One Article Review
| Source |  AlienVault Lab Blog |
|---|---|
| Identifiant | 7799447 |
| Date de publication | 2022-11-03 10:00:00 (vue: 2022-11-03 10:06:42) |
| Titre | Minimizing security concerns of ESOPs |
| Texte | The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Retirement plans are an easily overlooked but often critical cybersecurity concern. Employee stock ownership plans (ESOPs), while less common than others, may face particular risks. ESOPs can provide a valuable way to foster employee engagement and reward loyal workers, but businesses must consider their cybersecurity risks. Without proper security, these plans and those who depend on them may be in danger. ESOP security risks Employee Retirement Income Security Act (ERISA)-regulated plans covered an estimated $9.3 trillion as of 2018. Individual ones can hold millions of dollars, making them tempting targets for cybercriminals. ESOPs pose unique risks, as participating employees have an ownership stake in the company. Consequently, cyberattacks that damage the business’s reputation will affect ESOP participants. Lower stock values will reduce workers’ payouts when they retire. This ownership stake means an attack doesn’t have to target the retirement plan directly to impact its participants. Any cybersecurity incident against the business poses a significant risk, and ESOP security means safeguarding the entire company’s attack surface. How to minimize ESOP security concerns ESOP cybersecurity concerns are significant, but you can take several steps to address them. Here’s how you can mitigate these security risks. Assess company-specific risks The first step in ESOP cybersecurity is to assess your specific risk landscape. Every organization and plan within one has unique considerations determining the most effective mitigation measures, so these assessments are a crucial starting point. Every risk contains two key components: an event that could happen and the consequences if it does. Teams must compile a formal list of threats facing their ESOP plans, ensuring to cover both these categories. This will reveal the most important vulnerabilities to address, helping guide further security steps. Verify vendors Like many retirement plans, ESOPs typically rely on third-party vendors to manage funds. Consequently, breaches in these partners could impact the business itself. About 51% of all organizations have experienced a data breach from a third party, so verifying their security before going into business with them is crucial. Ask for third-party audits and similar proofs of security to ensure any vendors meet strict cybersecurity standards. Contracts should include detailed pictures of their security responsibilities and consequences for noncompliance. Ensuring all vendors have sufficient cybersecurity insurance is also a good idea. Minimize access You should minimize access privileges across the organization and its partners even after verification. Well-meaning employees can still make critical errors, but if each account can only use a few resources, a breach in one won’t jeopardize the entire system. Operate by the principle of least privilege: Every user, program and endpoint should only be able to access what it needs to work correctly. That applies to third parties as well as company insiders. This will minimize lateral movement risks, helping keep ESOPs safe from attacks elsewhere in the organization. Create a culture of Cybersecurity |
| Notes | |
| Envoyé | Oui |
| Condensat | 100 2018 2021 862 able about access account across act actions address adopt affect after against all alone also any applies are article ask assess assessments assume at&t attack attacks audits author backup backups become before best both breach breaches business business’s businesses but can categories cause comes common communications company company’s compile components: concern concerns consequences consequently consider considerations consistently contain contains content continuity contracts correctly could cover covered create critical crucial culture cyberattacks cybercriminals cybersecurity damage danger data defenses depend detailed determining develop directly does doesn’t dollars each earned easily effective elsewhere emergency employee employees employees’ encouraging encrypted endorse endpoint engagement ensure ensuring entire erisa errors esop esops estimated even event every experienced face facing feedback figure first follow formal foster from funds further gain given goals going good guide habit happen hard has have help helping here’s hold how idea ideally impact implement important incident incidents include income increasing individual information inherently insiders insurance it’s its itself jeopardize keep key landscape lateral least less light like list lives losses lower loyal make making manage many may meaning means measures meet millions minimize minimizing mitigate mitigation more most movement must nature need needs never noncompliance not occurs offering often one ones only operate organization organization’s organizations others out over overlooked ownership participants participants’ participating particular parties partners party payouts personal pictures plan plans point pose poses positions post practices principle privilege: privileges program proofs proper protect protecting protocols provide provided questions realize reduce regular regulated rely reputation resources responsibilities responsibility retire retirement reveal reward risen risk risks risky safe safeguarding second secure security sensitive several should significant similar slowly solely specific sponsoring stake stakes standards starting step steps stock strict strong substantial successful such suffer sufficient surface system take target targets teams tempting than them then these third those threats too training trend trillion two tying typically understand unique use user valuable values vendors verification verify verifying views vulnerabilities way well what when who wider will within without won’t work workers workers’ years you’ll your |
| Tags | Data Breach |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.