The CISO and the Business By JC Gaillard

Keep appointing pure technologists in CISO roles and you’ll never win

The Wannacry ransomware attack that affected so many large firms in May 2017 led to a number of animated discussions amongst InfoSec communities.

The corrective patch (fixing the vulnerability targeted by the malware) was out since March for supported systems and many firms were badly hit because of their reliance on the unsupported Windows XP (which reached end of life in 2014).

The timely deployment of security patches has been regarded as a fundamental security good practice since the CodeRed, Slammer and Blaster virus outbreaks over 10 years ago, so how can it be that so many large firms are still struggling with this today?

It cannot be just a matter of security investment: Many of the firms reportedly affected by the outbreak would have had fully functioning security practices all that time and would have been spending millions every year on security products.

It has to be a plain matter of adverse prioritization of security issues by IT and business leaders.

Which brings under the spotlights the role and profile of the CISO in those firms. Surely it would have been the CISO’s job to ensure that those matters remain on the agenda of the right leaders, to communicate their urgency, to drive remedial programmes, and to keep hammering at it until it gets fixed.

What is the security community doing wrong, if it is collectively unable to address a technical issue such as the timely deployment of security patches, over a period of time spanning more than a decade?

One reason that is often put forward by security technologists refers to a language disconnect between the CISO and the Business. Somehow, CISOs are not being heard by business leaders and would need to learn to “speak the language of the business”. Such assertion – in itself – raises concerns about the actual profile of the CISO if there are question marks over their ability to rise above mere technological arguments and present them in a language a non-specialist would understand.

Of course, many CISOs are technologists by background; and frankly, security has rarely been seen as a pathway to the top in IT circles, so very often the CISO is either in that job because of a personal interest in the technical aspects of the topic … or because there was little else for them to do.

To break the spiral that has led to the past “lost decade” on cybersecurity matters, you urgently need to inject talent into the security industry.

It is primarily managerial excellence that is missing and it will have to be attracted by rewarding the right skills at the right level. It is also a matter of cultural transformation for many firms, because it is about changing the value scale on which security is being judged.

To attract the best leaders, Security – i.e. the protection of a firm’s assets – has to be seen from the Board down as something fundamental that the firm values and rewards. Not as something you can compromise on to maximise profits, or imposed upon you arbitrarily by regulators.

And if you want your CISO to “talk the language of the business”, you could start by appointing someone from the business!!! … or at least an IT leader who is not a mere technology hobbyist and has a true transversal view of your business.

A lot of this is about context:

If you present the patch deployment issue as an IT issue, you will be heard by your business in an IT context and prioritised against other IT topics.

If you present it as a matter of fundamental protection against real and active threats, you will be engaging at a different level. But as a CISO, you will need the right voice, the right gravitas, the right profile in the firm to be heard. This is not only a rational argument. You’ll have to use every fact you can find, and always focus your communication with other business leaders on those facts and on the reality of the threats. You’ll have to pick your battles and strike at the right time to convince the right people. You’ll have to break the “bias of imaginability” – theorised by Kahneman – and it will take time. This is a very serious management role that requires a truly senior profile and a considerable amount of experience. And the willingness to stay on for the right course, and that could be considerably more than a mere couple of years.

Keep appointing pure technologists in CISO roles and you’ll never win. The protection of the information the firm needs to function is not a mere technology matter, contrary to what many tech vendors would like you to believe. It has a profound cultural dimension that is at the heart of the relationship between the firm and its employees: You protect naturally what you care about. If your CISO embodies that relation, everything they do will carry that weight and you’ll move forward.

via Technology & Innovation Articles on Business 2 Community http://ift.tt/2zhGOs3

Advertisements

The CISO and the Business By JC Gaillard

Keep appointing pure technologists in CISO roles and you’ll never win

The Wannacry ransomware attack that affected so many large firms in May 2017 led to a number of animated discussions amongst InfoSec communities.

The corrective patch (fixing the vulnerability targeted by the malware) was out since March for supported systems and many firms were badly hit because of their reliance on the unsupported Windows XP (which reached end of life in 2014).

The timely deployment of security patches has been regarded as a fundamental security good practice since the CodeRed, Slammer and Blaster virus outbreaks over 10 years ago, so how can it be that so many large firms are still struggling with this today?

