Business Security Awareness

MediaPro Value Proposition

MediaPro raises the level of risk awareness for your organizational Security & Compliance Program. Increased awareness is provided for:

· Data – Security of handling and storing sensitive data

· Access – Policies, procedures and processes for access by device type

· Device – Best practices for secure device management

· Applications – Authorized downloads to mobile devices

· Social Media – Security awareness issues

MediaPro enables all personnel to become familiar with security policies and procedures on a continuous basis. A comprehensive awareness program should include annual/semi-annual security training on-demand, testing and attestation components, self-assessment surveys and a records management function that documents employee awareness. Better yet, supplement formal classroom training and awareness briefings with a library of course materials on security best practices available to employees 24/7.

Human Resources and Security Officers
MediaPro supports Human Resource personnel to follow well-defined in-processing and out-processing procedures:

· Require all personnel to sign a document stating they have read and understand the information security policies.

· Ensure third party contractors and service providers comply with your security requirements (e.g. employment and background checks of new personnel).

· Raise awareness on employees who had been identified as troubled or disgruntled

Risk is the combination of threat, vulnerability and mission impact.

Can insider breaches be stopped?

Insiders can be stopped, but stopping them is a complex problem and requires a comprehensive approach. Insider attacks can only be prevented through a layered defense strategy consisting of policies, procedures and technical controls.

MediaPro supports management to pay close attention to many aspects of the organization including business policies and procedures, organizational culture and the technical environment. Today, companies must look beyond information technology alone for security. A programmatic approach needs to be developed that addressed the organization’s overall business processes and the interplay between those processes and the technologies.

MediaPro provides organizational awareness to mitigate risk

This includes risk associated with internal users and external users for example: members of the supply chain requiring connectivity to the corporation's application portfolio,(e.g., Remote connectivity through remote mobile devices with critical corporate data resident on those devices, etc.) This awareness is critical to effectively support all of the elements of your Governance Regulation & Compliance program.

· MediaPro executes the awareness of the Policies, Procedures, & Processes

· MediaPro tracks that you understand them and you attest to following them in your daily corporate operations

· MediaPro records and documents your organization's awareness

Human Resources
Human resources personnel should follow well-defined in-processing and out-processing procedures:

· Require all personnel to sign a document stating they have read and understand the information security policies.

· Ensure third party contractors and service providers comply with your security requirements (e.g. employment and background checks of new personnel).

· Many crimes committed by insiders were suspected by employees who had been identified as troubled or disgruntled

Security Awareness Program
All personnel must become familiar with security policies and procedures. Establish a comprehensive awareness program to include annual security training with a testing component, e-mail tips, posters, a letter of support from senior management, self-assessment surveys, awareness luncheons, and a security web site. Better yet, supplement training with awareness briefings. Briefings give personnel the opportunity to ask questions and put the information security team in the position of advocating security initiatives.

Mobile Security in the Workplace!

SC Magazine has a good review of Mobile security in it's latest magazine, Topic: Shining the Spotlight on Mobile!

Reviewing several of these well thought out articles makes you wonder, Why are businesses not being proactive in educating their employees about the proper uses of mobile devices inside and outside the workplace?

Time and time again businesses take a reactive approach to addressing security concerns that stem not from the outside but the inside. 90% of all breaches are internal. Either from employee error, e.g. laptop stolen, flash drive misplaced, or leaving the blue tooth turned on your mobile device while outside the office.

When security breaches result in potential revenue lost, damage to the company's reputation, and potential loss of customers, one would think educating your employees would be a priority.

Proactive businesses make every effort to utilize "Best in Class" training companies to address this challenge.

Maybe it is time for the rest to follow the leaders.

Social Media & Remote Mobile Computing Awareness, Is this Necessary?

Responsible Social Networking – Improper social media usage is one of the greatest risks facing organizations this year. Your employees must understand these risks and act responsibly when using social media sites. Many organizations are upgrading their current awareness offerings with content on the proper use of social media. This 20-minute course defines the risks and consequences of social networking and provides guidance to help employees use social media responsibly.

