Leaked employee passwords open up Fortune 500 companies to hackers

Leaked employee passwords

 

It’s one thing when your iCloud account with personal photos gets hacked. It’s another when your Fortune 500 company has a data breach because your office credentials were leaked online.

At 221 of the Fortune 500 companies, Fortune magazine’s list of the the top 500 U.S. public corporations ranked by gross revenue, employees’ credentials are posted publicly online for hackers to steal and reuse in cyberattacks, according to new research from the web intelligence firm Recorded Future.

Corporations, especially highly sensitive targets like Fortune 500 companies, spend a great deal on securing their networks against hackers, but that could be for naught if an employee carelessly uses his office credentials to sign up for, say, a gaming forum.

The sensitive information can be found on forums and text repositories like Pastebin, which are fertile ground for username and password dumps. Researchers at Recorded Future scoured approximately 600,000 websites for credentials posted between Jan. 1 and Oct. 8, 2014. During their analysis, they found at least one username/password combination at 44% of the Fortune 500 companies, leaving those companies vulnerable to hackers who could use the data to break into networks or mount phishing and social engineering attacks, Recorded Future CEO and cofounder Christopher Ahlberg told Mashable.

These credential dumps are outside the companies’ control, Ahlberg said. The data likely come from third party sites — not from breaches of companies’ servers — where an employee used a corporate email to sign up for something. In the past few years, for example, hackers have breached websites and services like Adobe and Forbes.

One caveat is that there is no way to know whether the password used on a third-party site matches the employee’s password used on his corporate account. In other words, Fortune 500 employees’ information may be posted online — but it doesn’t necessarily that information will lead to a successful compromise.

“It’s a coin flip whether or not these credentials taken from third party sites are valid,” Scott Donnelly, the lead researcher on the report, told Mashable. “But when there’s 10 or 20 from a particular company, then odds are you’ve got one that’s valid.”

Below, the breakdown of the 221 companies listed in the report:

Leaked employee passwords open up Fortune 500 companies to hackers

companies

But having an employee’s username and password isn’t necessarily enough — hackers need to know where to use them. In some cases, Recorded Future also found that the webmail login pages of some utility companies are easily searchable on Google, which makes those companies even more vulnerable if an employee’s credentials are compromised.

The report doesn’t name names — either of companies or individuals — and Recorded Future has not notified any of the companies yet, according to Ahlberg and Donnelly. The goal of their research, they said, is to show that big companies are not immune to huge password leaks.

We’ve seen evidence of that lately.

Two weeks ago, a hacker claimed to have dumped 7 million Dropbox usernames and credentials. In a separate instance in early September, 5 million usernames and passwords appeared on a Russian forum (that information likely came from various earlier hacks, though). And in August, a security firm claimed to have found $1.2 billion credentials stolen by Russian hackers, though the firm’s report has been contested.

The issue with these dumps, even when they don’t involve services like Gmail or Dropbox, is the same: the danger of password reuse. If you always reuse the same password, a hacker doesn’t need to breach Google to obtain your Gmail password; instead, he can get it from your Fantasy Football forum. That’s why Facebook announced last week that it has been actively scouring sites that host dumped credentials to notify users if their password had been compromised.

Ahlberg and Donnelly warn that even more companies have probably been compromised, but those employees’ credentials have not been posted publicly.

“We have a pretty good coverage of the underbelly of the web, but these are just the public posts,” Donnelly said. “We’re highlighting how easy it is for somebody to just open the door and exploit a company because the information is sitting out there. But most certainly, there’s information that’s yet to be published.”


SurveilStar is an ultimate employee monitoring software and parental control software which can help monitor computer activities and protect data security. You can also block files uploading and sharing to prevent data leakage. Including:

computer monitoring

  • View Real-time Screen Snapshot
  • Monitor Skype or Other Chat/IM Activity
  • Record Emails
  • Track web browsing history
  • Block access to any website
  • Remote PC Maintenance
  • Program Activity

 

If you would like to record and control all your children or employees’ activities on working PC, SurveilStar Monitoring would be your best choice.

A 30-day free trial version of this professional computer monitoring and tracking software is available. Feel free to download and try to check what your employees and children have done on PC.

Download

 

Reference: http://mashable.com/

Banking Sector Leads In Global Data Leakage – Infowatch Report

Data Leakage The banking and financial services industry is at high risk for data leakage with over 40 per cent of leaked personal data globally, according to the Infowatch Global Data Leakage Report 2014.

Infowatch Group is the global leader in data leakage protection solutions.

Its Chief Executive Officer, Natalya Kaspersky, said the industry was involved in the leakage of 313 million personal data attributed to 135 cases reported last year.

“Although healthcare segment recorded a higher number of cases, the personal data compromised were much lower in volume compared to the banking and finance sector at 58 million,” she said during her presentation via webinar today.

She said the type of data breached was led by information breach, followed by data fraud and exceeding access rights.

The way data was being leaked was also changing, she said, from the traditional paper or hard copy to a more sophisticated way through browsers and cloud.

Kaspersky said data leakage might soon overtake other threats when it comes to financial and reputation damage to an organisation.

“It is the consumers which are being put at risk when organisations did not put enough precautions to prevent leaks, as the report revealed that 92 per cent of information leaked are personal data,” she added.

Meanwhile, Infowatch Asia Pacific/Malaysia Regional Head, Renga Nathan, said the awareness on the importance of data leakage protection in Malaysia was still very low probably due to the lack of enforcement in terms of Personal Data Protection Act.

“In Malaysia, the penetration of such solutions is only about ten per cent, while in the banking sector only 30 per cent have that kind of protection,” he said.

However, there has been an increasing awareness whereby more organisations are now putting in more budget allocations to extend their data protection to leakage solutions.


SurveilStar is an ultimate employee monitoring software and parental control software which can help monitor computer activities and protect data security. You can also block files uploading and sharing to prevent data leakage. Including:

computer monitoring

  • View Real-time Screen Snapshot
  • Monitor Skype or Other Chat/IM Activity
  • Record Emails
  • Track web browsing history
  • Block access to any website
  • Remote PC Maintenance
  • Program Activity

 

If you would like to record and control all your children or employees’ activities on working PC, SurveilStar Monitoring would be your best choice.

A 30-day free trial version of this professional computer monitoring and tracking software is available. Feel free to download and try to check what your employees and children have done on PC.

Download

 

Reference: http://www.bernama.com.my/

Is It Time to Review Your Data Monitoring Policy?

computer data monitoringThe relationship between workers, their devices and company material can be hazardous if left unmonitored.

Did your employer review their BYOD or employee monitoring policies with you during your onboarding process? Or, has your company’s leadership team made any changes to their policy as cellphones and other mobile devices have been allowed access to company email and files?

As more mobile devices enter the workplace, employers have started extending their data monitoring policies to worker’s personal technology. Although employee monitoring is not a new concept and is often expected in the office, there is a strong aversion to cellphone monitoring, especially among millennials.

Need for Education

According to a nationwide study by TechnologyAdvice Research, more than a third of office workers don’t know their employers’ data monitoring policies.

“The responses suggest a need for greater transparency or education efforts among company management about monitoring policies in order to keep employees engaged and maintain trust in company policies and values,” said TechnologyAdvice Managing Editor Cameron Graham, the study’s author. About 20 percent of respondents were unaware of whether their activity was monitored, while 15.6 percent were aware that their computer use was monitored somehow, but were unsure of the specifics.

Employee Sentiment on Being Monitored

There is a major split in how employees feel about computer monitoring as opposed to mobile device monitoring in the workplace. “Employees seem fairly comfortable in general with employers tracking their computer use at work, considering only 19 percent of respondents said they often or sometimes worry about their employer viewing their Internet history,” said Graham.

But 64.3 percent of office employees stated they would be at least somewhat uncomfortable with their cellphone being monitored during work hours. This is especially true for millennial respondents, who reported being more uncomfortable with cellphone monitoring, but were also found to be less likely to know how they were being monitored.

“There is a clear concern when it comes to employers tracking cellphone use, which respondents viewed as a greater concern than keylogging software or video surveillance,” Graham said. “That fear of cellphone monitoring doesn’t seem to be based on negative experiences, though, with roughly just 1 in 20 employees saying they’ve been questioned about such use.”

BYOD Policy Concerns

Millennials are poised to make up 44 percent of the work population by 2025, yet are the least likely to know the details of employee monitoring policies, despite expressing more concern about mobile device privacy than other age group. As this younger demographic moves into the workforce, employers will likely face growing challenges over Bring Your Own Device (BYOD) policies and mobile device monitoring.

“Involving all relevant parties in policy creation could help ease concerns over monitoring, and strike a balance in maintaining control over company information while discouraging insecure device use,” said Graham.


Recommend

SurveilStar is an ultimate employee monitoring software and parental control software which can help monitor computer activities and protect data security. You can also block files uploading and sharing to prevent data leakage. Including:

computer monitoring

  • View Real-time Screen Snapshot
  • Monitor Skype or Other Chat/IM Activity
  • Record Emails
  • Track web browsing history
  • Block access to any website
  • Remote PC Maintenance
  • Program Activity

 

If you would like to record and control all your children or employees’ activities on working PC, SurveilStar Monitoring would be your best choice.

A 30-day free trial version of this professional computer monitoring and tracking software is available. Feel free to download and try to check what your employees and children have done on PC.

Download

 

Reference: http://www.datamation.com/

Employer Monitoring of Work Computers: What are the Privacy Rights of Employees?

Employers have an interest in ensuring that computer systems in the workplace are used for proper purposes and not for unlawful conduct, information theft, harassment of other employees, and other similar improper uses. In order to monitor workplace computer use, employers have access to third-party software programs that collect and analyze all activity on company computers. This is primarily done by recording and analyzing keystrokes, taking screenshots of employees’ computers (often taken every two or three minutes), and using keywords to search for possible violations of employer policies with respect to the use of workplace computers.

Monitoring software will normally include a review of emails, instant messages, websites visited, and online searches. The software can monitor and collect the information in real-time on an ongoing basis. Despite the availability of monitoring technology, employers must balance monitoring workplace computer use against the legally protected privacy rights of employees.

Is Personal Computer Use Allowed? Actual Reality of Workplace Governs Courts

Many employers establish written policies dealing with employee use of workplace computers, and employees are often required to sign these policies. In most cases, the written policies set out the guidelines for workplace computer use and also advise employees that their computer system use is subject to employer monitoring.

Such policies, however, would only remove the privacy rights of employees in limited circumstances. When the courts or other tribunals are considering the privacy rights of employees, they are guided by the actual reality in the workplace with respect to computer use.

It is very common that employers permit employees to use workplace computers for personal reasons provided the personal use is fairly minimal. For example, if employees are permitted to send personal emails, or to access their bank account online, then personal use by employees is permitted. Once that is the case, the employees have a reasonable expectation of privacy with respect to their personal use of the workplace computer. Except in unusual circumstances, the employer is not permitted to read or monitor their personal emails, take screenshots of their banking transactions, or engage in any other intrusion into their private information. In addition, the law is that an employee’s privacy rights include information about which websites the employee has visited. Monitoring software does not make any distinction between personal and business use. All emails are monitored. Screenshots are taken without regard to what is on the screen. All Internet browsing is tracked. The monitoring itself then becomes a violation of the privacy rights of employees.

In each case, the court will consider whether the employer permits employees to use the computers for personal use. If personal use is permitted, even to a limited extent, a policy that purports to remove the employee’s right to privacy will be unenforceable. Any breach of an employee’s privacy rights is an offence under the applicable privacy legislation.

If, however, an employer prohibited personal use of workplace computers by employees and actually enforced that policy, the reality in the workplace would be that no personal use of workplace computers is permitted in any circumstance. In this case, the written policy dealing with monitoring by the employer would likely be enforced. That, however, is not the normal scenario in the workplace.

If an employer is conducting an investigation into a specific complaint with respect to an employee, the employer would have more power to review computer records. This would still be subject to the test of whether or not the employer has any reasonable alternatives to carry out the investigation without infringing on the employee’s privacy rights. If the employer is not able to meet that test, then any evidence gathered through the computer system will not be admissible evidence against the employee in a hearing.

Can Employees Expect Digital Privacy in the Workplace?

If employers allow employees any personal use of workplace computers, employees have a reasonable expectation of privacy with respect to their personal use of the computer system. This must be respected by employers. A monitoring system that reviews the personal use of the computer system by employees in those circumstances is a violation of the privacy rights of the employees.


Recommend

SurveilStar is an ultimate employee monitoring software and parental control software which can help monitor computer activities and protect data security. You can also block files uploading and sharing to prevent data leakage. Including:

computer monitoring

  • View Real-time Screen Snapshot
  • Monitor Skype or Other Chat/IM Activity
  • Record Emails
  • Track web browsing history
  • Block access to any website
  • Remote PC Maintenance
  • Program Activity

If you would like to record and control all your children or employees’ activities on working PC, SurveilStar Monitoring would be your best choice.

A 30-day free trial version of this professional computer monitoring and tracking software is available. Feel free to download and try to check what your employees and children have done on PC.

Download

 

Reference: http://www.davis.ca/

4 Ways to Successfully Develop Employees Year-Round

Develop Employees Year-Round

Successful performance management for individual employees and the organization involves activities that ensure goals are met efficiently and effectively. It’s an ongoing process essential to achieving the company mission that is much more than just an end-of-year performance review.

In an effort to keep employees engaged in their work and help them grow into leaders within the company, invest in them (and they’ll invest in you). Here are four ways to successfully develop employees throughout the year:

1. Set (and update) quarterly goals.

The key to actively developing employees is to set relevant, achievable goals. Rather than setting and discussing employee goals on an annual basis, optimize the development and review process by creating quarterly goals. Not only are these goals easier to set, but the results of those goals are easier to see.

Quarterly goals are the quickest, easiest way for employees to derive meaning from what they do every day. As such, creating achievable goals and monitoring employee progress is crucial. With the rate at which we do business, some goals may no longer be relevant. Revisiting these goals every quarter highlights which goals need to be updated, ensuring that individual work goals are still applicable.

2. Offer opportunities for individual growth.

Employees want training. In fact, Glassdoor’s 2014 Employment Confidence Survey of nearly 1,000 U.S. employees found that 63 percent of employees believe learning new skills or receiving special training is most important to advancing their career. Providing coaching and development activities throughout the year is an employer’s best bet to create a culture of growth within the workplace. To ensure continuous growth and improve productivity, equip employees with the tools they need to function at peak performance.

For starters, consider creating a mentorship program in which new hires work closely with a seasoned employee within their department. Doing so will get new employees on the right track sooner. Additionally, develop current employees by offering regular training programs or bringing in industry professionals for “lunch and learns.”

Most importantly, encourage employees to seek professional development opportunities outside of the workplace. Employees that aim to advance their skills in their own time will likely become great leaders and should be recognized for their efforts.

3. Hold frequent review meetings.

Although performance management should be a continuous process, only 2 percent of employers provide ongoing feedback to their employees, a 2013 survey of 803 HR professionals by the Society for Human Resource Management (SHRM) revealed. How can we expect our employees to improve if we only offer them constructive feedback once or twice a year?

In place of the year-end performance review that employers and employees both tend to dread, opt for a more frequent, informal review process. The purpose of the review shouldn’t be to evaluate employees, as that is the aspect of performance reviews that causes the most anxiety. Rather, it should focus on developing employees.

Try asking employees questions that target where there is room for improvement, such as, “What skills would you most like to improve on?” or “What can I do to help you?” Reviewing employee progress more frequently not only makes the process less intimidating, but it can help employers and employees set better goals for the future.

4. Automate the review process.

Automating portions of the performance review process can help employers and employees alike by making more time for other aspects of employee reviews. Possibly the biggest advantage of implementing technology into the review process is making it so much easier for employees and their managers to track and measure performance year-round.

Say goodbye to the days of trying to scramble a year’s worth of necessary data for performance reviews. Automating the process makes for a more efficient performance review and fosters a comprehensive development process.


Recommend

SurveilStar is an ultimate employee monitoring software and parental control software which can help monitor computer activities and protect data security. You can also block files uploading and sharing to prevent data leakage. Including:

computer monitoring

  • View Real-time Screen Snapshot
  • Monitor Skype or Other Chat/IM Activity
  • Record Emails
  • Track web browsing history
  • Block access to any website
  • Remote PC Maintenance
  • Program Activity

If you would like to record and control all your children or employees’ activities on working PC, SurveilStar Monitoring would be your best choice.

A 30-day free trial version of this professional computer monitoring and tracking software is available. Feel free to download and try to check what your employees and children have done on PC.

Download

 

Reference: http://www.entrepreneur.com/

Research Says Monitoring Employee Activities in Digital Environments Will Rise in 2015

Security surveillance and monitoring will rise greatly in 2015 to protect enterprise data and work procedures into whatever technical environments are utilized by employees to perform their job.

Goldcliff Circle Herndon, DC — (ReleaseWire) — 01/29/2015 — Monitoring employee activities in a digital environments are increasing, with 60% of companies likely to implement official PC monitoring software to keep track of external social networking websites for avoiding security breaches by 2015, according to EmpMonitor. Several businesses currently participate in social media monitoring included in brand marketing and management, but less than 10% of businesses currently utilize these same tactics as a part of their safety monitoring program.

To avoid, identify and remediate security cases, IT security companies have typically focused interest on the monitoring of inner infrastructure. The effect of IT consumerization, social media and cloud services renders this traditional strategy insufficient for leading choices concerning the safety of business info and work procedures.

Considering the fact that employees with valid access to company data assets are usually involved in security breaches, employee monitoring should focus on the activities and behavior wherever the employees follow a company-associated interactions with his/her computer systems. Quite simply, the growth of efficient security intelligence or control depends upon the capability to seize and evaluate user activities that happen outside and inside of the business IT environment.”

SurveilStar Employee Monitoring Software is a total solution for employer monitoring needs. This employee surveillance software with supervisory functions is like a remote monitoring camera which shows every activity on supervised computers in a network. Both computers have to be connected in same networking environment, domain or no-domain based with complete administrative privileges.
SurveilStar is an ultimate employee monitoring software and parental control software which can help monitor computer activities and protect data security. You can also block files uploading and sharing to prevent data leakage. Including:

computer monitoring

  • View Real-time Screen Snapshot
  • Monitor Skype or Other Chat/IM Activity
  • Record Emails
  • Track web browsing history
  • Block access to any website
  • Remote PC Maintenance
  • Program Activity

If you would like to record and control all your children or employees’ activities on working PC, SurveilStar Monitoring would be your best choice.

A 30-day free trial version of this professional computer monitoring and tracking software is available. Feel free to download and try to check what your employees and children have done on PC.

Download

 

 

Reference: http://www.digitaljournal.com/