August 15, 2017 by The GLS Team
There's a new piece of malware in the wild called Ovidiy Stealer and it's looking to steal both individual and company passwords. This password malware isn't particularly sophisticated, and if one has up to date anti-virus and anti-malware programs, a corporation may not have to worry about it -- yet. Ovidiy Stealer's claim to fame isn't its sophistication, but its price. For a mere 450 to 750 Rubles (that's a mere $7 to $13 USD), crooks not only get a license for the malware, but they also get support from the mastermind in Russia, who calls himself, "TheBottle."
A $7 Piece of Malware?
Believe it or not, it's a competitive market out there when it comes to attracting malware customers. The Ovidiy Stealer is dangerous because for only $7, it's universally affordable--and appealing. It lures its victims with an executable attachment (it may be compressed as a zip file), or a link to an executable file in an email, pretending to be something it clearly is not. Once it is run, the malware targets certain browsers and steals the passwords.
Which Browsers Does it Target?
According to Proofpoint, Ovidiy Stealer is currently targeting the following browsers:
- Amigo browser
- Google Chrome
- Kometa browser
- Opera browser
- Orbitum browser
- Torch browser
The savvy user may note that it doesn't target Internet Explorer, Safari, or Firefox, but given that this password malware is constantly evolving, it may prove problematic even for those browsers in the future.
Why Should Companies Be Concerned About Ovidiy Stealer?
Ovidiy Stealer isn't aimed simply at stealing individuals' passwords. Anyone targeted could inadvertently execute the password malware themselves, allowing the criminals to obtain passwords for company bank and investment accounts, financial records, medical records, clouds, and more. Just one breach in security could result in serious damage and even serious fines, depending on the nature of the compromised data.
Is There Any Way to Prevent Ovidiy Stealer from Stealing a Company's Passwords?
The good news is that while Ovidiy Stealer is targeting a large number of accounts, it isn't particularly cutting-edge. Taking precautions as small as adding a two-factor authentication will help reduce the number of exposed accounts. Adding a password manager to all accounts, changing passwords frequently, and making certain that if there is a breach, the password manager can change the passwords quickly, is a good first step. But none of that addresses the human element. All the antivirus and malware protection available doesn't protect computer systems if the users are unaware of the potential risks and still click on harmful links or accidently run malware.
Addressing the Human Factor
Global Learning Systems offers comprehensive online security awareness training that can show employees how to spot threats like Ovidiy Stealer and avoid turning their companies into malware victims. They have a wide variety of security courses designed to train employees to remain vigilant when it comes to viruses and malware. They offer Information Security Awareness Training Courses which cover the basics, such as phishing/social engineering, Internet safety, mobile security, email safety, and identity theft. They also offer their Information Security “Best Practice” Modules Suite which provides the learner ways to put into action best security practices in everyday online use. They also offer role-based training and compliance courses which will train employees to assure compliance with specific regulations.
While Ovidiy Stealer isn't the most sophisticated malware out there, in terms of overall scale and prevalence it is deadly, and has the ability to become a real threat to any organization. A company can thwart this attack using:
- Two-step authentication
- A powerful password manager
- Training that will teach its employees to recognize potential threats
Contact Global Learning Systems today and find out how you can protect your company from Ovidiy Stealer and other malware threats.
August 11, 2017 by The GLS Team
HIPAA, or the Health Insurance Portability and Accountability Act, was enacted in 1996 to ensure that patients' medical records remained private and accessible only to the patient and the required healthcare professionals. Failure to comply with HIPAA can result in steep fines and even criminal penalties. The minimum penalty for non-compliance due to willful neglect--if it is corrected--is $10,000 for each violation and up to $250,000 per year. However, the maximum penalty is $50,000 for each violation, and up to $1.5 million in a year. Even if HIPAA regulations are violated out of ignotance, the maximum fines can reach $1.5 million. And what counts as non-compliance? The list includes lost and stolen devices, hacking, lack of training, third party disclosure, and employee dishonesty.
Lost and Stolen Devices
According to the Texas Medical Association, mobile devices such as laptops, tablets, thumb drives, and smartphones are more likely to be lost or stolen than other pieces of equipment, thus causing HIPAA non-compliance . Even if employees do as little as check their work email on their smartphones, if the email contained any personal health information or PHI it can count as a serious breach of HIPAA compliance .
Theft, unfortunately, happens all too often, and a single laptop theft can result in huge fines if the device is not sufficiently encrypted so as to prevent access to PHI. While encryption is not mandated by HIPAA, encrypting sensitive data can prevent a breach of compliance should a device become lost or stolen.
Making up 23 percent of HIPAA violations, Hacking is the second most common cause of HIPAA non-compliance. Weak passwords, unintentionally downloaded malware, internet worms, phishing, and lack of sufficient firewall protection offer hackers a way into systems and thus a way of obtaining PHI. Hackers can be deterred by the use of strong passwords, frequent updates, and firewalls. All software should be kept up to date to avoid possible security breaches. Having a good anti-malware and antivirus checker running frequent scans will also help prevent possible security breaches.
