Posts

2019 Cyber Security Statistics

Cyber security challenges are not just limited to large banks, credit bureaus, utilities, or other critical entities, they effect all businesses.

The infographic below, presented by techjury, reveals the cyber security statistics for 2019.
 
Cybersecurity Infographic | Tech Jury | Cyber Security Stats – Infographic
 
Republished with permission from techjury.

What You Should Do If an Employee Has an Accident at Work

StrategyDriven Risk Management Article|Health & Safety | What You Should Do If an Employee Has an Accident at WorkDespite all the precautions and safety measures put in place at your place of work, accidents can and do happen. The truth is; however, you can never totally minimize the risk of an accident but understanding what you can do to help your business and employee through this difficult time is a lot easier when you know what to do.

You might have had all the necessary training to prevent accidents but not how to deal with them afterward. Therefore, if you have found yourself in this situation where an employee has injured themselves, and you are unsure about what steps to take next this guide can help you to get through it.

Medical Attention

When the incident first happens, many people could find themselves going into shock, but acting quickly is vital. You will need to get a first aider to the scene to assess the situation and to see whether an ambulance will need to be called if it seems serious. The quicker you act, the quicker you can eliminate further injuries or problems for the employee.

Get a Written Statement from the Employee

After the incident has happened, and once the employee has received the necessary first aid treatment, you will need to fill out an accident and injury report to find out the facts; who was involved, where it happened and type of injury they have suffered. You will need all this and more to find out precisely what happened to ensure that it never happens again.

Try to talk to them sooner rather than later as trying to understand it early on is essential to not having any other problems further down the line, such as forgetting what happened.

Witness Statements

A good thing to follow up with is getting witness statements from other employees who might have seen what happened and could tell you how the events unfolded. You may find that if your employee is saying that it wasn’t their fault and was a result of the company’s unsafe work area, but three other members of staff are saying something different it could prove that the accident was the employees’ fault and not yours.

This could prove vitally important if it is taken to court when the employee tries to claim against you. You don’t want to find yourself in financial difficulty because someone is suing you. Remember this would affect not only your finances but also your reputation, and for your business’s future, you will want to avoid this at all costs.

Report The Accident

No matter how serious the injury your employee suffered was, it is essential that you report this accident to your insurance company which can cover you financially while you deal with being down an employee. You shouldn’t avoid filing this report as this could have repercussions on your behalf if the employee was to claim against you and it was your fault. The financial losses could be huge for you.

Assess the Levels of Safety in the Work Place

After the accident has happened and you have read the statements and deemed what exactly happened you will need to assess the levels of safety in your workplace. You might have found that despite the safety measures you put in place some time ago due to people falling back into bad habits of not being careful that the safety levels have slipped.
You will want to prevent anything else happening in the future, so it is a good idea to train up all your employees again with a refresher course and testing all your equipment to ensure that it is safe to use.

Seek Legal Help

If from the statements you take you find that it was neither yours or your employee’s fault but was a third party such as another employee or a visitor who caused them the injury, helping your employee to get legal help when dealing with a long-term injury would mean a lot to them. There are lawyers that specialize in injuries at work, and this law firm will ensure that your employee will get themselves back on their feet financially by taking away any stress that comes with it.

If they were injured by any of your equipment or a product that you have bought from elsewhere, these lawyers could also help your employee get the finances they deserve, on top of the sick pay they will be receiving from you. If this was the case, you should consider replacing the equipment and changing the products you use.

If you find out that it was your employee’s fault because they were under the influence of alcohol intoxication or drugs and they are trying to sue you, you have every right to take them to court. You will need to prove that actually, the safety measures you have in place were not at fault at all but it was the employees.

If it turns out, it was your fault, and they have filed a claim against you then you legally will have to pay them the compensation, and you look at how you can stop this from ever happening again.

Welcoming Back the Employee

The injury has probably affected the employee in more ways than you can imagine and so when they are ready to come back to work, it is important to welcome them back and ensure they are happy. Some people may find that even with a long term injury that they have to come back sooner than they wanted to for financial reasons so sit down and have a chat with them about how you can improve how they work to make it easier. If their job involves behind on their feet a lot and they have hurt their leg you could offer them a job sitting at a desk.

If this isn’t possible and they have to go back to their old job make sure they bring a doctors letter with them that proves they are fit to work; if they cause further injury and haven’t provided you with this letter, they could make a claim and you can be made responsible. Persist that they only come back to work if they have this letter.

3 Reasons to Be Careful about the Companies You Do Business With

StrategyDriven Managing Your Business Article | 3 Reasons to Be Careful about the Companies You Do Business With | Entrepreneurship | Risk ManagementIn business, there are all kinds of different things that you need to be mindful of, and cautious about. It’s certainly the case that you need to invest your money wisely, and if you’re operating in the wrong niche, that in and of itself can be lethal.

