4 Data Security Essentials You Need to Know

We talk a lot about data security. We do it partly because it’s a top compliance priority for companies. But we also want to make sure we inform professionals like you about legal updates and trends, because that’s what we do and we should all be a little literate in the essential things in life. Data security is one of those essentials.

  1. What is Data Security?

Data security, also known as cybersecurity, means “measures taken to protect a computer or computer system (as on the Internet) against unauthorized access or attack.” Password protecting our laptops and work phones are examples of data security. People and businesses do this on a larger scale to protect sensitive personal and business information from being leaked.

  1. What’s the Difference Between a Cyberattack and Data Breach?

A cyberattack is intentional, unauthorized access. “Sophisticated cyber actors and nation-states exploit vulnerabilities to steal information and money and are developing capabilities to disrupt, destroy, or threaten the delivery of essential services,” according to the Department of Homeland Security. It sounds scary because it is. The ‘Internet of Things’ cyberattack shut down parts of the internet (imagine if all the highways in California shut down at the same time) while technology company Yahoo had 500 million accounts stolen. Both were intentional.

In contrast, a data breach is unauthorized access of protected data, regardless of someone’s intent. For example, an employee who uses an unsecured home computer to access confidential company information, a form of shadow IT, can cause a data breach. Some call this insider negligence, which the Ponemon Institute found was the leading cause of data loss and theft in 2015. Phishing scams, spoof emails that trick people in granting system access to strangers, “has continued to trend upward” according to the Verizon 2016 Data Breach Investigations Report.

The important thing to understand is that an honest mistake can be just as serious as a cyberattack because both leak sensitive data to people who shouldn’t have it.

  1. Which Laws Govern Data Security?

A lot of laws govern data security, and the laws that apply to you depend on where your company is located, its industry, and what kind of data it handles.

Almost all states and most industries have their own data security laws. For example, if you’re a financial institution in New York, you must abide by the federal Gramm-Leach-Bliley Act and soon abide by the state’s cybersecurity regulation. Internationally, the EU Privacy Shield and the General Data Protection Regulation (GDPR), loom large for global businesses in their aims to protect EU citizen data.

All companies have to ensure they’re being honest about how well they protect data –the Federal Trade Commission has busted businesses for “unfair practices” under federal law after failing to protect data. Given this confusing patchwork, it’s best to focus on best practices that you can employ.

  1. What’s My Responsibility?

To be vigilant. Our actions are no longer singular; they impact our employers, customers, and each other. Being vigilant means educating ourselves, such as understanding the latest cybersecurity risks and actually reading our employer’s cybersecurity policy. It also means doing our part to protect someone else’s private information. For more information, you can read our white paper on what makes effective data security training.

LawRoom (powered by EverFi) delivers online compliance courses to help your business meet compliance requirements both dynamically and scalably. In addition to our award-winning online courses, LawRoom delivers a robust, cloud-based learning management system to help you easily deploy and track our growing library of ethics, anti-harassment, data security and employee conduct courses.

Tom Davidson

Why an Entrepreneurial Mindset Matters: The Power of Teaching Innovation and Entrepreneurial Thinking

In 2012, President Obama declared that November is National Entrepreneurship Month, “a time when we celebrate the remarkable and everyday success of our entrepreneurs and innovators, and we reaffirm our commitment to ensuring our economy remains the engine and the envy of the world.”

This month’s celebration goes beyond those individuals who have started successful companies. It extends to those who embrace the entrepreneurial mindset that helps even the most established companies grow and thrive. A recent Accenture study revealed that more than 90% of executives believe long-term success of their organization’s strategy depends on their ability to develop new ideas. Simultaneously, one in three employers say they are looking for entrepreneurial experience, underscoring the need for youth who are equipped to recognize opportunity, take initiative, and innovate in the face of challenges. However, a survey conducted by EverFi found that fewer than half of students feel prepared to identify a business opportunity or recognize the characteristics that make an entrepreneur.

Historically, entrepreneurship has been thought of as a cut-and-dried skill that a person has or doesn’t have. But EverFi and the Network for Teaching Entrepreneurship (NFTE) believe that teaching an entrepreneurial mindset is possible.