It cannot be just a matter of security investment: Many of the firms reportedly affected by the outbreak would have had fully functioning security practices all that time and would have been spending millions every year on security products.

It has to be a plain matter of adverse prioritization of security issues by IT and business leaders.

Which brings under the spotlights the role and profile of the CISO in those firms. Surely it would have been the CISO’s job to ensure that those matters remain on the agenda of the right leaders, to communicate their urgency, to drive remedial programmes, and to keep hammering at it until it gets fixed.

What is the security community doing wrong, if it is collectively unable to address a technical issue such as the timely deployment of security patches, over a period of time spanning more than a decade?

One reason that is often put forward by security technologists refers to a language disconnect between the CISO and the Business. Somehow, CISOs are not being heard by business leaders and would need to learn to “speak the language of the business”. Such assertion – in itself – raises concerns about the actual profile of the CISO if there are question marks over their ability to rise above mere technological arguments and present them in a language a non-specialist would understand.

Of course, many CISOs are technologists by background; and frankly, security has rarely been seen as a pathway to the top in IT circles, so very often the CISO is either in that job because of a personal interest in the technical aspects of the topic … or because there was little else for them to do.

To break the spiral that has led to the past “lost decade” on cybersecurity matters, you urgently need to inject talent into the security industry.

It is primarily managerial excellence that is missing and it will have to be attracted by rewarding the right skills at the right level. It is also a matter of cultural transformation for many firms, because it is about changing the value scale on which security is being judged.

To attract the best leaders, Security – i.e. the protection of a firm’s assets – has to be seen from the Board down as something fundamental that the firm values and rewards. Not as something you can compromise on to maximise profits, or imposed upon you arbitrarily by regulators.

And if you want your CISO to “talk the language of the business”, you could start by appointing someone from the business!!! … or at least an IT leader who is not a mere technology hobbyist and has a true transversal view of your business.

A lot of this is about context:

If you present the patch deployment issue as an IT issue, you will be heard by your business in an IT context and prioritised against other IT topics.

If you present it as a matter of fundamental protection against real and active threats, you will be engaging at a different level. But as a CISO, you will need the right voice, the right gravitas, the right profile in the firm to be heard. This is not only a rational argument. You’ll have to use every fact you can find, and always focus your communication with other business leaders on those facts and on the reality of the threats. You’ll have to pick your battles and strike at the right time to convince the right people. You’ll have to break the “bias of imaginability” – theorised by Kahneman – and it will take time. This is a very serious management role that requires a truly senior profile and a considerable amount of experience. And the willingness to stay on for the right course, and that could be considerably more than a mere couple of years.

Keep appointing pure technologists in CISO roles and you’ll never win. The protection of the information the firm needs to function is not a mere technology matter, contrary to what many tech vendors would like you to believe. It has a profound cultural dimension that is at the heart of the relationship between the firm and its employees: You protect naturally what you care about. If your CISO embodies that relation, everything they do will carry that weight and you’ll move forward.

via Technology & Innovation Articles on Business 2 Community http://ift.tt/2zhGOs3

Starbucks App UX Analysis: Coffee, Lattes, & Loyalty By Stefan Bhagwandin

starbucks ux

It’s Pumpkin Spice Latte season, as every Starbucks across the country is keen to remind us. Whether you take your coffee black or your lattes with extra whip, there’s always a reason to consume caffeine. The Starbucks app eases the process for frequent shoppers, enabling digital payments and tracking reward points. The app has already taken off with customers — about a quarter of orders being placed or paid for via the app

How does Starbucks keep customers engaging with its mobile app? And is there a way for similar chains to do the same? Find out in our latest UX analysis.

Onboarding

What Starbucks Does Well

starbucks app ui

First impressions count, which means the first screen of your app is one of the most important.

Starbucks makes a good first impression by pairing its iconic logo with a simple value proposition. The app prompts users to create an account on the next screen, but this initial screen is free of any pushy calls to action (CTAs). It’s welcoming, not least because the headline simply says “welcome.”

starbucks user experience

The rest of the onboarding flow covers the key steps that nearly every app team must think about.

The first prompt is the Sign In/Sign Up screen. There are a few reasons why an app team might want users to create an account.