Perhaps one of the biggest pitfalls that a new entrepreneur can fall into, however, is getting in bed with the wrong business partners, or becoming a bit too embroiled in shady dealings, alongside unscrupulous companies.

Certain businesses are likely to be a boon to you, if you work with them. A company that is focused on protecting the rights of maritime workers, and that is run ethically by an upright and reputable individual, is unlikely to cause you trouble if you happen to be in partnership with them.

Other companies, on the other hand, can ruin you by association.

Here are a few reasons to be careful about the company you keep in business.

You may get exploited and dragged down directly

The first risk that you face when doing business with an unscrupulous company, is that they exploit and drag you down directly.

It’s not unheard of for devious business partners to use fairly naïve entrepreneurs as “fall guys” for schemes that are fundamentally based on misrepresentation, and exploitation of the customer. In such cases as these, you might find yourself being contractually listed as the responsible party when things go wrong.

Other forms of exploitation are even more blatant – and involve things like the direct theft of your unsecured intellectual property.

Your reputation can be permanently tarnished by working with an unscrupulous company

In business, reputation is a big deal, and if you sink yours by associating yourself with deeply disreputable companies, it’s entirely possible – if not even likely – that you will never be able to recover, professionally.

Plenty of people find their reputations completely destroyed, not necessarily because of something they did, but because they got too close to assorted sketchy companies, and were painted with the same brush when things eventually came to a head.

Avoid this situation altogether, because trying to do damage control can be a real pain.

By being inattentive, and complacent, you may end up in a position where you compromise your own moral code

This is actually the most important point in the list, although it comes last in the article.

Plenty of companies act in ways that will violate various people’s moral codes and standards. Of course, living by a moral code, and being forthright and accountable to your own values, is perhaps the most important thing in life.

Without character, you have nothing.

Just by being inattentive, and complacent, you may end up in a position where you absentmindedly or unknowingly compromise your own moral code, by your choice of collaborator.

It’s very hard to regain self-respect if you come to find that a company you are closely working with has ruined the lives of your joint customers or clients through their immoral or reckless actions.

Ideas For Keeping Your Small Business Protected Online

StrategyDriven Managing Your Business Article | Entrepreneurship | Cybersecurity | Risk Management | Ideas For Keeping Your Small Business Protected Online These days you’re likely doing a lot of business and performing your tasks online. While the Internet can be an extremely beneficial way to run your company, it also comes with its downsides.

One cause for concern is being vulnerable to hackers and those who wish to sabotage your files and business. The following ideas are going to help you learn and understand what you can be doing better at your workplace to protect your small business online. This is one subject matter you want to take seriously and attend to if you wish to keep your company free from any unfortunate situations that will be difficult to clean up later on.

Educate Yourself and Be Current

One idea for keeping your small business protected online is to educate yourself on the topic. Be current about knowing what anti-virus programs to use, what backups to perform and when and getting to know your computers better so you can make sure they’re consistently running smoothly. The more you know about IT maintenance, the less of a chance there will be that your business will fall victim to hackers and wrongdoers. You put yourself at risk for negative consequences when you choose not to learn more about online security and what you can be doing better to improve it at your workplace.

Hire Help

Another great idea is to hire help and pay for the professionals to assist you on the matter such as using a Managed IT service. The reality is there’s a lot of information in this area you’re not going to know and will need assistance with if you want to make sure your business is protected online. You likely have other pressing matters and initiatives to attend to and can’t always be in the know about what’s new in the IT world. Invest in using a third party to help you make sure you’re doing all you can to keep yourselves safe on the Internet.

Use Strong Passwords

Never underestimate the advantages of using strong passwords to protect your computers and files. Keep your small business protected online by committing to using passwords that would make it difficult for someone else to hack into your information. Create ones that are challenging and complex, but also update your current passwords often so that it makes it harder for someone else to guess it or compromise your data.

Provide Best Practices to Your Employees

It’s not only your job to make sure your business is protected online, but also that of your employees. However, they may not be aware of how important this matter is or how to go about doing so unless you inform them. Provide best practices your employees can use to make sure their laptops and files are secure. For example, educate them about not clicking suspicious looking links, following through and complying with computer updates and who to ask or turn to should they have online security questions.

How to deal with cyber-attacks: publicly or privately?

StrategyDriven Risk Management Article | How to deal with cyber-attacks: publicly or privately?Cyber attacks spiked 164% in the first half of 2017, compared to the same period in 2016, entailing 918 disclosed breaches-according reports on broadcaster CNBC. Threats vary from sector to sector. Healthcare, for example, is more susceptible to crypto-locker ransomware like the infamous WannaCry.

Internet-connected consumer devices often fall prey to malware that shackles them to remotely controlled botnets such as Mirai. Varied though the threat may be, and staggering though these numbers are, the word disclosed highlights a central paradox: While transparency contributes to the overall fortification of cyber-security protocols and procedures, battening down the hatches presumably mitigates further financial risk.

