=Paper=
{{Paper
|id=Vol-2588/paper17
|storemode=property
|title=The Employer and Employee Reputation in the Ukrainian Cyberspace and Social Internet-Services
|pdfUrl=https://ceur-ws.org/Vol-2588/paper17.pdf
|volume=Vol-2588
|authors=Olena Rudnitska,Svitlana Kondakova,Anastasiia Kondakova,Yurii Khlaponin,Victoriia Ternavska,Yevhen Vasiliu
|dblpUrl=https://dblp.org/rec/conf/cmigin/RudnitskaKKKTV19
}}
==The Employer and Employee Reputation in the Ukrainian Cyberspace and Social Internet-Services==
https://ceur-ws.org/Vol-2588/paper17.pdf
The Employer and Employee Reputation in the
Ukrainian Cyberspace and Social Internet-Services
Olena Rudnitska1[0000-0001-8128-9595], Svitlana Kondakova1[0000-0003-0626-6849],
Anastasiia Kondakova2[0000-0003-1302-2244], Yurii Khlaponin1[0000-0002-9287-0817],
Victoriia Ternavska1[0000-0003-2102-619X] and Yevhen Vasiliu 3 [0000-0002-8582-285X]
1
Kyiv National University of Construction and Architecture, Kyiv, Ukraine
2
National Technical University of Ukraine “Igor Sikorsky Kyiv Polytechnic
Institute”, Kyiv, Ukraine
3
O.S.Popov Odessa National Academy of Telecommunication, Odessa, Ukraine
y.khlaponin@gmail.com
Abstract. The article deals with the importance of the cyber hygiene in the
relationship between the employer and the employee. Attention is paid to such
aspects as employee cyber hygiene when working with company-own data and
information. An experiment was conducted in a real company. The current state
of cyber hygiene employees of the organization was studied and analyzed. The
methods of counteracting and protection in case of violation of the rules of
cyber hygiene by the employee are offered. The ways of getting additional
information about the employee (also the potential one) are described for
analyze of the digital identity. Some open state registers are analyzed for
information about a person who would be useful in terms of forming a
psychological portrait of the employee. Ways to obtain information from an
employer company are described. Also attention is paid to the importance of
cyber hygiene in shaping the company's image in the market.
Keywords: cyber hygiene, phishing, cyber kill-chain, cyber defense, online
reputation, social internet-services.
1 Introduction
When employees access a company’s data, they can manage it in an unpredictable
way. Therefore, companies have to spend resources on tracking of so-called digital
traces from available to them sources such as social networks, government registers,
etc. This is how companies try to protect themselves and their clients from the
harmful (conscious or not conscious) actions of their employees. It should also be
noted that the reputation of some employees is significantly affected the reputation of
company. Therefore, it is advisable for companies to track whether their employees
comply with the cyber hygiene rules and what an impression the digital profile of a
particular employee makes for customer (first and foremost important first persons of
the company and those employees, who communicate directly with the customers).
Copyright © 2020 for this paper by its authors. Use permitted under Creative Commons License
Attribution 4.0 International (CC BY 4.0) CMiGIN-2019: International Workshop on Conflict Management
in Global Information Networks.
�2 Employee`s cyber hygiene when working with company -
owned information and data. Counteraction/Protection
methods at cyber hygiene violations employees
Cyber hygiene is aimed at protecting devices from viruses and malware as well as to
restrict online access to personal data. A well-known approach to targeted Cyber Kill-
Chain attacks suggest as the first aimed attack stage "reconnaissance". From how well
it is done reconnaissance, that is, the amount and quality of data collected at this stage
the success of the attack and its cost depends.
For the first time, the term Cyber Kill-Chain as a part of Intelligence Driven
Defense model was used by Lockheed Martin Corporation in order to identify and
prevent to cyber-invasion processes [1].