  1. User accounts allow for more consistent and complete analytics because marketers can track behaviors across multiple platforms and map them to a single profile
  2. User accounts let customers save their payment and shipping info, which makes for a frictionless shopping experience
  3. User accounts can track rewards points automatically, which may encourage even more conversions

Rewards are a major part of the Starbucks app’s value proposition, so it makes sense that they emphasize the importance of signing up. In this flow, the signup button doesn’t even say “sign up” — it says “join rewards.” The app makes it clear that users can save money by creating an account.

The next two screens are all about securing permissions for push notifications and location tracking. Push notifications are powerful tool in the mobile marketer’s toolkit — they can single-handedly lift retention rates by 7x. Likewise, geolocation marketing is especially valuable for brick-and-mortar retailers like Starbucks. By securing location permissions, the app can deliver timely and relevant promotions to drive in-store purchases.

One Way to Improve

The Starbucks app’s onboarding is pretty effective as it is. Each screen properly explains the value of ask, instead of hitting the user with a series of generic system permission prompts.

One way to potentially earn more push notification opt-ins is to delay the ask until later in the user journey. Even though the opt-in screen gives users a good reason to say yes, some people might not want to commit to the app before using it.

By waiting until users reach certain engagement milestones before asking for push permissions, there’s a higher chance they’ll trust the app and say yes. Engagement milestones include actions like signing up for an account, making your first purchase, or sharing in-app content on social media. Last Minute Travel implemented a campaign along these lines and earned a 182 percent lift in opt-ins.

Ordering

What Starbucks Does Well

starbucks user interface

The in-app menu for Starbucks combines several elements to create a pleasant user experience. The core functionality is there if you want it: the menu tab features a full list of drinks, conveniently split into categories.

But the app goes one step further to maximize conversions. When users open the “order” menu, the default tab is “featured drinks,” pictured on the right. This allows Starbucks to tempt shoppers with seasonal favorites and to upsell with food and whole beans. This technique potentially earns more in-app conversions without harming the user experience.

starbucks app ux

The first time users open a product listing, this in-app message pops up to promote social sharing. This message reminds users that the share button exists, and it provides a good reason to tap it.

Customizations and personal preferences are a big part of this promotion. Normally, customers might not think to tweet about their morning coffee — but it’s a different story if you’re tasting an exclusive single origin brew or custom latte. This message plants the idea in the customer’s mind that some Starbucks items are worth sharing on social.

One Way to Improve

Frankly, I didn’t identify any usability problems with the ordering menu. Everything works as expected, and there are a few customizable options that I didn’t know existed. The only “problem” I found was a technical one, where it’s possible to place infeasible orders like the one below.

starbucks mobile

Glitches aside, Starbucks could potentially optimize this section even further by personalizing drink recommendations based on a user’s purchase history. Instead of featured drinks, the app could suggest past favorites (or new options that are similar to past favorites).

Starbucks Cards

What Starbucks Does Well

starbucks mobile app

Starbucks cards are given their own menu in the app, driving home the point that this app helps customers save money. The practical functionality is all here on one screen: users can check their balance, top up their card, or register a new card. There’s also a “pay in store” button, which brings up a barcode for the cashier to scan. This way, digital cards have the same functionality as physical.

In addition to the practical features, the fact that the app displays the card’s artwork is a nice touch. Starbucks cards are often marketed as a collector’s item, with many different themed/seasonal options. Emphasizing the art on this screen makes digital cards feel just as valuable and collectible as the physical ones.

starbucks app

The gift menu is an extension of the Starbucks rewards system. This menu lets users browse all currently available cards and email one to a friend. Again, the artwork is important here, and there are over 10 categories to choose from. The level of personalization makes these cards more appealing as gifts.

One Way to Improve

The many categories of gift cards are both a blessing and a curse. It’s good to have options, but the 10+ tabs are a bit much to sort through, especially with the overlapping listings. For example, one card that reads “you’ve so got this” shows up under both “workplace” and “encouragement.”

It would be easier to create a master list of all cards and let users filter them based on thematic tags like “encouragement.” Right now, there appears to be no way to browse all of the gift card designs in one place.

Rewards

What Starbucks Does Well

starbucks rewards

The app’s home screen focuses on rewards. There’s a bit of gamification going on — the green progress bar and the 0/300 are both constant reminders that there’s a goal the customer hasn’t yet achieved.

