Manage Pressing Risks with

A one-stop hub for practical, timely and actionable insights, tools and training that may save thousands of dollars by minimizing potential loss exposures, human resources expenses, training costs, and attorney fees.

Stay on top of current workplace issues, legislation, and employment trends with:
  • Articles, News Briefs, and Checklists
  • Interactive Training Modules
  • Model Handbook with 100+ Template HR Policies, Procedures, and forms

Today's Workplace

White Hat Hacker And Other Security Tips To Protect Your And Your Employees' Data

Although no system is impenetrable, you can mitigate your losses with help from a former cybercriminal. Learn why.

Continue Reading

Risk Assessments Necessary To Address Cyber Vulnerabilities

IT security experts discuss motivations and methods behind cybercrime. Understanding the risk specific to your organization is an important element in building your defenses.

Continue Reading

Does The "Metaverse" Present More Or Less Data And Other Risks

Organizations are scrambling to join the metaverse, and cybersecurity analysts suggest that in doing so, they may be opening up for more cyberattacks. Learn about the risk.

Continue Reading

Risk Assessments Necessary To Address Cyber Vulnerabilities

In order to best protect your network from a cyberattack, it is important to understand the "why" and "how" behind cybercrime.

A primary goal of a cybercriminal is financial gain, but it is not the only motivation. Nation-state attackers seek to disrupt foreign infrastructure or economic activity, while a hacktivist's attack objective is to disrupt the activities of an organization they believe is in opposition to their agenda.

Cybercriminals also breach networks to use them as crypto mining resources or to steal an organization's intellectual property.

Although motivations may differ, most attacks follow the same process. Attackers research their targets and use open-source intelligence tools (OSINT) to gather information about the organization. By weaponizing phishing emails or websites that employees often utilize, or taking advantage of a known software vulnerability, hackers can infiltrate a network and install malware that avoids detection and gains control of the system.

The foundation of an effective defense against cyberattack is to foster a workplace culture of cybersecurity. This commitment to supporting cybersecurity measures should involve employees at all levels, from top executives to front-line workers. Employees are an important line of defense, and should be trained on secure password practices and how to recognize and report suspicious email or network activity.

Be sure to conduct regular reviews of your cybersecurity risk, approaching it with the mind of an attacker. Run OSINT on your organization to gain an understanding of how attackers might target you. Also, keep up to date on identified software vulnerabilities, installing patches when needed. Stu Sjouwerman "What your organization looks like in the eyes of a cyber attacker" (Jan. 26, 2022).


The above source sheds light on what cybercriminals are looking for, and can help you identify who is your biggest threat and by what means you are the most vulnerable.

Your risk assessment should also identify the sensitive data you collect, as well as address every potential point of entry into your system, including phishing attacks, software vulnerabilities, third-party vendors, or malicious employees. Be sure to involve all upper management in your risk assessment process, not just IT staff, because they can provide awareness of risks and how they impact operations.

Utilize the results of your assessment to develop a response plan, and coordinate that plan across your organization. Be sure to test and evaluate your implemented procedures.

Conduct a regular review of your risk assessment to make certain it addresses current threats and vulnerabilities.

Finally, your opinion is important to us. Please complete the opinion survey: