthcare market may find themselves in the direct path of the regs and obligated to change how they do business in response.
  • Vendors seeking to court healthcare clients will now need to pitch not only functionality but a compliance message as well.
  •  
    Just a few weeks ago, Lincoln Medical and Mental Health Center learned a hard lesson. If you didn't see the news reports, the N.Y.-based healthcare provider notified over 130,000 individuals that their records -- including diagnostic information, Social Security numbers, dates of birth, and other information of use to identity thieves -- was potentially lost."
sandy ingram

Cloud Computing Guide For Small Business - 0 views

  • 1. The growth of cloud computing is astounding. It is estimated that the worldwide cloud computing market is $8 billion with the U.S. market accounting for approximately 40% of that: $3.2 billion.  According to Gartner’s 2011 predictions, number one on their list of Top Strategic Technologies is Cloud Computing. Gartner also predicts that the SaaS market will hit $14 billion in 2013.
  • 2. Cloud Computing Software Solutions VS Desktop Applications The most common reason why small businesses choose cloud computing solutions over desktop applications is this: It is less expensive because you pay a small monthly amount instead of a one-time fee as it works now with traditional desktop software. On a cash-flow basis, it is less costly because your cloud based apps are often slightly less costly than an annual purchase or upgrade for common programs.  However, you have to look closely at the pricing plans and details for each application.
  • 3. Cloud Computing Solutions are available all the time – no matter where you are. For some business users that operate virtual offices or operate remotely on different machines depending on location and they need the application to be accessible from a web browser. That is one of the biggest advantages of cloud computing– it is available wherever you have access to a computer and browser.
  • ...3 more annotations...
  • When most small business owners or new software companies talk about cloud computing, they usually mean an application that runs from the web and not directly from your not-connected-to-the-Internet desktop (software as a service or SaaS).
  • Cloud computing software solutions, for our purposes here, mean software that has a low monthly fee rather than a one-time capital expenditure. Just about any business function you can think of has a cloud based solution, from phone services to marketing to operations to finance.
  • You may already be relying on cloud computing without even realizing it. Think about your email provider: Are they offering some sort of anti-spam protection? Or what about your anti-virus program? Are they constantly updating and securing your desktop application? They are delivering service from the cloud, without on-premise hardware and software.  This is a great example of how SaaS has infiltrated our work and software installations without us thinking about it.
  •  
    "In this guide, we suggest 16 things you should consider before deciding whether cloud computing is a good match for your business. Read more about how small businesses use cloud computing."
sandy ingram

Survey Finds Gap in Attitudes Between the Cloud "Haves" and "Have-Nots" - ReadWriteCloud - 0 views

  • This post is part of our ReadWriteCloud channel, which is dedicated to covering virtualization and cloud computing. The channel is sponsored by Intel and VMware.
  • London-based communications SaaS provider Mimecast has announced the results of its second annual Cloud Adoption Survey. The survey, conducted by independent research firm Loudhouse, assessed the attitudes of IT decision-makers in the U.S. and UK about cloud computing
  • The majority of organizations now use some cloud-based services. The report found 51% are now using at least one cloud-based application. Adoption rates for U.S. businesses are slightly ahead of the UK with 56% of respondents using at least one cloud-based application, compared to 50% in the UK
  • ...7 more annotations...
  • Two thirds of businesses are considering adopting cloud computing. 66% of businesses say they are considering adopting cloud-based services in the future, with once again, U.S. businesses leaning more towards adoption than their UK peers (70% of U.S. businesses, and 50% of UK ones).
  • Email, security, and storage are the most popular cloud services. 62% of the organizations that use cloud computing are using a cloud-based email application. Email services are most popular with mid-size businesses (250-1000 employees) with 70% of organizations this size using the cloud for email. Smaller businesses (under 250 employees) are most likely to use the cloud for security services, and larger enterprises (over 1000 employees) most likely to opt for cloud storage services.
  • Existing cloud users are satisfied. Security is not considered to be an issue by existing cloud users: 57% say that moving data to the cloud has resulted in better security, with 58% saying it has given them better control of their data. 73% say it has reduced the cost of their IT infrastructure and 74% believe the cloud has alleviated the internal resource pressures.
  • Security fears are still a barrier. 62% of respondents believe that storing data on servers outside of the business is a significant security risk. Interestingly, this number was higher for users of cloud applications than it was for non-users (only 59% of non-users thought it was risky, while 67% of users did.)
  • Some think the benefits of the cloud may be overstated.54% of respondents said the potential benefits of the cloud are overstated by the IT industry, and 58% indicated they believed that replacing legacy IT solutions will almost always cost more than the benefits of new IT.
  • "The research shows that there is a clear divide within the IT industry on the issue of cloud computing," says Mimecast CEO and co-founder Peter Bauer. "While those organisations that have embraced cloud services are clearly reaping the rewards, there are still a number who are put off by the 'cloud myths' around data security and the cost of replacing legacy IT
  • It is now up to cloud vendors to educate businesses and end users to ensure that these concerns do not overshadow the huge potential cost, security and performance benefits that cloud computing can bring."
  •  
    Existing cloud users are satisfied. Security is not considered to be an issue
sandy ingram