Meanwhile, the next tile down acts like a secondary onboarding. My account is new, so the screen displays the steps you’d go through to start earning rewards. It makes sense that this flow isn’t part of the initial onboarding (people aren’t eager to whip out their credit cards when they first download an app). Still, the information is here for whenever the customer wants to earn rewards points.

starbucks app review

In this reward system, users receive two stars for each dollar spent on an order. At 300 stars, frequent shoppers are granted gold status, which provides perks like drink add-ons and a personalized gold card.

Rewards are so central to the Starbucks app that it even displays your number of stars in the main menu. There’s simply no way to use the app without seeing your star count and remembering you’re not at gold status yet (or seeing your gold status and feeling proud).

Interestingly, the app says more about how close you are to gold than about what you receive when you reach gold. It seems as though the reward system is more about personal pride for the customer, which explains why it’s more gamified than your typical points card.

One Way to Improve

The rewards system is more or less as optimized as can be. The only way to improve would be to mention the specific perks of reaching gold status. However, the perks appear to be inconsistent — the official website that there’s a reward for every 125 stars, but it doesn’t explain what these rewards are. Given the situation, it’s likely more effective to sell the gamification/personal pride angle than the discount angle.

Music

What Starbucks Does Well

starbucks music

Finally, the Starbucks apps features a partnership with Spotify where you can look up and listen to the playlists from Starbucks locations. This is a unique features that adds value to visiting the stores (and staying a while).

starbucks spotify

The music menu begins with promotions for specific artists. Scrolling down, we see a large CTA for Spotify, pictured on the right. The app lets you explore different artists who’ve been featured in Starbucks.

One Way to Improve

Unfortunately, there’s not much to do in this menu without a Spotify account. All of the links are CTAs to open the playlist in Spotify. Ideally, Starbucks would include music samples for each artist within its own app. This most likely isn’t possible due to licensing restrictions, so another option is to provide biographical info on each artist, like Last.fm. Adding more content to this menu would make it feel more like a Starbucks feature and less like a partnership designed to drive users to Spotify.

The Starbucks Mobile UX

As a whole, the Starbucks app boasts an impressive UX with full functionality. The app is optimized toward earning more rewards signups, but it also provides practical features that directly benefit customers, like ordering drinks in advance for in-store pickup.

Leanplum is the mobile marketing platform built for engagement. We help brands like NBC, Tinder, Grab, TED, and Zynga orchestrate multi-channel campaigns — from messaging to the in-app experience — all from a single, integrated platform. Schedule your personalized demo here.

via Technology & Innovation Articles on Business 2 Community http://ift.tt/2hLCb1T

4 Steps for Building a Self-Service Portal By Nancy Van Elsacker

raphaelsilva / Pixabay

Making the most of self-service will save a good amount of work for you and the service desk in the long run, but this also requires a bit of work to get started. To get the most out of it, you need to design the portal for your audience — not for yourself. So, keep the following steps in mind as you build.

  1. Make sure all involved parties are aligned

Before setting up your self-service portal (as in any project that involves several stakeholders), it’s important to make sure all team members are on the same page. This doesn’t just mean getting the go-ahead from management but checking that you also are aligned with your own department’s objectives.

It’s important that you don’t only assume you all know what you want out of the portal, but that you make sure that the team agrees with what the goal actually is. Hold a meeting and address this seriously. This alignment becomes especially important if you are working together with other departments such as facilities, HR or even IT. Please note: You should definitely share a portal if multiple departments want one (it’s easier for your customers), but it does require a bit of extra collaboration.

  1. Analyze your data

Once you’re aligned, the next crucial step in creating a self-service portal is determining out what services you will deliver to your end users. While this may seem difficult, a lot of information can be found within your existing data.

For instance, examine the tickets entered over the last couple of months and group these into services that you currently deliver. You can use this information to run some simple analysis on what the types and frequencies of calls are. This provides you a great starting point to building your portal.

  1. Speak to your users

Even at an early stage of building your portal, it’s a good idea to gain some qualitative insight by engaging your end users. This is almost always overlooked. Many departments assume they understand their customers’ needs without really speaking to them. If there is something about the process that your users don’t understand, you must educate them to make the process easier by speaking their language.

