The Human Elements of Cybersecurity: Privacy, Ethics, Usability, and Responsibility By Isaac Kohen

A recurring theme I have found in security industry discussions since the start 2020 is the “human element,” of cybersecurity. a topic that I highly value. Information security professionals often interpret the human component of IT as “human fallibility,” the weakest link in a company’s data security apparatus. You can’t blame them. In many cases, cybersecurity incidents are enabled by human error, malicious intent, or ignorance. In fact, according to a study by IBM, human error is the leading cause of 95% of cybersecurity breaches. Therefore, it makes sense that the industry is increasingly investing in technologies, strategies, and standards that minimize these human risks. It’s one of the primary reasons that technologies offering behavior monitoring, insider threat detection, and data loss prevention tools are designed to reduce threats from both malicious and accidental human actors.
However, this isn’t a diatribe about the obvious predicament facing today’s data security landscape. Instead, I’ll look from the other side of the human equation: the users we are supposed to guard. Humans aren’t just resources that you can force to comply with security best practices. We have feelings, concerns, and needs. An effective security strategy will need to address these human elements.
For example, if you implement a strong password security policy without addressing the human tendency to look for convenience, people will find a way to bypass the rule. They will either write it down in plain text, save it on their browser, or start repeating the same passwords on unsanctioned/personal sites. You will need to provide them with an efficient option such as SSO, key vault, or something else to manage their passwords easily.
Similarly, let’s consider workplace monitoring. Many companies use these services to improve productivity and to reduce insider threats and data leaks. However, if you ignore the employees’ right to privacy, you will risk legal ramifications, not to mention cultural rifts, loss of trust, and many other issues that will outweigh any security benefits you can achieve. In other words, you need to adopt solutions and policies that are effective at delivering not just a functional security but enables inclusion. Let’s take a look at how this is accomplished.
Privacy
In recent years, data privacy has become the topic of conversation among cybersecurity professionals because of the introduction of GDPR, CCPA, and other similar laws. On the one hand, you need to protect your customers’ data, your intellectual property, and business secrets from external or insider threats. At the same time, you have an obligation to uphold your employees’ privacy. The solution is to use autonomous systems, such as employee monitoring, UEBA, and DLP systems, to implement endpoint security but do so without inadvertently capturing employees’ personal data and exposing yourself to privacy violations. For example, suspend monitoring and keystrokes logging when users visit their bank’s website or access their personal email account, use anonymization or smart blackout features to redact PII/PFI/PHI or other private data. This can be a bit tricky and requires modern solutions that have such capabilities.
Ethics
While data security is undoubtedly a good thing, it’s also a nuanced issue that can present companies with an ethical dilemma. After all, you are protecting your organization, customers, and employees from a devastating data loss event. In reality, things aren’t as black and white. However, it’s easy for motivations to get muddled when working to protect customer data.
For instance, employees might wonder why you are implementing specific security measures or monitoring initiatives. Is it because you want to increase your workplace productivity? Do you truly need to scan their emails to achieve that? While the goal of data security is ethical, the defensive measures need to be appropriate. Finding the purpose for monitoring and security and establishing boundaries and transparency protocols is key to avoiding such ethical pitfalls.
Usability
Security shouldn’t compromise usability. Instead, it should enable freedom and creativity. Fortunately, with the introduction of machine learning/AI, NLP, context-based classifications, and other software developments, companies can balance security and usability. However, you still need to spend time configuring those solutions or training them with enough data to minimize false positives. In addition, the success of your security initiative will suffer when you block a workflow without offering an alternative solution. For example, you might think blocking the use of cloud drives a sensible precaution. However, if you don’t allow another channel such as a private cloud or a ‘cloud-like’ solution such as Transporter or Space Monkey, employees will most likely share those files using email, USB drives, or less secure methodologies, ultimately making it even harder to enforce your security policy.
Responsibility
Data security isn’t just the responsibility of security experts. To be successful, data security priorities have to be a collective effort that extend to all levels of the company. Indeed, everything from election hacking and deep fakes to the weaponization of information can’t be addressed if we just rely on security professionals and technologies.
The problem is too big for a single group to handle. So, what can we do as security professionals to drive mass engagement? Most importantly, we can evangelize the importance of data privacy best practices.
As security professionals, we can all help in 2020 to do more and have a greater impact. Educate and train people whenever you have a chance. Skills like avoiding phishing emails, detecting the signs of social engineering, acting responsibility online, using basic protections, and reporting spam calls are some topics we can all share on our social channels. The more we share, the more awareness we create.
Conclusion
It’s easy to pass the buck and blame the users when they do something wrong, but as security professionals, we are the ones who are responsible for weighing the hard decisions between security and privacy, ethics and profitability, usability and compliance, responsibility and authority. Developing a human-centric policy to security will make it more approachable to our users and, in turn, propel its success.
This article was originally published on IT Security Central and reprinted with permission.