Microsoft cloud computing & cloud services - So much more than just BPOS - Microsoft Pa... - 0 views

  • Windows Azure - flexible, familiar environment to create applications and services for the cloud.
  • Windows Intune - simplifies how businesses manage and secure PCs using Windows cloud services and Windows 7
  • Microsoft Office Web Apps - online companions to Word, Excel, PowerPoint, and OneNote, giving you the freedom to access, edit, and share Microsoft Office documents from virtually anywhere.
  • ...10 more annotations...
  • Microsoft SQL Azure - provides a highly scalable, multi-tenant database that you don't have to install, setup, patch or manage.
  • Microsoft Exchange Online - highly secure hosted e-mail with "anywhere access" for your employees.  Starts at just $5 per user per month.
  • Microsoft Forefront Online Protection for Exchange - helps protect businesses' inbound and outbound e-mail from spam, viruses, phishing scams, and e-mail policy violations.
  • Microsoft SharePoint Online - gives your business a highly secure, central location where employees can collaborate and share documents.
  • Microsoft Office Live Meeting - provides real-time, Web-hosted conferencing so you can connect with colleagues and engage clients from almost anywhere – without the cost of travel.
  • Microsoft Office Communications Online - delivers robust messaging functionality for real-time communication via text, voice, and video.
  • Microsoft Dynamics CRM Online - helps you find, keep, and grow business relationships by centralizing customer information and streamlining processes with a system that quickly adapts to new demands.
  • Windows Live ID - identity and authentication system provided by Windows Live that lets you create universal sign in credentials across diverse applications.
  • Microsoft Business Productivity Online Suite (BPOS) - brings together online versions of Microsoft's messaging and collaboration solutions, including: Exchange Online, SharePoint Online, Office Live Meeting, and Office Communications Online.
  • Hopefully in the information above, you can see that when it comes to Microsoft cloud computing and Microsoft cloud services, BPOS is just one aspect and offering available, but it goes far beyond just that.  Whether you are a business or a partner, the opportunity that cloud computing/cloud services and Microsoft brings to you are very exciting and continue to expand each and every day.
  •  
    The journey leading up to where we are today has been taking place for 15 years now, starting way back with Windows Live and Hotmail. Since then, the services and offerings served up online through cloud from Microsoft have continued and expanded. Today, there are a number of cloud based solutions available, enabling individuals and businesses around the world to do so much. Here's a look at some of these, with links to more information about each and trials of these for you:
sandy ingram

Smaller companies challenged to comply with Massachusetts' data privacy rules - Mass Hi... - 0 views