Gather feedback in whatever way best suits your business. One way to get responses is the practice of sending a survey to employees, but don’t disregard the effect of talking to your users face to face, either in formal focus groups or even in the corridor on your way to coffee.

While it would be great if your end users always found what they are looking for, don’t be discouraged if they say there is room for improvement. Optimizing processes is the best way to continuously improve your portal. For example, if customers find requesting new workspace material quite complex then help them by creating a simpler process for them to follow next time.

  1. Launching your self-service portal

When thinking about launching your portal, one thing to potentially avoid is launching it then building it as you go along. If you launch and promote your portal with just 5 percent to 10 percent of your service delivery covered, you run a high risk that your users won’t find what they are looking for. Not a great first impression, and they may be reluctant to return.

At the same time, don’t hold back on your launch of the portal just because you are trying to perfect it. Additional improvements are part of your portal maintenance as feedback from members of the organization after go-live. Launching a portal that is about 80 percent ready while keenly listening to your stats and customer feedback may be the best practice.

  1. Optimize

If six months after go-live, your portal still contains almost the exact same information, something is amiss. The services you deliver continuously change. Keep an ear open to listen to your users’ feedback and optimize the portal based on their experience. The better the experience, the easier life is for both your team and your end user.

Making sure that your portal fulfils its purpose gives people a reason to come back to it, and makes it an integral part of your service delivery.

via Technology & Innovation Articles on Business 2 Community http://ift.tt/2zVfehg

Cloud Per-Second Billing – How Much Does It Really Save? By Elaina Arce

Pixabay

It has been a little over a month since Amazon and Google switched some of their cloud services to per-second billing and so the first invoices with the revised billing are hitting your inboxes right about now. If you are not seeing the cost savings you hoped for, it may be a good time to look again at what services were slated for the pricing change, and how you are using them.

Google Cloud Platform

Starting with the easiest one, Google Cloud Platform (GCP), you may not be seeing a significant change, as most of their services were already billing at the per-minute level, and some were already at the per-second level. The services moved to per-second billing (with a one-minute minimum) included Compute Engine, Container Engine, Cloud Dataproc, and App Engine VMs. Moving from per-minute billing to per-second billing is not likely to change a GCP service bill by more than a fraction of a percent.

Let’s consider the example of an organization that has ten GCP n1-standard-8 Compute Engine machines in Oregon at a base cost of $0.3800 per hour as of the date of this blog. Under per-minute billing, the worst-case scenario would be to shut a system down one second into the next minute, for a cost difference of about $0.0063. Even if each of the ten systems were assigned to the QA or development organization, and they were shut down at the end of every workday, say 22 days out of the month, your worst-case scenario would be an extra charge of 22 days x 10 systems x $0.0063 = $1.3860. Under per-second billing, the worst case is to shut down at the beginning of a second, with a highest possible cost for these same machines (sparing you the math) being about $0.02. So, the best this example organization can hope to save over a month with these machine with per-second billing is $1.39.

Amazon Web Services

On the Amazon Web Services (AWS) side of the fence, the change is both bigger and smaller. It is bigger in that they took the leap from per-hour to per-second billing for On-Demand, Reserved, and Spot EC2 instances and provisioned EBS, but smaller in that it is only for Linux-based instances; Windows instances are still at per-hour.

Still, if you are running a lot of Linux instances, this change can be significant enough to notice. Looking at the same example as before, let’s run the same calculation with the roughly equivalent t2.2xlarge instance type, charged at $0.3712 per hour. Under per-hour billing, the worst-case scenario is to shut a system down even a second into the next higher hour. In this example, the cost would be an extra charge of 22 days x 10 systems x $0.3712 = $81.664. Under per-second billing, the worst case is the same $0.02 as with GCP (with fractions of cents difference lost in the noise). So, under AWS, one can hope to see significantly different numbers in the bill.

The scenario above is equally relevant to other situations where instances get turned on and off on a frequent basis, driving those fractions of an hour or a minute of “lost” time. Another common example would be auto-scaling groups that dynamically resize based on load, and see enough change over time to bring instances in and out of the group. (Auto-scale groups are frequently used as a high-availability mechanism, so their elastic growth capabilities are not always used, and so savings will not always be seen.) Finally, Spot instances are built on the premise of bringing them up and down frequently, and they will also enjoy the shift to per-second billing.