via Technology & Innovation Articles on Business 2 Community http://bit.ly/38F05RY

When it Comes to Data, Go for Best, Not Perfect By Laura Patterson

What Grilling Has to Do With Data Management

Good data stimulates good decisions. This takes good data management. Living here in Austin, we can pretty much use our outdoor grill throughout the year. While we were recently grilling we were also talking about data. It occurred to use that one of the concerns about food quality relates to data quality.

Studies show that grilling meat can form carcinogens, that is, substances or agents that can promote cancer. Cancer cells differ from normal cells in many ways that allow them to grow out of control and become invasive, essentially corrupting normal functions. Perhaps you can relate this idea of out of control and corrupting normal functions to what’s happening with data.

Still wondering what grilling even has to do with data management? It will become clearer if we understand how carcinogens are created during the grilling process. Recent research suggests that there is a relationship between the types of charcoal and level of carcinogen formation, as well as the type of meat and the types of cancer it may induce. Similarly, the type of data, how you store it, and how you manage it makes all the difference when it comes to results.

5 Important Aspects for Good Data

The recommendations for avoiding these potentially harmful agents when grilling aptly apply to collecting and analyzing your data. Let’s look at five tips for good data management.

  1. Keep it Clean. Leftover bits of food and grease on your grill, especially from animal proteins, contain carcinogens. The more they’re scorched by the heat, the more concentrated the cancer-causing agents become. It’s strange how easy it is for little bits and pieces of data to accumulate. Dirty data costs companies millions of dollars each year. Errors and omissions in master data, incomplete data, duplicate data, inaccurate data, inconsistent data, all contribute to dirty data. It’s recommended that you clean the grill surface every time you grill so leftover pieces don’t get transferred to your next meal, potentially creating a health risk. The same applies to your data. Make sure it’s clean every time before you use it. We’re doing a project for a customer right now where we’re finding that close to 50% of the data is bad. It’s costing time and money to find workarounds.
  2. Proper Prep. In cooking, it common to apply a marinade or rub to prepare the food and add flavor. It just as important to address data prep. Informatica.com defines data preparation as “a pre-processing step in which data from one or more sources are cleaned and transformed to improve its quality before its use in business analytics.” Data prep is important before you merge different data sources with different structures and different levels of data quality in order to produce a clean, consistent format. When it comes to grilling you want to use alcohol and acid-based marinades because they hinder the release of a cancer-causing chemical produced when animal proteins are cooked at a high temperature. Prep your data by pulling it into an environment where it can be safely analyzed and manipulated.
  3. Avoid Free Radicals. Free radicals are unstable molecules that damage the growth, development, and survival of cells in the body. Their reactive nature allows them to engage in unnecessary side reactions causing cellular impairment and eventually injury when they are present in disproportionate amounts. When it comes to Bar-B-Q, we can use antioxidant herbs and seasonings to help decrease free radicals that are created when you grill. When it comes to data, the key is to apply the principles of validity and reliability to your data. Sloppy and inconsistent data will compromise your analysis and your insights.
  4. Think Thin. Fat dripping into the fire which results in flare ups is one of the primary trains of thought connecting grilling and cancer. It’s recommended to use thinner cuts of meat to reduce cooking time or to steam the meat before grilling to reduce the risk of juices dripping into the flame. For most organizations today, the lack of data isn’t a problem. It’s the opposite: there’s often too much information available to make a clear decision. Think thin – be clear about the question or questions you want to answer. Then only choose the data you need to inform your decision and draw an accurate conclusion.
  5. Cook Thoroughly but Don’t Char. According to the National Cancer Institute, grilling meats at high temperatures results in the formation of chemicals known as HCAs, which can increase the risk of cancer. Blackened and charred meat contains three and a half times more HCAs than medium-rare meat. Avoid over-analyzing your data. Data analysis is not about perfection. It’s about deriving an insight that will enable you to take the best step with the greatest impact. Go for best not perfect.

I truly enjoy grilling and find that it makes food look and taste better. Data when used properly make fosters better decisions. Thanks to more sophisticated technology, today it is easier to obtain and analyze data. And there’s a strong push to take a more scientific and data-derived approach to decisions over hunches, gut feel, and experience. With these five tips, you can keep your data from going out of control, corrupting your capabilities, hindering your decisions, or derailing your growth.

via Technology & Innovation Articles on Business 2 Community http://bit.ly/323b9FS

OAuth 2.0: What Is It and How Does It Work? By Dave Wallen

It’s no secret that data breaches can bring down businesses of any size. But what you may not know is that many of the most devastating breaches began with a single, vulnerable privileged account. According to a Black Hat survey, 32% of hackers stated that accessing a privileged account is the easiest and fastest way to steal critical data.

This is where software or SaaS solutions that use service accounts to access applications come under the scanner. These accounts entail the risky practice of storing privileged credentials, generally without multi-factor authentication (MFA). Essentially, one hack of your service account is all it takes for a data breach to occur. Despite the obvious risks involved, many vendors still use service accounts because they feel the reduced development costs outweighs the risk of customer data loss.

To avoid any chance of compromising a privileged account, security-focused applications like Spanning will provide application-level authorization leveraging the industry-standard OAuth 2.0 protocol.

What is OAuth?

An example of an OAuth authorization screen.

Image courtesy of ELEX.

Above: A splash page for a Google partner service requests the user permission to use Google authentication for application access. That’s OAuth 2.0 in action.

The OAuth (open authorization) protocol was developed by the Internet Engineering Task Force and enables secure delegated access. It lets an application access a resource that is controlled by someone else (end user). This kind of access requires Tokens, which represent delegated right of access. That’s why applications get access without impersonating the user who controls the resource.

How does OAuth work?

An OAuth Access Token transaction requires three players: the end user, the application (API), and the resource (service provider that has stored your privileged credentials). The transaction begins once the user expresses intent to access the API.

  • Application asks permission: The application or the API (application program interface) asks for authorization from the resource by providing the user’s verified identity as proof.
  • Application requests Access Token: After the authorization has been authenticated, the resource grants an Access Token to the API, without having to divulge usernames or passwords.
  • Application accesses resource: Tokens come with access permission for the API. These permissions are called scopes and each token will have an authorized scope for every API. The application gets access to the resource only to the extent the scope allows.

A simple diagram showing the OAuth 2.0 flow for authorization.

Watch the video below to learn more about OAuth 2.0 Access Tokens:

Why Your Backup Should Have OAuth 2.0

Many Office 365 and G Suite backup solutions use service accounts that require administrator rights and privileged credentials to access these systems.

However, a good backup solution enables OAuth data transfers to take place in Secure Sockets Layer (SSL) to ensure that the most trusted cryptography industry protocols are being used to keep your credentials secure.

While it’s clear that the right backup solution keeps privileged credentials out of the reach of hackers, finding the right backup solution for your business needs can be an overwhelming task.

To help you make an informed decision before purchasing a backup solution, download our whitepaper Securing Your SaaS Backup.

via Technology & Innovation Articles on Business 2 Community http://bit.ly/321qhnn

3 Reasons Why Even Apps with Impeccable UX Need User Onboarding By Gaurav Belani

User onboarding is one of the most crucial stages in an app’s user journey. It is essentially the first point of contact after a user signs up and therefore, it is vital for making a solid first impression.

Wait, what exactly is user onboarding again?

Before we delve into the reasons why user onboarding is super important for any app, let’s quickly define what it actually is. User onboarding is “the process of actively guiding users to find new value in your product or service,” according to OptinMonster.

You can view it as a bridge between acquiring new users and turning them into highly engaged ones. Alternatively, think of user onboarding as a small conversion funnel for new signups on their way to becoming heartily paying loyal users.

Why is it needed?

It may be challenging for new users to intuitively know how to navigate and get the most from your app, no matter how well you design it. That’s where user onboarding makes its value known.

Onboarding helps familiarize users with your app and allows them to quickly get started. It enables businesses to strategically communicate with new users, revealing the app’s value right from the start and ultimately, facilitating positive user experience.

Still not convinced? Here are three big reasons why you need user onboarding even if your app has stellar UX:

It makes good UX great

Your app may be extremely intuitive and user-friendly when you dive deep into it, but first-time users might not be able to appreciate that.

Don’t think of user onboarding as a confession that your app’s UX is poor because the user requires “assistance” in order to engage with the app in a meaningful way. That is simply not the case.

All major league apps the likes of Gmail, Facebook, and Tinder have a minimalist user onboarding that enhances their UX, not ruin it.

It sets up user expectations

People often install a bunch of competing apps in the same category and then choose one based on their first impressions. Consequently, the first few seconds of interaction that a new user has

with your app are pivotal.

A sublime user onboarding process that instantly shows the app’s value will make the user feel “Aha! I totally get it. This is what I needed the whole time.” This aha moment is what you want your users to experience as soon as possible.

Potential users shouldn’t have to guess or even think to understand what your app is going to offer once they start using it. In a matter of seconds, they should be able to understand what you have to offer and why they can’t miss it.

It makes your app look more professional

Another benefit that deserves attention is that a well-designed user onboarding process makes your app look much more polished.

When you log into an app for the first time and go through some thoughtfully designed swipeable screens that crisply explain what lies in store for you, you can’t help but feel that the app was designed by a competent company and not a bunch of amateur developers.

It allows you to neatly explain the advanced features

If your app is a bit complicated and has various advanced features that need further explanation, you can have a user onboarding process split into multiple phases. Use one phase for the initial onboarding and other phases later, when they are needed.

Because even with the most flawless UX design, there will always be users who would appreciate a helping hand in navigating your app.

Final thoughts

Designing an appealing first-time user experience is integral to your app’s success and increasing long-term user engagement.

Users would easily lose interest if your app if it is confusing and tricky to use when they open it for the first time. An elegant onboarding process helps make the first-time user transition as seamless as possible, mitigating potential pain points.

User onboarding is your chance to create a stellar first impression on newly signed-up users. So, commit to an intuitive and useful user onboarding regardless of how great you think your app’s UX is.

via Technology & Innovation Articles on Business 2 Community http://bit.ly/38xcPdn

3 Reasons Why Even Apps with Impeccable UX Need User Onboarding By Gaurav Belani

User onboarding is one of the most crucial stages in an app’s user journey. It is essentially the first point of contact after a user signs up and therefore, it is vital for making a solid first impression.

Wait, what exactly is user onboarding again?

Before we delve into the reasons why user onboarding is super important for any app, let’s quickly define what it actually is. User onboarding is “the process of actively guiding users to find new value in your product or service,” according to OptinMonster.

You can view it as a bridge between acquiring new users and turning them into highly engaged ones. Alternatively, think of user onboarding as a small conversion funnel for new signups on their way to becoming heartily paying loyal users.

Why is it needed?

It may be challenging for new users to intuitively know how to navigate and get the most from your app, no matter how well you design it. That’s where user onboarding makes its value known.

Onboarding helps familiarize users with your app and allows them to quickly get started. It enables businesses to strategically communicate with new users, revealing the app’s value right from the start and ultimately, facilitating positive user experience.

Still not convinced? Here are three big reasons why you need user onboarding even if your app has stellar UX:

It makes good UX great

Your app may be extremely intuitive and user-friendly when you dive deep into it, but first-time users might not be able to appreciate that.

Don’t think of user onboarding as a confession that your app’s UX is poor because the user requires “assistance” in order to engage with the app in a meaningful way. That is simply not the case.

All major league apps the likes of Gmail, Facebook, and Tinder have a minimalist user onboarding that enhances their UX, not ruin it.

It sets up user expectations

People often install a bunch of competing apps in the same category and then choose one based on their first impressions. Consequently, the first few seconds of interaction that a new user has

with your app are pivotal.

A sublime user onboarding process that instantly shows the app’s value will make the user feel “Aha! I totally get it. This is what I needed the whole time.” This aha moment is what you want your users to experience as soon as possible.

Potential users shouldn’t have to guess or even think to understand what your app is going to offer once they start using it. In a matter of seconds, they should be able to understand what you have to offer and why they can’t miss it.

It makes your app look more professional

Another benefit that deserves attention is that a well-designed user onboarding process makes your app look much more polished.

When you log into an app for the first time and go through some thoughtfully designed swipeable screens that crisply explain what lies in store for you, you can’t help but feel that the app was designed by a competent company and not a bunch of amateur developers.

It allows you to neatly explain the advanced features

If your app is a bit complicated and has various advanced features that need further explanation, you can have a user onboarding process split into multiple phases. Use one phase for the initial onboarding and other phases later, when they are needed.

Because even with the most flawless UX design, there will always be users who would appreciate a helping hand in navigating your app.

Final thoughts

Designing an appealing first-time user experience is integral to your app’s success and increasing long-term user engagement.

Users would easily lose interest if your app if it is confusing and tricky to use when they open it for the first time. An elegant onboarding process helps make the first-time user transition as seamless as possible, mitigating potential pain points.

User onboarding is your chance to create a stellar first impression on newly signed-up users. So, commit to an intuitive and useful user onboarding regardless of how great you think your app’s UX is.

via Technology & Innovation Articles on Business 2 Community http://bit.ly/38xcPdn

5 Disadvantages of Business Intelligence and How to Avoid Them By Caleb Danziger

Data analytics is shaping business today. As more information and processes take on a digital format, tools like business intelligence (BI) have become increasingly valuable. Proper integration of these technologies can give your company an edge over the competition.

Despite its many benefits, BI comes with its fair share of disadvantages. You’d expect as much with any developing technology, but there are only so many issues you can deal with before something isn’t worth the investment. If you’re to use BI successfully, you’ll have to know what obstacles to expect.

Here are five common problems with BI and how you can avoid them.

1. Data Breaches

One of the most pressing concerns with any data analysis system is the risk of leaks. If you use BI applications to handle sensitive information, an error in the process could expose it, harming your business, customers or employees.

More than 30% of surveyed businesses cited security issues as the biggest challenge facing BI. However, the prevalence of this issue means many BI providers take it seriously and will provide robust safety measures. When looking at different apps and providers, always consider their security options. It may also help to be careful about what kinds of data you allow your BI to access.

2. High Prices

Business intelligence software can be expensive. While the potential for a high ROI can justify this, the initial price can be a barrier to smaller companies. You also have to consider the costs of the hardware and IT staff needed to implement the software effectively.

You can avoid paying too much by opting for self-service BI tools over a more traditional model. These systems will allow you to avoid costly IT support and cut down the time it takes to implement or adjust your BI.

3. Difficulty Analyzing Different Data Sources

The more encompassing your BI, the more data sources you’ll use. A variety of different sources can be beneficial in giving you well-rounded analytics, but systems may have trouble working across varied platforms.

The good news is this problem is gradually disappearing. More advanced BI systems can incorporate a range of different data sets. You can look for an all-in-one BI software that offers these services or use independent tools like data connectors to consolidate all your varied information.

4. Poor Data Quality

In this digital age, you have more information at your disposal than ever, but this can prove to be problematic. A surplus of data can mean that a lot of what your BI tools analyze is irrelevant or unhelpful, muddying results and slowing down processes.

To avoid this, you can implement a data quality management initiative. It also helps to use key performance indicators that are relevant to your particular needs and goals.

5. Resistance to Adoption

Not all disadvantages of BI deal with the software itself. One of the most substantial obstacles facing BI is employees or departments not wanting to integrate it into their operations. If your company doesn’t adopt these systems across all areas, they won’t be as effective.

You can help your staff accept BI by making it easier to integrate. If your software is user-friendly and everyone understands its benefits, they’ll be more likely to adopt it.

Use BI to Your Advantage

Any innovation will have a downside or two, and business intelligence is no different. If you take care in selecting and implementing your BI, its advantages will far outweigh any costs.

via Technology & Innovation Articles on Business 2 Community http://bit.ly/2USdvGc

Cybersecurity Is Not Only Important For Businesses By Lanre Onibalusi

Image Credit: Unsplash

Hacking is a crime that comes with a low risk for a high reward. With the help of a program and the knowledge of the right keyboard strokes, hackers can launch a cyberattack in minutes. Allowing hackers access to privileged information like phone numbers, email addresses, and financial accounts.

Today, everyone from small businesses to everyday families stores sensitive information on digital devices. And, hackers don’t discriminate when finding a target, which is why both businesses and families need to take measures to ensure their cybersecurity.

Cybersecurity in the business world

The global business landscape is rapidly becoming more dependent upon digital technology. While businesses have undoubtedly benefited from taking their business digital, there are risks associated with an interconnected business. This is due to the fact that the same technology that makes doing business easier and more effective also provides hackers with the ability to wreak havoc.

Whether you’re a large or small business, no one is immune to a cyber attack. This is because cyber attackers will take any chance to hack into operating systems in an attempt to access personal and financial records.

Implementing cybersecurity in a business setting

The systems and terms used in the cybersecurity industry are hard to grasp at first. There is a lot of jargon and seemingly complex solutions to navigate through. However, at the end of the day, cybersecurity comes down to being prepared, educated and proactive.

Once you are able to identify a means of cybersecurity that is not only proven to work, but a good fit for your business, implementing cybersecurity only gets easier. This is because all that is left is to ensure that employees are trained and equipped to deal with preventing, identifying and dealing with cyberattacks.

Cybersecurity at home

Cybersecurity isn’t a concept that only businesses have to handle. Cybersecurity is for everyone and this stems from the fact that almost everyone in society has some sort of device that connects to the internet.

The rise in popularity of smart home devices has also been accompanied by an increase in the discovery of critical vulnerabilities that threaten to expose unsuspecting individuals to privacy breaches. This is due to the fact that most homes have multiple devices that can be hacked by cyberattackers.

A cyberattack isn’t only for the vulnerable either. Something as simple as opening an ad that appears while you’re playing a game or opening a link that appears to be sent from a friend could open you up to being hacked. Any shiny gadget or device that connects to the internet to provide us with hours of fun is also a hacker’s secret passage into our homes.

Practicing cybersecurity at home

Employing means of cybersecurity at home doesn’t mean that you have to put down your devices altogether. Instead, it’s simply about remaining vigilant and proactive.

A big step towards cybersecurity at home is to have a look at the privacy and permission settings on your devices. By actively choosing settings you are comfortable with, instead of going with the factory settings, your devices are already more secure.

Another step towards achieving cybersecurity at home is to regularly maintain all devices that can connect to the internet. Software regularly gets updated to ensure security measures, so keep your devices up to date. Hackers tend to prey on individuals who have not updated their software, using bugs that do not exist in the new software to gain access to your information.

The importance of cybersecurity in the modern world

The modern world’s increasing reliance and obsession with all devices great and small have both positives and negatives. The big bonus of technology is that it allows information and connection at the touch of a button. However, this positive is also technology’s downfall, as hackers benefit from the ease at which information can be accessed.

Cyberattackers don’t just target big business either. In a game that sees low risk for high reward, hackers look to access the information of anyone with a device. And that includes business owners and everyday families. Highlighting the importance of educating kids and adults on the means necessary to be cyber secure.

via Technology & Innovation Articles on Business 2 Community http://bit.ly/2SFJg2o