  • The regulations, which went into force in March, are intended to protect a consumer’s personal information from identity theft and other privacy breaches and to spell out steps that businesses must take to ensure data is secured. Some large companies — particularly those in the finance and health care industries that are already subject to data security laws like the Health Insurance Portability and Accountability Act (HIPAA) — had privacy measures in place, which helped get them ready for Massachusetts’ regulations. However, for many smaller and midsize companies that have not been subject to data security laws before, complying with the rules is a longer and often more painful process.
  • some businesses that are complying with privacy regulations for the first time and have limited in-house technology expertise “are running around with their hair on fire, trying to figure out what to do first,”
  • “We’ve seen a substantial uptick in activity in clients seeking guidance in how to comply,” said Carlos Perez-Albuerne, a partner at Choate Hall & Stewart LLP. “There’s a whole swath of businesses that never had to deal with anything like this before.”
  • ...4 more annotations...
  • Under the regulations, organizations — no matter where they are based — that store personal information about Massachusetts residents have to write security policies detailing how the data will be protected, encrypt the data when it is stored on laptops or other portable devices or transmitted over public networks, and monitor their systems for breaches.
  • Believed to be among the most stringent data privacy regulations in the U.S., the rules have lawmakers and businesses taking note. The regulations are now driving computer security policy agendas across the country, said Mark Schreiber, a partner at Edwards Angell Palmer & Dodge who chairs the firm’s privacy and data protection group. “The impact is much broader than we ever imagined. Who would have thought it would have catalyzed so much activity?” he said. “This will be with us for decades or longer.”
  • Since March, Cutugno Court Reporting and Sten-Tel Inc., a Springfield-based firm that provides document management and transcription systems, has spent “easily into the six-figure realm” on technology and consulting services to comply with the privacy regulations, said Blake Martin, the company’s CIO.
  • To date, state regulators have not yet taken any public enforcement actions against organizations that have failed to comply with the rules. The state attorney general’s office, which is charged with enforcing the regulations, and the Office of Consumer Affairs and Business Regulation, which developed the regulations, have been focusing on compliance efforts, reaching out to trade groups, bar associations and others to spread the word.
  •  
    "Eight months after the state's tough, new data privacy regulations went into effect, many businesses are still sorting through the rules and working to bring their firms into compliance. "
sandy ingram

VIDEO The Business Center Is Your Link to #compliance Law - 0 views

  •  
    "The Business Center Is Your Link to the Law The Business Center is your link to the law. It gives you and your employees the tools you need to comply. Learn how you can use the free resources to enhance compliance and build your customers' trust."
sandy ingram

The collaborative web in action - CEO Forum Group - 0 views

  • it is a sad fact that too few CEOs make the connection this current wave of the Internet and any change in the way business works. This I believe is a pity and it could cost businesses money.
  • For many CEOs, I would suggest, this trend is one which they understand only tangentially – perhaps when they see their home telecommunications bill if they have children – or when they meet one of their generation Y employees, who cheekily ‘demands’ instant messaging or an iPhone as part of their salary package.
  • it is the platform of networked based colllaboration tools, created on the public Internet but increasingly being adopted in the workplace, which will set apart the successful businesses of the first two decades of the 21st century.
  • ...1 more annotation...
  • When a business works out how to use collaboration tools properly, it can open up an entirely new way of improving resource allocation, driving innovation, getting closer to customers and partners, taking costs out of the business and reducing time-to-market. Collaboration, based on the network as the platform, is even able to help reduce the impact of business on the environment.
  •  
    "...it is the platform of networked based colllaboration tools, created on the public Internet but increasingly being adopted in the workplace, which will set apart the successful businesses of the first two decades of the 21st century."
sandy ingram