However, as you look at your cloud service bill, do keep in mind some of the nuances that still apply:

  • Windows: GCP applies per-second billing to Windows; AWS is still on one-hour billing for Windows.
  • Marketplace Linux: Some Linux instances in the AWS Marketplace that have a separate hourly charge are also still on hourly billing (perhaps due to contracts or licensing arrangements with the vendors?), so you may want to reconsider which flavor of Linux you want to use.
  • Reserved instances: AWS does strive to “use up” all of the pre-purchased time for reserved instances, spreading it across multiple machines with fractions of usage time, and per-second billing can really stretch the value of these instances.
  • Minimum of one-minute charge: Both GCP and AWS will charge for at least a minute from instance start before per-second billing comes into play.

Overall, per-second billing is a great improvement for consumers of cloud resources…and will probably drive us all more than ever to make each second count.

via Technology & Innovation Articles on Business 2 Community http://ift.tt/2zQFWK8

Secure Your Identity for Cyber Monday 2017 By Laura Bruck

iStock

Cyber Monday 2017

The holiday season is an exciting time for consumers, and even more exciting for identity thieves. Criminals know that you’ll be looking for those perfect holiday gifts with Black Friday and Cyber Monday deals in mind.

Criminals rely on you to “click before you think” when browsing the hoard of online discounts and holiday sales. Without the proper preventative measures put in place, Cyber Monday can leave you extremely vulnerable to various identity crime tactics and scams.

Let’s look at some common scams that target you, the consumer, and how to secure your information for Cyber Monday 2017.

Identity Thieves LOVE the Holidays

It’s no secret that retail holidays like Black Friday and Cyber Monday are also major cybercrime holidays. Security experts have noted that cybercrime in general spikes significantly during the holiday season.

Enigma Software’s 2015 report showed a 76 percent spike in malware infections just on Cyber Monday. To give you an idea of just how significant that spike is, 2014 only saw a 40 percent increase in malware infections during its Cyber Monday.

Research confirms what identity thieves already assume: most consumers prefer to shop online. DomainTools found that 92 percent of U.S. consumers shop online – and almost half of all consumers plan to shop online for Cyber Monday 2017.

Why We Keep Falling for Online Scams

Identity thieves typically use two common methods to target consumers for their personal and financial data. Let’s explore how emails and spoofed websites can be used for retail holiday scams.

Spoofed Websites

Spoofed websites – also sometimes called phishing sites – are extremely common during the holiday season. In fact, the Anti-Phishing Working Group (APWG) found 119,000 unique phishing sites impersonating over 300 different brands in November 2016.

Criminals set up fake websites to steal your personal information. These sites will often replicate well-known companies like Target, Amazon or Walmart to further convince you of their legitimacy. In short, criminals hope that you trust the site enough to provide sensitive information like Social Security numbers, credit and debit card information and other personal data.

You may visit a page that visually looks familiar. But spoofed websites will have URL links that do not align with a company’s official website. While some may be easy to spot, more sophisticated criminals can create URLs that closely mirror legitimate sites. Because of the fast-paced nature of holiday shopping, criminals hope you’re too fixated on that too-good-to-be-true deal than notice whether the site is legitimate.

Phishing and Spam Emails

Phishing emails go hand-in-hand with spoofed websites, also aiming to impersonate well-known companies that are familiar to you. Spam emails can also contain harmful software, or malware, disguised as links or attachments within the email itself.

Like spoofed websites, phishing emails want to convince you to trust them – or at least trust them enough to give up your personal information. They work in concert with spoofed websites because they often act as ways to send victims to the fake sites.

Spam emails, on the other hand, may have a different purpose. The malware often found within these messages can either be unknowingly embedded or misrepresented as a link or attachment within the email. Different types of malware carry out different functions. Sometimes malware is meant to leave a device more vulnerable for future cyberattacks. Other malware can be used to remotely control or view information on the device itself.