Sure, a disclosure is immensely beneficial in terms of buttressing industrial safeguards, national and global security, and customer protection – not to mention mitigating the longer-term repercussions of an attack – but so too can disclosure exact lasting damage on a bottom line.

Fighting back

The nature, intent, and consequences of an attack notwithstanding, the way companies have responded to breaches is closely related to their designation: public or private. CFOs at public and private companies face different risks and pressures when it comes to cyber-security and disclosure, and exhibit divergent perspectives when it comes to preparation.

Broadly speaking, public company CFOs are more likely to outsource cyber-security to third-party firms, while private CFOs tend to invest in in-house IT teams. Regardless of who secures a company’s network, breaches are often known by CFOs before they are made public. By disclosing a breach, CFOs of publicly traded companies might trigger investor panic and sell-off, whereas private company CFOs risk irreparable harm to consumer and employee confidence.

On one hand, foreknowledge of pending disclosures can put unique pressure on public company executives, who often own considerable amounts of company stock. The ongoing federal investigation of three Equifax C-suite managers for insider trading arose due to alleged stock dumping prior to the revelation of the company’s catastrophic cyber-attack.
Equifax underscores the tension between a public corporation’s responsibility to its board, shareholders, and customers, and the financial implications of both the breach itself and legal requirements governing its reporting and remediation.

On the other, while private companies aren’t under the same legal obligations in terms of disclosure, and while the short-term consequences may be less impactful, these companies still face long-term pitfalls, such as lost trust and tarnished brands. Moreover, a medium-sized business may not have the capital or reserves to recover reputationally or financially after a major data breach the way a multinational corporation can.

Additionally, the moderate scale of many private companies sometimes instills a false sense of security. Middle-market businesses often assume they’ll be overlooked by attackers, whether due to a large number of similar companies, or a lack of enticing assets. After all, isn’t it the bigger fish that stockpile the type of data and info that hackers tend to target?

Be prepared

A lack of proper preparation only exacerbates the panic once an attack does occur. Attempting to deal with an attack on the down low can earn private enterprises a reputation as easy marks, and provoke subsequent attacks. Further, if the rearguard strategy backfires, or is exposed by the press, this can amplify the damage to a company’s brand and leadership, not to mention potential legal consequences if a court can prove negligence.

In terms of the bigger picture, the lack of reliable data pertaining to attacks on private companies leads to lopsided analysis regarding the multifaceted aims and motives driving these attacks, resulting in a sort of half-finished portrait of the threat landscape.

While cybersecurity prevention could be vastly improved by greater information sharing, some surveys of CSOs indicate that only one in seven attacks are reported to authorities. Alas, as it stands, adequate event modeling, and risk and security assessments, are being stymied by a lack of shared intel on private company breaches, effectively hampering the development of comprehensive prevention and management strategies.

This lack has precipitated the introduction of numerous cyber-security regulations around the world, and though the regulatory ecosystem is in a state of flux, the global trend is invariably toward greater transparency. CNBC notes that “governments around the world are introducing legislation which will force more companies to disclose data breaches,” a reach that already extends to private enterprises.

Regulatory environment

Both private and public companies are compelled to comply with local, national and global disclosure regulations, including Sarbanes-Oxley (SOX), the Health Insurance Portability and Accountability Act (HIPPA), and the EU’s General Data Protection Regulation (GDPR).

The GDPR, which regulates the collection and storage of customer information and data, and can levy fines of up to €20 million, requires that private companies disclose if they have a footprint in Europe, or otherwise handle the information of European citizens.

In the US, Sarbanes-Oxley (SOX) indexes the responsibilities of both public and private companies, including rules pertaining to compliance with federal prosecutors, and criminal penalties. Further, HIPAA governs how any company, public or private, handles personal health information.

Though public companies, traditionally, may have shouldered an inordinate amount of the fallout from disclosure, this has left them better readied for the implementation of legislation designed to enforce transparency. Even more advantageous, public companies now have hard-won practice mitigating the financial risks and ramifications resulting from disclosure.

Private companies, by contrast, are less aware and agile in terms of prevention and response; protecting their brand, for example, or proactively communicating with clients. Simply put, having been in battle, public CFOs are stepping up and getting more involved with cyber-security, while private CFOs, hovering on the sidelines, appear far more circumspect.

Make no mistake: this problem is only getting worse. The situation could improve rapidly if execs from companies of all stripes and sizes shared details of attacks with the larger corporate community.

Whether you are a CFO of an international, publicly-traded conglomerate, or a mid-sized regional business, it is well within your portfolio to do everything possible to properly prepare for the threat. Engage with the board, secure funding for proper security controls, and encourage leadership to be forthcoming when not if, your company’s cyber attack occurs.


About the Author

Andrew Douthwaite has over 17 years of technology experience joining VirtualArmour in 2007 as a senior engineer. Now as Chief Technology Officer, Andrew focuses on leading growth in the managed security services business and ensuring VirtualArmour is a thought leader in the security industry.