Protect your business from the cybercrime wave - USATODAY.com - 0 views

  • According to Conner, cybercrooks are now targeting small business: "We are in an arms race with sophisticated, high tech enemies who are now concentrating on smaller business bank accounts in addition to their continued efforts to steal from large corporations." To combat the risk, Conner suggests that small businesses employ a "triple threat" security package that would include
  • According to Brian Krebs, a journalist who has covered this issue extensively, "Most companies that get hit with this type of fraud quickly figure out that their banks are under no legal obligation to reimburse them."
  • So how does this type of fraud occur, and what can you do to protect yourself? Typically, the bad guys are able to plant malware on the victim's computer and then use that to access the company's online banking profile. They then use that information to transfer huge sums of money out of the targeted accounts.
  • ...1 more annotation...
  • unlike consumers, small businesses do not get the same protections afforded consumers who are the victim of online fraud. If your credit card is stolen, and you report it promptly, your out-of-pocket loss is capped at $50.
  •  
    small businesses do not get the same protections afforded consumers who are the victim of online fraud.
sandy ingram

Privacy and Security | BCP Business Center - 0 views

  • Behavioral Advertising Online behavioral advertising – the practice of tracking someone’s online activities to deliver targeted advertising – can raise potential privacy issues.  Do you disclose your practices to your customers and honor your promises? Children’s Online Privacy The Children’s Online Privacy Protection Act (COPPA) gives parents control over what information websites can collect from their kids. If you run a website designed for kids or have a website geared to a general audience but collect information from someone you know is under 13, you must comply with COPPA’s two main requirements. Credit Reports Does your business use credit reports to evaluate customers’ credit worthiness? Do you consult credit reports when considering evaluating applications for jobs, leases, and insurance? Here is information about your responsibilities when using, reporting, and disposing of information in those credit reports. Data Security Many companies keep sensitive personal information about customers or employees in their files. Having a sound security plan in place can help you meet your legal requirements to protect that sensitive information. Gramm-Leach-Bliley Act The Gramm-Leach-Bliley Act requires financial institutions – companies that offer consumers financial products or services like loans, financial or investment advice, or insurance – to explain their information-sharing practices to their customers and to safeguard sensitive data. Health Privacy If you offer or maintain personal health records online, you could be covered by the FTC’s Health Breach Notification Rule. Are you familiar with your legal obligations in case of a security mishap? Red Flags Rule The Red Flags Rule requires many businesses and organizations to implement a written Identity Theft Prevention Program designed to detect the warning signs  – or red flags – of identity theft in their day-to-day operations.
  •  
    "Privacy and Security For many companies, collecting sensitive consumer and employee information is an essential part of doing business. If you collect this type of information, it's your legal responsibility to take steps to properly secure or dispose of that data."
sandy ingram

RESEARCH SHOWS MORE THAN HALF OF SMBs OPERATE WITHOUT STAFF IT SECURITY GUIDELINES | Ec... - 0 views

  • AVG's research shows that: * 83% agree that having the right level of IT security protection is critical to their business * 77% say that a security threat could have a significant negative impact on their business * 55% feel they can make IT security decisions without 3rd party influence * However, only 48% have a clear IT security policy in place for their staff, leaving most at the mercy of what employees decide to download or access online * As a result, perhaps not surprisingly, 1 in 4 have experienced a security breach * Most worryingly, 1 in 7 have no security software or systems in place at all AVG also asked small businesses whether they expect to see growth in the next five years - 61% of UK and 74% of US small businesses say that they do.
  •  
    "Research released today by Internet Security company AVG (http://www.avg.com) shows that although most small businesses understand the need to protect their IT systems, fewer are willing to put it into practice. Out of 2000 SMBs surveyed in the US and UK for the "SMB Landscape Report", more than half (52%) have no IT security guidelines for their staff, while 1 in 7 have no Internet security software or solutions in place at all. "
sandy ingram

