GALVESTON – Beachgoers arriving at the Galveston seawall this weekend will find a far more spacious beach to relax on following the pumping of more than 1 million cubic yards of sand along 3.5 miles of badly eroded beach.

The $19.5 million effort to pump sand taken from a sand bar in the Houston Ship Channel ended March 27 as the last batch of sand slurry plopped onto the new beach near 61st Street, said Reuben Trevino, operations manager for the Galveston Park Board.

"Come on down and enjoy the beach," said Kelly de Schaun, executive director of the park board.

Beachgoers will see the formerly narrow strip of beach extended to about 300 feet from the seawall. The beach is designed to gradually erode and form a slope until it stabilizes at about 150 feet, Trevino said. He said the process should take about two weeks.

The project got underway more than two months ago after numerous delays but was completed well ahead of the May 13 deadline set by the park board. The contractor would have faced penalties of $1,500 for each day it went past the deadline.

The contractor began by extending more than 4 miles of pipe from a sand deposit known as Big Reef, putting much of it offshore to avoid beach that fronted private property east of the seawall.

East Beach and Stewart Beach, on the eastern end of the island, are in an area where sand is collecting, keeping the beaches healthy. However, the beaches roughly west of 12th Street are eroding all the way to the western end of the island.

The contractor, New Jersey-based Weeks Marine Inc., began pumping sand onto eroding beaches at about 12th Street and gradually extended the pipeline as new beach was created.

The pipeline eventually extended more than 7 miles from the sand bar in the Houston Ship Channel to the project's end point at 61st Street. The pipe is now being taken apart.

NEW RIDE: Trolley to roll into Galveston by mid-May

The new beach will help act as a barrier from storm surges and boost the Galveston economy by keeping the beach a prime tourist attraction, de Schaun said.

The park board plans to use sand from Army Corps of Engineers dredging operations to maintain its beaches. The new sections of beach would probably need maintenance in about five years.

The board hopes to get money set aside by BP for coastal restoration following the 2010 Deepwater Horizon oil spill that can be used for beach replenishment projects in 2018 and 2020, de Schaun said.

The two new projects would add to Babe's Beach west of 61st Street, built in 2015 in an area where erosion had wiped away all traces of beach more than 65 years earlier. The projects would shore up the existing Babe's Beach and extend it westward toward the end of the seawall.

JOYOUS MOMENT: Man proposes to girlfriend in Galveston Mardi Gras flash mob

The replenishment of the beach in front of the seawall is the third since 1995. The last beach renourishment was in 2009, when sand was hauled by truck to restore stretches chewed away by Hurricane Ike in September 2008.

The bulk of financing for the project has come from $15.5 million that originally was intended to help finance a $40 million beach restoration project for sections west of the seawall, the largest replenishment effort ever planned on the Texas Gulf Coast.

The project was scuttled after a Texas Supreme Court ruling in 2012 left in doubt whether the Texas Open Beaches Act applied to the west end of Galveston Island and raised the possibility that the beaches there were held by beachfront property owners. Then-Land Commissioner Jerry Patterson yanked the project, arguing that tax dollars could not be used to enhance private property.

The Land Office provided $2.7 million for the recently completed project and the Park Board and city of Galveston contributed $1.2 million.

Watch Video Here:

Residents who use Yahoo Mail are being encouraged by the S.C. Department of Consumer Affairs to take action to secure their online accounts following the announcement last month of a massive breach.

During the last two weeks of September, Yahoo announced that at least 500 million user accounts had been compromised.

An investigation by Yahoo following suspicions of an attack in July uncovered a far larger, allegedly state-sponsored attack in recent weeks, according to the Associated Press.

“We take these types of breaches very seriously and will determine how this occurred and who is responsible,” the FBI said in a statement last week.

Given the importance most people place on protecting personal information, the Department of Consumer Affairs is encouraging Yahoo Mail users to take action by following several tips, said Megan Stockhausen, communications coordinator with the agency.