Safe Remote and Mobile Computing – Educating employees on safe remote and mobile computing practices is critical for information security and maintaining a trustworthy reputation with customers. Remote and mobile users face much greater risks than those behind your firewall. This course defines the risks of remote and mobile computing as well as the best practices employees should take when working at home, in transit, or away from the office.

www.pnwrainmakers.com/mediapro

Why Buy Anything? - MediaPro

Did you know there are three key security areas a company must address to reduce the risks of financial penalties, damage to brand reputation, customer loyalty and shareholders value? They are:

Ø Internal Security Breaches

Ø Records Management Security

Ø Consistent Content Refresh for Personnel Training

Internal

Most companies have spent years addressing and protecting the company from external or perimeter breaches of security. Studies have identified that 90% of all data breaches are internal. The human element is the biggest risk area facing data protection today.

§ Employee negligence (42%) and broken business processes (33%) are considered the two top threats to data. – Ponemom Institute and Vontu, “U.S. Survey: Confidential Data at Risk Survey”

§ “Technology alone cannot address one of the most difficult problems to manage in security: the human factor.” – Forrester Research

§ “Employee misconduct and unintentional actions, like errors and omissions, are the greatest cause of data security breaches.” – Deloitte & Touche

Records Management – Methodology

Business records are the lifeblood and the collective memory of your organization. That’s why it’s so important to manage the records lifecycle from creation through archiving or disposal. Many companies continue to focus and refine their records management processes and neglect the need to consistently track and document employee adherence to regulatory requirements for records management.

Companies that fail to follow and train employees on best practices for records management, leave themselves open to compliance issues from federal and state regulatory requirements, resulting in potential fines upon inspection.

Consistent Content Refresh

Many companies are challenged to maintain security training and awareness programs for their employees. The ability to consistently update and refresh content with the latest changes in federal and regulatory requirements is the major challenge.

Security Training & Awareness - MediaPro

MediaPro Introduction

Security Training & Awareness

MediaPro is a 17-year-old E-Learning company that has developed a solid training offerings addressing security and privacy offerings for ensuring companies employees are well informed and knowledgeable about the inherent risks of managing information in their daily jobs. MediaPro has earned the who’s who customer and reference list that includes such companies as; American Express, TD Ameritrade, Molina Healthcare, Verizon Wireless, AT&T Wireless, Oracle, IBM, Microsoft, Boeing, Starbucks, Costco, Disney, Amazon, WMS Gaming, Marriott and Hilton Hotels.

MediaPro’s products have won over 100 national and international awards for eLearning excellence. MediaPro combines world-class content on security and privacy best-practices, with our award-winning educational design, to get results that either change risky or reinforce good end-user behaviors. Various reinforcement tools help keep the message fresh throughout the year. This can be a true turnkey solution to solve your end-user awareness challenges.

Award-Winning Course Samples:

Security Awareness with Privacy Principles – Our most popular course. Basic security awareness training for all employees, on a variety of topics, with a splash of privacy. This is a good overall data protection course that teaches how to identify PII (Personally Identifiable Information) and models best-practice security behaviors. A solid foundation for any security or privacy awareness program. This course has won several awards for learning excellence.

Security Awareness – The course that provides the foundation for communicating critical security principles to your employee population. The course builds awareness of security policies and procedures by using a stimulating and creative approach that engages and challenges the learner. Realistic examples are presented that add relevance for learners from different departments and levels within the organization. The objective is to create informed end-users who make better data protection decisions and lower risk.

Responsible Social Networking – Improper social media usage is one of the greatest risks facing organizations this year. Your employees must understand these risks and act responsibly when using social media sites. Many organizations are upgrading their current awareness offerings with content on the proper use of social media. This 20-minute course defines the risks and consequences of social networking and provides guidance to help employees use social media responsibly. This course has won many awards for learning excellence.

Safe Remote and Mobile Computing – Educating employees on safe remote and mobile computing practices is critical for information security and maintaining a trustworthy reputation with customers. Remote and mobile users face much greater risks than those behind your firewall. This course defines the risks of remote and mobile computing as well as the best practices employees should take when working at home, in transit, or away from the office. The course has won many awards, including “Best of Show” from the Society of Technical Communications.

