https://www.facebook.com/tr?id=239616613522127&ev=PageView&noscript=1%22/>

Viewing entries in
Security & Risk

The Rise of the Emotionally Intelligent Enterprise

Comment

The Rise of the Emotionally Intelligent Enterprise

The last 18 months have been transformative for the way companies do business. As people pushed corporations to adopt new policies through movements such as the global walkouts at Google, companies that were once driven purely by sales and revenue are starting to change. They are beginning to realize that they will need to take a stance on issues such as harassment and bigotry to remain in good standing. In an age where authenticity and accountability are key, empathy has become a driving force for business success.

However, as sexual harassment lawsuits and global anger reach record highs, and headline after headline continues to rock corporations across industries, the fact remains that companies must actively prove to consumers and employees that they care.

Today, employees and customers look to companies to understand where they stand on major social issues. Many businesses have responded to this trend with well-intentioned PR statements around their corporate culture and policy. However, the bar today has been set far higher than before. Customers and employees often feel that companies can’t gauge their emotions and are increasingly frustrated by well-meaning statements with little follow through. That means that to assuage consumer anger and combat a growing possibility of reputational loss, companies need to demonstrate emotional intelligence, not just a political stance.

Comment

No More Silos: How People Risk Will Change Your Department in 2019

Comment

No More Silos: How People Risk Will Change Your Department in 2019

In the age of social media, anyone can be a journalist. In a recent article about bad employee behaviors gone viral, Erik Deutsch of the LA-based ExcelPR group said that the ability to post anything in real time and make it accessible to the entire world has forced companies to rethink risk management. “If someone was mistreated in a store 15 years ago, they might make a scene and tell their friends, and that would be it,” he says. “Now, they post it online and it can become a sensation.”

As this year’s headlines around workplace harassment, bigotry, and violence suggest, individual departments are struggling to mitigate people-based risk on their own. HR is overwhelmed with paperwork. PR is scrambling to react quickly enough to control the narrative when bad news breaks. Security teams are often ill-prepared to handle allegations that boil down to “he said, she said” disputes. IT is asked to manage a growing set of channels not necessarily optimized for security. The new reality of people risk is exposing major cracks in traditional organizational structures. Unless companies adopt new approaches to people risk management (PRM), it will be increasingly difficult to stay ahead of potential threats.

So what’s on the horizon for people risk management? Moving forward, we will see significant shifts in structure, process, and technology to promote deeper collaboration between HR, risk, digital communications, and IT. While organizations will take a variety of approaches to mitigate these new threats, we predict three general trends…

Comment

5 Ways Social Media Behavior Can Create Security Risks

Comment

5 Ways Social Media Behavior Can Create Security Risks

There is increasing awareness among security experts about how social media behaviors can open the door for insider and outsider threats. However, other than an employee posting a direct threat online, it can sometimes be difficult to know what to look for.

When attackers want to penetrate an organization’s security, they look for vulnerabilities. These vulnerabilities may be technical in nature but oftentimes employees themselves can be the weakest links in a security system. The content that employees post on social media can give would-be attackers clues as to who in the organization might be susceptible. At Fama, we’ve worked with numerous organizations to help them interpret potential risk indicators on social media.

5 examples of social media posts that have left organizations vulnerable to an attack:

1. Complaining about security protocols – We’ve even seen employees complain online about security measures and even state that they don’t plan on abiding by those measures. In one instance, a government contractor had a policy prohibiting employees from bringing company phones to work. One employee complained on Facebook about the “absurdity” of the rule and joked about not following it. By posting these comments publicly, the employee not only encouraged others to ignore the protocols, but also advertises to potential outside attackers that his phone is a potential path into the organization. 

2. Bullying or harassing others online – We unfortunately see public bullying of co-workers on social media. This behavior is obviously unacceptable and hurtful in its own right but it also indicates to outside attackers someone who is potentially hurt, angry or resentful and would have a reason to lash out against the company.

3. Financial desperation – Financial debt is the second leading cause of insiders turning rogue[1]. An employee talking about student loan debt but not be a problem but when an individual starts talking about financial problems with emotional desperation it is an indicator that they may be willing to do something extreme.

4. Badmouthing the corporation – While most insider threats are motivated by financial gain, employees who are happy with their jobs and their companies are less likely to take such an extreme step. An employee who talks about hating their job, hating their boss, or calling their company “evil”, is more likely to rationalize self-serving behaviors.

5. Revealing sensitive client information – Revealing privileged information is a problem that you need to know about. When someone seems to talk too freely about clients or corporate IP, even if it’s not a direct privacy breach, it is an indicator that this person is likely to share information that he probably shouldn’t.

Make sure that your organization has clear policies for what is acceptable for your employees to post online. Have process in place to ensure that those policies are being followed because a policy with no enforcement might as well not exist. Finally, make sure you have options for how to act in the event a policy was violated whether it be further training, restrictions, or more serious action steps. We'd love to tell you more about how Fama can work with you to identify these kinds of risks at your organization.

Contact us at [email protected] if you’d like to learn more.

[1] “Insider Threats and the Need for Fast and Directed Response,” SANS Institute, 2016.

Comment