The collecting of information at this stage is been carried out with the help of
Social Engineering in addition to the various software and technical methods of
exploration. The distribution of phishing messages is one of these methods. Such
messages look like messages from reliable source and often contain malicious
attachments or links that lead to phishing resources. The goal of these actions is to
steal sensitive information (such as credit cards and account information) or to install
malware on the victim's computer. Phishing is a widespread type of cyberattack that
each user needs to know to provide the protection they need.
With the help of such implementation of similar scenarios, the attacker also tries to
gather information about the attacked object to increase the likelihood that the
addressee will respond appropriately to the email.
The prevalence of various social networks, as well as the openness of their typical
user, gives the attacker the opportunity to obtain information about the potential
victim and make a compelling legend for the letter: the text of the cover letter, style of
communication. The outcome of such actions often depends on the particular
situation: who? when? what is the subject of the letter and what is the "payload" in the
particular letter?
So, according to the official website of the Cyber-Police of Ukraine during the
famous Petya attack, “one of the ways of spreading this virus was to send phishing
(fake) emails on behalf of well-known companies or on behalf of the addressees with
whom the correspondence was conducted. These emails contain links for
downloading malicious applications (Word documents, PDFs, spreadsheets, and
more). Therefore, you should be especially vigilant and not open such applications.
We recommend that you receive confirmation of sending files from the recipient to
other available communication channels (phone, sms, messenger) [2].
After several well-known mass attacks (WannaCry, Petya/Nyetya/NePetya) big
organizations' security services create instructions and carry out the training of the
staff as to the malicious correspondence. Now the attackers have to extract extra
efforts to deliver "payload" to Inbox and made the attacker to take the necessary
action so as not to arouse suspicion.
The authors of the article conducted an experiment in which the current state of
cyber hygiene was investigated and analyzed on the example of employees of the
organization. In order to avoid compromise of the company, its name will not be
indicated.
� To collect the information, a fake site Cybersecure was created at
https://cybersecure1.github.io/mobirise/. It was created on a free domain, emphasizing
its inability to be official. For Social Engineering, feedback forms have been created
that let you know the interests of employees at work, during leisure activities, as well
as other personal information. This can be used by an attacker to retrieve user
passwords.
It was formed an email, very similar to the official N organization email, from
which usually the messages are being delivered were. It is noticed in the message that
there is the organization involved in scientific and educational activities in the field of
cybersecurity. It is ready to cooperate and, as a result of a similar line of business,
wants to become a friendly partner of Organization N. Therefore, it was decided to
take into account the view-points of all the staff as to the content of the Cybersecure's
website, and to organize joint leisure activities in order to strengthen communication
between organizations. Furthermore it was a request to state their wishes about the
content of the site, as well as the joint leisure. The persons who answered the first
letters the correspondence has being prolonged. In the process of this correspondence
the private personal information of the individuals were defined that could give the
attacker an opportunity to pick up a password from the email account. Because as to
the statistical data users enter the password ignoring the rules of cyber hygiene, taking
into account their interests, and not changing theme depending on the resource.
Therefore, incorrect authentication takes the second place in the OWASP TOP 10 for
many years.
In order to investigate in detail the problem of non-compliance by cyber hygiene
workers with the general population of people who are responding to phishing, a
sample was investigated - people working in organization N. The above said letters
where send to 120 employees. 56 employees, i.e.- 46.6%, followed the links held in it.
The age and the position of the employees were taken into consideration in our
statistical study.
Using the methods of one-way ANOVA, the null hypothesis of the absence of
influence of the specificity of the department's work on compliance with the rules of
cyber hygiene was tested.
The experiment considered four levels of factor A. For this purpose, the above
said phishing letters were sent for the staff of 4 departments.
A1 - Law Department;
A2 - Finance Department;
A3 - IT department;
A4 - Customer Service Department.
There were 5 phishing attacks. The value of a random variable corresponds to the
percent of department employees who answered each phishing letters. The
experimental data are presented in the Table 1.
