Securing Remote Workers By Ty Mezquita

The 2020 Coronavirus pandemic has lead many workers to work from home to slow its spread. Business owners have had to proactively deal with these changes while doing their best to operate effectively and securely. The new normal for companies is a workforce that continues to deliver business services remotely. This article describes some tips and strategies companies are using to secure their remote workers successfully.

Before we dive in, CyberHoot needs to separate companies into two unique types as follows:

  1. Businesses that have gone through a digital transformation to cloud-enabled services for the majority of their operational needs; and
  2. More traditional businesses running their business using onsite applications and services.

Digital Transformation Maturity

Companies who have gone through a digital transformation may have a leg up for remote worker security than companies with more traditional on-premises solutions. The myriad of cybersecurity challenges are simplified for these cloud-enabled companies. Companies operating their business in the cloud must have the following measures in place to truly secure themselves.

    1. First, all cloud services must have strong authentication measures in place including two primary tools:
      • utilize two-factor authentication on all Internet-enabled services
      • use a password manager throughout the company
    2. Second, companies must establish strong administrative processes including:
      • adopting effective on-boarding and off-boarding practices
      • establishing governance policies/processes to guide employees on the selection, use, and security configuration of Software-as-a-Service (SaaS) solutions
    3. Finally, strong cybersecurity practices need to be in place including:
      • ensuring least privileges has been set up within those cloud-enabled applications to limit access to just what’s needed
      • encrypting all critical and sensitive data in transit and at rest

Not all companies that have gotten to the same level of digital transformation maturity yet. Some have yet to tackle many of the above security recommendations. CyberHoot often identifies gaps in remote worker programs even at companies that have long finished their digital transformation to cloud services. However, securing remote workers in businesses that have been working in the cloud is fundamentally easier than companies operating more traditional on-premises technology solutions. This is where we turn our attention to next.

On-Site Application Security Considerations for Remote Workers

Remote workers represent additional unique cybersecurity challenges for on-site business operations than cloud-based service operations. Concerns shift from providing local access to resources to ensuring remote workers continue to have reliable and secure access to those same on-premises applications. Unfortunately, too often, those on-premises applications were not secured and hardened for remote users instead of relying on a small number of local users. Our next sections analyze these differences often found as on-premises companies migrated to remote workforces.

End-Point Insecurities on Personal devices

When working on-site, endpoint security is typically quite robust and reliable. Company-owned devices run antivirus protection, with privilege rights management in place, device locks after inactivity, and regular patching of both operating systems and applications. Many companies did not budget for a mobile work from home workforce. Faced with purchasing laptops for every employee (and laptops have been in short supply for months), many companies have opted to allow potentially less secure home machines to connect into local resources and applications. This puts less secure machines on your internal network in some configurations. That can put additional risks on your data. These are all considerations that need to be addressed by policy and in some cases technology.

Access to Applications Originally secured only for Local Connections

Enabling access to these same applications from personal devices in the home can open those applications up to risks from insecure and potentially compromised home machines, poor permissions that might allow greater damage when a breach occurs, complexity in enabling secure remote access into systems that previously were wide open to local but finite connections. To contrast this, Cloud-solutions always assume the worst possible connections from compromised machines. They assume and witness hacker attacks from all over the entire Internet on a daily basis. They go through rigorous penetration testing to ensure systems are locked down and secure in contrast to most local applications, servers, and networks that were never designed for such things.

Regardless of whether your applications on in the cloud or on-premises, there are some important security practices to ensure are in place and functioning as designed. Let’s turn our attention to secure remote access and beyond that into best practices for privilege management, encryption, and two-factor authentication.

Security Tips For a Remote Workforce

While it may be easier to secure company-wide remote access than it is to secure numerous company-provided laptops, there are still additional best practices that should be followed. To reduce the likelihood of data breaches while using remote access, businesses should do the following:

Requiring Two-Factor Authentication (2FA)

All end-users must be configured for 2FA usage for remote access. To do otherwise is to invite security incidents and compromise. Too many employees reuse passwords on their VPN accounts as they do to multiple websites one of which is certain to be compromised and those credentials floating around the dark web. This is additionally important if you need compliance with security standards like PCI, HIPAA, or CMMC. If you only do one thing, it should be this – enabling 2FA into your local network and the data/applications it hosts.

Principle of Least Privilege

Access rights to both on-site and cloud applications must be carefully assigned so end-users can access only the resources they need. One way companies do this while also restricting the attack surface to a single protocol is by enabling Remote Desktop Protocol into a workstation in the office. This single door allows all existing security within the work environment to be enforced from application permissions, to default storage locations, to reducing additional licensing costs for home machines when a work machine has said license already paid for.

This might require additional limits be placed on traditional Virtual Private Network (VPN) connections that grant network based access to all resources on a typically flat internal network while the VPN client is connected. This artificially lowers the bar for remote access users to that of the security of the end point that if compromised could introduce ransomware and viruses to the corporate network. In contrast, enabling a single router on an RDP gateway to ones workstation and no other port or protocol can significantly improve your overall security for remote workers.

Encrypt all traffic between the end user’s device and their desktops

This can be accomplished via VPN, but going that route requires the installation and configuration of a VPN client, limiting end-users to specific devices and increasing complexity. A remote access solution that takes advantage of the universality of web browsers can provide proper encryption while also avoiding the limitations of a VPN. Such solutions should still be tied down to single destinations on a per user basis if possible.

