News
Alert: Internet-connected devices can be hacked.
Recently, a Russian hacker posted online live links to more than 10,000 private cameras. They were accessible because the owners of the internet-connected devices (e.g., baby monitors, home security
systems, etc.) used the default password during installation instead of creating a new password.
NBC's The Today Show explored this unnerving event with our partner, Kroll. Watch the clip here: http://www.today.com/money/russian-webcam-hackers-spy-bedrooms-offices-1D80308040.
What should I do?
Change the password if you have a device with a camera and used the default password when connecting to the internet.
Do not use the default password assigned by the manufacturer if you will soon be setting up a new internet-connected device.
For tips on creating strong passwords read: Help Yourself to Strong Passwords.
Sincerely,
Linda Brown
Vice President
LegalShield Identity Theft Member Services
News
Building Business Resilience
Kroll Global Fraud & Risk Report 2016/17
[Jordan L. Strauss] Jordan L. Strauss
In March 2011, a powerful earthquake and subsequent tsunami in Japan caused a chain of events that resulted in the worst radioactive crisis since Chernobyl. Across the Pacific, and hidden from public view, a group of senior U.S. government leaders and their staff met nonstop. The day-to-day responsibilities of many of these leaders had nothing to do with crisis response. Among them were environmental lawyers, physicians, meteorologists, and policy specialists. Most knew each other by face and name, because only months earlier they had participated in a quarterly exercise that addressed a hypothetical nuclear emergency inside the United States. Many had also worked together during the BP Deepwater Horizon disaster, so when a crisis occurred, no time was lost building relationships.
Crisis planning is crucial for every organization and sector.
While the benefit of planning ahead seems obvious, a quarter of all respondents to Kroll’s 2016 Global Fraud and Risk survey have not implemented or planned preparedness measures for possible threats such as natural disasters, terrorist incidents, data breaches, or workplace disruptions.
Business readers could learn from government in this space. In planning for resiliency in the event of a crisis, there are three principles to consider:
1. Think of preparedness as a process, not a state, and commit to ongoing improvement.
Strive to be more prepared tomorrow than you are today. Give careful thought to the relationships you may need in a crisis before something happens. Because the hours immediately after a crisis are the most important, it is critical to plan how such an event will influence your people and reputation. Consider moderated exercises with a cross-section of your leadership. Carefully study the fall-out from a competitor’s critical incident. Those interested in building stronger enterprises should find themselves asking “what would we do if that happened to us?” There are many low and no-cost ways of conducting drills to gauge your readiness. The next time you have a ”bad weather day,” for example, analyze whether your employee notification system worked – assuming you have one, it’s the same notification system you would use for an active shooter. Building a culture of resilience within your organization starts at the top. The CEO’s commitment to corporate readiness and resilience should be visible to all employees, and one way to achieve this is to demonstrate C-suite interest in the success of things like employee alert and notification programs.
2.The most visible issue is not always the biggest risk – think hard about risk as a function of both likelihood and consequence.
Determining the likelihood of a specific event is actuarial and informed by intelligence: It is not an exercise in worrying about the most recent headlines. “Risk” is calculated as likelihood multiplied by consequences, so a deep understanding of likely consequences is critical to making risk-informed decisions. It requires substantial input from a cross-section of leadership.
For example, in addition to damaging employee morale, data breaches can also result in legal liability, regulatory problems, and severe and lasting reputational damage. In assessing the consequences of an event, all of these aspects should be included, along with the costs (consulting, legal, settlement, and public relations) of resolving it. Consideration of the transaction costs associated with crisis navigation is also critical – legal fees, public relations fees, and outside crisis management services are expensive.
Similarly, a campus sexual assault profoundly affects a school’s community, damages the life of a young person, and carries a host of reputational, liability, and morale problems for the school. Advance planning that takes into account the full impact of these problems, including legal and public relations costs, can help mitigate negative impacts.
Tabletop exercises are an excellent tool for advance planning, as are guided discussions and brainstorming sessions. Capturing knowledge gained from past experiences and observing other enterprises is critical.
3. Ensure that actual risks inform resource allocation.
During the Japan disaster, U.S. government leaders worried first about life safety issues and second about collateral consequences. They made a risk-informed and defensible decision about how to spend their time, which ultimately is their most valuable resource.