Cyber Monday 2017 ID Protection Tips

Since Cyber Monday is still an effective way to find great holiday deals, use these tips to keep your information safe from identity thieves this year:

  • Avoid downloading or “redeeming” coupons, promotional or discount codes from emails and pop-ups. These are often used to convince you to click or download malicious software to your device.
  • Be wary of deals you find on social media websites or search engines. Sophisticated cybercriminals can manipulate spoofed sites to show up in search engine results or social media ads.
  • Double check deals on the company’s official website to determine if coupons or promo discounts are legitimate. If the deals don’t match, it’s more than likely a phishing or spam email.
  • As always, never provide login, personal or financial information on unsecured sites. Look for “https://” at the beginning of the web address and the green lock next to it to ensure you’re visiting a secured site.

via Technology & Innovation Articles on Business 2 Community http://ift.tt/2ja1jvI

Secure Your Identity for Cyber Monday 2017 By Laura Bruck

iStock

Cyber Monday 2017

The holiday season is an exciting time for consumers, and even more exciting for identity thieves. Criminals know that you’ll be looking for those perfect holiday gifts with Black Friday and Cyber Monday deals in mind.

Criminals rely on you to “click before you think” when browsing the hoard of online discounts and holiday sales. Without the proper preventative measures put in place, Cyber Monday can leave you extremely vulnerable to various identity crime tactics and scams.

Let’s look at some common scams that target you, the consumer, and how to secure your information for Cyber Monday 2017.

Identity Thieves LOVE the Holidays

It’s no secret that retail holidays like Black Friday and Cyber Monday are also major cybercrime holidays. Security experts have noted that cybercrime in general spikes significantly during the holiday season.

Enigma Software’s 2015 report showed a 76 percent spike in malware infections just on Cyber Monday. To give you an idea of just how significant that spike is, 2014 only saw a 40 percent increase in malware infections during its Cyber Monday.

Research confirms what identity thieves already assume: most consumers prefer to shop online. DomainTools found that 92 percent of U.S. consumers shop online – and almost half of all consumers plan to shop online for Cyber Monday 2017.

Why We Keep Falling for Online Scams

Identity thieves typically use two common methods to target consumers for their personal and financial data. Let’s explore how emails and spoofed websites can be used for retail holiday scams.

Spoofed Websites

Spoofed websites – also sometimes called phishing sites – are extremely common during the holiday season. In fact, the Anti-Phishing Working Group (APWG) found 119,000 unique phishing sites impersonating over 300 different brands in November 2016.

Criminals set up fake websites to steal your personal information. These sites will often replicate well-known companies like Target, Amazon or Walmart to further convince you of their legitimacy. In short, criminals hope that you trust the site enough to provide sensitive information like Social Security numbers, credit and debit card information and other personal data.

You may visit a page that visually looks familiar. But spoofed websites will have URL links that do not align with a company’s official website. While some may be easy to spot, more sophisticated criminals can create URLs that closely mirror legitimate sites. Because of the fast-paced nature of holiday shopping, criminals hope you’re too fixated on that too-good-to-be-true deal than notice whether the site is legitimate.

Phishing and Spam Emails

Phishing emails go hand-in-hand with spoofed websites, also aiming to impersonate well-known companies that are familiar to you. Spam emails can also contain harmful software, or malware, disguised as links or attachments within the email itself.

Like spoofed websites, phishing emails want to convince you to trust them – or at least trust them enough to give up your personal information. They work in concert with spoofed websites because they often act as ways to send victims to the fake sites.

Spam emails, on the other hand, may have a different purpose. The malware often found within these messages can either be unknowingly embedded or misrepresented as a link or attachment within the email. Different types of malware carry out different functions. Sometimes malware is meant to leave a device more vulnerable for future cyberattacks. Other malware can be used to remotely control or view information on the device itself.

Cyber Monday 2017 ID Protection Tips

Since Cyber Monday is still an effective way to find great holiday deals, use these tips to keep your information safe from identity thieves this year:

  • Avoid downloading or “redeeming” coupons, promotional or discount codes from emails and pop-ups. These are often used to convince you to click or download malicious software to your device.
  • Be wary of deals you find on social media websites or search engines. Sophisticated cybercriminals can manipulate spoofed sites to show up in search engine results or social media ads.
  • Double check deals on the company’s official website to determine if coupons or promo discounts are legitimate. If the deals don’t match, it’s more than likely a phishing or spam email.
  • As always, never provide login, personal or financial information on unsecured sites. Look for “https://” at the beginning of the web address and the green lock next to it to ensure you’re visiting a secured site.

via Technology & Innovation Articles on Business 2 Community http://ift.tt/2ja1jvI