• Change the account password and security questions immediately. Use strong, creative passwords (uppercase, lowercase and special characters) and don’t share them with anyone. Also, don’t use the same passwords or security questions for multiple accounts, especially when using an email address as the login name on a site.

• Watch out for phishing attempts, which is defined by asking for personal or sensitive information via a phone call, text or email is a tactic used by scammers. Never reply to texts, pop-ups, or emails that ask for verification of personal information. Avoid clicking on links or downloading attachments from suspicious emails or texts.

• Closely monitor financial and benefits statements/accounts. Check all monthly statements and account activity, especially for financial accounts saved as payment options on internet merchant sites.

Review them carefully and notify the financial institution/provider as soon as an unauthorized or suspicious item is spotted.

• Consider a fraud alert and security freeze. Scammers may use the stolen information to open new accounts.

A fraud alert and security freeze are free security measures for a credit report. A fraud alert tells a business accessing the report to take extra steps to verify that the person holding the account is the one seeking its goods/services.

When a security freeze is in place, no one can access the report without the account holder approving it.

Stockhausen said these tips can help anyone trying to secure any personal online information.

Cybercriminals are becoming more sophisticated and collaborative with every coming year. To combat the threat in 2017, information security professionals must understand these four global security threats.

As with previous years, 2016 saw no shortage of data breaches. Looking ahead to 2017, the Information Security Forum (ISF), a global, independent information security body that focuses on cyber security and information risk management, forecasts businesses will face four key global security threats in 2017.

"2016 certainly lived up to expectations," says Steve Durbin, managing director of the ISF. "We saw all sorts of breaches that just seemed to get bigger and bigger. We lurched from one to another. We always anticipate some level of it, but we never anticipate the full extent. I don't think anybody would have anticipated some of the stuff we've seen of late in terms of the Russians getting involved in the recent elections."

The ISF says the top four global security threats businesses will face in 2017 are the following:

• Supercharged connectivity and the IoT will bring unmanaged risks.
• Crime syndicates will take quantum leap with crime-as-a-service.
• New regulations will bring compliance risks.
• Brand reputation and trust will be a target.

"The pace and scale of information security threats continues to accelerate, endangering the integrity and reputation of trusted organizations," Durbin says. "In 2017, we will see increased sophistication in the threat landscape with threats being tailored to their target's weak spots or threats mutating to take account of defenses that have been put in place. Cyberspace is the land of opportunity for hacktivists, terrorists and criminals motivated to wreak havoc, commit fraud, steal information or take down corporations and governments. The solution is to prepare for the unknown with an informed threat outlook. Better preparation will provide organizations of all sizes with the flexibility to withstand unexpected, high-impact security events."

The top four threats identified by the ISF are not mutually exclusive. They can combine to create even greater threat profiles.

Supercharged connectivity and the IoT bring unmanaged risks

Gigabit connectivity is on the way, and it will enable the internet of things (IoT) and a new class of applications that will exploit the combination of big data, GPS location, weather, personal health monitoring devices, industrial production and much more. Durbin says that because connectivity is now so affordable and prevalent, we are embedding sensors everywhere, creating an ecosystem of embedded devices that are nearly impossible to secure.

Durbin says this will raise issues beyond privacy and data access: It will expand the threat landscape exponentially.

"The thing for me with 2017 is I describe it as an 'eyes-open stance' we need to take," Durbin says. "We're talking about devices that never ever had security designed into them, devices that are out there gathering information. It's relatively simple to hack into some of these things. We've seen some moves, particularly in the U.S., to encourage IoT manufacturers to engineer some level of security into their devices. But cost is an issue, and they're designed to link."

Durbin believes many organizations are unaware of the scale and penetration of internet-enabled devices and are deploying IoT solutions without due regard to risk management and security. That's not to say organizations should pull away from IoT solutions, but they do need to think about where connected devices are used, what data they have access to and then build security with that understanding in mind.

"Critical infrastructure is one of the key worry areas," Durbin says. "We look at smart cities, industrial control systems — they're all using embedded IoT devices. We have to make sure we are aware of the implications of that."

"You're never going to protect the whole environment, but we're not going to get rid of embedded devices," he adds. "They're already out there. Let's put in some security that allows us to respond and contain as much as possible. We need to be eyes open, realistic about the way we can manage the application of IoT devices."

Crime syndicates take quantum leap with crime-as-a-service

For years now, Durbin says, criminal syndicates have been operating like startups. But like other successful startups, they've been maturing and have become increasingly sophisticated. In 2017, criminal syndicates will further develop complex hierarchies, partnerships and collaborations that mimic large private sector organizations. This, he says, will facilitate their diversification into new markets and the commoditization of their activities at the global levels.

"I originally described them as entrepreneurial businesses, startups," Durbin says. "What we're seeing is a whole maturing of that space. They've moved from the garage to office blocs with corporate infrastructure. They've become incredibly good at doing things that we're bad at: collaborating, sharing, working with partners to plug gaps in their service."

And for many, it is a service offering. While some organizations have their roots in existing criminal structures, other organizations focus purely on cybercrime, specializing in particular areas ranging from writing malware to hosting services, testing, money mule services and more.

"They're interested in anything that can be monetized," Durbin says. "It doesn't matter whether it's intellectual property or personal details. If there is a market, they will go out and collect that information."

He adds that rogue states take advantage of some of these services and notes the ISF expects the resulting cyber incidents in the coming year will be more persistent and damaging than organizations have experienced previously.

New regulations bring compliance risks

The ISF believes the number of data breaches will grow in 2017, and so will the volume of compromised records. The data breaches will become far more expensive for organizations of all sizes, Durbin says. The costs will come from traditional areas such as network clean-up and customer notification, but also from newer areas like litigation involving a growing number of partners.

In addition, public opinion will pressure governments around the world to introduce tighter data protection legislation, which in turn will introduce new and unforeseen costs. Reform is already on the horizon in Europe in the form of the EU General Data Protection Regulation (GDP) and the already-in-effect Network Information Security Directive. Organizations conducting business in Europe will have to get an immediate handle on what data they are collecting on European individuals, where it's coming from, what it's being used for, where and how it's being stored, who is responsible for it and who has access to it. Organizations that fail to do so and are unable to demonstrate security by design will be subject to potentially massive fines.

"The challenge in 2017 for organizations is going to be two-fold," Durbin says. "First is to keep abreast of the changes in regulations across the many, many jurisdictions you operate in. The second piece is then how do you, if you do have clarity like the GDP, how do you ensure compliance with that?"

"The scope of it is just so vast," he adds. "You need to completely rethink the way you collect and secure information. If you're an organization that's been doing business for quite some time and is holding personally identifiable information, you need to demonstrate you know where it is at every stage in the lifecycle and that you're protecting it. You need to be taking reasonable steps even with your third party partners. No information commission I've spoken to expects that, come May 2018, every organization is going to be compliant. But you need to be able to demonstrate that you're taking it seriously. That and the nature of the information that goes missing is going to determine the level of fine they levy against you. And these are big, big fines. The scale of fine available is in a completely different realm than anyone is used to."

Brand reputation and trust are a target

In 2017, criminals won't just be targeting personal information and identity theft. Sensitive corporate information and critical infrastructure has a bull's eye painted on it. Your employees, and their ability to recognize security threats and react properly, will determine how this trend affects your organization.

"With attackers more organized, attacks more sophisticated and threats more dangerous, there are greater risks to an organization's reputation than ever before," Durbin says. "In addition, brand reputation and the trust dynamic that exists amongst customers, partners and suppliers have become targets for cybercriminals and hacktivists. The stakes are higher than ever, and we're no longer talking about merely personal information and identity theft. High-level corporate secrets and critical infrastructure are regularly under attack, and businesses need to be aware of the more important trends that have emerged in the past year, as well as those we forecast in the year to come."

While most information security professionals will point to people as the weakest link in an organization's security, that doesn't have to be the case. People can be an organization's strongest security control, Durbin says, but that requires altering how you think about security awareness and training.

Rather than just making people aware of their information security responsibilities and how they should respond, Durbin says the answer is to embed positive information security behaviors that will cause employees to develop "stop and think" behavior and habits.

"2017 is really about organizations having to wake up to the fact that people do not have to be the weakest link in the security chain," Durbin says. "They can be the strongest link if we do better about understanding how people use technology, the psychology of human behavior."

Successfully doing so requires understanding the various risks faced by employees in different roles and tailoring their work processes to embed security processes appropriate to their roles

Fast-growing Schutz Shoes upgrades its fraud detection software to slash manual reviews and improve order processing.

Online orders were flowing into shoe e-retailer Schutz Shoes, the U.S. division of Brazilian-based shoe retailer Arezzo & Co., but the small team spent an increasing amount of time checking whether an order was fraudulent. When one employee on a staff of seven has to manually review the legitimacy of an online order, that’s time away from customers and other business, says Kimberly Gort, e-commerce manager for Schutz.

Schutz Shoes started selling online in 2014 operating its e-commerce site in the basement of its New York City store. That first year, Schutz had about $350,000 in online sales. In 2015, about half of its product catalog was available online and sales grew to $1.5 million. Now, with all of its products available online, Schutz Shoes projects about $3 million in online sales for 2016, Gort says. The retailer also opened a store in Los Angeles.

With triple-digit percentage growth comes growing pains. When the e-retailer received a modest five online orders a day, using the free tool from its e-commerce platform provider (Shopify Inc.) worked fine, Gort says. The plugin would flag orders that might be fraudulent, and the retailer decided to approve or decline such orders.  For example, the tool flagged an order if the credit card and shipping addresses didn’t match, so a Schutz employee had to call the customer and determine if it was a legitimate order. Deciding what was and wasn’t fraudulent often was difficult, Gort says.

“There’s always a risk,” she says. “It was like we were playing roulette.”

The situation frustrated the retailer and the shopper, as some shoppers were blocked from placing an order or their order was delayed or they had to deal with a phone call from the retailer. Schutz was missing out on orders, devoting almost a full employee to manually check the orders and seek out consumers to verify information. As order volume and sales grew, the manual-review model no longer worked, Gort says.

In July, Schutz Shoes decided to integrate fraud detection software provider ClearSale onto its platform, choosing the vendor because it was used by parent company Arezzo. It took about two weeks to integrate the technology onto Schutz’s site, Gort says.

ClearSale factors in about 100 variables to approve or deny orders, and then has its 500-person team to dig deeper on flagged orders, says Rafael Lourenco, vice president of operations at ClearSale. Orders can be approved within three seconds, while an order that requires manual review will take 24-48 hours, he says.

The impact of adding ClearSale was almost immediate, Gort says, as Schutz Shoes was no longer on the hook to manually check flagged orders. The e-retailer now approves 94-96% of its orders, which is about a 5% increase from when it relied on its free plugin, Gort says.

ClearSale charges per transaction and takes a 0.4-1.5% cut of the sale. The commission is worth it, Gort says, as more sales are approved. In August, Schutz Shoes paid ClearSale $1,500. The retailer processed 1,200 online orders that month, 1,002 of which ClearSale reviewed in some capacity; of those 1,002 orders, 973 (97.1%) were approved.

ClearSale has about 2,000 clients, and more than 90% are retailers, Lourenco says. Across all of its clients, 93.5% of orders are automatically approved, Lourenco says.

Recently, ClearSale updated its formula with another variable to approve or deny orders. The feature factors in how long a consumer is on the website before she purchases. The shorter it is, the more suspect. However, this is only one variable and a short time between landings on the site and purchasing will not automatically flag an order, Lourenco says. The new feature increased ClearSale’s average approval rate by 1%, he says.