Hackers bypass online security at 34 banks

Originally posted July 23, 2014 7:40 a.m. ET on http://www.marketwatch.com

Cybercriminals are sneaking past security protections to access online accounts across 34 banks in Switzerland, Sweden, Austria and Japan. And in doing so, experts say, the hackers are defeating what’s often touted as one of the more effective online security protocols.

The attack can get past two-factor authentication, which requires customers to type in a code sent to their cellphone or inbox to ensure the user is who he or she claims to be, by convincing customers to download a malicious smartphone app, according to a report released Tuesday by the security firm Trend Micro. The researchers dubbed the technique “Emmental” — like the Swiss cheese — because they say it shows the security flaws in online banking. So far, funds “in the seven figures” have been taken from bank accounts, according to Trend Micro spokesman Thomas Moore.

In typical form, the attack begins with realistic-looking phishing emails that install malware to give hackers control. Then the malware deletes itself, leaving no traces, and users are redirected to malicious servers when using banking websites. The website asks users to log in, and then install a special mobile app to receive the security code to log on. Instead of fostering more secure transactions, the app intercepts customer data.

Two-factor authentication, hailed as an essential second gatepost for online accounts, can sometimes prove to be an empty promise. Experts have found that the text messages that banks send customers can be intercepted, or in other cases, the hackers can scrape peoples’ screens to know the answers to extra security questions. Last month, PayPal said it was working to fix a flaw in its two-step authentication that virtually made the extra layer useless.

“This is a threat that’s going to migrate west,” says Tom Kellermann, Trend Micro’s chief cybersecurity officer, adding that European banking security is more stringent and “if this attack code is viable against those institutions, then it will be even more prevalent here in the U.S.”

The researchers said they found Russian slang in the app’s code, including the phrase “Obnilim rid,” which translates to “set to zero.” They also found connections originating from Romania, according to the report.

“This shows technical sophistication on par with the intelligence community,” Kellermann says.

Hackers put a bull's-eye on small business

Originally posted August 12, 2013 by Robert Strohmeyer on http://www.pcworld.com

When Pamela (not her real name) sat down at her desk one recent weekday morning, online security was the furthest thing from her mind. Sure, she had a basic knowledge of common-sense security practices. She wasn’t the type to use insecure passwords or download dubious content from the Web. As chief financial officer for a small Chicago-based manufacturing company, she regarded her PC as a no-nonsense work tool. Still, somewhere along the way, a little snippet of malware slipped onto her PC, and it would soon threaten her company’s survival.

According to Brian Yelm, CEO of Chicago tech services provider Technologyville, Pamela’s malware did one nefariously simple thing: It caused her browser to redirect all bank URLs to a set of phony sites that looked just like their legitimate counterparts—a technique called phishing. When Pamela logged in to the look-alike site, a message prompted her to call customer service about a problem with her company’s account. She dialed the number on the screen, and after a few simple questions from the agent on the line, every single penny in her company’s account disappeared. More than $300,000, gone in minutes.

Pamela and the company were lucky. They immediately discovered the missing funds and pulled out all the stops to recover the money from their bank. And with Technologyville’s help, they traced the IP addresses and phone calls back to a hacker group in Eastern Europe. Justice was served. The money was recovered. Pamela’s company survived.


Not every company that gets hacked is so lucky. According to the National Cyber Security Alliance, one in five small businesses falls victim to cybercrime each year. And of those, some 60 percent go out of business within six months after an attack.

Now let’s pause for a moment, and restate that another way: You’ve got a 20 percent chance of being hacked, and if it happens there’s a good chance your business is finished.

Of course, not every small business is equally likely to fall prey to cybercrime. Attackers don’t generally discriminate by company type, valuation, or any other characteristic of the business itself. Instead, they look for one thing: vulnerability.

“Most small business owners still don’t get security, don’t think it’s an issue, and are pretty defenseless,” says Neal O’Farrell of Think Security First, a security consultancy based in Walnut Creek, California. “They assume hackers would need to pick their business out of 27 million others, not realizing that the attacks are automated and focused on discovering vulnerabilities.”

Smaller companies are increasingly attractive targets for attackers, too. Symantec’s latest annual Internet Security Threat Report found that companies with fewer than 250 employees constituted a staggering 31 percent of targeted attacks in 2012—a massive jump from 18 percent the year before.

Why the huge increase? Smaller companies are simply easy pickings, and they don’t fight back like bigger companies.

“Small businesses represent low risk and little chance of exposure for thieves,” says O’Farrell. “They typically lack the monitoring, forensics, logs, audits, reviews, penetration testing, and other security defenses and warning systems that would alert them to a breach.”

And just because a company is small, that doesn’t mean it can’t net huge payoffs for attackers. Often, a breach against a small fry can yield useful data for attackers seeking to target bigger fish. So a series of easy attacks against more-vulnerable small businesses can ultimately enable a hacker to orchestrate a much bigger attack elsewhere, while uncovering plenty of valuable spoils—ranging from employee data and cloud logins to customer data and banking credentials—from the smaller players along the way.

No experience required

Meanwhile, finding victims has gotten easier for criminals. “The tools used by hackers and cybercriminals have become cheap and easy to acquire,” says JD Sherry, vice president of technology and solutions at security software maker Trend Micro.

Worse still, these hacking tools have become so easy to use that one need not necessarily be a bona-fide hacker to use them. Instead, with minimal input from the user, a hacking app can initiate a series of scripts to probe many thousands of IP addresses across the Web, seeking out open ports on endpoint PCs; planting spyware or Trojan horse software on websites using widespread weaknesses in technologies such as Java and Flash; or firing off thousands of phishing emails with the aim of getting a few people to click through and receive a small nugget of malware that will leave their PC vulnerable to further attacks.

Yelm concurs: “You don’t have to be very smart to do this.”

But small-business owners do need to be smart, and that starts with understanding that the security landscape has changed. Small companies can no longer rely on security through obscurity, because automated hacking tools from all over the world are constantly scouring the Internet for vulnerable machines. Meanwhile, every company of any size now has an overwhelming abundance of connected devices and cloud-based services that present a feast of opportunity for attackers.


Unsecured mobile devices—especially Android phones and tablets—used as BYOD (Bring Your Own Device) business equipment make it all too easy for a cybercriminal to slip malware onto a device and collect usernames and passwords for social networks, business networks, and even banking systems. Once a cybercriminal gets a single sales rep’s CRM login, he can wreak havoc with customer accounts.

According to the Ponemon Institute, which tracks data surrounding digital privacy and security, recovering from an attack on a customer database can cost an average of $194 for every compromised customer record. Those are just remediation costs, and that number doesn’t account for additional costs due to reputation damage, lawsuits, and lost business. No wonder so many small companies go bankrupt after an attack. If the hackers don’t siphon hundreds of thousands from your account, you may have to pay it out anyway just to fix the problems they cause.

What you can do

Safeguarding your company against security threats doesn’t necessarily mean hiring a full-time IT security pro for your small business. There are four simple steps any small company can take to protect against cyberattacks.

1. Use protection on every device: Regardless of the platform, use secure passwords and encryption on every device that touches your business, from phones and tablets to laptops and desktops. If the device supports third-party anti-malware apps like those from McAfee, Symantec, or Trend Micro, install one.

2. Run business-grade unified malware protection: Consumer antivirus apps aren’t sufficient to secure a business’s tech infrastructure. Business-class security suites offer multidevice protection that includes ensuring that all devices get regular updates and security patches. This is key, since 90 percent of attacks exploit outdated software bugs on unpatched computers.

3. Train your staff (and yourself) to practice good digital hygiene: Don’t use the same password on multiple accounts. Don’t follow links in email. Learn to spot phishing threats. Make sure everyone on your staff knows this stuff, and remind them often.

4. Get a security audit and heed its findings: One of Technologyville’s clients learned this lesson the hard way last year when its financial services website fell prey to a teenage hacker who exploited open ports on the site’s server to take control of the company’s online presence. The security consultants had identified those threats in an audit for the company a year earlier, yet the company chose not to act until it was way too late.

The unfortunate truth about digital security is that protecting your business from online threats isn’t a one-time expense or a set-it-and-forget-it solution. It’s an ongoing process and a necessary part of running any business that relies on data and the Internet for its survival. Your website, your desktop and laptop computers, your mobile phones, and all the online services you use to manage every aspect of your business are all potential entry points for an attack. And if you don’t protect them, or if you put security on the back burner as a future project, your company may not survive to get a second chance.



Handling "Bye" With "BYOD"

Originally posted by United Benefits Advisors, LLC (UBA)

BYOD stands for bring-your-own-device and it's a concept that's gaining in popularity among most major companies, especially those that allow telecommuting. Most employer policies on BYOD cover productivity and ensuring the employees are using the right laptops, tablets, smart phones and relevant software to perform necessary tasks.

Understandably, these same employees will use their devices for personal use as well as business use. By doing this, the employee opens up the possibility that corporate data may be inadvertently shared, or worse -- hacked. By having a solid BYOD policy in place, employers can better protect themselves not only while an employee is with the company, but also once an employee leaves the company.

According to an article on Workforce.com, many companies have not thoroughly determined how to recapture company information once an employee walks out the door for good. If the technology isn't already in place, then the risk of the data being unrecoverable is fairly high. Even worse is if a former employee still has access to the company's intranet and abuses that access. Employers need to have policies and technology in place with BYOD employees and then regular audits to ensure that these policies are being enforced in order to keep data and network access secure.

Access to sensitive data can be restricted in many ways depending on the level of security a company wants, but one thing that should definitely be considered is technology that can remotely "wipe" this data instantly in real time. This technology could even be set up so that it's triggered automatically if a device is lost or stolen. However, while wiping can delete company data, it can also delete personal data. Legally and politically this is a delicate situation and the BYOD policy should explicitly state how that will happen. One way to keep company and personal data separate is by use of partitioned sections. That way, only data within that area is deleted.

There is definitely a balance between what data an employee can have on his or her device and what is considered off limits. A good BYOD policy that is strictly enforced will go a long way in ensuring that sensitive and valuable company information is kept as secure and protected as possible.

Mobile Device HR Apps

Source: United Benefit Advisors (UBA)

Most people today have at least one -- if not more -- mobile devices. Smartphones, full-size tablets, mini tablets, "phablets" (smartphones that are usually larger in size and can do more functions than a typical phone), hand-held computers, and wearable technology are fully integrated into most people's lives. Desktops and even laptops are considered relics nowadays by the up-and-coming college graduates.

This is why more and more employees are utilizing human resource applications (HR apps) as their preferred way of accessing information.

For example, they can view:

  • Pay stubs
  • Tax statements
  • Time off requests
  • Attendance and time on the clock
  • Benefit information
  • Retirement accounts

Companies and their HR departments should begin providing apps as a new channel to satisfy the next generation of this wirelessly connected workforce. In addition to how employees benefit from these HR apps, employers also benefit by providing the latest human resource information quickly, efficiently, at any time and from any place. Furthermore, mobile applications are an easily scalable platform for any size business.

In a SHRM: Society for Human Resource Management article, the ability of employers to meet the expectations of members of the behavioral demographic known as "#GenMobile," will determine whether they can obtain and retain top talent. After all, the perception among this demographic is that if a company is not adopting the latest technology, then they're behind the times and will consequently be surpassed by companies that are more technologically advanced.

The article also shed light on the evolution of HR communications from face-to-face, to kiosks, desktops, laptops, and now to mobile devices. No matter the role of the staff member, from white-collar employee to construction worker, that person no longer needs to be tethered to a physical location in order to get relevant HR information.

Information Security Risk in American Business

Originally posted by http://www.strozfriedberg.com

Employees Believe Company and Information is at Risk

American businesses  need to fortify their  protections against information security threats. In a recent flash survey  of American office workers, Stroz Friedberg explored the state of information security in U.S. businesses.  The reality is rather bleak.

More  than  half  of  respondents gave  corporate America’s response to cyber threats a grade C or lower. Nearly  three-quarters of respondents expressed concerned that a hacker  could break  into  their employers’ computer networks and steal their  personal information.

Worst Offenders in High  Risk Electronic Behavior are Senior  Managers

But many  respondents also admitted to engaging in high-risk behaviors, such as uploading work files to their  personal email  and  cloud accounts, and  accidentally sending sensitive information to the wrong person.  Senior management—those who often have high levels of access to valuable company information—admitted to partaking in risky  behaviors most readily. Personal  technology preferences contributed to many  of the transgressions.

One bright spot  is the efficacy of company policy. Workers who  said they  did not  participate in high- risk behaviors cited strict company policy as the reason  why.

When  company information gets  into  the  wrong  hands—whether it’s due  to a careless  insider,  a malicious insider,  or a hacker—a business  can lose the trust of its customers, partners, and investors, as well  as its  competitive  advantages. Knowledge about real-life risks  in  the  workplace and  how companies are successfully managing high-risk behaviors can help business leaders better understand how  to protect their  firms.

Senior Managers are the worst information security offenders

  • 87% of Senior Managers regularly upload work files to a personal email or cloud account
  • 58% have accidentally sent the wrong person sensitive information (vs. only 25% of workers overall)
  • 51% have taken files with them after leaving a job - twice as many as office workers in general

Senior management generally has more access to valuable information than lower-ranking employees. All three behaviors increase the risk of proprietary information getting into the the wrong hands.

Personal tech preferences are increasing information security risks

  • Nearly 3/4 of office workers upload work files to a personal email or cloud account. Of those...
  • 37% (the majority) say it's because they prefer using their personal computer 
  • 14% say it's because it's too much work to bring their work laptops home

Office Workers Don't Know the Risks

  • 11% of workers who don't send work files through personal accounts are aware of company policies against doing so 
  • Only 37% received mobile device security training
  • 42% received information sharing training

With the proliferation of bring-your-own-devices (BYOD) in the workplace and the use of personal technologies for work, employees need more training and policies to keep information secure.

Employees are worried about the security of their personal information

  • 73% of all office workers are concerned a hacker could steal their personal information such as their Social Security number, birthday, or home address
  • Just 6% said they weren't concerned at all
  • 61% think that companies deserve a C grade or less for cyber security

Employees in general don't feel that their own sensitive information is safe in their company's network - which isn't surprising considering the overall lack of confidence in corporate America's ability to protect against cyber threats.

Senior Leadership Rate Themselves Poorly in Cyber Security

  • 45% say that they themselves are responsible for protecting companies against cyber attack
  • Yet, 52% of senior leadership give corporate America's response to cyber threats a grade C or lower. 

Fortunately for them, others think cyber security responsibilities fall elsewhere

  • 54% of lower-ranking employees say that it's IT's problem. 

The reality is, the responsibility for information security falls on everyone across an organization, but companies that do it most effectively have security ingrained in their culture,starting from the top.


This Stroz Friedberg report was conducted by KRC Research. Between the dates of October 28, 2013, and  November 4, 2013, KRC Research  administered  an online  survey  to 764  information workers in the  United States who  use a computer for their  jobs  and work for companies with more  than  20 employees. The proportion of respondents who  work for small, medium, and large  businesses  match those  of the U.S. Census Bureau  in order to produce a realistic picture of American business.

“Senior Managers” refer   to titles above Vice  President; “Managers”  refer   to Directors and  Vice Presidents; “others” incorporates all other workers fitting the methodology profile.

All results  are represented by percentages. Percentages may not  total 100% due to rounding.

Click Here To Download the Information Security Risk in American Business PDF.



Workplace Gamification Trends

Original content from United Benefit Advisors (UBA)

Monster Thinking notes: "With the rise of the mobile workforce and the plugged-in employee, how can human resource professionals keep employees engaged and productive? Many HR pros are looking to solve those problems by using innovative practices, such as gamification -- bringing game-like elements to non-game tasks -- to increase engagement and productivity among employees. Other HR areas in which gamification can be of help include training, communication, attracting and retaining top talent."

Feds add exchange employer site

Originally posted August 2, 2013 by Allison Bell on http://www.benefitspro.com

Three federal agencies have joined to set up a Patient Protection and Affordable Care Act website for small businesses.

Business.USA.gov/healthcare offers a "wizard," or interactive tool, that offers to help business owners understand what they need to know about the new PPACA insurance options in a few quick steps.

The Small Business Administration worked with the U.S. Department of Health and Human Services and the U.S. Treasury Department to set up the site.

The wizard starts by asking visitors about their companies' location and size.

On the size menu, for example, the wizard asks whether the user is self-employed with no employees, has fewer than 25 employees, has up to 50 employees, or has 50 or more employees.

The site includes an explanation of how an employer can determine whether it has 50 or more full-time or full-time equivalent employees.

Users who, say, might want to set up group health plans will see information about the new PPACA Small Business Health Options Program small-group exchange program.

In most states, in the pages of information for employers interested in setting up health plans, the SBA gives an answer to the question, "Can I use an agent or broker to buy health insurance in the marketplace?"

"You will be able to use a licensed agent or broker to provide help or handle your SHOP business," the SBA says. "You won't pay more if you use a SHOP agent or broker."

For users in Vermont, a state that is trying to eliminate small-group market broker commissions, the SBA makes no mention of agents and brokers.


Keep your laptop safe while using Wi-Fi hotspots

Originally posted August 01, 2013 by Loredana Botezatu http://www.net-security.org

The relaxing atmosphere of surfing at the beach makes it easy to forget about the sharks. Connecting to an unsecured network poses serious risks to your laptop and data. In a recent study, Bitdefender labs revealed 85% of people choose to connect to a free Wi-Fi, despite clear warnings that their data can be viewed and accessed by a third party.

Surfers can lose sensitive information to hackers in a bewildering variety of ways - especially if they access the Wi-Fi networks available in public locations:

  • Around you, others connect to the same network, and one of them might happen to have the proper tool to scan your laptop for vulnerable software and use it to plant backdoors or access login credentials if, for instance, they are sent unencrypted.
  • A mid-level techie can set up a network, give it a generic name such as “free Wi-Fi” or “Secure public Wi-Fi,” and monitor the traffic of all users that connect to his network in sniffing or man-in-the-middle attacks. They can read all data sent in that network.
  • Someone sniffing data packets can snatch session cookies to access your resources, including social networking, online banking and online shopping accounts during that open session. Imagine someone changing your status or uploading a photo on your behalf.
  • Accessing online banking and online payment websites or making e-shopping transactions through public Wi-Fi hotspots might be convenient, but cyber-criminals can still use a fake SSL certificate to circumvent a secure connection, have the user approve it and use it to sniff login data and such.

Best practices to protect your data while using a Wi-Fi connection:

1. Access only encrypted websites while on public hotspots. Make sure you type ‘https://’ before the URL of the website or look for the locked padlock that shows you are using a secure connection, meaning you are using encryption over a public Wi-Fi.

2. Ask an employee (bartender, hotel receptionist) for the exact name of the hotspot you intend to use so you don’t accidentally access a network set up by someone with a secret agenda. You can also ask the hotel receptionist if they use AES with their wireless network. But if you access over a wireless connection websites that are not using encryption, someone in the same network can still sniff data packets and see what you send in the network.

3. Make sure the Wi-Fi, or the automatic sharing options are switched off when you are not using them. With Wi-Fi automatically enabled, you risk having your laptop trying to connect to an unsecure network without you even realizing it.

4. Don’t check your account balance sheet or shop online on a public Wi-Fi. If you do, use a dedicated payment solution that helps you securely connect to your bank account or e-payment website from an unencrypted hotspot.

5. Password–protect and encrypt your device. In case someone steals or finds your device, make it harder to access information stored there. Also encrypt your data with dedicated software, or – if your device supports it – with the default encryption option. Use anti-theft programs to help track your device and lock or wipe your data from afar.

6. Install anti-virus software and keep it up-to-date. Installing an antivirus and a privacy security solution on your laptop is imperative. A good security solution with anti-malware, anti-spyware and anti-spam modules offers an effective shield against all kinds of threats. This will help you steer clear of fake security apps, worms, Trojans and viruses.

By keeping your OS and apps up-to-date, you give your system the most recent patches for all known vulnerabilities to protect you against the latest threats. Many pieces of malware target unpatched vulnerabilities. Once patched, they cannot harm your device or your data.

7. Turn off the laptop when you are not using it. You want to keep your laptop always on so you can access it the instant you need or want to, but this can be a bad practice. In case your system is infected with a botnet, the malware may continue to use your resources even when you are not using it.

8. Your firewall must be on at all times. The firewall is crucial for joining this kind of network. When surfing without a firewall, your PC is visible to others, along with your network shares you might have left open for friends at the office or for your family at home.


Technology: Hackers Take Aim at Manufacturing

Original article from http://www.industryweek.com

By Travis Hessman

With industrial attacks on the rise, manufacturers are learning that high-tech defense depends on one vital nontechnical tool: education.

"We are engaged in actual digital combat," explains Brad Hegrat, principal security advisor and manager of business risk at Rockwell Automation (IW 500/174). "It's no longer a matter of if you're going to be penetrated by some sort of advanced threat; it's more a matter of when."

