The National Institute of Standards and Technology has published a self-assessment tool designed to help organizations gauge the impact and effectiveness of their cybersecurity risk management initiatives. The NIST Framework for Improving Critical Infrastructure Cybersecurity (the “Framework”) enables organizations to apply the principles and best practices of risk management to improving the security and resilience of critical infrastructure. The Framework is not intended to be a one-size-fits-all solution to cybersecuirity. Rather, the Framework will help an organization align its cybersecurity activities with its business requirements, risk tolerances, and resources.
Pearl Echo helps organizations satisfy portions of the Protect, Detect and Respond “Functions” of the Framework by focusing on the following Framework “Categories”: More...
Video conferencing, once the purview of the Fortune 500, has become ubiquitous thanks to the popularity of Skype and Facetime. But with most things Internet, there are frequently unintended consequences. Welcome the latest scam: The Romance Extortion.
In this scam, the target is lured into participating in cyber-sex using a webcam. The scammer records the video session and uses it to blackmail the target. Who would fall for that? Welcome Nebraska State Senator Bill Kintner.
Sen. Kintner began messaging with a woman who contacted him via his Facebook page. Their interaction grew over time from casual, to explicit, to the point where the woman convinced the married senator to contact her on Skype. While on travel, the senator used his state-issued laptop to engage in video cyber-sex. The woman soon after threatened to release the captured video unless the senator acquiesced to her extortion demands. Realizing he blew it, the senator decided to come clean and report his activity to state officials. Public officials in Nebraska who misuse state property can be charged with a misdemeanor. Sen. Kintner, perhaps due to his position, got off easy by paying a $1000 fine. More...
Three Part Blog
Part 2: The Internet and Employee Liability
In the previous article, we looked at productivity concerns related to employee use of the Internet. In this article we turn our attention to liabilities managers must consider when employees use company resources to access the Internet. So what new liabilities have you brought upon yourself since your company decided to connect to the ‘Net?
The term “hostile workplace” conjures up images of screaming supervisors publicly berating employees. Now, Sally walks past Fred’s cubicle and Fred has a provocative YouTube clip running on his screen. Then Fred, who has always had a weird sense of humor, email broadcasts an off-color joke that he thinks is a riot. Most of the recipients in the office think Fred’s joke is marginally funny, if that, but Sally, who is miserable to begin with, is now sent over the edge and decides to retire by slapping a hostile workplace lawsuit on you. Sound like an exaggeration? The Internet has broadened the definition of sexual harassment. Edward Jones, one of the world’s biggest brokerage firms, issued a memo demanding its workers disclose if they sent pornography or off-color jokes over the brokerage’s e-mail system. Forty-one employees who confessed were disciplined, but 19 who failed to come forward were fired. More...
Three Part Blog
Part I: The Internet and Employee Productivity
Competitive enterprises exist to prosper and therefore must operate with efficiency. Corporate stakeholders are tasked to keep labor and material costs low, justify investment in capital and variable expenses and protect the enterprise from contingent and potentially crippling liabilities derived, for the most part, out of negligence (lawsuits, product recalls, negative publicity, physical and IT infrastructure damage and disrepair). We continue to hear that productivity gains are paramount to controlling inflation and keeping manufactured goods competitive in world markets. In order to control costs and maintain your company’s competitive advantage, it is incumbent upon Management to identify and rid the corporation of malingerers and identify those that are less productive. Functional units need to keep their house in order to reduce the probability of extraneous costs. Operational efficiency takes on new meaning in times of economic contraction. Add the constant spate of corporate governance and consumer privacy legislation and you have a recipe that only disturbs the delicate balance managers must deal with as they attempt to meet requirements without destroying employee morale. In considering employee Internet access, clear thought needs to be given to productivity, liability and security. More...
Although BYOD (Bring Your Own Device) is a landscape that is constantly in flux, developing a policy for BYOD security is a critical first step in stabilizing this environment. Businesses and institutions need to understand that there are many things that they can do to create a strong security policy. This can be accomplished by realizing that there are a number of fundamental policy concepts that can provide a framework that will accommodate the changing landscape.
Since employees desire to use all manner of mobile devices in the workplace, security is the primary concern. Consequently, the policy must work hand in hand with the security measures that are enacted by the IT department. Although the goal is to clearly define those devices that can be used and how they can be used in the workplace, IT departments must work in partnership with other major departments and C-suite level players to make these determinations.
Not only should the BYOD policy clearly define accepted devices as well as the resulting security policy for each, they must also describe the security software requirements as one of the security that would be in place. Its best to choose a software solution that can allow remote monitoring, blocking and filtering of the activities on a wide variety of devices as well as respond to Apps, private clouds, Wi-Fi networks and remote desktop services. More...
It is strongly recommended that an Internet Acceptable Use Policy be
developed and communicated to all employees when an organization begins
using an Internet monitoring or web filtering product.
New Jersey Supreme Court issued an opinion in Stengart v. Loving Care
Agency, Inc. considering whether an employee had a reasonable
expectation of privacy in emails she exchanged with her attorney via her
web-based personal email account using a company laptop. In concluding
that the former employee did have an expectation of privacy, the Court
analyzed the adequacy of the notice provided by the company's electronic
communications policy and the important public policy concerns raised
by the attorney-client privilege. More...