Canadian Small Business Women

Connection, Synergy, Community

Insider Threats And Data Breaches: They’re Not Always What You Think …

There’s something you should know before you invest your entire IT and information security budget on technical solutions – if a smart thief wanted to steal your intellectual property and/or your client’s confidential information (e.g., credit, financial, and contact information taken during the Equifax data breach), they’d act like a gangster and walk in the front door and take it.

Why? When it comes to protecting what’s worth stealing, it’s your employeesnot your computers, that are the weakest link.

Employees are within the human resources (HR) wheelhouse, so this is a topic of great importance to me. Some years ago, I worked in an organization that invested a lot of effort to keep its intellectual property and confidential employee information protected. This was done in two ways: (1) careful hiring and HR processes and (2) technical measures including firewalls, information security protocols, etc. Both approaches were necessary. It hasn’t become a popular concept, as yet, but it’s easy to argue that cybersecurity alone is not enough.

Many of us have heard of Edward Snowdon, the former NSA Subcontractor who disclosed an immense volume of confidential information to journalists and online sources. After working in an organization that shares some similarities with the NSA, I think it’s safe to say that the presence of sophisticated technical measures was not enough to prevent the intentional disclosure of confidential information. In fact, this scenario is an example of an Insider Threat.

“Insider threats can be defined as risks posed by rogue employees who deliberately cause harm, or by those who may be negligent in the workplace.

Security Hinges on its People, FrontLine Security Magazine, October 2017).

 

 

If insider threats are a real problem why isn’t it better known?

 

analog insider threats

Not all data breaches are external or digital …

Most of us have heard about data breaches that have occurred in organizations that have much bigger security budgets than ours. For example, the NSA and Equifax breaches that I just mentioned. Plus, there have been big breaches at Yahoo, Home Depot, Target, and others. I’ve done extensive research on this topic and one thing is crystal clear: 75% of these data breaches originate inside organizations. Often, we don’t hear about the causes of those breaches because they make the organization look terrible. It has a negative impact on the public’s trust and confidence in the organization’s ability to protect corporate information, including clients’ and/or customers’ personal information. When an organization experiences a security breach, their current and future clients, strategic partners/affiliates, and members of the general public are likely to see the organization as irresponsible. Negative financial consequences usually follow. Approximately 60% of smaller companies are bankrupt within 6 months of a major security breach, so it’s no wonder this is kept quiet.

How can HR, based on I/O psychology help?

I’m addressing this topic because I understand that HR has an important role to play in preventing these insider threats. One problem is that most organizations don’t recognize that HR can make valuable contributions to the risk management process. Another problem is that the C-suite and the IT/information security folks don’t necessarily recognize the role that HR could be playing to keep confidential intellectual property and client information from leaking out of the organization. For example, many organizations don’t address workplace bullying as proactively or completely as they could. They haven’t understood the link between malicious insider threats that are inspired by anger or a desire for revenge that comes from being severely mistreated at work. The consequences of ongoing suffering in toxic workplaces are even more severe when essential government services and critical infrastructure are at risk. So, if the threat of lost productivity and lawsuits aren’t a big enough justification for improving HR policies and practices, the likelihood of insider threats should catch the attention of key decision-makers.

no wonder this is kept quiet.

 

How can HR, based on I/O psychology help?

I’m addressing this topic because I understand that HR has an important role to play in preventing these insider threats. One problem is that most organizations don’t recognize that HR can make valuable contributions to the risk management process. Another problem is that the C-suite and the IT/information security folks don’t necessarily recognize the role that HR could be playing to keep confidential intellectual property and client information from leaking out of the organization. For example, many organizations don’t address workplace bullying as proactively or completely as they could. They haven’t understood the link between malicious insider threats that are inspired by anger or a desire for revenge that comes from being severely mistreated at work. The consequences of ongoing suffering in toxic workplaces are even more severe when essential government services and critical infrastructure are at risk. So, if the threat of lost productivity and lawsuits aren’t a big enough justification for improving HR policies and practices, the likelihood of insider threats should catch the attention of key decision-makers.

If you’d like to learn more about how psychology and HR can help prevent insider threats, listen to Episode 27 of The Insider Threat Podcast where I speak to host Steve Higdon about this topic. Note – since the time that this article was published, I was an invited guest on Scott Wright and Tom Eston’s Shared Security Podcast and we spoke about different aspects of this issue.

Have a sensitive career or HR-related concern? I invite you to contact me by emailphone, or via direct message on Twitter, Facebook, or LinkedIn if you’d like to discuss any of these topics in more detail.

More than career coaching, it’s career psychology®.

I/O Advisory Services – Building Resilient Careers.

Taking the leap into the world of Business?


yvonne

Are you thinking of starting your business? If so, join the millions of people who at one point or the other in their lives have considered whether or not to start a business. The thought of having a successful business, being your boss or doing something you are really passionate about sounds very appealing, right? And these, amongst other reasons are why people leave their jobs and decide to start their own thing. The familiar question is; do I take the leap? And if so, when and how do I take the leap?

One of the greatest challenges for some people in starting a business is the challenge of leaving the security of a paid job. For some it is the issue of choosing the right idea to turn into a successful business. Well, these two challenges can be easily overcome.

First and foremost before venturing into you own business, undertake some research on how viable the business idea(s) is. Are there potential customers? And what is the potential ROI (return on investment)? I’m sure you’d agree with me that it is not very wise to invest your time and money into a business that doesn’t seem viable on paper, or give up your job to start a business based on a whim. However, many people do.

Secondly, an approach to starting a business without giving up your Job is to actually undertake a pilot while still working. And believe me, doing this will require the skill of being able to multitask. To undertake a pilot means doing some test marketing in order to test the market or gauge how responsive people are to your product /service. This will enable you make better decisions on the idea and what to do next. I’ve got to warn you though that this could prove to be hard work juggling a business with your fulltime job, most especially if you have a family to take care of. It requires time management, focus, perseverance and more. These are only some of the requirements you will need both in the short and long run if you want to have your own business. So, as opposed to immediately taking a leap, consider taking long steady strides.

Having looked at your business idea and undertaken some research, you may decide the business idea is viable and you’d like to take that leap into the business world. There are a few basic things that you’d need to do in order to take off. I very much believe in building solid foundations that will allow one to build much taller and weatherproof buildings. And to build a solid foundation you need to get either some business advice or coaching and write a plan.

The word ‘Business Plan’ seems to be such a dreaded word, many people think of it as long-winded and unnecessary. However, I promise you that it is one thing that will need doing either now or later for a more successful business, better now than later I say. Planning and building the concept in your head is not enough, pen it down on paper. The saying goes, “Write the vision and make it plain, that those who is it may run with it” and that includes you, your potential business partner or financiers. Writing the plan takes you through the process of developing and refining your idea, it is also very much needed if you plan on raising capital externally. Please note that it is not enough to just write a business plan for the intention of raising capital, you should also use it as a blueprint for successfully managing your business.

Another challenge often faced in starting a business is Capital. Sometimes, the bigger the idea, the bigger the capital required. Don’t let this hinder you if raising capital seems to be your own challenge. Instead, think out-of-the box in identifying ways to raise the capital required. Look for avenues to cut back on the initial capital required, some ways of cutting back on capital includes; offering trade by batter or buying second-hand instead of new.

The following options are available to you and all except for personal savings will require a sound Business Plan; Personal savings, Friends & Family, Bank loan, Government Initiatives, Private Investors and Venture Capitalists.

Having researched the idea, written a ‘Plan’ and raised the required finance, you are all set to take off. Nothing Ventured, Nothing Gained. Take the leap if you feel very strongly about it, but plan and prepare for it.

To learn about Yvonne’s latest book on Changing your Mindset for greater results, visit http://www.oliveblue.com/changeyourmindset/

Yvonne is an Author, Speaker, Change Consultant & John Maxwell Leadership Coach who is passionate about working with Individuals, Entrepreneurs and Organisations to help implement change they want and achieve their goals.   

She can be reached at: www.oliveblue.com . www.facebook.com/oliveblueinc . www.twitter.com/oliveblueinc.www.youtube.com/ChangeYouWantTV

NO TIME OR MONEY BUT I WANT TO INVEST IN REAL ESTATE!

Amina

As a mortgage agent and real estate investor, I meet many first time as well as experience investors.  Knowing that the government won’t take care of us in our golden years, most of us have come to realize that investing in real estate instead of other types of investments, such as GIC’s or mutual funds for example, can provide us with long-term growth, security not to mention monthly cash-flow.

Being a real estate investor, I write a number of blog posts about investing and I attend a lot of real estate based networking events.  There is always something to learn!

But this is where the rubber hits the road.  The difference is in the investor who takes what they have learned and applies it to purchasing properties and the other, who keeps learning but is hesitant to take action.

I always ask what does it take? Why do some people take action and other sit on the sidelines and watch?

It is lack of confidence, time, or money or a combination of all three?

I can understand “I don’t have enough money”, however there is a solution to this.

I can also understand  “I do not have the time.”  Many people already have full-time jobs and cannot take on another job, such as full-time real estate investing.

Let’s look at a solution to both of these problems.

You don’t have money so what can you do?  Believe it or not, many people find themselves in this boat.  There are people with money, who don’t have the time to invest and need an experienced investor (this is where you come in having learned everything there is to know) to partner with them.  This is a joint-venture situation.  The partner with the funds takes out the mortgage and invests the funds.  You take care of the property, finding the tenant and ongoing maintenance and rent collection.  You both split the profit 50/50.  There are numerous ways to joint-venture with somebody but this is the usual.

The above solution also works for the person who does not have the time.  He or she works 60-70 hours a week and is making great money but they want more.  They want to make a better return on their investments and the time they have vested in their full-time job.

Once they start investing, many of these people see that the return on their time is better spent investing in real estate and learning more instead of just joint-venturing with other investors who have time.

It all comes down to what is more important to you – time or money? Or both?

For me, it’s both but I am far from that place where full-time investing takes over my present full-time job.  How will I get there?  By learning, taking action and making my investments work for me.

To your Wealth!

Amina

Please “like” my facebook page here Please follow me on twitter here

Stay Social with Canadian Small Business Women: