New Articles

How Can Organizations Ensure Data Security

data security

How Can Organizations Ensure Data Security

The cyber-security scene is advancing at a fast-paced rate and concurrently, advances in technologies are progressively becoming better at aiding cyber-criminals and hackers to take advantage of data security loopholes. The continuously growing scale of breaches and cyber-security attacks should be a major concern for all organizations. An example of such attacks is the WannaCry, a massive malware attack that affected over 150 countries, including the UK, Germany, India, and Japan. Considering all the sensitive data that organizations store online, including financial documents and customers’ private details, it’s evident that one breach could have a huge negative impact on their businesses. Here are a few measures organizations can take to ensure data security.

1. Protect the IT Infrastructure

Organizations need a secure and established IT framework to build a solid foundation for a healthy data security plan. As such, they should keep an eye on every component, including devices and systems. They should ensure all the computers and smart devices are adequately protected against advanced cyber-attacks and malicious hacks.

The IT team must ensure all systems are updated with the most recent operating systems and reliable anti-virus solutions. They must also put a configured firewall in place to ward off external attacks and unauthorized access on the network. NordVPN can be a great data protection tool, especially when browsing the Internet. By encrypting data, this VPN establishes an additional layer of security that keeps your browsing activity, financial information, and emails invisible to hackers.

2. Perform Comprehensive and Regular Audits

Data security measures can never be complete without thorough and regular audits. A regular audit is a practical approach that enables businesses to identify vulnerabilities in the existing security plan. Auditing data collected in the post-attack offers an organization a perfect understanding of the blunders that can result in similar breaches in the future.

This information can be instrumental in the creation of a more powerful data security strategy coupled with more reliable data security policies. So, businesses must perform comprehensive and regular audits to enhance compliance and get rid of potential risks.

3. Limit Data Access

Most companies give a few employees privileged access to their most valuable data. Consider who in the company has access to important customer information. Do you know everyone’s access rights? Knowing the details of every staff that has privilege access to data and reasons for accessing it can help you prevent data hacking, theft, and loss.

Organizations must limit data access. They should determine the kind of data that a staff member needs to access to carry out their work obligations effectively and make sure they have access to just what they require. In addition to safeguarding sensitive information from theft or loss, limiting access could ensure more efficient data management.

4. Remove Stale Information and Put Secure Backups in Place

Many companies in the healthcare, education, and finance sector handle sensitive data as an important part of their businesses. Having the right data disposal strategies in place can prevent redundant data from being stashed away and lifted at a later date.

Regular data backup is a fundamental part of a complete IT security strategy. Organizations should have robust backups in place to ensure they still have access to their sensitive information even after accidental file removal or a full ransomware lockdown. They should store their backup data in a safe, remote location far from their main places of business.

5. Change Your Mindset

Many organizations don’t give data security the seriousness it deserves. They have poor passwords, unencrypted sensitive files, and misconfigured AWS servers. Due to this sloppy attitude, it’s estimated that more than 4 billion data records with valuable information were breached within the first six months of last year.

Companies must change their attitude. They must view data security as their top priority. Everyone in the company must understand the value of data security, not just the top executives. They should embrace security best practices such as authenticating digital identities of all employees and customers as well as using up to date VPNs like the NordVPN.

The Parting Note

With cyber-security threats increasing rapidly in today’s world, it has become important to be armed with the right security tools and privacy improvements that are required to protect the organization’s most valuable asset, that is, the data. Data security should be given utmost priority and all staff members trained accordingly.

insurance

Understanding Cyber Liability Insurance: Securing System Access to Secure Coverage

Organizations purchase cyber liability insurance as a way to mitigate the impact of data security incidents. However, as with any liability policy, cyber risk insurance incorporates a set of exclusions that allow insurance companies to deny coverage. While most policyholders and insurance professionals assume that external monitoring acts as the only way to ensure coverage and reduce the likelihood of costly coverage litigation, digital transformation has shifted the perimeter away from external controls such as firewalls towards a more focused approach on identity and access.

Understanding Cyber Insurance Exclusions

Everyone reads the Insuring Agreement, or the part of an insurance policy that provides coverage. Typically, this section lists out all of the events for which an organization can submit a claim. For example, many cyber insurance policies will cover unauthorized access to systems, networks, and software that leads to a data security event.

However, as in life, all promises come with conditions. In the insurance world, conditions are called the exclusions, or the activities that are reasons allowing an insurance company to deny coverage. Generally located at the end of a policy, these may seem logical. For example, in a cyber-risk policy, an insurer does not need to cover the loss if the policyholder failed to enforce reasonable security practices and systems maintenance procedures.