Do not allow direct access

Insecure remote access services are common targets for hackers and should never be exposed to the public Internet. Placing these services behind a remote desktop gateway shields them from direct public access and provides an additional layer of security and access control preferably paired with two-factor authentication.

Isolate (SEGMENT) your remote desktops in Unique networks

Lastly, it crucially important to keep segment and isolate your internal networks. With a remote desktop gateway in place, servers can be configured to accept inbound connections only from 2FA authenticated users. Various internal segments should exist to limit the damage of one network segment were it to become infected with a virus, worm, or hacker.

Cybersecurity and Remote Worker Conclusions

Companies that transitioned to cloud-enabled services years ago adjusted rather quickly and securely to a migration to remote workers. However, by implementing the protections outlined in this article regardless of your use of on-premises applications or cloud applications, you will be able to secure your business operations and limit your risks to compromise, down-time, brand damage, and client/revenue loss.

Secure remote access to your company network is a must-have depending upon how far down the digital transformation road you’ve traveled. Securing the internal equipment as outlined above with patching, monitoring, capital expense upgrades, and such makes it more challenging to be certain, but it is doable. It does however highlight some of the benefits for a more aggressive migration to cloud-enabled services for your mobile and increasingly remote workforce.

Sources

Infosecurity Magazine

TechTarget

via Technology & Innovation Articles on Business 2 Community https://bit.ly/3mbvP7x

Directory Traversal — Web-based Application Security, Part 8 By Shyam Oza

In a world driven by digital technology, having an online presence is no longer an option for individuals and organizations. However, exposing your business to the digital universe comes with website security risks. That is why constantly monitoring and securing your website applications are paramount to prevent confidential information from being exposed.

In our previous web-based application security series blogs, we covered Open Redirection Vulnerability, Cross-Site Forgery, SQL Injection, Insecure Direct Object Reference (IDOR) and more. In this blog, we will focus on directory traversal attacks and how you can prevent them from occurring.

What is Directory Traversal?

Directory traversal is a web application security vulnerability that allows unauthorized users to access files from different folders or directories that they would otherwise be restricted from accessing. According to Acunetix’s Web Application Vulnerability Report 2019, 46 percent of websites contained high severity vulnerabilities and 87 percent of websites contained medium severity vulnerabilities.

Web servers and web applications store critical information, such as credentials, backups, access tokens and operating system files, that could be easily exposed if vulnerabilities are exploited. There are two levels of defense systems that web servers utilize to protect the data stored – Access Control Lists (ACLs) and the root directory. Website administrators use the Access Control List to authenticate and define the rights granted to certain users or groups. The root directory, on the other hand, is where all the other folders and files reside and is user-restricted. Hackers exploit vulnerabilities in the web server software or flaws in the application using web browsers and guesswork to access arbitrary files.

The Goal Behind Directory Traversal Attacks

According to Positive Technologies, cyberattacks that were carried out to obtain confidential data were a major threat for 68 percent of web applications. With directory traversal attacks, hackers attempt to manipulate web applications to access restricted data from different folders apart from the web root folder. These files are server-internal files that are not accessible to users. A successful attempt can expose critical data, such as path names, file names, credentials and server configuration information, to anonymous hackers. Attackers can also execute malicious commands, alter data, or compromise the entire web server itself.

The Different Names of a Directory Traversal Attack

A directory traversal attack is also commonly referred to as a path traversal, backtracking, or dot dot slash (../) attack because it uses certain special characters. The dot dot slash or “../” tells the browser to move one level back towards the root directory. For instance, the code “x/y/z/../” is equal to “x/y/”, which allows you to find other files from different folders without using the full path.

Consider the web directory structure shown below. A relative link can be used from index.html to any folder in the root directory (home_html in this case). To link from hobbies.html to index.html, you must send a request to tell the browser to move up one level from documents to home_html to find the file. The relative link is written as: a href=“../index.html”.

Simplified example of a web directory structure.

Simplified example of a web directory structure.

How Does a Directory Traversal Attack Work?

Directory traversal attacks can be easily executed if there are vulnerabilities in the web application code and the web server configuration. Let’s take a look at an example of a PHP code that is susceptible to path traversal attacks.

In this case, perpetrators can use the command “http://example.com/?file=../../../../etc/passwd” to manipulate the web application to reveal hidden information of the /etc/passwd system file. Similarly, attackers can exploit path traversal vulnerabilities to access credentials, modify files, or take complete control of the compromised web server.

A depiction showing how a Directory Traversal attack works.

Simplified example of a Directory Traversal attack.

Detecting Directory Traversal Vulnerabilities

Directory traversal vulnerabilities can be easily detected during the software development process by strongly emphasizing on security. Web vulnerability scanners are highly effective in detecting path traversal vulnerabilities. They trawl the entire website and automatically inspect for vulnerabilities. You can also use code analysis tools, such as Raxis and RIPS Technologies, to analyze and detect faults even before the software is up and running. Once the web application is deployed, penetration testing can be administered to identify any defects. Another method you can use is fuzzing or fuzz testing to experiment with different inputs to check if any of the malformed data causes any problems. Visit OWASP to know more about directory traversal vulnerability testing.

Preventing Directory Traversal Attacks

Directory traversal attacks can be prevented by using the latest web server software and by making sure the server is well maintained and patches are applied. Another important step to take is to make judicious use of the Access Control Lists and ensure appropriate access rights are in place. You can also minimize the risks of such attacks by filtering user-supplied inputs from browsers.

Maintaining Business Continuity in the Event of a Cybersecurity Incident

Although path traversal attacks are among the simpler types of attacks carried out by skilled hackers, they can have a disastrous impact on your business, especially if personal and financial data records are divulged.

via Technology & Innovation Articles on Business 2 Community https://bit.ly/3ooPpiL

3 Reasons SaaS is Critical for Online Payments By Bob Bennett

If you’ve ever purchased software for your organization, then you’re likely familiar with the term SaaS, or Software as a Service. SaaS is a licensing and delivery model that offers customers all the benefits of an application without requiring continuous software upkeep by in-house staff or a third party. True SaaS applications deliver the latest and greatest through the Internet to a computer or mobile device.

Think of SaaS like owning a car that never gets old, because you’re always driving the latest version.

Upgrades and enhancements happen automatically, without having to download patches or new versions. Examples of true SaaS software applications are Netflix, Instagram, or Expedia – to name a few. You can access any of these tools from your computer or mobile device, and you will always receive the latest version available to the general public.

When it comes to online payments, SaaS solutions are particularly important for addressing the unique needs of your organization. Here’s why.

The importance of SaaS for Online Payments

1. Pace of Innovation

Your industry is changing rapidly, and your organization needs the ability to keep up with new technologies. True SaaS delivers continuous improvement and requires no maintenance on your part. Since only one version of the software exists, it is simple and straightforward to roll out frequent and concurrent upgrades — so all clients are always current.

2. Importance of Security and Compliance

Ensuring the security of customer data is one of the most important tasks for an organization. When it comes to payments, making sure you have the latest security patches to remain compliant with industry standards is critical. Multi-tenant architecture creates a single instance of a software application that serves multiple customers, as opposed to a single tenant model hosted in the cloud. Client data is secured in individually partitioned databases, providing superior performance and maintenance while the entire application is wrapped and monitored in a secure environment.

SaaS solutions automatically roll out new security patches used by all clients at the same time, which ensures your organization is offering the best (and most compliant) in data security. By their very nature, on-premises and hosted solutions cannot offer this far-reaching level of security or PCI compliance

3. Seasonality and Scale

Depending on your billing frequency, payments and collections are often seasonal. This means your organization needs the ability to scale up quickly and cost-effectively. Since true SaaS uses configuration rather than customization, it’s easy to scale the solution to meet your business needs.

Hosted and on-premises solutions, on the other hand, can actually stand in the way of growth. Since these hosted and on-premises solutions are built on individual stacks of code for each client, software upgrades become a manual process for both the provider and your organization. Not only does this create a burdensome workload for your staff, but service issues may arise if your chosen system can’t keep pace with company, or natural adoption, growth. This potential spike of service issues could then negatively impact your customer satisfaction and even contribute to unwanted churn.

Beware of Cloudwashing

To take advantage of the growing client demand for SaaS delivery models, many software providers claim to deliver SaaS applications, when, in reality, they are offering a traditional hosted or on-premises software solution with web-based access. Software cannot be “hosted” and be true SaaS because “hosted” software supports a single client. True SaaS is multi-tenanted, with a single instance.

Cloudwashing is a term used to describe the practice of “rebranding” on-premises or hosted software. It involves taking traditional software and running it on a cloud instance, while still marketing it as ‘cloud’ or ‘SaaS based’ to make is sound like true SaaS. Since organizations are becoming more aware of the benefits of true SaaS solutions, many companies without this setup are trying to position themselves as SaaS – without actually offering the real benefits of SaaS.

What does this mean for you? It means your organization needs to be able to tell the difference between a true SaaS vendor versus one that is cloudwashing to avoid issues like costly customizations or time-consuming updates.

At first glance, it can be difficult to notice this difference. There are, however, a few pointed questions you can ask a solution provider to answer to help you determine the true configuration of their system.

The following questions can be used to determine whether a provider is offering a true SaaS solution.

  • Are all your clients on the exact same codebase or are they on variations of a common codebase?A true SaaS solution has a single codebase for all clients.
  • Is the platform single instance multi-tenant or is it multi-instance?A single instance, multi-tenant solution is a configurable SaaS platform with a single codebase. This is the only true SaaS model. Multi-instance implies multiple instances of code that are unique to each client.
  • Does their website accurately depict what they provide?If a provider’s web site promotes “SaaS-based” solutions instead of true SaaS, it’s most likely cloudwashing.

Finding the right SaaS solution for your organization

When it comes to selecting any software solution for your organization, it’s important to understand and evaluate the claims providers are making. True SaaS software offers scalable, highly configurable and innovative solutions that continuously deliver value. These solutions enable your organization to provide your customers with the experience they are looking for as their needs change, while also addressing the unique characteristics of online billing and payments.

via Technology & Innovation Articles on Business 2 Community https://bit.ly/34iW71J

5 Ways the Coronavirus Affects the Tech Industry in 2020 By Robert Jackson

Forget the recent debacle in the stock exchanges globally. Experts are of the opinion that while the rest of the economy is struggling to survive from the crippling impact of the COVID-19 pandemic, it is the technology domain that manages to survive and even thriving during this period.

Here are some of the facts that indicate the growth of the technology sector during this pandemic time.