Privacy Basics – This course id for those that need a stand-alone or complementary privacy training solution. It covers the critical training needed to make every employee an active and informed partner in protecting Personally Identifiable Information (PII). Good data protection practices strengthen consumer and employee trust in your organization. The course builds privacy awareness by using a stimulating and creative instructional approach that engages the learner and uses realistic examples to add relevance to the training materials.

Complying with Massachusetts’ Data Security Laws - Organizations doing business with MA residents must offer ongoing employee training as part of their overall information security program to be in compliance with Massachusetts Regulation 201 CMR 17.00: M.G.L. c. 93H. This includes training on the proper use of computer security systems (17.04.8) and the importance of protecting personal information (17.03.2.B.1). This course is specifically designed to help you meet these regulations and to assist you in attaining overall compliance in your training efforts.

PCI Awareness – Organizations must offer awareness training as part of their overall PCI program to be in full compliance with the PCI DSS requirements (Req. 12.6.1.a). This course will help them meet this need and educate employees on how to effectively safeguard and protect payment card information. This is the “big box” retail version. This course can be tailored to a variety of industries.

Identity Theft “Red Flags” Awareness - To be in compliance with the recent federal Identity Theft Red Flags Ruling, organizations must offer annual awareness training as part of their overall compliance program. This course will help educated staff members to become fluent on identifying the “Red Flags” used to spot possible fraudulent activities.

Medical Red Flags Awareness (clinical version) – The government recently enacted the “Medical Red Flags Rule”, which requires health care organizations to train the appropriate personnel on how to detect identity theft warning signs—or “Medical Red Flags”. This training course will help organizations comply with this rule and provide the training that both clinical and non-clinical employees need to identity and respond to medical identify theft threats.

Complying with HIPAA for Business Associates - This course helps business associates

comply with the general HIPAA training requirements, including those contained in the recent ARRA HITECH act. The course explains the importance of HIPAA, outlines the legal requirements related to protecting PHI, and specifies best practices for the handling of such information. With this award-winning course, you can quickly and easily bring individuals up-to-speed on the new ARRA HITECH regulations and fully document your organization’s HIPAA training activities.

Complying with HIPAA for Covered Entities - This course helps individuals within your organization refresh their knowledge and comply with the general HIPAA training requirements, including those contained in the recent ARRA HITECH act. The course explains the importance of HIPAA, outlines the legal requirements related to protecting PHI, and specifies best practices for the handling of such information. With this award-winning course, you can quickly and easily bring individuals up-to-speed on the new ARRA HITECH regulations and fully document your organization’s HIPAA training activities.

PNWRainmakers’ website: www.pnwrainmakers.com/partners.php

NRF

First blog of the year, so here goes.

I had the pleasure of attending the National Retail Federation 100 year Anniversary trade show in New York City last week. It was a real eye opener in the fact that it was the best attended in years. I think the fact that the FMI show has vaporized has forced Retailers to pick a show and NRF is the last one standing.

A couple of trends really jumped out at me. First, the plethora of mobility solutions was evident. Many of the big players, SAP, Oracle, JDA, put a mobility spin on many aspects of their solutions. Much of it was me-too, but still it was distinctly present.

The second trend was around digital signage, it was everywhere. There were several hardware solutions, but more importantly there was software to manage instore and external signage options. I believe this is a significant trend in that retailers continue to look for ways to influence shoppers in-store and increase the self service options. Not sure shoppers are buying in, but most digital signage is paid for by ad dollars, so more in your face advertising.

Happy Holidays

Shout out to all our friends and family for your support and friendship over the last year. The holiday season often allows one to reflect on the good things in life and why you should be thankful. Here at the Pacific Northwest Rainmakers, we take a lot of pride in the work we have done for our exceptional clients this year. Our clients are the class of their prospective industries and truly deserve the success they have gained. To my partners, hats off on a brilliant job of "doing the right thing". I know that sounds trite, but often in our business you can make a lot of money by not doing the right thing. Finally, to my family, a loving thanks for all the support in starting a new venture that has been time challenging to the rest of my family priorities.

Merry Christmas, Happy Hannakuh, Great Festivus, Happy Kwanzaa, and Happy New Year.