Senior government leaders had access to the necessary data to make careful and crucial decisions. They were aided by multi-agency legal response teams that had learned from the Deepwater Horizon crisis. The relationships built on the margins of exercises and disaster sped up the response. There is no reason businesses should be any less prepared for an uncertain future.
Crisis planning is crucial for every organization and sector. Thus, a stadium operator or professional sports franchise dealing with a limited budget should assess the likelihood and consequences of a terrorist attack vs. an active shooter or medical emergency. They need to resource against the highest-risk event – not necessarily the highest-profile event. Risk-informed decision-making provides leaders with a logical and defensible way of triaging resources, and should be observed ahead of time – not during a crisis.
Learn more about fraud and risk statistics and trends -- as well as innovative risk management strategies and best practices -- in Kroll’s annual Global Fraud & Risk Report 2016/17.
Subscribe
Subscribe to receive the latest updates on trends and developments in risk prevention, response and remediation.
Sign Up
Global Fraud & Risk Report
Businesses saw a significant rise in fraud and risk incidents during 2016. Although companies have taken significant strides toward building resiliency, more is needed. We have expanded the scope of this year’s Report—it’s now the annual Kroll Fraud & Risk Report, breaking out specific cyber and security threats to better reflect the growing challenges that our clients are facing around the world.
Learn More
Read the Press Release
Download the PDF
Related Tags
Asia Pacific
EMEA
North America
Topic
Featured Insights
2016 Anti-Bribery and Corruption Benchmarking Report
Kroll Global Fraud & Risk Report 2016/17
Contact Us
Contact Us
Call Us
General questions or inquiries?
+1 800.675.3772
Need help right away?
+1 212.593.1000
Email Us
Send us a message and we'll get back to you.
Send an email
Talk to an Expert
Want to talk to an expert directly?
Find an Expert
Media Contacts
Subscribe
Sign up for our email newsletters
Email Address Submit
How We Help
What We Do
Who We Are
Intelligence Center
Client Login
Twitter
LinkedIn
Youtube
Facebook
Google+
Site Map
Privacy Policy
State Licensing
Terms of Use
Cookies Policy
Code of Conduct
Subscribe
Copyright © 2017 Kroll All Rights Reserved.
Play free games at Kongregate
Radio Stations - Radio Live - TV Broadcast - Music Online
Online Radio Stations. Listen to over 16000 Radio Stations. Listen to Free Online Radio - Webradio - Internet Radio - FM and AM Station - WebTV Policescaner. Broadcasting Worldwide.
MyLegalShield Mobile App
Experience the benefits!
With the simple touch of your thumb, the new MyLegalShield mobile app empowers you to call any of the following:
Provider Law Firm
Identity Theft Advisor
Member Services Team
Download the MyLegalShield mobile app from the Apple App Store
or Google Play.
What You Are Saying:
"I was very impressed with the expertise my Investigator had in the area that I was calling about. This was my first time to contact and was very impressed with the way she helped me." - Member in
TX
"Very pleased with the service. Quick to help and offer suggestions. Would highly recommend to others." - Member in OK
"I was very pleased with the help that I received from my Investigator. He was very patient, kind, helpful, informative and courteous. I am happy that I chose LegalShield." - Member in NY
"My Investigator was courteous, and professional. She provided very useful information, directions and took steps to forestall any future occurrences. Her understanding of my issue was reassuring
that the actions taken would work." - Member in MD
Secure Assets and People
Because security risks are interconnected and ever-evolving, count on Kroll for expert advice on the widest range of security services from security design and engineering to executive protection, and from asset security to end-to-end crisis management and business continuity services.
Security Consulting
Security decisions you make today can determine your company’s security and resilience for years to come. Our security consultants have decades of experience helping clients create robust security environments with services that include current and emerging threat assessments, policy review and development, and master planning. Learn more.
Securing Intellectual Property
It is not uncommon today to find that individuals involved in compromising a company’s intellectual property are a combination of current or former employees, competitors, trusted customers, distributors or vendors. For this reason, our IP protection services address issues of management structure, operational security and cyber security. Learn more.
Executive Protection
Executives face threats that vary widely depending on the industry, company, geopolitical locations and the person’s profile. For more than 20 years, we’ve provided executive protection in some of the most challenging locales in the world. Many of our experts have served with the military as well as law enforcement and intelligence agencies. Learn more.
