Cyber Monday: Don’t forget risk, compliance, and more

Welcome to Cyber Monday, e-commerce’s answer to holiday brick-and-mortar shopping. All over the world, laptops will light up, and browsers will point to online retailers for their amazing deals. Have you got that retail therapy out of your system now? Monday is also a traditional workday across the world.

So, whether you work in HR, accounting, marketing, or any company department, now would be a suitable time to get some work-oriented, holiday-timed messages out to your employees.

Think before you gift

The holiday season is filled with gift-giving. That’s great with family members but potentially problematic when it’s vendors, customers, and partners. It’s perfectly natural to be thankful and appreciative, but wonderfully wise to revisit the company policy on corporate gift-giving. There are limits and restrictions listed in the policy manual.

As we learned during Fraud Week, small companies are notorious for not having controls and policies to govern employee behavior. With big companies, many of them customers of SAI360, the issue surfaces when employees ignore a particular policy. 4th quarter is the time to issue assessments and provide employees with additional training.

Wondering who’s naughty and nice

What if you could check a list and know who is nice and who is a cybercriminal? Cyber Monday is a stark reminder of how digital our world has become. Every organization struggles with IT risk and cybersecurity; the weakest link is employees. It’s human nature to click on a link, expecting a good result instead of an evil one that leads to ransomware.

Whaling, a targeted phishing attack aimed at senior executives, is far too common in business today. An email masquerading as trusted partners is scammers’ ticket for stealing credentials and bank accounts. Another black hat trick is the gift card scam. The scammer scours the Internet for names and emails. They then spoof or hack into their supervisor’s email and send an email to the lower employee, asking them to buy gift cards. Because it’s an email coming from a manager or an executive, the employee does it. Again, the key is training so that employees know what to look out for, and how to respond if something suspicious appears in their in-box.

It’s not just cybersecurity that is a worldwide concern. Digital is a front burner issue globally as well. Proposed regulations like the Digital Operational Resilience Act (DORA) are designed to ensure the financial system has safeguards in place. Other regulations such as the German Supply Chain Due Diligence Act make companies responsible for the bad behavior of their suppliers.

Compliance requirements, along with a reminder of non-compliance fines, are a business priority. Are you using a platform to help with compliance or still managing with a spreadsheet that feels like a lump of coal?

Think global. Act local

Environmental, social, and governance (ESG) is the maxim in business today. Every company is focused on lowering carbon emissions and working to reduce its impact on the environment. SAI360 is actively involved in helping organizations collect data for ESG reporting requirements. We are the only cloud-first integrated risk management platform with a full suite of capabilities across GRC, ethics, and compliance learning. And we do this globally, from Perth to Paris to Poughkeepsie.

One of the leading voices in GRC and ESG today, Michael Rasmussen put it this way:

At the end of the day, “ESG is about integrity.”

Play it safe during the holidays

Overeating or drinking too much during the holidays often happens. Winter driving is no picnic, with snow or ice creating slippery conditions. The key is to limit risk and play it safe.

Doubling down on safety in the workplace is also key to limiting risk. Access to the right data can provide insights that can help lower accident rates. Safety scores that aggregate leading and lagging indicators into a single metric help simplify the analysis. Having this score across locations lets you compare safety performance relative to location and glean insights on addressing problems like a recurring injury for a particular workplace activity.

That’s four ways to think about Cyber Monday on a workday. First, controls and policies help organizations fly straight, so they can focus on goals instead of cleaning up messes. Second, cybersecurity is always top of mind and takes training and constant investments in tech and resources. Third, the world is smaller, so we must take care of our blue planet. ESG goals, data, and ratings are key to quantifying and addressing the problems of climate change. Finally, risk management and safety go hand in hand, equipping employees to do their jobs and go home safely.