Staff fraud 'on the rise'. Majority still undetected and unreportd - 0 views

  • "The vast majority of staff in any organisation are trustworthy and honest. However, businesses are now beginning to realise and understand the scale of the threat posed by the small proportion of staff that act dishonestly and defraud their employer."
  • According to the ACFE 2010 report on occupational fraud the median length of the schemes was 18 months from the time the fraud began until the time it was detected. The median loss caused by the occupational frauds in the report was $160,000. Nearly one-quarter of the cases caused at least $1 million in losses and nine cases caused losses of $1 billion or more.
  • Historically, the most serious threat from staff fraud has been centred on relatively senior employees in management positions. However, the major threat has now shifted down the organisational hierarchy to more junior members of staff, who have access to, and responsibility for, more confidential customer and payroll data than ever before,"
  • ...3 more annotations...
  • "With as much as 30 per cent of all business failures attributable to employee theft, employers are interested in any device or technique that could detect or prevent employee theft.
  • "Given the present wave of corporate scandals and failures, it is not surprising that organisations are being expected to create strong ethical cultures and select employees who will fit into those cultures. This explains, to some extent, the growing emphasis on integrity testing in the business world.
  • Spitzer has simple advice for businesses who are concerned they may be at risk:
  •  
    "Employee theft and fraud is on the increase - and an Australian start-up company believes it has pioneered a means of early detection. According to a recent survey conducted by KPMG, the total funds lifted from organisations came to $345 million - a significant increase from the $301 million of 2008, totalling 174,914 cases. "Employee fraud is a growing concern for organisations in all business sectors both in monetary and reputational terms," says Alon Spitzer, who has founded Integrity Elements, a company specialising in the new field of ' integrity testing and valuation'."
sandy ingram

Small Companies Look to #Cloud for Savings in 2011 - WSJ.com - 0 views

  • As of April 2010, only about 7% of small-business owners were using cloud services, but that number is expected to grow to more than 10% by mid-2011, according to a survey by technology-research firm IDC.
  • Half of small firms that use "the cloud" say it has improved their bottom line, according to a survey this fall by Microsoft Corp., which provides cloud services.
  • A number of surveys show that some business owners are hesitant to try cloud computing because they don't want to stray from familiar systems or invest in new ones. Some owners that have made the switch, however, say it has been a boon to their cash-strapped firms.
  • ...6 more annotations...
  • Garey Willbanks, owner of Boiler Management Ltd. in Houston, says he pays about $600 a month to store information in the cloud. He estimates that is less than a tenth of what he would pay if he hired technology personnel to run an in-house storage server.
  • In June, Michael Tracy, a private law practitioner in Irvine, Calif., decided to try Nextpoint, a cloud-based program for attorneys. He had previously spent $10,000 to $12,000 a year licensing software that would organize materials before a trial. The problem was he needed it just a few times a year. By contrast, Mr. Tracy pays for Nextpoint only when he uses it, and he anticipates spending just $4,000 to $6,000 a year on the service.
  • "If you already have tight control over your company, your expenses may drop 10% to 20%,"
  • Despite the savings, there are risks. Security breaches, for instance, can happen if the cloud provider isn't reliable. "If they make money directly from you, then they will want to secure [your information]," Mr. Enderle says. "If they make it through advertising," they may be more likely to sell the information to advertisers, he says.
  • Others fear that they might lose their information, or have to spend a lot of time transferring data, if they want out.
  • "So make sure it's the right provider and that you're ready to be in it for the long haul."
  •  
    "A growing number of small-business owners are expected to try cloud computing services next year, hoping to trim costs and stay up and running if disaster strikes. Cloud computing refers to any service that operates over an Internet connection, allowing immediate access from any computer or mobile device with Web access. Business owners can access software or store information-such as customer contacts, accounting data and presentations-and leave the technical maintenance to the cloud provider. "
sandy ingram

