Cybersecurity: The Increasing Need to Protect Our Devices

Brian Wallace, Founder & President, NowSourcing

Cybersecurity is needed now more than ever. Coronavirus has exposed why we’re at risk. Large-scale growth of work-from-home technologies, customer-facing networks, online cloud services have all been exploited by cyber attackers. COVID-19 has led to increased susceptibility to attacks with a 30% increase in cyber attacks reported each week in March and April 2020 compared to pre-coronavirus.

Covid has taught us three important lessons: a cyberattack can spread faster than a biological virus, the economic impact of a digital shutdown could be immense, and recovering from digital destruction can be very challenging. Soon we could see cyber pandemics, a self-propagating, digital attack that exploits tech loopholes before patches and antivirus software become available, that can spread faster and further than a biological pandemic. Consequences of cyberattacks on devices include poor performance and bricked or inoperable devices. The consequences of cyberattacks on the world would be extremely costly.

As we recover from the pandemic, businesses must re-evaluate their security policies and procedure to reflect the shift to remote work. Breaches will only increase until we change our approach to authentication. Authentication verifies that an individual is who they claim to be and confirms that person should be granted access. When your user authentication isn’t secure, cybercriminals can bypass the system, taking whatever information they want. 

Various authentication methods pose different strengths of security. Passwords and security questions are very weak. Answers to security questions are often readily available online. Out-of-band voice is also weak because voice calls are easily intercepted or redirected. Time-based-one-time passwords are medium security. One-time codes expire after a short period, enhancing security, but are vulnerable to SIM hijacking, malware, and notification flooding attacks. Biometrics are high security; they are hard to fake, but, if the data is compromised, people can’t simply change their fingerprints or face. Legacy multi-factor authentication varies in security strength and depends on the weakest factor used. More factors don’t mean more security. Multi-factor authentication creates headaches for users, and lack of usability is likely to erode compliance with password best-practices, further compromising security.

Asymmetric cryptography leveraged by certificates is already universally trusted. Certificate-based authentication eliminates the need for passwords, reducing the change of user-error, phishing attacks, and hacked password databases. Multiple criteria are used to determine whether an attempt is invalid. The end-user granted easy access without remembering a password or needing a second device for authentication. This means extremely secure authentication that is also easier for everyone to use. Increased cybersecurity is imperative, making secure authentication methods a priority.


Brian WallaceAbout the Author: Brian Wallace is the Founder and President of NowSourcing, an industry leading infographic design agency in Louisville, KY and Cincinnati, OH which works with companies ranging from startups to Fortune 500s. Brian runs #LinkedInLocal events, hosts the Next Action Podcast, and has been named a Google Small Business Adviser for 2016-present. Follow Brian Wallace on LinkedIn as well as Twitter.




The Cyber Bad Guys Are Getting Worse: New Cybersecurity eBook Released

 

“I don’t try to predict the future. All I want to do is prevent it.”

—Ray Bradbury

There have been a few moments of remarkable hope over the decades that I never thought I would live to see and literally took my breath away. The fall of the Berlin Wall. The collapse of apartheid and the subsequent election of Nelson Mandela. The election of Barack Obama. The rise of the Internet.

I remember the first night I had America Online and suddenly found myself in a conversation with someone in British Columbia. It was a “Watson, come here” moment.

In just over 20 years, the unbridled promise of the wild west of the new Internet has been replaced by 21st century robber barons in the form of a half dozen companies with spectacular power over commerce, democracy and thought. Add to this the rise of a criminal class so sophisticated in their enterprise that they now have mission statements. And their mission is not good.

One hundred percent of us will be hacked. Ransomware is on the rise. Nation-state interference is exhibit one in the new cold war. Disruption from cyber criminals is its own significant stand-alone threat even before we get to the disruption caused by AI and the rise of technology.

Over the past few months we have written multiple articles and conducted more than a dozen broadcast interviews, largely for the Corporate Counsel Business Journal, on cyber security and privacy issues, resulting in our fifth eBook, this one on Cybersecurity & Privacy. Leading experts provide their take on what companies can do pre-, during and post-breaches. We have interviews with one of the nation’s leading cyber security journalists, Brian Krebs of Krebs on Security; Jeffrey Rosenthal, Privacy Team chair of Blank Rome’s Biometric practice; and Marcello Antonucci, Claims Team Leader of Beazley’s Cyber & Tech, our co-sponsor of this eBook; and contributions from such leading firms as ThreatConnect, 4iQ, Mullen Coughlin, Carlton Fields, ZwillGen and many others.

We are distributing this eBook to more than 300,000 people through our media and insurance partners, including the Corporate Counsel Business Journal, CommPRO, Beazley and the many law and cyber firms who participated in this eBook. We are always updating our eBooks, so if you want to propose a topic, we can work you into the next edition.

Stay safe and enjoy the eBook.

Download the eBook 

Richard Levick

Richard S. Levick, Esq.

Chairman & CEO

LEVICK




Securing the Mosaic: Strategies for Strengthening Enterprise Cybersecurity

Diana Burley, PhD, is the executive director & chair at Institute for Information Infrastructure ProtectionDiana Burley, PhD, Executive Director & Chair at Institute for Information Infrastructure Protection

Enterprise environments are characterized by an increasingly complex mixture of devices, networks, and computing platforms. Some of these devices are owned and controlled by the enterprise. Others are not – think BYOD and the increasing number of IoT devices. The networks often span organizational (agencies, departments, external contractors working onsite, partners, suppliers, and customers), and geographic (everything from multi-national corporations to non-local employee travel with corporate or personal devices) boundaries. Necessarily, a mosaic of policies and procedures secure this complex array of functional requirements and security assumptions.

The trouble with this fragmented approach is that while the requirements and assumptions may hold true for specific devices in specific contexts, it is in the interface between devices, systems, and organizational units; as well as in the flow of data across entities, where vulnerabilities are often exploited. The security issues and basic assumptions driving functional and security decisions across the different system components can be unknown, very different, or just too complicated for any one individual (or even one set of individuals) to understand comprehensively in terms of security and functionality.

That said, below I identify three strategies to manage a massive global cyber attack and maintain calm with key stakeholders. First, identify the full array of stakeholders and develop a specific approach to engage each group. These individuals include senior executives, project managers, administrative and end users, network and system administrators, security operations staff, testers, developers, legal and regulatory affairs officers, … — anyone and everyone who (1) has an interest in the security of enterprise operations; and (2) can ensure that business priorities, workflows and usability concerns are considered. In determining stakeholder groups, ask questions such as: Why is this group important in the process? What is their typical background? What are the likely challenges to their participation and how can you overcome them? These questions will aid in developing a holistic approach to security awareness and in applying targeted intervention strategies. Enterprises should engage in a training that addresses the full spectrum of resistance – behavioral, cognitive, and emotional.

Second, address the knowledge gaps that prohibit the tight coupling of system processes and policies; creating vulnerabilities in the interface that expose the system and its components to exploitation. The separation of people and processes also encourages the growth of a cultural divide among different stakeholder groups that can hinder cooperation in the development and implementation of a holistic cybersecurity strategy. Security gaps persist because groups see the world differently, speak different languages, and have different (often competing) priorities.

Third, incorporate business processes and usability at the beginning and throughout security planning processes. Discrepancies occur for several reasons but regardless of the reason, convenience matters. Users must be able to use the system without cumbersome, unnecessarily complex security requirements that run counter to natural business flows. In a battle between business flows and security – business flows will win. More broadly, in a battle between convenience and security – convenience will win. Taken together, these strategies will strengthen the security posture and enhance enterprise resiliency.

About the Author: Diana Burley, PhD, is the executive director & chair at Institute for Information Infrastructure Protection. A full professor at The George Washington University, Dr Burley is one of the country’s leading cybersecurity experts. 




Cybersecurity: So Much Time, So Little Progress

Dianna Booher, CEO, Booher Research Institute

As I read of the latest cyberattack, the worst in history, involving hospitals, shipping systems, and corporations in more than 150 countries, I see much hand-wringing. But the first thing that comes to my mind is the old mantra: “Fool me once, shame on you. Fool me twice, shame on me.”

That’s not to play “blame the victim” as so often happens with crime. It is to say that customers, employees, and investors have been victimized by their government and corporate leaders burying their collective heads in the sand and pretending the cybersecurity problem will somehow correct itself.

After 9/11/2001, America seemed shocked into the reality of believing there was indeed evil in the world—people who actually wanted to do America harm. Seeing our government leaders united––Republicans and Democrats alike standing together on the Capitol steps singing God Bless America ––sparked hope that they would begin to take the cyber threat seriously and use all means necessary to identify and stop those using the internet to monitor, communicate, or plan to harm our citizenry.

So what happened?

Very little.

Seventeen years later, experts tell us that our electrical grids are still easily accessible for cyber terrorists, allowing power to be shut off to large regions and paralyze the country.

How about progress in healthcare?

In 2010, the Department of Health and Human Services released the final criteria defining “meaningful use” of electronic health records (EHRs). To get the 700,000 clinicians and 5000 acute care hospitals to comply, they enticed with $30 billion of incentives and the threat of reduced payments for failure to comply. The biggest concern about these records? Privacy and security. Those EHRs include Medicare data (that is, social security numbers), accessible to anyone in the hospital system.

That brings us to the unprecedented rise in identity theft. There are rules and regulations that force companies to disclose data breaches to their customers (stolen customer credit cards or private account information) “in the most expedient time possible and without unreasonable delay.” They often do not tell customers—at least until months or years after the fact. Here’s their out: They can delay to accommodate “the legitimate needs of law enforcement” during an ongoing investigation.

So what about cybersecurity at the government itself?

In 2013, National Security Agency subcontractor Edward Snowden downloaded the country’s top secret domestic surveillance practices and dangled them in front of the government’s nose—another huge warning of the country’s inadequate protection.

Want to sign up for social security online, as the agency encourages you to do? Until just recently, if you were inclined to create an account on the government site, a message popped up on the screen: “Caution: This site is not secure.”

So what action at the very highest levels of government suggest that cybersecurity is taken more seriously there?

The former director of the FBI, James Comey, has described our 2016 Democratic president candidate Hillary Clinton’s handling of the nation’s top secret classified information on her unsecured server as “extremely careless.” And both the left and the right allege that the Russians have interfered with the 2016 presidential elections.

And while the government and social media companies debate the issues, ISIS still uses their platforms to recruit and train followers. To the chagrin of all parties, Wikileaks continues to release information that perplexes and angers politicians on both sides of the aisle.

It’s about 17 years past time for Congress to stop their petty bickering and concentrate on protecting this country.

About the Author: Dianna Booher, MA, CSP, CPAE, works with organizations to improve productivity through clear communication and with individuals to increase impact by a stronger executive presence. CEO of Booher Research Institute and founder of Booher Consultants, Inc., she’s a prolific author of 46 books, published in 26 languages.




PR Genome Webinar: Cybersecurity 101 and What Your Agency Needs to Know

 

Cybersecurity 101 400Webinar Overview

From cyber extortion, to ransomware to malware – a cyber attack can be devastating, often resulting in the loss of revenue, interrupted business continuity and significant damages to both brand reputation and corporate morale. While many public relations agencies provide crisis communications for clients experiencing a breach – they are not immune to cyber attacks that put their own data at risk. It is critical for public relations agencies to take a proactive approach to cybersecurity – understanding the full threat landscape and preparing all departments and internal stakeholders to react quickly and work together when an incident occurs.

This webinar will overview real-life cybersecurity scenarios and best practices for every angle of cyber attack response including legal, technical and corporate communications.

Panelists include:

Sandra Fathi, President, Affect

Vincent Martinez, Partner, K&L Gates

Thursday, May 4, 2017

12:00 PM – 1:00 PM EST

This webinar is free for members of the PR Council, and $100 for nonmembers.

Register Now




The Cybersecurity Implications of Brexit for Your Company

Venkat Rajaji, Senior Vice President Marketing, Core SecurityBy Venkat Rajaji, Senior Vice President Marketing, Core Security

Some analysts view the U.K.’s vote to leave the European Union as the catalyst for economic turmoil – from roiling the U.K. real estate market to the slowdown in various vertical markets.

While many implications associated with Brexit are being discussed, it may take years to see the long-term impact. That said, we already are seeing the initial economic impact and slumping investor confidence resulting from this political decision. Companies noting this global market volatility may be tempted to cut costs as a proactive measure. This may be the appropriate thing to do in some circumstances. However, it is critical to have a heightened sense of awareness around what Brexit means for your company’s information security policies. When evaluating the importance of information security, consider the following questions for your business:

  1. How does this politically motivated decision impact our business, and specifically, the information security of our business?
  2. Could we become more of a target as a result of this decision?
  3. If we are more of a target, where are our exposures?
  4. What should we be focusing on in terms of preventing and responding as quickly as possible to potential breaches?

The idea you may be more vulnerable as a result of a political decision, such as Brexit, is not new, but this does not make it any less real. Anytime there is opposition to a political action, businesses may be vulnerable to an attack, whether from a nation-state or otherwise.

While we don’t necessarily understand the motivations behind adversaries, Brexit could be a motivator for bad actors. For example, in 2014, Sony produced a comedic movie with a political statement about Kim Jong-un, and North Korea backlashed by hacking their network and releasing private emails.

So what are the precautions your company should take given this landscape? Three critical information security policies can lessen impact of potential attacks on your business.

  1. Manage privileged accounts, aka the keys to the kingdom. Privilege misuse was the second-most common cause of security incidents and the fourth-most frequent cause of breaches, according to the 2016 Verizon Data Breach Investigations Report (DBIR). Your business should continuously monitor privileged credentials to make sure they are not exposed.
  1. Manage user credentials and identities. The same Verizon report also found 63 percent of data breaches are associated with the misuse of legitimate user credentials. Businesses in all industries need to manage the growing universe of identities, devices and data employees require to do their jobs. 
  1. Understand your network vulnerabilities. Businesses must efficiently identify and prioritize vulnerabilities for remediation. You need to constantly work in protection mode to prevent attacks from penetrating your network.
  2. Conduct continuous penetration testing. Businesses should implement penetration testing and certification reviews to continuously validate your users and your network. These are vital best practices for comprehensive security policies.

The bottom line during this time of economic and investor uncertainty following the Brexit decision is that businesses must have a heightened sense of awareness around their cybersecurity. Given the controversy surrounding Brexit, investors and executives are wise to consider the cybersecurity implications for their company and understand why information security is not an area for cost cutting measures.

If you are a target, you should be aware you’re a target. Know that you cannot stop an attack on your network, but you can stop hackers from penetrating valuable data in your network. Your company needs to have policies in place to rapidly determine the root cause of a vulnerability and prioritize the correct mitigation action as quickly as possible.

About the Author: Venkat Rajaji is the Senior Vice President of Marketing and is responsible for business development and lead generation at Core Security. Venkat brings with him diverse expertise in marketing, product management, management consulting, finance, and presales. Before joining Core Security, Venkat was Vice President of Sales Operations and Customer Retention at Aptean. He also held product management and marketing roles with Infor and consulting roles with IBM and Accenture. Venkat received a Bachelor of Arts from the University of Texas-Austin, master’s degree in Information Management from University of Maryland-College Park, and a Master of Business Administration from the Goizueta School of Business at Emory University.  




Richard Levick –The Middle Road

Richard Levick - The Middle Road

“I was lyin’ with my mess-mates on the cold and rocky ground
When across the lines of battle came a most peculiar sound
Says I “Now listen up me boys”, each soldier strained to hear
As one young German voice sang out so clear
“He’s singin’ bloddy well you know”, my partner says to me
Soon one by one each German voice joined in in harmony
The cannons rested silent. The gas cloud rolled no more
As Christmas brought us respite from the war
As soon as they were finished a reverent pause was spent
‘God rest ye merry, gentlemen’ struck up some lads from Kent
The next they sang was ‘Stille Nacht”. “Tis ‘Silent Night’” says I
And in two toungues one song filled up that sky”

— John McCutcheon’s song Christmas in the Trenches about the World War I Christmas Soccer Truce on the Western Front

Each year we produce a Year-In-Review eBook with a theme based on the year that was, filling it with our 50-or-so columns and hundreds of podcasts. 2021 seems to be about learning to live with loss — with nearly 5.5 million people worldwide dying of Covid-19. It was also a year for Americans and others in democratic nations to think the unthinkable: Will democracy survive?

As someone who has suffered great loss in this lifetime, the key lesson I have learned is that acceptance and adaptation — not revenge — is the path that works. But history is a long arc measured in eons, not a single lifetime, so perspective and certainty are a challenge. I suspect we know as much about the heavens as an ant does about humanity.

Although I never voted for him, one of the things I always admired about President Ronald Reagan was that he never took his suit jacket off in the Oval Office. He had too much respect for the institution and its symbols. I have never been much of a rule follower myself. Growing up in the shadow of the anti-Vietnam War protests and living in Washington, DC when Woodward and Bernstein were first writing about a break-in at the Watergate, I had a tangled relationship with authority. It turns out that symbols, manners, kindness and soft power — mean something. In fact, they mean more than something. They are the glue of civilizations.

I have always been a change advocate, working for Ralph Nader organizations as a first career decades before environmental and conservation measures were “cool.” But with something gained is always something lost. I remember the family-owned convenience stores in the 1970s asking how they could safely and cleanly store returnable bottles if the government was going to mandate them. Long before the era of superstores, it was a concern that could mean the difference between profit and loss for these local businesses. Today, as much as I like the idea of electric cars, I worry about the 85% of electric cars in Asia powered by dirty coal from China and the new minerals war shaping up over cobalt. It will not end well for the Congolese who will either do the mining under harsh conditions or be forced to move off their ancestral land with little or no consideration. At the risk of repetition, for everything gained, something is lost.

I think this is one of the reasons the late Archbishop Desmond Tutu and President Nelson Mandela sought change “via media” — the Latin phrase meaning “the middle road.” It is an aphorism for life which advocates moderation in all thoughts and actions. As Aristotle wrote, “moderation is the essence of wisdom.”

2021 started with the violent January 6th insurrection — nothing short of a presidential coup — and has ended with Covid-19 fatigue. We are fighting over masks and vaccines for heaven’s sake. The conversation is about individual liberties when it should be about shared responsibilities.

It seems we have all taken our jackets off when really, we should be doing the exact opposite. Fully stopping at stop signs, being kind to our neighbors, opening doors for strangers, listening before speaking or judging. Simply because the internet gives us newfound power of publication and amplification does not mean we should.

The late Harry Reid grew up without indoor plumbing and an alcoholic, violent and suicidal father. He would grow up to serve 12 years as one of the longest tenured Senate Majority Leaders. In America, everything could still be possible. It is a remarkable experiment in self-rule and well worth our dedication.

In late December 1890, 300 peaceful and cooperative Lakota men, women and children were gunned down with three mountain guns — the precursor to the machine gun — at the Massacre at Wounded Knee. 131 years later we still live with the shame of this tragedy committed by hung-over members of the Seventh Calvary seeking revenge for the death of General George Armstrong Custer 14 years earlier. This road to the extremes does not lead us where we want to go.

Via media. We need to find the middle way or be condemned to replace one injustice with another.

Peaceful process may be boring, make few headlines and be slow and plodding, but it is also the magic of long-lived societies.

In the linked eBook you will read essays about the news of the day for the past year and find links to more than one hundred of 2021’s most popular podcasts that we hosted on In House Warrior, the daily podcast I host for the Corporate Counsel Business Journal, sharing views on dozens of issues from all points of view. Hopefully they are helpful and instructive. Some may even be inspiring.

Over the past week, we kicked off 2022 with new podcasts guests who, in fact, are finding via media.

David Bodanis, a New York Times best-selling author, spoke about his new book, The Art of Fairness: The Power of Decency in a World Turned Mean which seems like an essential read for what is likely to be a bumpy ride in 2022.

Danny Heitman, the editor of Phi Kappa Phi’s Forum magazine, an award-winning columnist who frequently writes for The Wall Street Journal, Christian Science Monitor, New York Times, Washington Post and others, discussed the joys and lessons learned from writing obituaries – an unusual but powerful source of daily inspiration.

On how to build for the future, my old friend, Dr. Habib Al Mulla, a partner at Baker McKenzie and one of the UAE’s most highly respected legal authorities, joined me for a show. He is a key architect of Dubai’s financial free zones, the legal framework establishing the Dubai International Financial Centre (DIFC) and how Dubai became a leading center for Foreign Direct Investment.

Looking forward, Kirk Nahra, a partner at Wilmer Hale and Co-Chair of both their Big Data and Cybersecurity and Privacy practices and a leading authority on privacy and cybersecurity matters for more than two decades, spoke about privacy and security laws and trends for 2022. He covered what to expect in state and international regulation; best practices for avoiding privacy and security investigations and how to navigate them when they occur; the unique challenges of privacy issues in health care; and career opportunities.

Looking backward, Chip Jones, author of The Organ Thieves: The Shocking Story of the First Heart Transplant in the Segregated South and winner of the 2021 Library of Virginia Literary Award for Nonfiction, discussed the tragic true story of Bruce Tucker, a middle-aged African American family man, who had his heart and kidney harvested after an accident, without consent or even notification to his family and before he was clinically dead. To those who wish to curtail or outlaw freedom in teaching, it is yet another lesson on the importance of learning from our history so that we do not repeat it.

Maybe 2022 can be the beginning of our own “Christmas soccer truce,” practiced for more than one day. Imagine.

“Manners are of more importance than laws. Upon them in a great measure, the Law depends. The Law touches us but here and there, and now and then. Matters are what vex or soothe, corrupt or purify, exalt or debase, barbarize or refine us, by a constant, steady, uniform, insensible operation, like that of the air we breathe in. They give their while form and color to our lives. According to their quality, they aid morals, they supply them, or they totally destroy them.”

— Edmund Burke

Happy New Year.

Enjoy the shows.

Richard Levick

Download the eBook

Listen to The Art of Fairness

Listen to The Golden Age of Obituary Writing

Listen to The Miracle of Dubai

Listen to Big Data, Privacy and Security

Listen to The Stolen Heart




How Blockchain Can Change the Future of Medicine (INFOGRAPHIC)

Brian Wallace, Founder & President, NowSourcing

Right now, data breaches are a massive problem for the healthcare industry.  They cost an average of $429 per patient record compromised thanks to legal, technical and regulatory functions.  Healthcare centers also lose their reputation and consumer trust in the wake of a cyberattack. 

Why would hackers target healthcare providers?  They have a series of unique security vulnerabilities that make them an attractive target for hackers.  Old medical devices are made by companies no longer in business.  Old software remains in use despite gaping security holes.  Hospitals operate unaware of which systems run on the devices they use.  Hospitals also have a greater focus on protecting patient privacy than cybersecurity when really, they need to be doing both.  Many organizations lack full time cybersecurity employees, furthering the lack of awareness and resources relating to cybersecurity in the healthcare field.

How can healthcare providers better protect their patients’ data?  One possible answer lies in the blockchain.  For those unfamiliar, a blockchain is a distributed ledger for recording transactions and tracking assets.  In this case, it could be used to track a patient’s medical history on a secure, unalterable platform.  By incorporating blockchain into wearable medical devices, every device is linked to the patient’s health records.  The implementation of blockchain has been pioneered by cryptocurrency and non-fungible tokens (NFTs).  It would take some modification to put patient records on the blockchain in a secure fashion, but it could be done.  

By securing medical records on fragmented systems, it is much harder for cyber criminals to hack and steal data.  Blockchain could even improve the provision of telehealth initiatives.  At the moment, the main risk of telehealth stems from the lack of security controls over the collection, use, and sharing of data on third party platforms.  With blockchain powered telehealth, there is a seamless exchange of secured data and increased consumer confidence in the system.  Both patient and provider can view copies of the ledger in this system.

Many established and startup companies alike are looking for ways to improve the healthcare industry using blockchain.  If one’s health record were turned into an NFT,  patients would gain more control over their data while providers can have more certainty that the data is genuine.  The more popular blockchain functions become in the mainstream, the more entrepreneurs will look for ways to incorporate it into daily processes.  Companies like Chronicled and Curisium lead the way.

 

Blockchain & The Future Of Medicine


Brian WallaceAbout the Author: Brian Wallace is the Founder and President of NowSourcing, an industry leading infographic design agency in Louisville, KY and Cincinnati, OH which works with companies ranging from startups to Fortune 500s. Brian runs #LinkedInLocal events, hosts the Next Action Podcast, and has been named a Google Small Business Adviser for 2016-present. Follow Brian Wallace on LinkedIn as well as Twitter.




Stop Ransomware Before it Starts (INFOGRAPHIC)

Brian Wallace, Founder & President, NowSourcing

In 2020, ransomware attacks grew at least 7-fold.  By 2025, at least 75% of IT organizations will face at least 1 ransomware attack.  When considering the lost revenue caused by halted business operations and the costs companies incur to recover from a ransom attack, the true cost of ransomware is up to $20 billion a year.  

Insurance is a lifeline for many businesses recovering from ransomware, but there exist gaps in coverage, especially for small to medium enterprises (SMEs).  SMEs represent 98% of cyber insurance claims, with their average claim reaching $1.2 million in 2019.   Despite these enormous claims, the average bill for rectifying a ransomware attack is actually $1.85 million.  And that value is only rising with the frequency of ransomware attacks going around.  Data loss and insurance premium costs are also ticking up.  Insurance companies are even denying applications for cyber coverage more often in a bid to reduce risk on their portfolio.

Not all threats are created equal.  Ransomware attacks are tailored to each victim.  Small businesses face more generic attacks and lower ransom demands,  but they’re also less likely to possess the security to fend off even weak attackers.  Meanwhile, large enterprises who can afford cybersecurity suffer more sophisticated assaults from criminals seeking a higher payout.  Still, a major concern for businesses of all sizes is reinfection.  Companies who fall prey to a ransomware attack suffer an 80% chance of being targeted a second time, often by the same group of attackers.

As if the situation wasn’t dire enough, new regulations that increase costs for businesses that fail to prevent attacks are entering their enforcement period.  In the EU, the GPDR imposes fines on businesses that fail to protect consumer data.  In the state of California, consumers can sue businesses for a breach of their data without needing to prove the breach caused harm.  While paying ransoms in general is not illegal, the US Treasury began prosecuting those who facilitate ransomware payments made to sanctioned individuals and jurisdictions last year.

The problem is huge.  How can businesses protect themselves and their customers?  Some important best practices include staying up to date with software, educating employees on the dangers of phishing emails, and backing up data on external devices.  Security software that detects suspicious activity is a first line of defense.  As ransomware attacks grow in sophistication, it’s not a matter of if but when.

 

Stopping Ransomware Before It Starts


Brian WallaceAbout the Author: Brian Wallace is the Founder and President of NowSourcing, an industry leading infographic design agency in Louisville, KY and Cincinnati, OH which works with companies ranging from startups to Fortune 500s. Brian runs #LinkedInLocal events, hosts the Next Action Podcast, and has been named a Google Small Business Adviser for 2016-present. Follow Brian Wallace on LinkedIn as well as Twitter.

 

 




The Need for Both Humans and Tech in the Fight Against Ransomware (INFOGRAPHIC)

Brian Wallace, Founder & President, NowSourcing

While COVID-19 rages on, a second pandemic is ravaging businesses everywhere.  Since the start of coronavirus, ransomware attacks have risen over 400%.  The costs associated with the attacks will top $20 billion in 2021, or $2 million per business affected.  Even with measures being taken against coronavirus, ransomware will not be defeated as easily.  Current predictions show 75% of organizations facing attacks over the next 5 years.

What has caused ransomware to expand so dramatically?  To start, there are more opportunities out there for attacks to be successful.  In the age of remote work, businesses are using more software and networked devices than ever.  Moreover, it’s lucrative.  Criminals can get multi-million dollar payouts in anonymous Bitcoin with little concern of being brought to justice.  Perhaps most importantly, ransomware has gotten easier to use.  One no longer needs to be a talented hacker to commit cybercrime.  “Gangs” now provide ransomware-as-a service in exchange for 20% or 30% of the ransom.  

Despite the growing threat, businesses are not investing enough in preventing cyber attacks on their systems.  The majority of businesses have an IT security budget of less than $10,000.  That’s less than 1/9th of the salary for an average cybersecurity engineer.  If businesses don’t want to pay millions later, they should consider investing thousands now.  The problem is particularly acute for small and medium businesses.  6 in 10 of them lack even a policy for what to do if they are hit with a cyber attack. 

Can tech bridge the divide?  Not entirely.  Cybersecurity software can do some of the work in preventing ransomware, but it introduces new challenges.  Artificial intelligence solutions aren’t foolproof.  Many are riddled with false positives and excessive alerts.  The average employee has neither the time nor the training to sort false positives from the real threats, and they ignore the AI’s warnings on all matters at their own peril.

Humans and tech need to work together to prevent ransomware.  No matter what software comes out, human expertise is an important part of cybersecurity.  Trained analysts can spot malicious code and warning signs better than average employees. They can understand context, relevance, and attack motivation better than software at this time.  This makes it possible for them to tease out the real concerns from a sea of false positives.  In an ever-expanding world of cyberattacks, businesses need the best in class technology AND cybersecurity expertise.

 

Humans and tech are needed to stop ransomware


Brian WallaceAbout the Author: Brian Wallace is the Founder and President of NowSourcing, an industry leading infographic design agency in Louisville, KY and Cincinnati, OH which works with companies ranging from startups to Fortune 500s. Brian runs #LinkedInLocal events, hosts the Next Action Podcast, and has been named a Google Small Business Adviser for 2016-present. Follow Brian Wallace on LinkedIn as well as Twitter.




The Importance of Small Business Security: What You Need To Know

CommPRO Editorial Staff

As an entrepreneur, you’ve likely spent hours, or even years, building your small business, and you know how important it is to protect your business. However, after all the time and effort you’ve put into running a small business, choosing the right protection and security measures for your company can be challenging. This guide will help you understand everything you need to know to protect your small business both online and offline so that you can focus on running your company. 

Company Culture

When people talk about a company’s culture, they typically mention how the staff interacts with one another and what it’s like to work for a particular business. However, your company culture is essential to your enterprise’s security strategy as the ideas, social behaviors, and customs throughout your business will influence its security. The security culture within your company is built on a foundation from your ability to protect data, information, privacy, and employees. A strategic, long-term approach to consistent security is imperative to ensure that your business is secure both online and offline.

Employees often have confusion about what they should and shouldn’t be doing to protect business information, as security experts have repeatedly communicated contradictory techniques over the years. Security is an ongoing process that should be driven from the organization’s top in conjunction with your IT departments to ensure consistent feedback to employees. Implementing consistent communication to help staff understand how their daily behaviors can impact security is the key to developing the right company culture.

Physical Security for Your Small Business

Many small business owners focus solely on their digital security when they first begin documenting their security procedures. However, the security of your physical location is equally important if you want to ensure that you don’t incur any unforeseen expenditure such as theft or accidents resulting in employee or customer injuries. 

The first step to securing your business is investing in the right insurance. That will provide you with the necessary protection to cover most of the unexpected problems you may face as a company. Unfortunately, it can be confusing when you first look at insurance for your small business, as there are many types to choose from. Still, the best insurance will allow you to customize what coverage you require as every business is different. For expert advice, head over to The Hartford website, where you can get more information about their small business insurance

Once you have the appropriate insurance in place for your business, it’s time to think about other measures you can use to protect your physical location. Security systems are essential, and from door alarms to cameras, there are many options to choose from for your business.

Cybersecurity

Cybersecurity is not typically the first thought on every business owner’s mind when developing their company infrastructure. Unfortunately, smaller organizations are often prime targets for these types of attacks, as smaller businesses usually don’t have the same level of technology security as larger businesses. The aftermath of a cyberattack is potentially expensive and often stressful, and time-consuming for any small business, which is why it’s imperative to have the best measures in place alongside your company culture to ensure you don’t suffer the losses from a cyberattack. Audit your current practices by working with your IT department or an external company to identify weaknesses and develop an effective strategy going forward.




Bancambios Builds DeFi Platform on the Solana Blockchain

CommPRO Editorial Staff

The Bancambios DeFi project is here. The token, (ticker: BX), will be minted on top of the Solana blockchain, the initial invitation to participate would be released to the Solana and the DeFi community at first.

The technology company that registered to the Solana Hackathon in May 2021, is enthusiastically participating at IGNITION “A Global Solana Hackathon”, where Solana enthusiasts gather to build and support the development of DApps using Rust- a highly accessible programming language quickly growing in popularity that has a strong reputation as an efficient, secure, and extremely interoperable language. Enrolling to the Hackathon is helping the project onboarding team members and leading Investors who support impact-driven DeFi initiatives.

For Bancambios, choosing to develop the project over Solana, proved to be a move that propelled the project to greater heights, helping to facilitate their goal of bringing DeFi to millions of people. “We’re excited about how well the project has ultimately come together, and we think we’ve drafted the perfect product to encourage mass adoption- an open-source suite of tools that extracts micro-fees from each transaction, and redirects them into an impact wallet that actively supports environmental initiatives with proven track records. The project’s initial focus is the overwhelming amount of plastic waste polluting our oceans.

“Bancambios is the first project hosted on Solana to implement a reflective balance mechanism. Bancambios DAO (Decentralized Autonomous Organization), is where the community of BX holders collectively proposes and decides on where to direct the impact built by the DeFi community. Other choices will be geared towards programs from the United Nations 17 Sustainable Development Goals. The project plans to document “Proof of Impact” by minting a ‘before and after NFT’. This will serve as an environmental impact statement that exists in perpetuity. Bancambios’ DeFi mission is to provide open-source tools so that other projects can create their own similar initiatives.”

Cybersecurity

The development of the back-end is under development by three full-stack developers with 10 years of experience building FinTech products.
“Ensuring a grade-A platform- it is to this end that the Bancambios team has committed to cybersecurity audits performed by four different companies. This allows the project to offer a high-security platform, and solidify their reputation as trustworthy partners- an essential component to onboarding new individuals and institutions into the cryptocurrency space.” added the CEO of Bancambios.

Why Solana?

Solana is the fastest open-source and censorship-resistant blockchain infrastructure, currently supporting the development of decentralized applications, and it is gaining traction due to its high performance, usability, speed, and audited security. Leveraging superior computational capabilities, Solana allows a higher transaction throughput, proportionally scaling with network bandwidth. The combination of these features, and Solana’s ‘proof of history’ consensus mechanism throughput and expandability, are unprecedented in the blockchain market today. It consequently supports, and can exponentially scale todays speed of 50,000 transactions per second.

Mass adoption

The CEO of Bancambios has stated that building their platform on the Solana blockchain will help achieve the normalization of the use of Web3, a key priority on the road to facilitating the globalization of DeFi. “We aim to build a DeFi ecosystem that is conscious of people and the environment- we don’t want crypto behaving like traditional players in legacy financial markets. Blockchain, and specifically highly accessible networks like Solana, offer us a chance to create something new. Today we can code DeFi protocols that have real tangible positive influence on the problems we face, like pollution and threats to biodiversity- all through the use of programmable decentralize finance. Our vision is that every DEX on every chain would implement this type of impact-driven tool… imagine the difference this can make. It empowers monetary sovereignty, creation of jobs, and protection of biodiversity at the same time.”

In a world that strives towards greater responsibility and stewardship, these initiatives are being globally well received. In addition, Bitcoin adoption in Latin America has put the Bancambios project in a privileged position, with people seeking to learn more about cryptocurrency and decentralized finance. We aim to reach the 1 billion people who are either native Italian, French, Spanish or Portuguese who immediately understand the suggested meaning behind the name Bancambios. The project looks to appeal to those in markets that have been historically underserved, and even exploited. With Bancambios being a portmanteau of ‘Bank’ and ‘Cambios’ (which translates from Spanish to ‘change, permutation, or evolution’), the team believes the name makes their intentions clear, “we aim to change finance, and by extension the world around us.”

Source: Blockchain Wire




Using Blockchain Technology to Solve Dollar Liquidity Shortage

CommPRO Editorial Staff

XREX, a crypto-fiat fintech company driving financial inclusion via blockchain, closed its $17 million Pre-A round, which was oversubscribed by 200%. XREX will use the funding to expand its fiat currency portfolio, acquire additional licenses, and forge partnerships with more financial institutions and digital wallets.

Led by CDIB Capital Group (TWSE: 2883), the consortium of global investors includes publicly-listed companies, major banks, venture capital firms, and top fintech investors from the US, Canada, Germany, Estonia, Singapore, Japan, Hong Kong, and Taiwan. The strong participation by publicly-listed companies underscores XREX’s commitment to compliance with regulatory bodies.

Other investors in this Pre-A round also include SBI Investment (subsidiary of SBI Holdings, TYO: 8473), Global Founders Capital, ThreeD Capital (CSE: IDK), E.Sun Venture Capital (TWSE: 2884), Systex Corporation (TWSE: 6214), Metaplanet Holdings, AppWorks, Black Marble, New Economy Ventures, and Seraph Group. XREX closed its $7 million seed round in 2019. The investors in that round included AppWorks (lead), Skype’s late-cofounder Toivo Annus, Metaplanet Holdings, Black Marble, CDIB, WI Harper, BitoEx, and the Taiwan government’s National Development Fund.

“CDIB was an early investor in XREX,” said Ryan Kuo, Head of CDIB Capital Innovation Fund. “After witnessing the company’s fast revenue growth and their commitment to compliance, we were determined to double our investment and lead this strategic round.”

“Our mission is to foster global financial inclusion by leveraging blockchain,” said XREX CEO and cofounder Wayne Huang, an internationally-recognized cybersecurity expert. “Many of our team members are from or have lived in the markets where we serve. We keenly understand the struggles faced by many cross-border merchants who lack safe access to US dollar liquidity.”

By working with local regulators and financial institutions, XREX has pioneered tools such as BitCheck and MyXchange to help merchants and SMEs in emerging markets reduce forex loss, gain access to US dollars and seamlessly cross over from informal to formal economy.

Capitalizing on a successful series of new features including their mandatory User Public Profile as well as their Risk Level Detector features, XREX will roll out a user Reputation Index next year to bolster safety, transparency and accountability while encouraging social networking.

In the last eight months, XREX successfully detected and prevented fraud rings from Russia and Nigeria from using the platform, attesting to XREX as one of the safest crypto-fiat currency platforms in the world.

“Helping entrepreneurs to succeed is a priority for us,” said Yoshitaka Kitao, Representative Director & Chairman of SBI Investment. “We believe XREX solutions open the door for underserved merchants to participate in global commerce on an even playing field.”

Jerry Horng, President of Black Marble Capital Management who serves on XREX’s board, said, “We were an early investor of XREX and we’re excited to continue our support in this round. XREX is uniquely positioned to connect Taiwan’s mature banking industry with the booming cross-border commerce currently seen in emerging markets.”

Source: Blockchain Wire




Web Security 101: How to Save Yourself Time and Money

Web Security

Regina Thomas

You are probably using the internet to boost the performance of your business or perform various company operations. However, even if the internet is an essential resource for your company, you have to be cautious when it.

The challenge comes up in tracking the many challenges associated with its use. So, we look at how to save yourself time and money through the right web security measures:

1. Allocate a Specific Budget for I.T Resources

Web security is vital if your business stores large amounts of data online. Do this because security threats come in different ways and forms. The ability to be prepared for these threats is crucial.

The last thing you want is to set aside Web Security obligations as a lower-level business priority. Ensure you assign a specific budget for your web security regimen. The budget should be clear and identify each vital aspect of web security management costs.

Allocating a reasonable budget ensures your business is in an excellent position to changing web security demands. So, you can respond to challenges at the right time and efficiently, thereby saving your organization precious time or money.

2. Consider the Services of an I.T Company

Remember the services of an IT training company. The benefit of an IT company is that they provide proven and quality services for web security. While it seems like an additional operational cost, your staff will have the freedom to focus on their everyday obligations.

A reliable IT company will provide researched-based insight to help ensure your business operations are safe online. A good example would be to invest in the most reliable IT services in Essex or any other local IT company. These professionals can provide you expert support from remote locations. Doing this will also give you a competitive edge over other similar businesses.

Before investing in such a service, conduct your research and ensure each staff member is aware of the system changes.

3. Invest in a Web Security Training Program

You also have to realize the importance of training programs for your company. A good training program helps improve the insight and operational prowess your staff members can provide. To avoid adding extra costs to your business operations, assign the training only to staff members who will use the web services.

Staff members who perform well through these programs should receive some form of incentives such as promotions. These are important in championing the concepts or goals behind web security systems.

4. Optimize Company Operations

Ensure you find a way to ensure all operations relating to web services are well optimized. The staff members responsible for using such resources should be competent and accountable. Being accountable is particularly important as many web security threats often occur due to negligent staff members.

Some everyday operations to optimize web security include financial transactions, data access, and company system access. These are just a few examples, and optimizing them the right way should guarantee positive results.

5. Learn From Competitors

One of the best ways to optimize any aspect of your business would be to learn from your competitors. Do some research on other similar companies in your field, and analyze their preferred web security techniques.

The chances for you are high that you will learn a few helpful techniques and methods to boost your company’s productivity. You can seek assistance from the IT company to help you aggregate the web security data.

Then, choose or focus on the best practices that you notice from the research. It can be cybersecurity, professional IT services, and software management services.

6. Remember the Basics

Before launching any web security system, you have to consider the essential services and factors first. Without these basic systems, your company is easily prone to attacks and compromises in data management. A few suggestions include:

  • Install an anti-virus system. These are important for detecting malware and illegal programs such as keyloggers.
  • Work on network security. Go for a network security system that is powerful and well updated.
  • Assign each user with specific logins. Do this to help make system tracking convenient and optimized.
  • Use two-factor authentication systems. It ensures you receive information updates for user and login activities.

Saving yourself time and money is essential, as it gives you the ability to focus on other equally crucial business operations. The good thing is that it’s easy once you consider the correct web security measures.

                                                    

 

                         

 




Protecting Your Data for the Work From Home Future (INFOGRAPHIC)

Brian Wallace, Founder & President, NowSourcing

In 2020, 62% of Americans worked from home.  While remote work has increased productivity, lowered office costs, and alleviated community stress for many, the rapid shift brought new cybersecurity concerns.  The COVID-19 pandemic prompted a new wave of security concerns almost overnight, and cyber attacks have skyrocketed.  In early 2020, the FBI reported a 300% increase in cybercrime.  Attacks targeting remote workers grew 5x in the first 6 weeks of lockdown, and 20% of organizations experienced a data breach linked to remote workers.  Phishing increased by 600%, ransomware by 148%, and malware activity by 128%. 

The top security concerns about remote work are as follows: 45% of devices may be more exposed at home, individuals may have difficulty managing new devices using remote work resources, and IT support is not as effective for remote work.  Cybercriminals will continue to target remote employees using social engineering attacks, vulnerable devices and IoT, and unsecured home Wi-Fi networks.  Additionally, data breaches may take longer to detect due to increased remote work. 

Organizations were forced to transition to remote work with little preparation and no in-person support.  Now they must find a way to reduce risk without compromising productivity.  Multi-factor authentication (MFA), combining a password with other authentication methods, is almost the answer.  Additional authentication measures might slow a hacker down, but they won’t keep your data secure.  Passwords that can easily be guessed or harvested from a previous breach, security questions that can be answered based on social media or public records, and one-time codes sent by SMS that can easily be intercepted by hackers are all factors that make MFA easy to breach. 

Additionally, MFA increased employee frustration.  One-time codes slow down logins and require a secondary device on hand.  Passwords and security questions are easily forgotten and need to be reset.  The frustration associated with multi-factor authentication is likely to lower employees’ compliance with other security procedures.  While many companies may default to outdated solutions, such as MFA, we know that the only true security solution lies in passwordless authentication. 

Move beyond passwords through passwordless security.  This eliminates the need for passwords completely, replacing them with secure cryptography and biometrics.  Risk-based authorization checks risk signals from every user and device to enforce stronger access control.  Password-less security also creates a secure and frictionless login without a second device or out-of-band message that could be intercepted by a hacker.  Invest in password-less authentication and access control for the work from home future. 

 

Securing Remote Work


Brian WallaceAbout the Author: Brian Wallace is the Founder and President of NowSourcing, an industry leading infographic design agency in Louisville, KY and Cincinnati, OH which works with companies ranging from startups to Fortune 500s. Brian runs #LinkedInLocal events, hosts the Next Action Podcast, and has been named a Google Small Business Adviser for 2016-present. Follow Brian Wallace on LinkedIn as well as Twitter.




How to Make Sure Your Business Data Stays Secure

Samantha Higgins

The data your company collects and stores are extremely important. Not only your own but also the personally identifiable information (PII) of your clients. Without the proper security that data is subject to theft and other forms of cyber extortion.

In 2020 alone close to 740 million files were breached across all business sectors. Many of these were related to security gaps that could have been quickly repaired. Instead of following their examples, you need to make sure your business data stays secure. Here are a few tips on how to make that happen.

Conduct a Risk Management Analysis

The first thing to do is conduct a risk management analysis of your technology infrastructure. It can be done in a few ways. When trying to find good-quality healthcare IT security measures consider looking at a third-party organization to help safeguard PII. Companies like Techumen provide this service as well as risk management audits, such as Techumen’s HIPPA audit checklist, to ensure all the bases are covered.

The other way to handle this is to gather a team of managers and staff at your business to conduct the analysis. They need to record all potential issues and suggest solutions to mitigate them. The ones that seem the most useful need to be applied and tested. If they don’t work, then the next group must be tried. Risk management is a continual task and can’t be taken lightly.

Enable A Virtual Private Network

One of the easiest ways for cyber extortionists to pilfer PII and other business data is via remote access. If an employee logs into their work environment from an unsecured location, attackers can piggyback on their link and get into vital areas of a company’s network. Avoid this by implementing a Virtual Private Network.

Known as a VPN for short, this method of access creates a secure tunnel that allows employees to access their work files. It does this by hiding their Internet Protocol (IP) address and Domain Name Service (DNS) from those observing the connection. When they link to a VPN, workers look like they’ve disappeared. In turn, they can work within a company’s virtual environment with minimal risk.

Activate Multi-Factor Authentication

Cyber extortionists find quick paths into an organization’s data from a user’s password. Either they’re so simple as to be quickly deciphered or continually reused by someone. By utilizing multi-factor authentication (MFA), companies can shield cyber extortionists from easy access.

The reason is it adds an extra layer to the username/password model. After an employee enters their credentials, MFA requests an additional form of identity. Normally, this is a phone call or a numeric code sent to a person’s smart device. While not 100% secure, this form of authentication has been proven effective. The only way cybercriminals can obtain the code is to have the smart device in their possession.

RAM-Only Servers

Server farms and disk arrays are prime targets for cyber extortionists. They’re filled with terabytes of PII ready for stealing. Nevertheless, this risk can be minimized by switching to a RAM-only server environment.

These devices store data retrieval and use it in a random access memory (RAM) cache instead of a hard drive. When an employee logs out of this form of server, it can be programmed to remove all instances of their footprint from the RAM. Additionally, if this is combined with a VPN, a kill switch can be used to quickly shut down a server when malicious activity is detected.

Move To The Cloud

The Cloud is the best place to store your company’s data. The companies that support your organization’s PII have strict security protocols enabled. As a result, the risk of cyber extortion is minimized. Furthermore, if Cloud service providers get attacked, they have backups of data to ensure your business continues without a loss of income or productivity.

Yes, the risk of cyber extortion is out there. However, you don’t have to be constantly afraid of it. By implementing one or all of these suggestions into your risk management plan you make sure your business data stays secure. When you do that, your patrons will also feel secure and continue working with you. Overall, this is the best outcome to have in a world of constant cyber attacks. 


About the Author: Samantha Higgins is a professional writer with a passion for research, observation, and innovation. She is nurturing a growing family of twin boys in Portland, Oregon with her husband. She loves kayaking and reading creative non-fiction.             

 




5 Things You Must Do to Grow Your Small Business

Image Source: Pexels.com

Audrey Evans

Are you planning to open a small business? You need to stock up on a few very crucial items. These are the things that you will need to make your venture a success. They are very easy to acquire and even easier to make use of. Here are the 5 most important things that you must do in order to grow your small business into a dominant player.

1. Use the Latest Modern Business Software

The efficiency of your business will play a major part in helping it to become a success. You want to be sure that you have all of the latest modern software that can improve your productivity as well as your ultimate level of profit.

You will need to use software to handle such areas as accounting, security, keeping track of customer interactions, and a wide range of other activities. The more up-to-date you keep your software, the better. This is an area where change happens on a frequent basis. Keeping up to date will help you grow.

2. Make an Account on Google My Business

One of the best places to make an account for your business will be on Google My Business. This is a place where you can market in a big way to your local audience. It’s especially useful if you have an actual brick-and-mortar physical address. Even if you don’t, it’s still a great way to pick up local customers.

Google My Business allows you to literally place your business on the map. When people click on your listing, you can show them your contact info, a few photos, and a capsule description of what you can do for them. It’s a great way to connect with people in your local area whether or not you have an actual physical location.

3. Get Your Business on Social Media

Another absolute must will be to get your business on all of the major social media network pages. This includes Facebook, Twitter, Instagram, YouTube, and the like. If you can put up a page with descriptive content, photos, and videos, you need an account there. The more social media exposure you have, the faster you will grow.

Social media is the place where people can get all of the info they need to decide if they want to do business with you. It’s also a great place to hook their interest and then send them straight to your official website. You can also use your social media pages to interact directly with customers and answer all of their various questions.

4. Keep Your Cyber Security Up to Date

One of the most important things that you will need to do to keep your business up to date is keeping tabs on your cybersecurity. This is an area where you can benefit from the expert aid and counsel of a professional network monitoring and security service. This will keep you safe from hackers, phishers, and other cybercriminals.

5. Make Use of Modern CRM Software

Another area where you will need expert help is in the matter of customer relations. In order to grow your business in the proper manner, you’ll need to build a firm base of trust with the public. One of the best ways for your business to do so is to make use of the latest modern Customer Relations Management (CRM) software.

This is software that will cover a wide range of applications. It will keep track of customer requests, complaints, and every other level of interaction that you have with them. It can also be used to make plans for your next major sales or marketing campaign. It’s the info you will need to keep your credibility high with your public.

It’s Time to Grow Your Small Business

The life of your small business is now in its infancy. This means that the time is now for you to plan for your growth and expansion. You can do this by making sure that you have all of the elements that you will need to make your business a success. The sooner you gather these elements, the sooner you can begin to grow.

 




Gregory FCA Acquires New York-Based PR Firm Affect

CommPRO Editorial Staff

Gregory FCA, one of the 50 largest PR firms in the nation, announced today that it has acquired New York-based Affect, a B2B public relations and marketing firm with almost 20 years of experience serving technology, healthcare, and professional services clients. 

Affect’s Founder and President Sandra Fathi will take on the role of Chief Strategy Officer (CSO) at Gregory FCA, and Senior Vice Presidents Brittany Bevacqua and Jen Dobrzelecki will join the company’s leadership team. All of Affect’s employees are joining Gregory FCA. 

Together, the combined firms will represent more than $14M in revenue with 96 team members. Gregory FCA headquarters will stay in Ardmore, PA, minutes from Center City Philadelphia, with Founder and CEO Greg Matusky and President and Partner Joseph Anthony overseeing the combined enterprise. 

“We are judiciously executing on growth plans by acquiring proven talent that strengthens our client services and extends deeper into key verticals that we have identified as growth opportunities in the global economy,” says Matusky. “Make no doubt about it, we were attracted to Affect because of its market reputation, track record, vertical focus, and the quality of its leadership and management teams.” 

As part of the firm’s growth strategy, Gregory FCA has focused on acquisitions that can leverage the firm’s platform of products and services and quickly build revenue through cross-selling opportunities. Over the past six months, Gregory FCA has added 19 team members with plans to hire an additional 20 this year, not including the Affect acquisition. 

“For 19 years, we cultivated a company and culture known for developing and investing in talent while delivering service excellence and tangible results to our clients,” says Fathi. “We immediately recognized that Gregory FCA was the right partner because of our shared values, team focus, and commitment to client service. Our plan is to expand our product offering by integrating Gregory FCA’s marketing, creative, video production, digital, and social media capabilities into a more holistic service offering for clients. We look forward to joining this impressive and talented team, learning and building on their success.” 

The move marks the second acquisition Gregory FCA has made since receiving a growth capital investment from Boston-based Copley Equity Partners just prior to the COVID-19 pandemic. The firm’s acquisition of KM Digital in January 2020 has already paid enormous dividends, with the firm tripling the size and reach of its digital services since the deal was consummated.

The acquisition also provides Gregory FCA with a New York City presence, a need that has become increasingly important for the company as a market leader in financial services. “Our dominance in financial services demands that we have an anchor office for talent in New York,” says Anthony. “Manhattan remains the epicenter for the industry as well as financial media.” He continued, “In all areas of our business — from financial services to tech to real estate, as well as from the international perspective — this new office extends our reach and solidifies our strength in the market.” 

Affect’s deep expertise in technology aligns seamlessly with the Gregory FCA focus and includes experience in such disciplines as artificial intelligence, machine learning, blockchain, cybersecurity, cryptocurrency, enterprise technology, HR tech, IT, martech, SaaS, and supply chain and logistics. In healthcare, Affect brings expertise in biotech, healthcare IT, health and wellness, hospitals and clinics, and medical devices.

 




The Growing Threat of Deepfakes to Brand and Executive Reputation

Alex Romero, COO, Constella Intelligence

Fake viral videos, images, and audio clips that appear indiscernibly real are catching public attention in a myriad of ways, as bad actors look to intentionally damage reputations or impersonate key individuals to obtain sensitive data or influence public opinion. Known as a “deepfake,” a portmanteau of “deep learning” and “fake,” this synthetic content is created using human image or audio synthesis based on machine learning (ML) or artificial intelligence (AI). Today, the concept and content are tangible, emerging as a legitimate threat to businesses and executives alike.

Moody’s research highlights two alarming facts about today’s digital world: AI is making it easier to damage companies’ credit, reputation, and financial health via deepfakes; and this risk will become harder to manage and mitigate as the AI that enables synthetic media continues to evolve. This means malign influence and disinformation campaigns powered by AI will take more time and resources to definitively disprove. Visit the site www.thispersondoesnotexist.com to see just how far deepfake production technologies have come. The extended time exposure to these types of campaigns is a real threat that compounds the risk associated with deepfakes.

A 2020 Brookings Institution report succinctly outlined the political and social risk presented by deepfakes: “distorting democratic discourse; manipulating elections; eroding trust in institutions; weakening journalism; exacerbating social divisions; undermining public safety; and inflicting hard-to-repair damage on the reputation of prominent individuals, including elected officials and candidates for office.” The risk has been exacerbated by COVID-19. Work environments have transitioned to virtual operations, increasing the risk surface of most organizations and presenting new challenges they may not be equipped to manage – specifically regarding security and crisis response. This new paradigm means more frequent use of digital mediums of communication without the validation and checks offered by in-person communication.

At an enterprise level, deepfakes pose two specific threats: social engineering attacks and public opinion manipulation. Social engineering is characterized by manipulating individuals to perform malicious actions, such as sharing confidential information or providing access to sensitive data. Threat actors can influence public opinion through fabricated videos of executives and other high profile individuals sharing disinformation or making inappropriate statements. Depending on the nature of the weaponized information, this can have far-reaching effects including influencing brand reputation and consequently consumer behavior, in addition to affecting a company’s stock price.

Best practices to prevent such threats include real-time monitoring and analysis of digital media and websites for disinformation. Further, a swift and comprehensive approach to brand reputation management and coordinated crisis response are essential to mitigate the potential damage caused in worst-case scenarios: multiple teams within an organization, from communications to cybersecurity to compliance must now closely work together to anticipate and mitigate such emerging digital risks. Experts across a wide range of fields agree that the battle against the malign use of deepfakes will necessitate the development of advanced security solutions, including threat monitoring and mitigation technologies, along with robust education of employees, stakeholders, and everyday individuals of the risks posed by manipulated audio, image, and video content.

Encouragingly, stakeholders across the digital ecosystem are making strides toward developing methodologies for tracking, analyzing, and delivering solutions that can mitigate the risks associated with deepfakes in the public and private sectors. Some notable initiatives include the Content Authenticity Initiative (CAI) – whose objective is to establish industry-wide standards for digital authenticity verification, assisting in limiting the pernicious effects of deepfakes before they can cause personal or corporate harm. There’s also the Deepfake Detection Challenge, launched by a coalition of partners including Facebook, Microsoft, and Google, among others, in partnership with key academic institutions including Cornell, Oxford, MIT, and UC Berkeley to incentivize and catalyze the development of open-source deepfake detection tools across the broader academic and tech communities. 

Is your organization equipped to safeguard against deepfakes? Ask yourself these three questions:

  1. Organization: Is your organization, namely executives and key team leaders, familiar with the most likely crisis scenarios posed by deepfakes – including phishing attacks, potential stock market manipulation, and blackmail or extortion? Are your employees trained and prepared to spot and report deepfakes, suspicious synthetic or manipulated content? 
  1. Technology: Can you accurately identify where, when, and how your brand is mentioned both in the public digital sphere and deep & dark web to establish a basis for mitigation of incidents in real-time? Has your organization evaluated the feasibility of deepfake detection technology for mitigation of threats against your brand, executives, and key individuals? 
  1. Processes: Do you have a cross-organizational incident response plan that clearly details steps for security and communications remediation once an incident occurs? 

Companies large and small must safeguard their reputations and assets amid a digital ecosystem witnessing the proliferation of deepfake technology. Use your peacetime wisely and address the threat of deepfakes today.


About the Author: Alex Romero is COO and co-founder of Constella Intelligence, a company that uses advanced data analytics, artificial intelligence, and proprietary technology to analyze the digital sphere and help protect organizations against malign threats emerging from the digital media ecosystem, including synthetic media such as deepfakes.

 




IP Expert Offers Top 10 Investment Opportunities & Industry Trends for 2021

CommPRO Editorial Staff

JiNan Glasgow George, recognized worldwide for her expertise in intellectual property, has offered her outlook on the Top 10 Investment Opportunities and Industry Trends for 2021.

Her analytics offer a snapshot of what’s going on with patent activity and offers a forecast on what companies are developing, offering keen insight new products and industries based on the type patents filed. George is a firm believer that patent data always leads investment trends. 

IBM continues to be a leading innovator, filing more patent last year than Samsung Electronics Co., Canon Inc., Microsoft Technology Licensing LLC and Intel. 

Here’s what George believes are the Top 10 hot investment trends and industries based on her company’s research (in alphabetical order). What her research is showing that there is 150% plus growth in money these technologies and industries. “It’s booming in each of these areas,” George says. “We can see disruption in high growth opportunities before it’s happening.”

  • AI diagnostics  This category is going to create an impact across several industries, including medical, telemedicine, self-diagnostics, wearables, and sleep analytics. The trends reveal the aggressive growth in personal health management, health monitoring, and the consumer health market IBM, Boston Scientific, Psomagen, and Philips are among the companies developing technologies to gain a competitive edge. 
  • Cryptocurrency / tokenization / blockchain is becoming commonplace in the areas of networks and computing, security, industrial applications and securities tokenization. Patents filed focus in such categories of tracking, finance and e-commerce. There are companies like Equity Shift, which is competing with NASDAQ’s secondary markets. This is allowing investors in private companies to have liquidity anytime they want. For investors, it’s an opportunity to see where there’s significant movement in the markets and where there are dynamic opportunities in a real-time basis. 
  • Edge computing — hardware + software & platforms. The rise of demand for computing for IoT devices and 5G is going to fuel huge growth in this sector. We are now generating huge amounts of data, but we need infrastructure process it, generate responses, and make it useful. Leading patent filers in this sector are Akamai Technologies, Cisco Systems and Intel.  E.g.,Such companies as EdgeX is partnering with Atomy Institute to develop next level infrastructure. 
  • Electric Vehicles, EV charging – The rise of Electric Vehicles can be attributed to the innovations of Elon Musk and everything that he has done allow EV to scale.  But the one thing he did that other automakers have not, which is extremely influential, is building a network of EV charging.  Electric Vehicles have so many advantages both for the environment and for the consumer and as consumer’s needs to manage their charging increase, it will simply necessitate innovations in EV charging and EV networks. Big questions right now are; how do we manage the data around charging and how does the wide use of EV charging impact the power grid?  
  • IoT – There are a lot of companies who have created things that sense and collect data.  But right now the infrastructure to make it useful doesn’t not existed. What we are seeing is that companies are investing heavily in consumer experience, putting the data into the consumers hands so they can better understand their behaviors and make changes.  With this, we will see an increase in usefulness and adoption of IOT. 
  • Materials (biodegradable, composites, smart fabrics & materials)– We are seeing huge patent filing in materials.  Consumers are demanding better, biodegradable packaging.  Additionally, we are seeing investments in composites as a method for creating cheap, strong materials for use in construction, cars, and packaging.  We’ve seen an increase in smart fabrics as well; we saw a little of this with COVID-19 with those slow-release anti-microbial fabrics, but we expect to see more of that going forward especially in the athletic apparel space.  
  • Security (general) & cybersecurity– We have a lot of monitoring capabilities in place for physical security; but we do not have the necessary infrastructure for data surrounding that monitoring.  We are seeing heavy investment in automatic response.  Cyber security is an increasing concern especially as we move into the mobile and crypto space; we are seeing heavy investment in technology from fintech.  
  • Smart Cities — We have been discussing smart cities for a long time, but have not seen much implementation. Why? The communications and other infrastructure required to transform cities into truly smart cities have only just been implemented.  This includes many important components: 5G, wireless spectrum management, V2X comms, essential services automation, traffic management.  The amount of data that is going to be circling is just mind-numbing and right now there isn’t the infrastructure to manage, process, and use that data. 
  • UAVs/drones — Unmanned air vehicles have applications for everything from security to delivery. Many states have become very aggressive in creating drone corridors and regulation around drone airspace.  In 2021 we are seeing the regulation catch up with the existing technology and we are predicting explosive growth for drone manufacturing companies.  
  • V/R, A/R — There’s no stopping developments in new entertainment and modernizing visualization.  The way we interact with the world is forever changed.  We aren’t traveling and we are interacting via zoom; people are so bored and are looking for more compelling and interactive options.  The patent investment supports all of this.