In other words, if a data security event is the result of failure to enforce best security practices, the insurance company can deny the claim.

Why Identity and Access Matter to Data Security

As evidenced by the recent Twitter breach, cybercriminals increasingly target users as a way to gain unauthorized access to privileged locations in an organization’s IT ecosystem. This tactic makes sense in many ways because privileged accounts traditionally have universal access to an organization’s most important services and data.

For example, to do their job, IT administrators need nearly unfettered access to an organization’s ecosystem. They need to create accounts and grant access to other users. However, that also makes them a high-risk user. They could conceivably create fake accounts and grant themselves privileged access then engage in malicious data theft or credential theft, moving around in the organization’s systems and networks without looking suspicious.

Similar to the Twitter breach, this type of activity is hard to recognize unless the organization is actively monitoring who has access, how they use their access, what they access, and why they need it.

Enforcing Identity and Access Controls as Data Security Best Practices

Data security best practices pose problems for organizations as no set definition exists because cybercriminals continue to evolve their methodologies. With most organizations embracing remote workforces for the foreseeable future, on-premises security controls no longer provide the necessary protection. In order to secure data and protect privacy, companies should look to the Identity perimeter to limit access and monitor privileged access within their ecosystems.

Enable Zero Trust

Zero trust, aka “never trust, always verify,” is a cornerstone of enforcing identity. This is widely becoming not just best practice, but a table stakes identity and access management strategy – especially for users with elevated privileges. In a business application landscape overrun by phishing and brute force attacks, there is little confidence in usernames and passwords being the primary driver for identity and access management. That’s not to say that usernames and passwords don’t have their seat at the table, but they can’t be sitting alone. Combining them with dynamic controls that evaluate the context of access to determine risk is critical. Trusting the same access privileges, no matter what the circumstances, will lead to security threats. IT leaders must assume that cybercrime can circumvent their perimeter identity controls and be acting accordingly.

Apply the Principle of Least Privilege (PoLP)

The first step to creating best Identity and Access Management (IAM) practices is to ensure all users have only the access they need to fulfill their job functions and nothing more. For example, someone in human resources (HR) might need access to an employee’s address, but that individual may not need all the banking information attached to the record if they are not in the payroll area.

Enabling PoLP Using Attribute-Based Access Controls

For legacy business applications, PoLP is a non-starter because access governance is dictated by static, roles-based access controls (RBAC). For example, an HR manager needs a certain set of rights within the organization’s system. However, RBAC only limits access based on what the user does in the company (unless manually changed). With attribute-based access controls (ABAC), organizations can set additional contextual attributes such as geographical location, IP address, or time of day. This additional context allows the organization to limit access to high-risk resources on a more detailed level. With the explosion of remote work, ABAC provides a way to limit users’ access when the organization has determined that a location or time of day would be considered riskier. For example, someone using a public WiFi is at a higher risk of a man in the middle attack than someone using their home WiFi. If the organization sets trustworthy IP addresses, users cannot access sensitive information from public WiFis, reducing the attack surface.

Continuously Monitor Access

The same continuous monitoring mantra that exists at the network perimeter also holds true at the Identity perimeter. With user access monitoring, organizations can review the resources accessed to ensure they are appropriate to the users’ needs. Organizations need a way to detect suspicious access to sensitive information. For example, if an HR representative is accessing healthcare information at 2:00 AM, the organization needs to know whether that employee typically works late at night or whether this is an outlier signaling a potential data security incident. Without visibility into when and how users interact with data, organizations cannot prove that they enforced their access policies as a best practice.

Digital Transformation, Remote Work, and Securing Coverage

Digital transformation, accelerated by the rapid move to remote workforces, streamlines productivity but also increases risks. With more users connecting more devices from more places at less regular times, identity and access is an integral part of an organization’s data security.

Establishing and enforcing strict access policies is now more important than ever before. Malicious actors will continue to look for user accounts that act as back doors to organizations’ systems, networks, and software. In order to secure cyber liability coverage, companies need to be more actively engaged in monitoring access and mitigating potential threats arising from compromised accounts.

____________________________________________________________

Piyush Pandey, CEO at Appsian (www.appsian.com) is a technology executive with 19 years of global experience in strategy, sales, mergers & acquisitions, and operations within software companies. Over the last 10 years, he has worked with enterprise software companies including Oracle, Epicor, Concur, Citrix and Microsoft on various transactions. He has held various leadership positions at Procera, Deutsche Bank, Stifel, Wipro Technologies and a wireless startup.