Data Breaches - Beyond the Impact of Fines - 0 views

  • A recent article in the Tech Journal (techjournalsouth.com) delves into the effects of data breaches, using survey information to demonstrate how they affect customer loyalty and confidence.
  • "The widespread impact of data breaches like Epsilon and Sony PlayStation, where millions of consumers were impacted around the world, is making customers more cautious about conducting business with certain financial institutions and retailers," said Jackie Gilbert, vice president of marketing and co-founder at SailPoint. "These companies obviously spent millions to recover from these data breaches, but the longer term and harder-to-measure costs will be the erosion of customer loyalty and decline in brand perception."
  • Case in point: 16% of Americans, 24% of Britons and 26% of Australians said they would no longer do business with a bank, credit card company or retailer if a security breach occurred that potentially exposed their personal and financial information to theft."
  • ...1 more annotation...
  • Although regulatory fines are painful, the loss of customers and business should really concern businesses.  Organizations and Infosec Professionals (CIO's, CISO's, etc.) would do well to take note of these results. 
  •  
    "The widespread impact of data breaches like Epsilon and Sony PlayStation, where millions of consumers were impacted around the world, is making customers more cautious about conducting business with certain financial institutions and retailers," said Jackie Gilbert, vice president of marketing and co-founder at SailPoint.
sandy ingram

FTC Announces Expanded Business Education Campaign on 'Red Flags' Rule - 0 views

  • The Red Flags Rule is an anti-fraud regulation, requiring “creditors” and “financial institutions” with covered accounts to implement programs to identify, detect, and respond to the warning signs, or “red flags,” that could indicate identity theft. The financial regulatory agencies, including the FTC, developed the Rule, which was mandated by the Fair and Accurate Credit Transactions Act of 2003 (FACTA).
  • The FTC’s Red Flags Web site, www.ftc.gov/redflagsrule, offers resources to help entities determine if they are covered and, if they are, how to comply with the Rule. It includes an online compliance template that enables companies to design their own Identity Theft Prevention Program through an easy-to-do form, as well as articles directed to specific businesses and industries, guidance manuals, and Frequently Asked Questions to help companies navigate the Rule.
  •  
    The three-month extension, coupled with this new guidance, should enable businesses to gain a better understanding of the Rule and any obligations that they may have under it. These steps are consistent with the House Appropriations Committee's recent request that the Commission defer enforcement in conjunction with additional efforts to minimize the burdens of the Rule on health care providers and small businesses with a low risk of identity theft problems. Today's announcement that the Commission will delay enforcement of the Rule until November 1, 2009, does not affect other federal agencies' enforcement of the original November 1, 2008, compliance deadline for institutions subject to their oversight.
sandy ingram

CERT's Podcast Series - 0 views

  •  
    CERT'S PODCASTS: SECURITY FOR BUSINESS LEADERS: SHOW NOTES Tackling Tough Challenges: Insights from CERT's Director Rich Pethia Key Message: Rich Pethia reflects on CERT's 20-year history and discusses how he is positioning the program to tackle future IT and security challenges. Executive Summary CERT's vision is a securely connected world. CERT's mission is to enable informed trust and confidence in the use of information technology. To achieve this vision and mission, CERT has broadened its perspective to include the full system/software engineering and operations life cycle and is reaching out to thought leaders in the global IT and security community. In this podcast, Rich Pethia, director of the CERT Program at Carnegie Mellon University's Software Engineering Institute, discusses the past, current, and future state of Internet security and CERT's role in tackling future challenges as CERT celebrates its 20th anniversary. PART 1: LOOKING BACK, LOOKING FORWARD: THE GOOD, THE BAD, AND THE UGLY CERT's Vantage Point CERT's vision is a securely connected world, supported by CERT's mission of enabling informed trust and confidence in the use of information technology. As the director of CERT, Pethia has unique access to government, commercial, and industry leaders. The Good News Internet use continues to grow, not just in size (number of people, volume of traffic) but also in utility, for example: * the increasing amount of real government and business operations * the introduction of new applications * the growing use of new mobile appliances User awareness of the need to address security is increasing along with increasing attention from service providers (firewalls, virus protection, anti-spyware, data backup). Developers are paying more attention to building security into their products. Vendors have more mature processes for providing cost-effective, timely updates for software vulnerabilities. Users are more willing
1 - 20 of 67 Next › Last »
Showing 20 items per page