HR Strategies, LLC
Monthly Strategies
Cyber Monday Risks Exposed

By SHRM Online staff
The biggest online shopping day of the year is
traditionally the Monday after the Thanksgiving
holiday (aka Cyber Monday). Employees may be
stalking the best buys on the Net this Dec. 2, but
beware: It’s also prime hunting ground for cyber
thieves.
Companies need to be watchful as employees use
their work computers to take advantage of enticing
online deals, or to open holiday greetings and
videos, because a simple click of the mouse may
introduce security risks to a business’s networks.
In fact, 64 percent of organizations see significant
increases in cyberattacks on Cyber Monday, and
only 23 percent of those attacks can be quickly
detected and remedied, according to a study
published in October 2013 by RSA and the
Ponemon Institute LLC. RSA is a provider of
intelligence-driven security solutions; Ponemon
conducts studies on critical issues affecting the
management and security of sensitive information
about people and organizations.
One hour of downtime caused by a cyberattack
could mean an average loss of almost $500,000, not
counting brand damage and loss of customer
loyalty. Unfortunately, precautions are often
ignored. Nearly 70 percent of organizations do not
take additional steps in anticipation of increased
attacks, the survey found.
The findings are based on a survey Ponemon
conducted in August 2013 with 1,161 experienced
IT practitioners in the United States and the United
Kingdom. The majority of respondents have full or
partial responsibility for the security of their
organization’s websites.
SolarWinds, a provider of IT management software,
suggests the following best practices to lessen the
security risks from Cyber Monday:


Volume 10, Issue 12
December 1, 2013
Fortify firewalls. Firewalls accumulate an evergrowing list of redundant rules and objects,
along with conflicting rules and unused rules.
Make sure firewall rules are up-to-date.
*Perfect patches. Organizations are prime
targets if they are not current on their patches or
if they don’t have a full account of all the
applications that end users have installed.
Reduce malware exploitations from cleverly
disguised holiday-deal scams by keeping
patches up-to-date.
Monitor internal traffic. Identify where users are
chasing shopping deals by continuously
monitoring user workstation activity and
behavior. With a proxy server, businesses can
block certain sites. Remember, if you allow it,
monitor it. If you don’t allow it, make sure it’s
blocked.
Be on top of bandwidth. An increased spike and
concentration of people using the Internet to
browse holiday deals online will likely affect
network bandwidth. Don’t lose sight of
attackers who may strike while you’re focused
on keeping your network up and running.
Monitor network bandwidth and traffic, and
take appropriate action by pinpointing users
who are abusing privileges.
Benefits and Risks of CompanySponsored Social Functions
Office parties and company-sponsored social
functions can be great morale boosters for a
company. These functions give employees in
different departments and at different levels in an
organization a chance to become better acquainted
in a low pressure setting. Office parties can be a
good opportunity to celebrate companywide success
and boost employee morale. Unfortunately, there
are also some significant risks associated with
sponsoring social functions, particularly those
where alcohol is served.
Page 2
Employers that choose to sponsor social events
should be aware of the problems that can arise, and
take certain precautions. Most of the time, a party or
picnic will go without a hitch, but any social event
brings the possibility, however slim, for personal
injuries, third party injuries, and sexual harassment.
Monthly Strategies
not provide liquor purchased with company
funds.
•
Hire a professional bartender who will refrain
from drinking during the party, serve only
measured shots, and cut off individuals who
over-indulge: be specific with the bartender as
to how long the bar is to stay open. Consider
closing the bar early in the evening. Many
employers make an open or cash bar available
for a "cocktail hour" at the beginning of a party
but close the bar later (for example, once dinner
is served, the buffet opens, etc.). This allows
time for employees who may have overindulged to regain their sobriety before driving
home.
•
Make sure nonalcoholic drinks are available,
and serve meals or snacks; high-protein foods,
especially, help slow down alcohol absorption.
•
Have at least one (and preferably more than
one) responsible employee agree to abstain from
alcohol so he or she can keep an eye on guests
and make sure that intoxicated employees do
not drive. . . Arrange for certain non-drinking
employees, taxis, or limousine drivers to take
home those who are unfit to drive themselves.
•
Have a clear policy stating that over
consumption of alcohol at company social
events is not acceptable, and be sure the policy
is effectively communicated to employees.
Also, a company-sponsored party may be subject to
claims under both workers' compensation and
general liability insurance.
Serving Alcohol
Recent court rulings in many states have held that
persons (including employers) who serve liquor
may be held liable for injuries to guests or third
parties as a result of accidents caused by
intoxication. Jury verdicts in these cases can range
into the millions of dollars, particularly in situations
where a drunken employee causes fatal injuries to a
third party on the way home from a company
function.
Practical Tips for Serving Alcohol at Sponsored
Social Functions
If your company plans to host or permit a social
function at which alcohol will be served, following
these practices may help you to ensure that the
event remains safe for all concerned and liabilityfree for you.
•
Move the party off-premises to a club or
restaurant, and hold it during nonworking hours.
•
Do not conduct company business at the party even handing out turkeys or company bonus
checks or presenting speeches by top
management could be interpreted as company
business.
•
Do not require attendance, or even recommend
that employees attend: make it strictly and
absolutely voluntary.
•
Have the party managed and planned either by
the employee association or as a joint effort of
management and some informal grouping of
responsible employees.
•
Charge admission as a way to control
attendance, permit better planning, and share the
cost. (The admission charge might entitle each
person to a maximum of two drink tickets.) Do
Reminder it’s AAP Time
A discount is available to those organizations that
submit their AAP data to HR Strategies for
processing during the month of January. Employers
should be tracking their employee’s information,
applicants, hires, promotions, and terminations in
preparation for conducting their 2014 Affirmative
Action Plan. 2014 plans should be submitted to the
DOL during the first quarter of 2014.
If your organization would like to learn more about the
items in this newsletter, please feel free to contact Tricia
Clendening at 302.376.8595 (office) or 302.373.1784
(cell) or Tricia@hrstrategies.org. Please contact us if
you would like to be removed from our Monthly
Strategies mailing list or if you would like for us to add
someone to our mailing list.