Effective April 1, 2019, the AmTrust Workplace website for your Employment Practices Liability (EPLI) coverage written with your Package, BOP or Workers' Compensation policies is being updated to a new name, AmTrust Employment Risk Solutions, and a new URL, AmTrust.EmploymentRiskSolutions.com. Your existing user credentials will remain in effect and can be used to log in to the new site. Please contact The McCalmon Group, Inc., platform administrators, 888-712-7667, if you have any trouble with registration.

AmTrust Workplace
print   email   Share

An Enterprise-Wide Cybersecurity Plan: A Crucial Step For Protecting Data

In October 2014, online criminals breached the U.S. Department of the Interior and accessed the Office of Personnel Management's databases to steal sensitive personal information on more than 22 million current and former federal employees. The Department did not discover the breach until April 2015.

Recently, the Office of the Inspector General (OIG) of the Interior Department issued a report stating that the organization still has gaps in its cybersecurity. The report found that the incident response program of the Office of the Chief Information Officer (OCIO) was unable to identify "some of the most basic threats from inside the enterprise network." As a result, the organization could not address threats quickly, which left their systems vulnerable for months at a time.

For example, the OIG investigation found that a U.S. Geological Survey (USGS) employee exposed his organization to malware by watching pornography on an agency workstation. The employee's computer was infected with Russian malware that was attempting to communicate with command and control websites in Russia. Jory Heckman "IG: Interior Dept. computer infected with malware after employee surfed porn sites," federalnewsradio.com (Apr. 09, 2018). 

Commentary and Checklist

To have effective cybersecurity, organizations must assess and plan for cybersecurity threats on an enterprise-wide level. It is not enough to address threats individually, on an ad hoc basis. Removing malware from a single computer will not be effective at stopping a breach if the malware has already spread to the entire network.

It is important to work with cybersecurity experts to look at your organization’s vulnerabilities and create a plan that addresses them. Because hackers are increasingly focusing on breaching entire networks, organizations must have an enterprise-wide cybersecurity plan in place to stay protected.

The report also found that the OCIO did not have cybersecurity employees actively looking for enterprise-wide cybersecurity threats, but instead relied on automated cyber alert systems. According to the OIG, automated systems are not very accurate, and employees need to analyze alerts, events, and active processes from across the network in order to find hidden cybersecurity threats. Utilize in-house cybersecurity experts so that you can monitor network traffic in real time to spot and address threats as quickly as possible.

Another problem that the report found was that the OCIO would patch malware-infected computers and start using them again right away. The OGI recommended removing infected computers from the network and conducting a thorough cyberthreat analysis on them before putting them back into use.

Enterprise-wide cybersecurity plans may take years to implement, and employing a cybersecurity team is costly. However, it is far better to do so and achieve greater cybersecurity in the future, than to try to avoid the cost and time only to face an even more costly and time-consuming data breach.

Finally, your opinion is important to us. Please complete the opinion survey:

Are you a new user?

Register Here


Retrieve Password

Recent News

Not All Search Engine Sites Are Safe: The Fallibility Of Blacklisting

Blacklisting helps users avoid malware-infected sites, but there are flaws. We examine. Read More

Ransomware: Still A Risk For All Organizations

Cybercriminals often spread ransomware and other malware through phishing emails. Learn why employee training should not be your only protection. Read More

Cybercriminals Targeting Organizations And Individuals With Email Compromise Scams

Real estate scams and similar cybercrimes can cost organizations thousands of dollars. Learn how to spot the signs and reduce your risk. Read More

Recent Articles

Do Single Mothers Have To Show Coercion To Prove Sexual Harassment?

A single mom sues her long-term former employer. Jack McCalmon examines whether single mothers have more to prove when it comes to sexual harassment charges. Read More

Not All Search Engine Sites Are Safe: The Fallibility Of Blacklisting

Blacklisting helps users avoid malware-infected sites, but there are flaws. We examine. Read More

How You Manage Is More Important Than Labels

How you define your role affects employee satisfaction. Learn what words - and, more importantly, actions - work best. Read More