  • Amazon has hired 100,000 warehouse workers to meet the increasing demand during the pandemic
  • Microsoft has revealed that the number of users using its online collaboration software had climbed nearly 40% in the same period

Though many companies have their contingency plans in place, they are not sufficient to ensure operational effectiveness during the nationwide quarantined and widespread travel restrictions during the global health emergency.

Here are the top five ways the coronavirus can affect the tech industry in the near future or the post-COVID era.

1.Crisis Management

As mentioned above, traditional business continuity plans cannot withstand the impact of a pandemic. Cancellations of industry events can reduce development opportunities and travel restrictions result in decreased client interactions.

How Technology Supports

  • A centralized system can be created to monitor all the processes done by various teams while managing the continually evolving crisis
  • A data analysis framework can be established using Big Data, AI, and ML technologies to provide actionable insights for making real-time decisions
  • VR and AR-based simulation exercises are done on regular basis using realistic scenarios

2.Supply Chain

Globally, the supply chain is disrupted and cashflow-related challenges weigh high. Startups and SMEs have hit hard in this pandemic time and they need a subsidy or financial relaxations to remain ready for the aftermath.

Another nail in the coffin for supply chain management is the compulsion of remote working practice. Also, daily operations get affected because of a lack of in-store alternatives. For example, smartphone production is expected to decline by 12% YoY in the first quarter of 2020. The manufacturing and workforce-dominated sectors hit hard because of supply chain-related and operational issues.

How Technology Responds

  • Vendor management and operational management software can be made for managing supply chain and daily operations effectively
  • Customized mobility solution can be developed for real-time connectivity and collaboration
  • Supply chain modifications can be done by introducing automation in the processes to keep businesses ready for a long term

3.Workforce

The absence of full-time employees and reduced productivity of remote employees hurt daily operations badly. Also, gig workers including drivers, delivery workers, and support staff are seldom available amid the nationwide lockdown in this troubled time. The pandemic age also results in a slowdown in recruiting employees that could affect the operation.

What’s more, cybersecurity risks are increased when most employees work from home across the world and get access to the company’s confidential information through their PCs or laptops.

How Technology Helps

  • Robotic Process Automation (RPA) can be a great option to implement in this pandemic time
  • Robust communication platforms like Gmail, Skype, etc. are relatively safe to share important information
  • Customized ERP solution and IoT-based mobility solution can help enterprises track the processes and activities of employees
  • Technological advancements can be used in enterprise software solutions to manage remote and onsite work

4.Financial Reporting

Issues of operations and supply chain disruptions eventually affect financial reporting for the short to long-term. Public companies and established enterprises have to disclose revised guidance for the upcoming quarters while considering the COVID-19 impact.

Role of Technology

  • Customized enterprise software can take care of financials and other processes while assisting enterprises to comply with all the regulations
  • Advanced AI-based solutions can predict the financial situation more effectively. These predictions are accurate and easy to share with shareholders
  • AI and ML-based solutions can analyze the big data effectively and revisit key assumptions

5.Taxation

Many governments across the world have declared some relaxations and subsidies for SMEs, startups, and even established companies. Also, some countries have changed their tax structure by keeping the impact of COVID-19 in mind.

Operations related to tax compliance are highly challenging for businesses because they need to calculate both short-term losses and their impact on forecasts. Also, the supply chain configuration affects tax implications in the short to medium-term.

How Technology Helps

  • Technology enables companies to come up with a contingency plan to meet tax compliance-related regulations on time
  • Real-time access to necessary information can make the taxation process less cumbersome
  • Income statements and other taxation reports can be fetched in the real-time

The tech industry has also found solutions to cope with strategy and customer-service related issues in this troubled time.

Concluding Remarks

In a nutshell, the technology industry has attempted to handle the pandemic time innovatively and found novel ways to emerge stronger than other sectors. There is no exaggeration in mentioning that the technology industry has acted as a torchbearer to drive other industries away from this crisis. Be it remote working or supply chain management, the technology sector has dealt with creativity and innovation to come out bravely.

via Technology & Innovation Articles on Business 2 Community https://bit.ly/3jdVR8f

Has Azure Chargeback Improved with the New Cost Allocation Capabilities? By Katy Stalcup

Microsoft Azure recently announced an addition designed to help with Azure chargeback: cost allocation, now in preview in Azure Cost Management + Billing. We’re always glad to see cloud providers making an effort to improve their native cost management capabilities for customers, so here’s a quick look at this update.

Chargeback for Cost Accountability

Cost allocation for cloud services is an ongoing challenge. Depending on organizational structure and decisions about billing and budgets, every organization will handle it a bit differently. In some cases, separating by Azure subscription can make this easier, but in others, your organization may have shared costs such as networking or databases that need to be divided by business unit or customer. However, it is an obstacle that must be addressed in order for organizations to gain visibility, address inefficiencies, and climb up the cloud spend optimization curve to actually take action to reduce and optimize costs.

Many IT organizations address this via an Azure chargeback setup, in which the IT department provisions and delivers services, and each department or group submits internal payment back to IT based on usage. Thus, it becomes an exercise in determining how to tag and define “usage”.

In some cases, showback can be used as an alternative or stepping stone toward chargeback. The content and dollar amounts are the same – but without the accountability driven by chargeback. For this reason, it can be difficult to motivate teams to reduce costs with a showback. We have heard teams using variation on showback – ”shameback”. IT can take the costs they’re showing back and gamify savings, coupled with a public shame/reward mechanism, to drive cost-saving behavior.

What Azure Added with the Preview Cost Allocation Capabilities

The cost allocation capabilities are currently in preview for Enterprise Agreement (EA) and Microsoft Customer Agreement (MCA) accounts. It allows users to identify the costs that need to be split by subscription, resource group, or tag. Then, you can choose to move them, and allocate in any of the following ways: distribute evenly, distribute proportional to total costs, distribute proportional to either network, compute, or storage costs, or choose a custom distribution percentage.

Cost allocation does not affect your Azure invoice, and costs must stay within the original billing account. So, Azure did not actually add chargeback, but they did add visualization and reporting tools to facilitate chargeback processes within your organization, outside of Azure.

Improvements in the Right Direction – or Too Little, Too Late?

Azure and AWS are slowly iterating and improving on their cost visibility, reporting, and management capabilities – but for many customers, it’s too little, too late. The lack of visibility and reporting within the cloud providers’ native offerings is what has led to many of the third-party platforms in the market. We suspect there is still a way to go before customers’ billing and reporting needs are fully met by the CSPs themselves.

And of course, for organizations with a multi-cloud presence, the cloud costs generally need to be managed separately or via a third-party tool. There are some movements within the CSPs to at least acknowledge that their customers are using multiple providers, particularly on the part of Google Cloud. Azure Cost Management has done so in part as well, with the AWS connector addition to the platform, but it’s unclear whether the 1% charge of managed AWS spend is worth the price – especially when you may be able to pay a similar amount for specialized tools that have more features.

via Technology & Innovation Articles on Business 2 Community https://bit.ly/2TbtX21

9 Reasons Why Buying a Great Domain Name Matters By Brooke Hernandez

Imagine you’ve decided to launch a website. You’ve come up with a killer brand name, and you’re all ready to go. You visit a domain marketplace and search for your brand – but there’s bad news. The exact-match dotCOM domain for your brand is already registered by somebody else.

At this moment, you might think to yourself, “No, biggie. I’ll just add a hyphen or an extra word to my domain name. Or maybe I’ll use an alternate gTLD.” Not so fast – this is a trap that many new businesses fall into, and it could have a negative impact on your ability to reach your customers.

In this article, we will explain the benefits of purchasing a premium domain for your business.

Brand Reputation

A website with a premium domain name does a lot of heavy lifting for establishing a reputable brand. Why is this? For starters, internet users have been conditioned to type in a brand name followed by “.com” when searching for a website. If a potential customer sees that you’re using a .biz or a .net, they might question your brand’s legitimacy. A premium domain name can assist your company in preserving its brand integrity.

Physical Branding

As discussed in previous posts, most of the ideas regarding premium domain branding translate from the online world to the brick and mortar world. People are constantly being inundated with advertisements, and it’s more important than ever to stand out from the crowd. This is true for both online and offline applications.

If you were to make a print or billboard ad buy, you would sure as fire want your name to stick in peoples’ minds. You want your customers to recall the site to go to without searching on Google and god forbid have your competitors’ site show up first. By having your customer remember your brand and domain, you can transition them from your advertisements to your online location.

Domain Rarity

Premium domains are a limited commodity, and thus, extremely valuable. And customers know. Along with reason #1, when customers see a premium domain, they conclude that it must be a trusted, high-quality brand if its website is a premium domain.

Think of it this way – if you are walking down Main Street, you will probably trust the restaurants and shops on that street. This is because you know that they can afford to pay the higher rent than, say, the dimly lit street a few blocks down the way.

Catchiness

Shorter domains are typically catchier, easier to remember, and easier to spell. These attributes mean that the domain is more likely to cast a wider net to reach and preserve customers. And as customers talk about your website and name, you will also get more and more traffic and repeat visits.

Here is another restaurant example. Imagine you just had the meal of your life at a new ramen place downtown called Japanese Kitchen Serving Exquisite Noodles and Sushi. You have to tell everyone you know, so you say, “Hey, there’s a great new Ramen place downtown.” When your friend asks what it’s called, you pause and realize you don’t remember the restaurant’s name. Now your friends might not end up trying it out – a shame because those noodles were so tasty.

Social Media Shareability

We all know social media is important for any business. Websites are much easier to share online when the names are shorter and more memorable. A shorter, exact-match domain will also make it easier to coordinate your name across all of your social media accounts.

Networkability

Premium domains not only attract potential customers – but they also attract potential business partnerships. Other business owners will be drawn to work with businesses that seem legitimate. A short, memorable, premium domain provides instant credibility and legitimacy in any industry.

Business partnerships, including ad buys, collaborations, testimonials, etc., can be essential for new businesses to get the exposure they need to get up and running.

Search Engine Optimization (SEO)

Search engines have become ubiquitous with the internet. Many users type brand names into the search bar instead of the old-fashioned method of typing the exact domain with the extension into the URL bar. This makes it more important than ever to make sure your domain is optimized for search engines. Put simply, the higher your website ranks on search engines, the more internet traffic you’ll get.

Premium domains, especially keyword domains, are better for SEO. This goes hand in hand with co-citations.

References

The more reputable your domain, the more mentions, and citations it will receive from other websites. And the more links you get, the better your SEO will be. So if you start out with a premium domain, you’ll get a massive head start towards brand reputability (and hopefully, those important mentions).

Direct Traffic

Although search engines are being used more and more, many users still directly type in domain names into the URL bar. This is especially true when the user has the domain memorized by heart. Think of names like amazon.com, nike.com, twitter.com. These premium domains are so memorable that users can bypass the search engine with ease. You want your clients to bypass having to search your company and be able to go straight to the front door.

Concluding Thoughts

Many new business owners are turned away by the price or effort it takes to acquire a premium domain. However, as this article has shown, there are various potential benefits to having a premium domain. This is why they are so valuable and sought after – they bring results.

via Technology & Innovation Articles on Business 2 Community https://bit.ly/3oauYWG

National Cybersecurity Awareness Month – Empower Organizations in Cybersecurity Protocols By Andrew Lopez

Do. Your. Part. #BeCyberSmart

What’s scarier than a haunted house and more expensive than a giant Halloween party? Cyberattacks – and they devastate individuals and businesses alike. Fortunately, attacks can be prevented if we all remain vigilant. This month marks the 17th annual National Cybersecurity Awareness Month, and this year Zuma Technology brings you tips, best practices, and more to ensure you’re ready to “Do Your Part. #BeCyberSmart.”

“While technology — a luxury that became essential — continues to improve the quality of lives and economies around the world, some individuals will naturally try to navigate around it or simply bypass it altogether, placing themselves and their organization at risk,” said SonicWall President and CEO Bill Conner. “Now that mobile and remote workforces rely upon extended distributed networks that include everything from corporate offices to homes, global cybersecurity awareness initiatives are key to educating the masses on the importance of doing their part to protect everything from personal devices, home networks, critical data and infrastructure.”

The theme for 2020, “Do Your Part. #BeCyberSmart,” encourages individuals and companies to be responsible in practicing cybersecurity. Being more secure online is a shared responsibility, but by taking proactive steps toward lasting, positive cybersecurity behaviors at work and at home, each of us can help create a safer cyber environment.

Cybersecurity Protocols

Here are some steps each of us can take today and do not require high level security experts:

  • LOCK DOWN YOUR LOGIN – Use long, unique passphrases that are hard to break but easy to remember for each account, and utilize two-factor or multifactor authentication wherever possible
  • WHEN IN DOUBT, THROW IT OUT – Email, social media posts, texts and more aren’t always what they seem — sometimes they harbor malware or malicious links. If you’re unsure about it, delete
  • KEEP A CLEAN MACHINE – Keep all software current to reduce risk of infection from ransomware and malware
  • BACK IT UP – Create backups of valuable data. In the case of ransomware or other threats, they can help prevent permanent loss
  • OWN YOUR ONLINE PRESENCE – Set up privacy and security settings immediately and check them regularly to ensure they’re still configured to your comfort
  • SHARE WITH CARE – Think about the potential consequences before posting personal info about yourself or others
  • GET SAVVY ABOUT WI-FI HOTSPOTS – These are not secure, meaning anyone could see what you’re doing while you’re connected to them. Consider a VPN or mobile hotspot for greater security.

“In the physical world, we all know a chain is only as strong as its weakest link,” said Chad Sweet, founder and CEO, The Chertoff Group. The same is true in cyber. None of us want to be that weak link — failing to protect ourselves, our families or our businesses.

As key players like NCSA, DHS and SonicWall have rightly challenged us to do, we need to use National Cybersecurity Awareness Month as a call to action for all of us to recommit to strengthening the links where we play a critical role at home, in the office and in our communities.

via Technology & Innovation Articles on Business 2 Community https://bit.ly/3dERd1N

How AI & Data Analytics Can Solve Supply Chain Pitfalls By Rotem Gal

The supply chain is an ecosystem that affects businesses around the world, and the COVID-19 pandemic has thrown a monkey wrench into this previously undisturbed process. With region-specific restrictions, limited supply of certain goods, and a constantly changing consumer mindset, almost all businesses are playing catch up in addressing the needs of every consumer. Add to that the oil price war and the result is near chaos for both consumers and businesses.

It may be a gamble to implement new supply chain systems in these circumstances, but it’s a bet that could pay dividends not just now but in the long term. Artificial intelligence (AI) and data analytics tools can provide the much-needed push companies need to keep their businesses afloat—and maybe even thrive—despite the global crisis. Supply chain sustainability has been a hot topic ever since the signing of the Paris climate agreement and sustainability here is not all about the environment but also about profitability. “Every dollar saved through supply chain sustainability efforts is a dollar for profitability,” says Patrick Penfield, professor of practice, supply chain management, at Syracuse University’s Martin J. Whitman School of Management.

In recent McKinsey research, 53% of companies reported increased revenues resulting from the introduction of AI into their supply chains and 61% reported a significant reduction in costs. Out of these companies, more than a third reported a revenue bounce of over 5%. Revenue from supply chain management was directly influenced by forecasting, sales and demand, spend analytics, and logistics network optimization.

Below are just a few ways AI and data analytics can help enhance supply chain management during the COVID-19 era.

From Insights to Action

The digitization of the supply chain is a vital step toward future-proofing your business, and if you haven’t made the switch to digital yet, the best time to do it is as soon as possible—if not now. The key to surviving the pandemic is responding to the changing demands and behaviors of consumers.