Power of Teaching Innovation in Schools

In 2014, EverFi partnered with NFTE to create Venture, a 3-4 hour web-based course that equips students with basic business and entrepreneurial skills. Students build their own simulated food truck business and learn how to assess risk, see opportunities, and develop a business idea. Along the way, they’ll be introduced to entrepreneurs to get real-life perspective. The course is implemented on a co-curricular basis in classrooms across the country, empowering them to find their inner entrepreneur as part of the school day. Data collected from students who completed the Venture program revealed a 40% increase in students feeling prepared with the skills to think and act like an entrepreneur after participating in the program.

“In today’s innovation economy, the entrepreneurial mindset is more important than ever no matter the path a student chooses in life,” noted Dan Delany, NFTE’s Chief Strategy Officer. “NFTE Venture is a great program that helps thousands of students to start their entrepreneurial journey.”

Founded in 1987, NFTE’s mission is to inspire young people from low-income areas to stay in school, to recognize business opportunities, and to plan for successful futures. NFTE has worked with more than 700,000 students in programs across the U.S. and around the world. Evaluation of NFTE’s intensive classroom programs finds meaningful growth in students on opportunity recognition, critical thinking, problem solving and future orientation. Over 90% of students in NFTE programs feel that the program gives them skills that will help them succeed in school and life.

social_media_image_post

Throughout National Entrepreneurship Month, EverFi will be posting stories like these about the impact of entrepreneurship education under the hashtag #NEM2016.

If you’re interested in learning more about NFTE Venture, contact Jim@everfi.com

Hallmarks of Effective Compliance and Ethics Programs

The enactment of the Foreign Corrupt Practices Act (FCPA) in 1977, the Federal Sentencing Guidelines for Organizations (FSGO) in 1991, the Sarbanes–Oxley Act of 2002, and the 2010 Dodd-Frank Wall Street Reform and Consumer Protection Act all contributed to the perception that a code of ethics is solely a legal compliance and risk management tool. However, organizations that want more than check-the-box compliance know that compliance and ethics programs need to effectively promote a culture of honesty and integrity. This post will explain the “hallmarks” of effective compliance and ethics programs as set forth in the U.S. Securities and Exchange Commission’s (SEC) and U.S. Department of Justice’s (DOJ) FCPA Resource Guide.

Critical Components of a Code of Ethics

The FSGO made clear that a code of ethics must focus on changing behavior to create a culture in which individuals think and act according to the organization’s values. Specifically, to receive credit in sentencing, an organization’s ethics program must:

  •         include a code of conduct
  •         include a risk assessment process
  •         be promoted and enforced consistently throughout the organization
  •         provide appropriate incentives for compliance
  •         provide helplines for reporting suspected misconduct
  •         provide training on the program’s requirements
    .

When the SEC and DOJ review compliance and ethics programs, they are looking to answer these three questions:

  •         Is it well designed?
  •         Is it applied in good faith?
  •         Does it work?
    .

The SEC and DOJ’s guidance explains what it takes to meet these requirements, which we’ll summarize below.

How to Meet the SEC and DOJ’s Requirements

Well-Designed Ethics and Compliance Programs

As the FCPA Resource Guide points out, an organization’s compliance program needs to address its specific needs, risks, and challenges. In addition, the most effective codes are clear, concise, and accessible to all employees, agents, and consultants.

Periodic reviews are also important to make sure that the code of conduct addresses an organization’s changing needs and risk assessment. This approach allows resources to be focused on high-risk areas, increasing the effectiveness of the program and its compliance, since the “DOJ and SEC take into account whether and to what degree a company analyzes and addresses the particular risks it faces.”

For example, employee surveys have been used to measure an organization’s compliance and ethics culture and to identify new risks. As business needs and legal requirements change, so should compliance and ethics programs.

Training and Continuing Advice

Creating and maintaining an ethical culture requires a sustainable effort. Periodic training for all directors, officers, relevant employees, agents, and business partners should cover policies and procedures and applicable laws, as well as provide case studies to practice skills in real-life situations. Ethics training should be delivered to all levels of the organization in a manner and in the language that is appropriate for the targeted audience.

Resources also need to be available for individuals at all times, so they can seek advice when faced with difficult or unique decisions.

Incentives and Rewards

Stephen Cutler, former Director of the Enforcement Division of the U.S. Securities and Exchange Commission (SEC), said this about rewarding individuals for doing the right thing:

[M]ake integrity, ethics and compliance part of the promotion, compensation and evaluation processes as well. For at the end of the day, the most effective way to communicate that “doing the right thing” is a priority, is to reward it.