Security Design & Engineering
Tenants and visitors have an expectation that they will be safe in your building. How will you deliver on that expectation? Our certified security consultants and engineers have worked with clients and developers worldwide on diverse projects, from inception to construction to facility management. Learn more.
Resilience Consulting
In today’s hyper-connected world, your business must be able to adapt and remain operational throughout disruptive changes. For over 40 years, we have provided end-to-end crisis management and business continuity services … from assessments and plan designs, to rehearsed drills, to emergency security services in the field. Learn more.
Anti-Piracy
The loss of intellectual property or trade secrets can cost your company millions in lost revenue and sometimes damage your reputation and competitive advantage. Let us show you how you can safeguard your company against piracy, counterfeiting, gray market diversion and misappropriation by former employees, business associates and third parties. Learn more.
Investigative Due Diligence
The risks inherent in today’s financial transactions, including mergers and acquisitions, public offerings, joint ventures, private equity, venture capital, and other investments, are greater than ever. We help financial institutions, private equity groups and corporations with in-depth, insightful investigations to minimize risk and protect their investments. Learn more.
Experts Spotlight
Timothy Horner
Senior Managing Director, Security Risk Management
North America
+1 212.833.3366 | Email
Brian Weihs
MANAGING DIRECTOR, Mexico Office Head, Investigations and Disputes
Latin America
+52 55 5279.7250 | Email
Nick Doyle
Managing Director and Head of Security Risk Management, EMEA
EMEA
+44 207 029 5062 | Email
Ilya Umanskiy
Associate Managing Director, Security Risk Management
Asia Pacific
+852 2884.7722 | Email
See all
Key Industries
Financial Services
Healthcare, Pharmaceuticals & Biotech
Retail
Legal
Related Content
“A recent study finds that after a healthcare data breach, 30 percent of consumers would avoid doing business with the breached provider.”
- Greg Michaels
Healthcare, Pharmaceuticals and Biotech North America
Article
Mitigating Cyber Risk as Healthcare Data Sharing Accelerates
September 02, 2014
Compliance North America
Report
2014 Anti-Bribery and Corruption Benchmarking Report
May 06, 2014
View all insights
Contact Us
Contact Us
Call Us
General questions or inquiries?
+1 800.675.3772
Need help right away?
+1 212.593.1000
Email Us
Send us a message and we'll get back to you.
Send an email
Talk to an Expert
Want to talk to an expert directly?
Find an Expert
Media Contacts
Subscribe
Sign up for our email newsletters
Email Address Submit
How We Help
What We Do
Who We Are
Intelligence Center
Client Login
Twitter
LinkedIn
Youtube
Facebook
Google+
Site Map
Privacy Policy
State Licensing
Terms of Use
Cookies Policy
Code of Conduct
Subscribe
Copyright © 2017 Kroll All Rights Reserved.
Analyze Business Relationships
The number of business relationships can be vast. Employees, shareholders, suppliers, attorneys, accountants, financiers, competitors, trade groups, regulators - all affect your organization’s ultimate well-being. Learn how they can be the source of risk or reward with the business and financial analysis Kroll’s investigative and due diligence services provide.
Internal Investigations
Fraud and misconduct cause tremendous harm to an organization’s balance sheet, stature and reputation. We specialize in carefully planned, capably managed investigations to identify wrongdoers, curtail loss and reestablish trust with shareholders, partners, customers, regulators and government agencies. Learn more.
Regulatory Investigations
Regulators worldwide continue to focus strongly on bribery, kickbacks, anti-competitive behavior and “pay-to-play” schemes involving governments. Our unmatched investigative capabilities, worldwide presence and longstanding reputation for independence and integrity make us uniquely qualified for resolving regulatory concerns. Learn more.
Litigation Support
When you and your counsel face complex disputes, trust Kroll for intelligence at all stages of litigation. We have supported counsel in many multi-jurisdictional litigation and in diverse matters such as commercial disputes, securities, IP protection and fraud. We also provide ediscovery and data retrieval, investigative accounting, damages assessments and expert testimony. Learn more.
Screening & Due Diligence
Implementing an effective regulatory compliance process, and mitigating economic and reputational risk starts with knowing whom you’re doing business with. Our screening solutions will allow you to understand the risk profiles of prospective and current business partners, and to identify areas for further investigation. Learn more.