The total average (in percentage) of company employees who replied phishing
11,75.2 ,
5 4
x 30,17% Qoverall x1 j x
2
i 1 j 1
� 𝑛
2
𝑄𝑓𝑎𝑐𝑡𝑜𝑟 = 𝑛 ∑(𝑥̅𝑗 − 𝑥̅ ) = 6,580.7,
𝑗=1
𝑄𝑟𝑒𝑠 = 𝑄𝑜𝑣𝑒𝑟𝑎𝑙𝑙 − 𝑄𝑓𝑎𝑐𝑡𝑜𝑟 = 5,144.5.
m Q
F test statistic Fexp = (m−1)(n−1) factor=0.53
Qres
Table 1. Experimental data
Test number Department
А1 А2 А3 А4
1.Click on the link 15% 15% 8% 26.35%
2.Contact details, messages 56% 51% 2% 80%
3.Leisure suggestions 48% 49% 2% 80%
4.vacation schedule 36% 30% - 68%
5.Information about children 10% 15% - 12%
33% 32% 2.4% 53.27%
According to the Upper critical values of the F distribution for k1 = m − 1 = 3,
numerator degrees of freedom and k 2 = m(n − 1) = 16 denominator degrees of
freedom and 5% significance level Fcr (0.05; 3; 16) = 3.24.
That is, the null hypothesis was confirmed that the variability of group averages is
not affected by the specificity of the departments under study. The factors of work
experience in the organization and the level of salary were similarly considered. Only
in the latter case was the null hypothesis refuted.
For each of the phishing attacks, a two-dimensional statistical distribution of the
sample is constructed, which uses the criterion of employees' age and level of
position.
Table 2. Age / position dependence
age, X 20-30 30-40 40-50 50-60 60-70 𝑛𝑌
position, Y
1.Ordinary employee 6 11 12 7 1 37
2.Head of department 1 4 1 1 0 7
3.Employee of Financial \
Legal Departments 0 1 3 5 1 10
4IT specialist 1 1 0 0 0 2
𝑛𝑋 8 17 16 13 2 𝑛 = 56
�Mean values of the sample mean x̅ = 42age, position level y̅ = 1,5 mean square
deviation -σ∗x = 11,4, σ∗y = 1,04 . Selective correlation coefficient r ∗ = 0,45.
Selective equations of straight regression lines
1,04
y̅x = 1,5 + 0,45 (x − 42) ( y̅x = 0,04x − 0,22 after simplification
11,4
11,4
x̅y = 42 + 0,45 (y − 1,5) (x̅y = 4,9y + 34,6 after simplification
1,04
built on Fig. 1
Fig.1. Given dependence
According to the statistics obtained criterion Texp = 3,7.. The observational value
exceeds tcr (0,05; 56 − 2) = 2, that found in the table of Student's critical
distribution points at a significance level of 5%, so we accept the competing
hypothesis of correlation of age and level of position in the sample of employees
responding to phishing. The correlation coefficient on the aggregate belongs to the
interval
1 − 0,452 1 − 0,452
r ∈ (0,45 − 3 , 0,45 + 3 )
√56 √56
or r ∈ (0,13; 0,77).
� Given that the sample volume exceeds 50, the critical limit for normal distribution
at the same significance level of 5% is assumed to be 3.
In order to minimize the likelihood of phishing attacks, after analyzing the results
obtained, the company has developed a set of measures aimed at increasing the level
of cyber hygiene in various departments, such as the Code of Conduct for Employees
Suspicious of Attack and training on the basics of cyber hygiene. All employees of
the company must not only know and follow the rules, but also understand what they
will do in the event of an attack.