The SEC and DOJ warn that no one should be deemed above or below compliance, and that organizations should instead reward lawful and ethical behavior with financial or career advancement incentives.

Applied in Good Faith

Research shows that procedural fairness through objective and consistent application of an organization’s code of ethics encourages employees to act ethically and comply with the rules. When an organization enforces its code of ethics in a fair manner, employees trust the organization’s commitment to its values. This encourages compliance with the organization’s policies and is significantly more effective than punishing ethics violations.

Encouraging reports of suspected misconduct is important to show an organization’s commitment to preventing unethical behavior. A previous blog post discusses how employers benefit when they encourage early reporting by internal whistleblowers.

Ethical Leadership

We’ve also written about effect of ethical leadership on employees’ perception of their leaders’ personal character. Leaders’ deeds speak much louder than their words and have a significant effect on promoting a culture of honesty and integrity. For example, companies that self-reported to the SEC that their employees bribed foreign officials avoided steeper fines and harsher scrutiny, but they also earned their employees’ confidence that the organization acts on its values and does the right thing.

As Stephen Cutler put it, “Setting the right tone means letting employees know that no one at the company is above the law; that no matter how important or how senior, someone who has violated an ethical standard will be punished.”

In 2009, the National Business Ethics Survey: Ethics in the Recession found “[e]thical culture is the single biggest factor determining the amount of misconduct that will take place in a business.”

In 2013, the National Business Ethics Survey found that misconduct was down, with the percentage of workers reporting that they observed misconduct on the job falling to an all-time low of 41%. However, workers surveyed also reported that 60% of misconduct involved individuals in supervisory up to top management roles, and that retaliation against workers reporting misconduct is still a widespread problem. Much work remains to be done to build a strong ethical culture and reduce the risk of misconduct.

LawRoom (powered by EverFi) delivers online compliance courses to help your business meet compliance requirements both dynamically and scalably. In addition to our award-winning online courses, LawRoom delivers a robust, cloud-based learning management system to help you easily deploy and track our growing library of ethics, anti-harassment, data security and employee conduct courses.

TEACHER SPOTLIGHT: Sean Bradley

We recently sat down with Sean Bradley, a teacher at W. Erskine Johnston P.S. in Kanata, Ontario, to hear more about how he uses Hockey Scholar with students. This is part of our Teacher Spotlight series.
teacher-spotlight

Sean Bradley

How do you use EverFi’s courses in your classroom?

I have my students work at their own pace to complete the modules. Due to the high level of student engagement, and with all of the earphones being used, you can hear a pin drop at any given moment. We use the topics covered in the lessons to springboard into other discussions of how Mathematics and Science are related to the NHL and the real world. This has provided material for rich and relevant teachable moments and for the class to draw connections across the curriculum.

We recently watched the streaming of the Future Goals Showcase, EverFi’s virtual educational field that kicked off the World Cup of Hockey on September 14, 2016 (video here). Everyone became very excited and watched many of the games, especially the final game when Canada won the cup! This opportunity was a wonderful way to establish a community of learners and to positively start a brand new year.

What do you like best about the program?

The videos in Hockey Scholar are fantastic. In addition, the interactive game that follows allows the students to practice what they have learned in fun and authentic ways. Lastly, the multiple choice quiz checks to see if they have mastered the skill or not. I especially like the fact that they can go back and redo the module to improve their score and get a minimum of 70%, which is needed in order to ‘win’ the Stanley Cup! This offers the student an opportunity to learn from his or her mistakes and demonstrate persistence, and to take responsibility for his or her own learning. The students who completed the whole program were very excited when they received a certificate in the end, which provided them with the satisfaction of accomplishment.

I am always trying to tie in “real world” applications into my Math and Science classes. There is no better way to do it than with my favourite sport – hockey!

What impact has this course had on your students?

I think that the courses impacted my students in different ways. Many of the students were already familiar with the sport of hockey, whether they played on a team or watched the sport on TV, but I don’t think they had ever given any thought to the extent that Science and Math are used in the NHL. I don’t think that they will ever look at the game in the same way again!

For the students who were not as familiar with hockey, this provided an opportunity to learn about the sport while engaging in worthwhile math and science activities. I believe that some new Senator fans emerged after learning about the sport.

I always ask my students at the end of the year to share some of their favourite moments of grade 6. Time and again, the Future Goals program came up as their favourite activity of the year.

What best practices would you share with other teachers?

  • Love what you’re doing! If you show that you are enthusiastic about a topic, the students will likely respond positively to what you are teaching. It never hurts to show that you have a sense of humour, too.
  • If you can get them engaged and focused on what they are learning, you will have them hooked. This can be best accomplished with activity based lessons and more of a constructivist approach, rather than the students sitting and listening to the teacher lecturing – they become active participants in their own learning!
  • Make it “real”! Students shouldn’t have to ask, ”Why do I ever have to know this?” Providing opportunities for authentic learning experiences is an invaluable practice in the classroom. It provides the students with a keen sense of purpose for the learning activity, and highly motivates them by making connections to their real lives and the world around them.
  • We need to realize that it is okay to share the teaching with online work. As technology becomes more available in the classroom, it is important to utilize these tools in connection with face-to-face discussions. In other words, the students are not supposed to just log on the computer and the teacher just sits back and hopes that learning is happening. I’ve found you must plan thoughtful discussions that complement the online experience, and instigate peer to peer conversations using accountable talk and building on each other’s discoveries and ideas. I feel that the integration of these two learning tools together is key!

Do you have any advice for other teachers considering using Hockey Scholar?

Don’t hesitate to adopt EverFi. Do it for sure! After completing the course for the first time last year, the course has now become a staple in my Math and Science classes and will be for years to come. Think of yourself as essentially the ‘coach’, shaping their skill development, guiding them to be their best, and assisting the students in reaching their future goals.

Thanks for taking the time to talk with us, Sean!

Thank you to the NHL, NHLPA and EverFi for the time and effort that went into producing such a worthwhile and engaging STEM educational program!

Tips for Sharing Financial Education

3 Tips for Sharing Financial Education Over the Holidays

With all of the shopping, celebrations, and travel that accompany the holiday season, managing finances can be a concern for many people.  According to the National Retail Federation, the average person spends over $800 during the holidays, and that amount is forecasted to increase in 2016.

EverFi is here to help you educate and empower your customers, members and employees to take control of their spending habits and protect themselves from the heightened risk of consumer fraud that can take place during times of heavy spending.  Check out our tips below to get started on building out your holiday communication plan.

Tip 1: Start Planning

Building out a marketing and communication plan to support your program makes a significant difference in driving usage and engagement.  Think about ways you can share the financial education you have invested in with your customers and members before the end of the year.  EverFi is pleased to offer our partners a FREE Marketing Toolkit as part of your subscription. We hope you will use these resources to inspire new ideas and help you maximize the impact of your program.

Tip 2: Go Wide

Leverage all existing channels – including your website, email, newsletters and social media – to drive awareness of your financial education program.  Your marketing partners will likely be thrilled to have some new and interesting content to add to their communications.

Tip 3: Be Timely

Focus your communications around seasonally relevant content. Below are some ideas to get you started, simply click on each topic name to access our associated marketing toolkit resources. If you don’t currently feature one of these topics in your program, contact EverFi and we’ll work with you to come up with an alternate idea.
  • Credit Cards: 38.1% of all U.S. households2 own some sort of credit card debt, totaling more than $929 billion in total revolving debt across the country.  Learn more about the differences between credit and debit cards, varying payment terms, and how to choose and use credit cards responsibly.
  • Identity Protection: Consumer fraud is more common than you may think.  According to Business Wire, more than $15 billion was stolen from 13.1 million U.S. consumers in 2015 alone.  Don’t let yourself be the next victim!  Learn more about how to keep your personal and financial information secure and be aware of potential scams.
  • Mobile Payments: According to a recent study conducted on behalf of The Pew Charitable Trusts, 46% of U.S. consumers have made a mobile payment at least once.4 Do you know the benefits and risks of making payments with your mobile device?

Remember, each of our topics are specifically designed to accommodate today’s busy adult.  They are mobile and tablet accessible, available in both English and Spanish, and only 2-7 minutes in length.  Many courses also feature Action Plans with budgeting and planning tools to reinforce positive behavior and help users take positive steps toward better financial health.

Happy planning, and please reach out to us with any questions at info@everfi.com.

 

Sources:

  1. National Retail Federation
  2. Value Penguin
  3. Javelin Strategy and Research
  4. The PEW Charitable Trusts