Kroll 3rd Party Risk Assessor
An increased focus on global regulatory compliance has resulted in greater pressure on companies to take a closer look at their third party relationships and joint partners. The Kroll 3rd Party Risk Assessor tool helps you prioritize those third parties that present the greatest threat to your organization and require greater scrutiny. Learn more.
Penetration Testing
Even if you have a robust information security program, will a potential acquisition be a weak link? Kroll can help you determine if a new relationship is a cyber risk by conducting penetration testing—a simulated cyber attack—that looks at how vulnerable the organization is to technological and social engineering attacks. Learn more.
Experts Spotlight
Violet Ho
Senior Managing Director, Greater China Co-Head, Investigations and Disputes
Asia Pacific
+852 2884 7777 | Email
Julian Grijns
Managing Director, Investigations and Disputes
North America
+1 212.833.3405 | Email
Christopher McCavitt
MANAGING DIRECTOR
North America
+1 212.833.3342 | Email
See all
Key Industries
Financial Services
Healthcare, Pharmaceuticals & Biotech
Education
Legal
Related Content
“A recent study finds that after a healthcare data breach, 30 percent of consumers would avoid doing business with the breached provider.”
- Greg Michaels
Healthcare, Pharmaceuticals and Biotech North America
Article
Mitigating Cyber Risk as Healthcare Data Sharing Accelerates
September 02, 2014
Compliance North America
Report
2014 Anti-Bribery and Corruption Benchmarking Report
May 06, 2014
View all insights
Contact Us
Contact Us
Call Us
General questions or inquiries?
+1 800.675.3772
Need help right away?
+1 212.593.1000
Email Us
Send us a message and we'll get back to you.
Send an email
Talk to an Expert
Want to talk to an expert directly?
Find an Expert
Media Contacts
Subscribe
Sign up for our email newsletters
Email Address Submit
How We Help
What We Do
Who We Are
Intelligence Center
Client Login
Twitter
LinkedIn
Youtube
Facebook
Google+
Site Map
Privacy Policy
State Licensing
Terms of Use
Cookies Policy
Code of Conduct
Subscribe
Copyright © 2017 Kroll All Rights Reserved.
UXN Winter ID from Zayoung on Vimeo.
Play free games at Kongregate
Articles
Smart doesn’t mean secure
Asian-mena Counsel
[Alan Brill] Alan Brill
[Tam Huynh] Tam Huynh
Imagine this. You are taking a quick nap after work in your self-driving car while it is bringing you home in the shortest time possible given realtime traffic conditions. Your house temperature has been adjusted to a comfortable level before you reach the door, which opens automatically when your security camera recognises your face as you draw near and signals the smart-lock to open.
These are no longer scenes from a forward-looking sci-fi movie. Across the globe, smart systems and smart cities are being promoted as solutions that will improve efficiency, productivity and, ultimately, the ability to transform our day-to-day interactions and experiences.
Multiple smart products are being produced by a spectrum of enterprises from large technology companies to start-ups. Some carry famous brand names, while others are effectively generic products. The global smart home market is forecast to reach approximately US$121 billion by 2022, according to a leading market research firm, MarketandMarkets, while the smart city market is predicted to reach US$757 billion by 2020.
However, for smart technology to realise its market potential, those who design, build and sell these devices — and legal counsel who advise clients in this space — must recognise and address the challenges of protecting the devices (as well as the information they use and need) from cyber attacks. This is particularly important in large-scale deployments of smart systems, such as in smart buildings or smart solutions covering entire cities. For example, according to a Wall Street Journal article, Singapore’s Smart Nation programme, launched in 2014, “is a sweeping effort that will likely touch the lives of every single resident in the country, in ways that aren’t completely clear since many potential applications may not be known until the system is fully implemented”.
"For smart technology to realise its market potential, those who design, build and sell these devices — and legal counsel who advise clients in this space — must recognise and address the challenges of protecting the devices.”
In our experience investigating a wide variety of cyber attacks for clients in diverse industries, we are familiar with many areas where vulnerabilities can arise. For this article, however, we will
look at just one: insufficient testing for cyber security-related problems.
Functional performance and security must go hand-in-hand
While vendors will commonly test functional performance before releasing smart solutions, many have not been as rigorous in testing for cyber security issues. For example, the massive disruption of the internet on the US East Coast on October 21 and 22 this year was attributed to hackers marshalling everyday devices (such as webcams, DVRs, routers), which had been infected with malware, to attack a major internet infrastructure company.
One specific issue identified by experts was the “widespread use of default passwords” by both manufacturers and consumers that enabled the devices to originally get hacked. This particular attack used, in part, code known as Mirai, which can turn internet-connected devices — like security cameras and digital video recorders — into attack weapons. In some cases, it was as simple as using the default user ID of “admin” and the default password of “password” or empty space.
Therefore, testing of these Internet of Things devices requires knowledge of cyber security that goes beyond the device itself. For example, a smart toaster might be secured with a complex password. However, unless a tester knows to look across multiple devices, he or she might never realise that many if not all the devices share the same password. More importantly, there is no simple way for the consumer to replace the default password with a secure one.
Looking ahead, as technology evolves, it will be a continual challenge to anticipate security needs. However, it is imperative that companies make cyber security-related testing an integral part of project development to ensure solutions are both smart and secure.
This article was first published by Asian-mena Counsel, magazine for the In-House Community (www.inhousecommunity.com).
Subscribe
Subscribe to receive the latest updates on trends and developments in risk prevention, response and remediation.
Sign Up
Related Tags
Asia Pacific
Cyber Security
Investigations
Featured Insights
2016 Anti-Bribery and Corruption Benchmarking Report
Kroll Global Fraud & Risk Report 2016/17
Contact Us
Contact Us
Call Us
General questions or inquiries?
+1 800.675.3772
Need help right away?
+1 212.593.1000
Email Us
Send us a message and we'll get back to you.
Send an email
Talk to an Expert
Want to talk to an expert directly?
Find an Expert
Media Contacts
Subscribe
Sign up for our email newsletters
Email Address Submit
How We Help
What We Do
Who We Are
Intelligence Center
Client Login
Twitter
LinkedIn
Youtube
Facebook
Google+
Site Map
Privacy Policy
State Licensing
Terms of Use
Cookies Policy
Code of Conduct
Subscribe
Copyright © 2017 Kroll All Rights Reserved.
Global Ethics Summit
Wednesday, March 15 - Thursday, March 16
Join Kroll at Ethisphere’s Global Ethics Summit - the premier annual event connecting the most respected and diverse class of company leaders who come together to inspire company integrity and responsible business performance.
Location:
Grand Hyatt, New York, NY, United States
Date:
March 15, 2017
Time:
8:00 AM
Kroll’s Anti-Bribery and Corruption experts will be on hand for the launch of the 2017 Anti-Bribery and Corruption Benchmarking Report – Beyond Regulatory Enforcement: The Rise of the Third Party and Reputational Risk (the “ABC Report”), a joint report from Kroll and Ethisphere. The report highlights key anti-corruption and bribery trends affecting companies globally. Thanks to the input from hundreds of compliance leaders from around the world, we are excited to share with you the perceived strengths and weaknesses of anti-corruption programs today, the focus of anti-bribery and corruption experts going forward, and the risk mitigation practices various companies employ.
Stop by our booth to receive a copy of the report and join Steve Bock, Managing Director and Practice Leader, Kroll Compliance, as he moderates an informative session, Global Anti-Corruption and Effectively Anticipating Risk.
REGISTER
Subscribe
Subscribe to receive the latest updates on trends and developments in risk prevention, response and remediation.
Sign Up
Related Tags
Compliance
North America
Featured Insights
2016 Anti-Bribery and Corruption Benchmarking Report
Kroll Global Fraud & Risk Report 2016/17
Contact Us
Contact Us
Call Us
General questions or inquiries?
+1 800.675.3772
Need help right away?
+1 212.593.1000
Email Us
Send us a message and we'll get back to you.
Send an email
Talk to an Expert
Want to talk to an expert directly?
Find an Expert
Media Contacts
Subscribe
Sign up for our email newsletters
Email Address Submit
How We Help
What We Do
Who We Are
Intelligence Center
Client Login
Twitter
LinkedIn
Youtube
Facebook
Google+
Site Map
Privacy Policy
State Licensing
Terms of Use
Cookies Policy
Code of Conduct
Subscribe
Copyright © 2017 Kroll All Rights Reserved.
Play free games at Kongregate