3 Ways to get additional employee information (including
potential) for analyzing his or her digital identity
There are methods of forming a psychological portrait of a person on the basis of
"traces" left in social networks. The set of psychological methods and techniques for
assessing and predicting human behavior based on the analysis of the most
informative features, characteristics of appearance, non-verbal and verbal behavior is
called profiling. “Initially, the term “profiling” was used in the context of compiling a
searchable psychological portrait (profile) of an unknown person following the crime
scene. The methodology of criminal profiling involves handling criminal proceedings
and interpreting evidence. The result of the work of the profiler is a criminal profile -
a legally significant document that describes the identity and behavior of the offender
and the victim in the key to the crime or series of crimes. The modern paradigm of
profiling has several origins: the study of criminologists, forensic specialists,
psychiatrists and criminal psychologists» [3].
Due to the complexity of obtaining adequate psychological portraits, this method
is not common in the selection of candidates. It should also be kept in mind that there
is a possibility of conscious (or unconscious) constructing one's digital identity.
International cybersecurity experts say it is estimated that 80% of people in the digital
world will have their "avatar" by 2023. Therefore, it is important for the employer to
have impartial information about their employees.
Thanks to the public registers opened in Ukraine, a mechanism for getting up-to-
date information about a person or a company has appeared. This mechanism can be
used by both attackers to collect data and to protect against intruders. For example,
when hiring a new employee, such data can protect the company from hiring
fraudulent individuals and to track potential conflicts of interest.
To verify the digital identity of a potential employee, it is advisable to use the
following resources:
1. State Migration Service of Ukraine https://dmsu.gov.ua/diyalnist/opendata.html
2. Investigative records of the Ministry of Internal Affairs
https://wanted.mvs.gov.ua/
• Persons hiding from power https://wanted.mvs.gov.ua/searchperson/
• Verification of the legitimacy of a criminal record certificate
https://wanted.mvs.gov.ua/test/
� • Search for Ukrainian citizen's passport among the stolen and lost
https://wanted.mvs.gov.ua/passport/
3. Free query Ministry of Justice of Ukraine
https://usr.minjust.gov.ua/en/freesearch - free search of information in the Unified
State Register of Legal Entities, Individual Entrepreneurs and Public Formations.
4. The Unified Register of Debtors https://erb.minjust.gov.ua/#/search-debtors,
here you can find, for example, alimony debt and more
5. Automated enforcement system https://asvpweb.minjust.gov.ua/#/search-
debtors Search is possible by type of debtor or type of collector
6. Judicial power of Ukraine https://court.gov.ua/
Unified State Register of Judgments https://court.gov.ua/reyestri-ta-sistemi/
Status of court proceedings https://court.gov.ua/fair/
7. OpenDatabot https://opendatabot.ua/ - service of monitoring the registration
data of Ukrainian companies and the court registry for protection against raider
seizures and control of counterparties.
8. Open data portal https://data.gov.ua/
9. State Fiscal Service of Ukraine http://sfs.gov.ua/. Here you can find out more
about your business partner http://sfs.gov.ua/businesspartner
10. Peacemaker https://myrotvorets.center/ - Center for Investigating Signs of
Crimes against Ukraine's National Security, Peace, Human Security and International
Law.
Social networks. Although information from social networks is an important tool,
it should be understood that it may not be the only basis for decision making. This is
primarily due to the fact that deliberate discredit (or vice versa) is not excluded.
Therefore, this information requires due diligence. Social networking examples:
Facebook https://www.facebook.com/, LinkedIn https://www.linkedin.com/
4 Ways to get information about a potential employer
As a company runs the risk of collaborating with people with a negative reputation,
the job seeker should check the company's reputation beforehand to avoid the
negative effects of possible cooperation.
Checking the employer
To check the employer in Ukraine, it is advisable to use the YouControl system [4] -
online company verification service [12].
This system uses only official sources of information from 60 registers. The
following is not a complete list of information that can be obtained from this resource.
Financial scoring. It predicts the likelihood of a bankruptcy risk approaching the
company and also compares the financial position of the company with other
competitors. Such information may be useful, for example, when choosing a company
to collaborate with or deciding whether to extend a contract [13].