From Robotic Process Automation (RPA) or programming a piece of software to perform basic tasks across applications, the supply chain now relies on cognitive automation. This more advanced technology allows systems to go through large amounts of data and determine patterns that will help convert insights into actionable data. Cognitive automation mimics human thought and action while also removing the factor of human error from the equation. By speeding up data analysis and leveraging a variety of algorithms depending on the business need, it helps in making sound and timely business decisions.

From Manual Labor to Computer Algorithms

The large amounts of data gathered and that need to be analyzed grow bigger by the minute, and this has pushed businesses to shift to a “software-defined supply chain.” The challenges of supply chain professionals usually stem from inferior or legacy systems that do not respond to the call of the times. This makes the task increasingly challenging.

Automation has always been the battle cry of AI, and cognitive automation will help eliminate the challenges caused by too much data, too many applications, and simply too much information by doing the heavy lifting. It can perform data analysis faster and deeper than any human can, even going as deep as SKU level. Constant data crawls across applications allow data to be collocated in a single virtual data layer that can help discover supply chain bottlenecks and opportunities for improvement.

From Intelligent Guesses to Data-driven Decisions

From a reactive supply chain, big data has transformed the supply chain into a more predictive approach. Cognitive automation allows for decisions to be augmented with AI-driven predictions regarding actions that will optimize and improve supply chain performance. With the help of AI and data analytics, you can determine a variety of scenarios that could cost you valuable time, revenue, and other resources and come up with ways to avoid these scenarios or mitigate their impact on the business.

Because of the nature of AI systems, a cognitive automation platform can also act autonomously—with proper authorization, of course. It learns patterns and consequences the more data it ingests and it improves recommendations through time even if conditions change. This is a very helpful tool to have, especially during a crisis like the COVID-19 pandemic where business agility is key. You have to be able to pivot at a moment’s notice, and AI can help make a transition quicker and as smooth as possible.

In today’s all-digital, always-connected world, data, and information can change instantly. Businesses must be prepared to analyze large amounts of data in the shortest possible time so they can take action and make sound business decisions based on data-driven insights. AI and data analytics can bridge the gap between the supply chain and the digitization of businesses; with it, you can make insightful forecasts and take action while eliminating the guesswork. It will also push businesses to become more connected, agile, and scalable—equipped to face the current crisis and any others that may come in the future.

via Technology & Innovation Articles on Business 2 Community https://bit.ly/359kK01

Infrastructure-as-Code: 3 Pipeline Scenarios for Continuous Integration & Delivery By Anshul Patel

Infrastructure-as-code (IaC) takes all of the proven techniques of DevOps software development and applies them to cloud infrastructure. It’s a type of configuration management that can codify an entire organization’s infrastructure resources, committing them to a control system to enable more effective workflows.

It’s not uncommon for cloud applications to have separate deployment environments for the different stages of their release cycle. Development, staging, and production environments are often used as separate entities, composed of networked resources such as databases and application servers. Occasionally these environments fall out of sync, and this “environment drift” can have a devastating impact on development. IaC is an antidote to this problem, allowing app development teams to use Continuous Integration (CI) and Continuous Delivery (CD) pipelines to achieve the following seamlessly:

  • Decrease lead times for changes and features
  • Increase in deployment frequency
  • Decrease in change failure rates
  • Stronger feedback loops
  • Improved code quality and security

The above improvements lead to a marked increase in productivity and product quality, which has a noticeable impact on customer satisfaction. However, delivering IaC to multiple or hybrid environments is a challenge that many organizations have yet to conquer. It’s incredibly complex and riddled with security and compliance issues that require a great deal of forethought and planning.

Overcoming Obstacles to Infrastructure-as-Code

There’s no doubt that IaC is a valuable methodology for operations teams, but it can present its own challenges. Tracking can be an issue. Namely, the ability to check the divergence of actual infrastructure from the committed infrastructure code, and alerting the team when it happens. Another challenge is perfecting the ability to orchestrate complex code automation in order to capitalize on the true potential of IaC.

Overcoming the Obstacles

Laying pipelines for IaC provides a match-ready orchestration and execution medium in which to roll out infrastructure changes, very similar to that of application code. These pipelines for infrastructure can be used in the following scenarios:

1. Building Immutable VM Images for Cloud Platforms

In order to stay on top of compliance, security, and performance, organizations often build custom virtual machine (VM) images to host their platforms. It’s a good idea, but building those images via pipelines ensures consistency and execution tracking can solve many problems:

Example Tools: Packer, Vagrant, Linuxkit

2. Applying Infrastructure Changes

Infrastructure changes are critical tasks and should be carried out with caution. One small change to infrastructure can have a cascading effect, so it’s vitally important that the code goes through a rigorous verification process. Using an auditable pipeline helps in the execution of orchestration of such changes, and also gives teams greater confidence and peace of mind:

Simple Pipeline for Infrastructure-as-Code

Complex Pipeline for Infrastructure-as-Code

Example Tools: Terraform, CloudFormation

3. IaC Pipeline and Drift Detection

For highly-regulated industries like healthcare and finance, compliance with government and industry standards is a day-to-day issue. Some of these standards require periodic validation of computing and network infrastructure. Executing these checks using pipelines provides a layer of transparency and drift detection that would otherwise be impossible to attain:

Compliance-as-Code Pipeline

Drift Detection

Example Tools: Inspec, Prowler

The Road Ahead

Cloud-native components have boomed in popularity in recent years, giving rise to GitOps continuous delivery patterns. GitOps empowers developers to perform tasks that would otherwise fall to the feet of IT operators. Declarative descriptions of infrastructure changes are stored in a Git repository, which can then be automatically matched to the infrastructure state, giving teams unparalleled visibility.