Lack of Training
Lack of HIPAA compliance training is also a crucial reason why HIPAA violations occur. It's not enough for just simply an owner or an upper management team to receive HIPAA compliance training. HIPAA violations frequently occur at a lower employee level, where office staff, contractors, volunteers, and others who have access to PHI may unknowingly violate HIPAA rules. Global Learning Systems specializes in HIPAA compliance training for all employees.
Third Party Disclosure
But It isn't sufficient for a company or clinic simply to maintain their own HIPAA compliance. Under the HIPAA Omnibus Ruling, companies are also responsible for their business associates and even subcontractors for their business associates. So, if a business associate or one of their subcontractors violates HIPAA by putting the company or clinic's PHI at risk, the company can be held liable. For this reason, it is crucial that a company's owner or manager scrutinize his business associates' compliance plans before partnering or entering into a contractual agreement with them.
Whether they are accessing PHIs with malicious intent or out of simple curiosity, if an employee does not have the right to access certain patient records, they can cause the company to be in breach of HIPAA compliance. Global Learning Systems can provide employees with HIPAA compliance training so that they fully understand the dangers and risks of accessing sensitive patient records without authorization. With our training, employees will learn that illegally accessing--not to mention stealing--personal health information can and will result in termination, strict fines, and even jail time.
HIPAA violations can occur anytime, which is why so crucial that companies and clinics be on guard when it comes to their patients' sensitive information. In particular, they should guard against:
- The security of lost and stolen devices, with data encryption.
- Hacking, by insisting on strong passwords, up to date software, firewalls, and anti-malware and antivirus software.
- Lack of training, by having all employees, contractors, and volunteers participate in HIPAA compliance training.
- Third Party Disclosure, by ensuring all third parties and their contractors have proper HIPAA compliance plans.
- Employee dishonesty, by properly training employees in HIPAA compliance to deter violations.
Global Learning Systems can help instruct you and your employees in HIPAA compliance, and provide safeguards and solutions for every possible security breach. Contact us for all your HIPAA compliance training needs.
August 03, 2017 by The GLS Team
Business ethics is constantly evolving to meet the needs of our current societal norms and expectations of business leaders. With more Millennials becoming business leaders and simultaneously representing a significant percentage of retail sales, the generation's values are definitely reshaping how corporate ethics are approached. How closely are you examining business ethics in your organization, and prioritizing your policies concerning ethical conduct, stakeholder relationships, and social responsibility?
Corporate Social Responsibility
Corporate social responsibility (CSR) measures are incredibly important to the 18-35 demographic today, with the Millennial generation being more responsive to CSR initiatives in terms of both employment and consumption.
86% of Millennials claim that it's not merely preferable, but a priority, to lend their talent to a workplace that is socially responsible. Social responsibility isn't just a platitude that gets thrown around boardrooms but a proactive approach that encompasses any and all of the following, and more:
- Using local suppliers
- Buying and hiring American
- Diverse hiring initiatives
- Investing in green, sustainable production methods and workspaces
- Addressing workplace harassment
- Fair wages and benefits to all employees, not just white-collar professionals
- Making workplace safety a priority
- Charitable giving initiatives (including paid time off for volunteer work)
The list goes on, but CSR scorecards are based on how well the organization treats its employees and the planet by the decisions made.
Hyper-transparency in the Internet Age
Millennials are more skeptical of businesses than previous generations. Because they are digitally-connected, the younger generation wants to see actions and not words when it comes to promises made to both the organization's workers and the public.
Business ethics accounts for transparency, but to what extent? Are your policies up-to-date to be hyper-transparent in the internet age, where immediate action is expected and claims can be debunked in seconds? With this constant state of connection, organizations can't afford to not be hyper-transparent today.
Being Good to People and the Planet = Good for Profit
Also known as the "triple bottom line", business practices that are good to people and the planet don't have to compromise profits.
Millennials want to see more than the CEO cutting a large check to a charity in order to keep up appearances. By adopting policies that are friendly to workers and consumers alike, and greener practices that are better for the planet than that which merely produces larger profit margins, the triple bottom line actually increases. As Millennials continue to be maligned for "killing" types of businesses known for exploitative labor practices--such as the diamond industry and chain restaurants--they are simply voting with their wallets in favor of businesses that have a strong triple bottom line.
It may be good for profit margins to ask employees to take work home or do clean-up off the clock, and sometimes it may even be legal. But since it's highly unethical, don't expect Millennials to be too excited about increasing your bottom line when there are organizations more committed to the triple bottom line. The same goes for continuing to use suppliers who don't engage in environmentally-friendly practices or who support causes that are seen as harmful.
Being good to both people and the planet is better in the long run. Millennials are committed to making businesses they lead, own, and patronize adhere to the triple bottom line.
Business ethics involve more than staying compliant with regulations, putting up a front for public relations purposes, or even switching just one supplier or changing one policy and only after immense public backlash. Social and ethical responsibility are ongoing commitments that are integral to attracting and retaining both customers and employees in the Millennial generation. Global Learning Systems can keep you up-to-date on the latest trends in corporate social responsibility and ethics training with our comprehensive business ethics training course. Contact us today to learn more!