The ALS Group Risk Management Articles

Home Depot’s data breach is the largest retail breach we’ve seen yet. Last week, Home Depot publicly stated that in addition to the 56 million credit card accounts compromised, approximately 53 million e-mail addresses were stolen as well. The issue here isn’t the addresses themselves, but the malicious use the addresses will be put to.

Data breaches are a very serious threat to companies and individuals; their occurrence and impact is increasing drastically year over year. Hackers are looking to steal your financial data, personal information, and intellectual property.  Often, the financial and reputational impact of a breach can be disastrous for an organization.

So you are traveling for business or you have finally scheduled a few days away from the office. You pack your bags and are sure to not forget your mobile phone, tablet, and laptop. Now stop for a second and consider the consequences if one of those devices goes missing, is lost, stolen, or even hacked. How much personal or company data would be at risk? Bank account information, e-mails, contact information, confidential business documents. It’s all there for the taking.

The globalization of business operations and our dependence on the internet for data storage over the past decade has exposed companies to a new set of risks. As this trend continues to grow, so does the risk associated with data breaches of a company’s domestic or international servers.

When looking at a company’s risk, one of the most overlooked aspects is how it manages its informational security. In their most recent Data Breach Investigations Report, Verizon was able to classify 92% of the millions of breaches over the past few years into nine basic patterns. It would be a reasonable assumption that these nine patterns of attack would be the same across the business landscape. Unfortunately this is not the case as the sophistication of the attacks change depending on a company’s industry. As an example representing both the Financial and the Energy/Utilities Sectors, the highest type of breach was web app attacks. This occurred as the retail

Crisis Management has been, historically, a function of the IT or Risk Management department for many companies and as social media continues to gain traction, savvy risk managers have incorporated social media into their crisis communication plans.

With the continued news reports of  data breaches of high profile businesses, most recently Target, Adobe, Lexis Nexis, and Apple, I thought I would provide you a few thoughts to add to your risk management “New Year’s resolutions” (I know you have them…). Since most of you know I travel quite frequently, both domestically and internationally, I use the wait time at airports, hotels, etc. to work.  I thought the article in the last issue of Executive Travel magazine is a good reminder to all of us on electronic “travel security” and how not to be duped by the growing sophistication of the hackers who prey on the weary business