Core GitOps principles include the following:

  • The entire system infrastructure is described declaratively
  • The desired system state is versioned in Git
  • A mechanism to ensure correctness and alerts on divergence
  • Changes to infrastructure are raised via PR. Approved PR changes are automatically applied to infrastructure

via Technology & Innovation Articles on Business 2 Community https://bit.ly/31f2px9

October is National Cyber Security Awareness Month By Jeffrey Gabriel

Now is the perfect time to brush up on keeping yourself and your information safe online. Each year, cybercriminals come up with new ways to defraud individuals and businesses alike on the Internet. Any information that you provide on the Internet, whether it’s on Facebook or through your banking institution, is at risk.

It can be overwhelming to keep up with all of the ways that you are at risk, especially if you’ve been a victim of cybercrime in the past. But if we can understand the most common types of cybercrime and the type of information they target, we can be more prepared in keeping ourselves safe.

So, to spread awareness for cybersecurity in the month of October, here are the five most common types of cyber threats and some ways you can protect yourself against them.

1. Malware

MALicious softWARE is one of the most common cybercrime schemes. Malware is constantly evolving, and there are many different ways cybercriminals can attack your computer or device via malware. From Trojans to worms, spyware, to ransomware, malware is one of the most effective tools that criminals have at their disposal to steal your personal information.

For example, one type of malware involves the ability to spy on your keystrokes in order to steal your username and password information.

The good news is that there are plenty of effective anti-virus services on the market which neutralize most malware attacks. Just make sure to keep any anti-virus software you have active and up-to-date on all of your devices.

2. Phishing

Phishing involves cybercriminals using email or other electronic communications to solicit personal information (passwords, account numbers, etc.) from a business or individual by posing as a legitimate organization. Many times, this takes the form of the criminal posing as an individual’s banking institution to get access to their checking account or credit card information.

The best way to protect yourself against this type of attack is to use extreme caution when opening emails and clicking on email links. If an email appears “phishy,” don’t open it; if you do open it, definitely don’t click any links. The link could take you to a form to provide personal information, and it could even install malware onto your device. To be better safe than sorry, always verify the sender of your emails if they seem unusual. Even if it is your friend or coworker, give them a call or text to make sure it was them.

3. Identity Theft

Identity theft has been on the rise for the past twenty or so years due to the rise of computer networks and digital data sharing. Our personal information is less private than ever and ripe for picking by cybercriminals. Your info can be stolen through phishing attacks and malware attacks, and more recently, through dark web purchases. Having your identity stolen can have many long-term negative effects on your financial stability, credit score, etc.

The best way to protect yourself against identity theft is to monitor your credit reports regularly. You should also enroll in texting or email notification from your banking institutions to confirm any suspicious transactions. Also, use a password manager and change your passwords on a regular basis. The worst thing to do is to use the same password for multiple accounts (cybercriminals love this behavior).

4. Debit and Credit Card Fraud

This type of fraud is similar to identity theft, except it typically involves just your card information and not your full identity. However, it is still a huge inconvenience to have to start a claim with your bank, cancel your card and order a new one. Also, with the rise in online shopping, debit and credit card fraud is seen as an increasingly attractive scheme for cybercriminals.

Follow the same advice for identity theft to protect yourself from this type of fraud.

5. Credential Breaches

Username and password breaches typically occur from either malware attacks, phishing attacks, or large company data breaches. But the common theme is that the criminal gains access to your credentials, and can then do God-knows-what once they’re in your account.

The best way to protect yourself against this threat is to use a different password for every one of your accounts. That sounds insane, right? Nobody can remember that many passwords. But luckily, there are many password manager services on the market that make it easy to manage all of your passwords. Also, try to use a different password for all of your most private accounts, like your banking accounts.

Cybersecurity in the Domain World

While these suggestions are all geared to the individual, businesses can also use similar safeguards on a wide scale. Specifically, when we think about phishing attacks, a lot of them are done using look-alike “spoof” domain names to pose as real, legitimate websites. What if you operated a business on the domain Llama.com? It would be smart to consider purchasing and or registering the domain LIama.com. Did you notice the capital i? What if your business was like Paypal or handled sensitive information? What if a scammer purchased the domain and started messaging customers? According to WebRoot, there is an average of 1.5M phishing sites created monthly!

There are other additional products that instead of just a company registering just one domain they can block entire segments of domains. Those services are called blocking products. AdultBlock+ and Domain Name Blocking Services, offered through domain registrars and some domain brokerages offer protection against this type of cyber threat. Specifically, AdultBlock blocks all registrations of trademarked domains across the adult-themed gTLDs, .xxx, .sex, .porn, and .adult. Imagine being a household brand and someone launches a satirical adult-oriented website using the company’s brand? Adult searches on the Internet make up more searches than Netflix, Google, and Amazon combined. The risk of being associated with an adult-themed scam is increasing, and not something most companies would want for their brand reputation.

For very short money buying “Domain Insurance” that protects a companies brand, and reputation is worth the peace of mind.

via Technology & Innovation Articles on Business 2 Community https://bit.ly/3lOPDNR