The MarketScore index gives you an opportunity to find out the place of the
company in the industry and the dynamics of its growth compared to its competitors.
�This information is useful, for example, when you need to select a potential client or
contractor or compare a counterparty with other companies in the market.
Company affiliation to the Financial Industry Group (FIG). With this tool, you can
verify a company as a member of a group with reputational problems and check for
plagiarism in the name, as well as identify the key persons of the group of companies.
Legal personality: Can this contractor provide and receive services. The
counterparty can be in the status of "company started bankruptcy procedure", "there
are bankruptcy information", "there are documents of bankruptcy of VSU" - this
means that the company has started bankruptcy procedure, ie it does not have money
to pay its obligations to other counterparties. The counterparty may also be in a
"discontinued" status, which means that the company is closed and no longer
operates. It is not worth and impossible to work with.
Company lifetime: Does the counterparty have experience?
Information about executives. The manager is the main authorized person in the
company. First of all, make sure it has no restrictions. Otherwise, after the conclusion
of the agreement, say 800 thousand hryvnia, you can later find out that its powers are
limited to 250 thousand decisions. In this case, the contract may be declared invalid.
In addition to possible restrictions, the Dossier must be checked to see if a manager in
the OOS or Crimea area is registered.
Share capital: is it enough to pay the debt.
The main financial performance of the company: profitability, debt and profit.
This is enough to make a first impression of the success of the company, as well as to
compare these facts with the information that the contractor himself gave you.
Is the company on the sanction lists? Here is information about personal sanctions
against a company or individual.
Payday debt. If the counterparty does not fulfill its obligations to its own
employees, how much responsibility will it treat the arrangements with you? Also, if
employees of the company do not receive their salaries on time, can they be sure of
the quality of their work?
Presence of open criminal proceedings.
Availability of courts with counterparties for non-provision of services. By
checking your counterparty for good faith in fulfilling your obligations, you increase
the chances of avoiding fraudulent contracts that can put your company at any time.
Presence of open enforcement proceedings on wage arrears. This risk factor may
affect the quality of contractor performance of the assignments you have. Usually, it
is from social given.
Future lawsuits: how responsibly the company fulfills the contractual obligations;
the status of the counterparty in which he or she appears in court cases: defendant,
plaintiff or 3rd person; what are the court cases in the company: administrative,
criminal, etc .; whether the counterparty relates to a group of companies with
fictitious features.
Licenses and permits available
Tax: Company fiscal information and debt information.
Cooperation with countries under sanctions.
Additionally, you can use the same resources that are listed in a potential
employee's checklist to verify your company's reputation. In this case, you should also
check the company management separately.
�5 The value of cyber hygiene in shaping the company's image in
the market
Attacking Iran's nuclear program using the Stuxnet malware has become possible,
including due to a breach of cyber-hygiene rules by one of its employees. The use was
made of "the possibility of distribution in an isolated environment (without Internet
access) using flash drives (flash-net) or its own p2p network" [5]. In this example, the
importance of employees' compliance with cyber hygiene becomes apparent. Less
obvious is the need to keep cyber hygiene employees on social media. Usually, it is
from social networks that the stage of finding information about a company and its
employees is the attackers. Such actions often result in attacks on the company that
have significant consequences for the company.
According to Deloite experts, in addition to the obvious effects of cyberattacks
such as "regulatory penalties, costs associated with public response, costs of reporting
events and enhanced safeguards", there are also obvious consequences that "may have
long-term effects and hidden costs, including loss of reputation, disruption to the
organization, loss of confidential information or other assets of strategic importance”
[6, 10-12].
In addition, in the McAfee report, Russia has been named the world leader in
cybercrime. "Our research has confirmed that Russia is a leader in cybercrime,
manifesting itself in the skills of its hacker community and its ill-treatment of Western
law enforcement," writes CSIS Senior Vice President James Lewis. Among other
world cybercrime centers, the expert listed North Korea, Brazil, India and
Vietnam [7-11].