The sky is falling.

map of global IP addresses

In April, the entire Internet – all 3.7 billion connected computers and devices in factories, pockets and offices around the world – was pinged by a single operator. Just for kicks.

That ping painted a global map of the Internet riddled with cyber-security holes and easy targets, highlighting about 310 million IPs open for attack.

In that map, there are about 114,000 vulnerable manufacturing control systems, about 13,000 of which can be accessed without inputting a single password.

The industrial world, it appears, is wide open for a cyber massacre.

Which may actually already be under way.

Industrial Attack

"We are engaged in actual digital combat," explains Brad Hegrat, principal security advisor and manager of business risk at Rockwell Automation (IW 500/174), which manufacturers the kind of control systems being targeted by these industrial hackers.

"It's no longer a matter of if you're going to be penetrated by some sort of advanced threat; it's more a matter of when," he says. "If a threat actor decides to focus on your environment, you will be penetrated. It's simply a fact."

Such attacks, Doug Wylie, Rockwell's director of product security risk management, highlights, hold some serious damage potential.

"Unlike some of the traditional IT-based systems that are focused more on protecting the communication and financial sides," there are some further reaching consequences that come with industrial control," he explains. "We're dealing with systems that are facilitating controls of critical infrastructures, oil and gas, water, food and beverage."

These applications, he says, demand a higher-level of attention than normal system security.

The focus of that attention, however, doesn't necessarily mean building the impenetrable high-tech fortress one would expect.

Rather, it seems to come down to a combination of robust technical protection measures with equally robust non-technical elements – that is, a well-trained, security-conscious workforce.

Loose Clicks...

"There is a huge push for tech. We like new equipment and new software; it makes us feel safe," Hegrat explains. "But one of the most important things that a customer can do is to make sure that they have the new technical elements up and running."

Believe it or not," he adds, "you can get more done with sound policy and procedure than with technology acquisitions alone."

Making that happen, however, requires a cultural shift in the industry, says Wylie.

"It comes down to education; education is the number one thing you can do," he says. "You can't solve everything with technology."

"In World War II, they had this saying, 'Loose lips sink ships,'" Hegrat adds. "Today, it's, 'Loose clicks sink enterprises.' You get that sort of mindset back and you're going to do far greater good than any technology can do."



Just Over Half of Employers Using Social Media Tools for Internal Communication

Original article towerswatson.com

Flash survey reveals little consensus on effectiveness

NEW YORK, May 23, 2013 — Despite the explosion of social media in the personal lives of many people, a new survey by global professional services company Towers Watson (NYSE, NASDAQ: TW) shows that just over half of employers are using social media tools to communicate and build community with employees. Further, among those employers that have embraced social media technology, there is little consensus as to which ones are most effective.

The 2013 Towers Watson Change and Communication ROI Survey found that 56% of the employers surveyed currently use various social media tools as part of their internal communication initiatives to build community — creating a sense that employees and leaders are in it together, and sharing both the challenges and rewards of work. However, when asked how they would rate the effectiveness of social media tools, only 30% to 40% of respondents rated most of the tools as highly effective. And only four in 10 (40%) rated the use of social media technology as cost effective.




Instant messaging



Streaming audio or video



HR or other function journal or blog



Enhanced online employee profiles



Social networks



Employee journals or blogs



SMS messaging



Leadership journal or blog



Collaboration sites



Video-sharing site



Apps or other mobile approaches



"We believe that social media can be a great tool for communicating with employees in the workplace," said Kathryn Yates, global leader of communication consulting at Towers Watson. "By its nature, social media is designed to build community and could help engage employees on key topics such as performance, collaboration, culture and values. As the need for global collaboration increases, we expect more companies will join those already leveraging social media to creatively communicate those messages."

The Towers Watson survey also found that while four in 10 employers (41%) say they are effective at building a shared experience with their employees as a whole, the percentage drops by roughly half (to 23%) when it comes to building community with remote workers.

"As today's workforce evolves, we know from our research that the growing number of remote workers are looking for clear communication, to be treated with integrity, and want coaching and support from afar. For employers to effectively engage and retain remote workers, they will need to connect them with their leaders, managers and colleagues. We think social media tools can be a real help in making this connection," said Yates.


The 2013 Towers Watson Change and Communication ROI Survey was conducted in April 2013. A total of 290 large and midsize organizations from across North America, Europe and Asia participated in the survey.