6 Conclusions
An online reputation can both improve and stop business. Information wars have
become a symbol of today. Attacking competitors, or simply attackers, can cause less
damage to companies than financial crises, because in addition to destroyed
documents and damaged equipment, they can cause much more damage to businesses.
Cybersecurity experts say that cyber hygiene cannot be forgotten because the
contingent "adversary" is constantly evolving, becoming more sophisticated and
better equipped. The level of knowledge of digital hygiene and cybersecurity
currently available to employees of various companies (both public and private) does
not meet the threats and challenges of today.
Our research has confirmed that, regardless of their core profession or position,
company employees must be trained in cyber hygiene. Violation of cyber hygiene
rules harms both the person who violates them and the company that the person works
for. In order to prevent financial and reputational risks, the employer should be
interested in training employees in this area first. Such cyber security awareness
programs should primarily address the practical side of security, and each employee
should understand their responsibilities and responsibility for providing security. It is
good practice for employees to notify responsible persons that they have received a
�phishing email, especially if it is noticeable that they have carefully worked on the
mailing. In this case, even if the infection or leak has taken place, you can still quickly
respond to the attack and take countermeasures.
References
1. ICS, Web-resource: https://www.sans.org/reading-room/whitepapers/ICS/
industrial-control-system-cyber-kill-chain-36297
2. Recommendations, Web-resource: https://cyberpolice.gov.ua/article/prosti-
rekomendacziyi-dlya-zaxystu-vid-virusu-petya-1885/
3. Davydova Olga, Profiling in negotiations with persons received. collection of
materials of the round table: psychological principles of supporting official
activities of political enforcement offices, Kryvyi Rih (2017)
4. YouControl, Web-resource: https://youcontrol.com.ua
5. Cybersecurity, Web-resource: https://s3r.ru/wp-content/uploads/2013/12/Kiber_
Bezop_---1_2013_28.pdf
6. Web-resource: https://www2.deloitte.com/en/pages/risk/articles/beneath-the-
surface-of-a-cyberattack.html
7. New Global Cybersecurity Report Reveals Cybercrime Takes Almost $ 600
Billion Toll on Global Economy
8. Yu. Danik, R. Hryschuk, S. Gnatyuk, Synergistic effects of information and
cybernetic interaction in civil aviation, Aviation, Vol. 20, №3, рр. 137-144, 2016.
9. A. Tikhomirov, N. Kinash, S. Gnatyuk, A. Trufanov, O. Berestneva et al,
Network Society: Aggregate Topological Models, Communications in Computer
and Information Science. Verlag: Springer International Publ, Vol. 487, рр. 415-
421, 2014.
10. S. Gnatyuk, V. Sydorenko, M. Aleksander, Unified data model for defining state
critical information infrastructure in civil aviation, Proceedings of the 2018 IEEE
9th International Conference on Dependable Systems, Services and Technologies
(DESSERT), Kyiv, Ukraine, May 24-27, 2018, pp. 37-42.
11. Gnatyuk S., Akhmetova J., Sydorenko V., Polishchuk Yu., Petryk V. Quantitative
Evaluation Method for Mass Media Manipulative Influence on Public
Opinion, CEUR Workshop Proceedings, Vol. 2362, pp. 71-83, 2019.
12. S. Gnatyuk, M. Aleksander, P. Vorona, Yu. Polishchuk, J. Akhmetova, Network-
centric Approach to Destructive Manipulative Influence Evaluation in Social
Media, CEUR Workshop Proceedings, Vol. 2392, pp. 273-285, 2019.
13. A. Peleschyshyn, T. Klynina, S. Gnatyuk, Legal Mechanism of Counteracting
Information Aggression in Social Networks: from Theory to Practice, CEUR
Workshop Proceedings, 2019, Vol. 2392, pp. 111-121.