Huawei

U.S. Adds 38 New Huawei Affiliates to Entity List While Again Expanding Foreign-Produced Direct Product Rule

The U.S. Department of Commerce’s Bureau of Industry and Security (“BIS”) has announced that it is further restricting access by Huawei Technologies Co. Ltd. and its designated non-U.S. affiliates (“Huawei”) to U.S.-produced technology and software. BIS first added Huawei to its Entity List on May 15, 2019 and has continued to impose additional export restrictions on Huawei under the U.S. Export Administration Regulations (“EAR”). Most recently, BIS published a Federal Register notice to implement the following enhancements. Although BIS published this Federal Register notice on August 20, 2020, the following rule changes took effect retroactively as of August 17, 2020:

Addition of Thirty-Eight New Huawei Affiliates to the Entity List. In its announcement, BIS added thirty-eight (38) additional Huawei affiliates to the Entity List. This action now brings the total number of Entity List-designated Huawei affiliates to one hundred and fifty-two (152). The EAR generally prohibits anyone, anywhere in the world from supplying products, software or technology that is “subject to the EAR” to these Huawei affiliates without a BIS license.

Expiration of Huawei Temporary General License. BIS had previously issued (and then, on multiple occasions, extended) a Temporary General License which permitted certain transactions with Huawei Entity List affiliates in order to support existing networks, equipment and handsets that were in existence prior to Huawei’s initial Entity List designation on May 16, 2019. In its Federal Register notice, BIS announced that it would be allowing the Temporary General License to expire. As a result, pursuant to the expiration date set in its most recent renewal notice, the Huawei Temporary General License expired effective August 13, 2020.

Anyone who previously utilized the Temporary General License was required to obtain certain compliance certifications in connection with transactions conducted pursuant to the Temporary General License and the EAR will require those persons to retain those certifications in accordance with the EAR’s recordkeeping requirements.

Permanent Authorization for Cybersecurity Research and Vulnerability Disclosures to Huawei Entity List Companies. The Temporary General License also contained a provision which authorized the disclosure of certain information to Huawei Entity List companies in order to assist with maintaining the integrity and reliability of existing data networks. After allowing the remainder of the Temporary General License to expire, BIS permanently codified this narrow exception into the EAR in order to promote cybersecurity.

Expansion of the Huawei Foreign-Produced Direct Product Rule. In May 2020, BIS amended the EAR’s foreign-produced direct product (FPDP) rules to designate the following items as “subject to the EAR”: (i) foreign-produced items produced or developed by a Huawei Entity List affiliate through the use of technology or software controlled under certain Export Control Classification Numbers (ECCNs), and (ii) foreign-produced items that are produced using equipment which is the direct product of U.S. origin software or technology controlled under certain ECCNs and also produced according to software or technology specifications produced or developed by a Huawei Entity List affiliate. BIS has now significantly expanded this rule.

As amended, the new Huawei FPDP rule now completely disregards whether foreign-produced items produced by a 3rd party are produced according to Huawei specifications and instead extends the Huawei FPDP rule’s coverage to all foreign-produced items resulting from the specified software, technology or production equipment which are intended for incorporation into or for use in the “production” or “development” of any “part”, “component”, or “equipment” to be produced, purchased or ordered by a Huawei Entity List company or otherwise included in any transaction featuring a Huawei Entity List company as a “purchaser”, “intermediate consignee”, “ultimate consignee” or “end-user” (terms in quotation marks in the previous sentence are defined terms under the EAR).

As a result of these amendments, a much broader range of foreign-produced items are now “subject to the EAR” and therefore prohibited for export, reexport or in-country transfer to any Huawei Entity List company without an appropriate BIS license.  Although BIS will normally review such license applications on a “presumption of denial” standard, these amendments did create an exception which states that BIS will evaluate license applications involving Huawei Entity List companies on a “case-by-case” basis when they involve foreign-produced telecommunications systems, equipment and devices below the 5G level.

The amendment did feature a savings clause, which allowed the continuance of certain qualifying transactions which were initiated prior to August 17, 2020.

____________________________________________________________

Grant Leach is an Omaha-based partner with the law firm Husch Blackwell LLP focusing on international trade, export controls, trade sanctions and anti-corruption compliance.

Cortney O’Toole Morgan is a Washington D.C.-based partner with the law firm Husch Blackwell LLP. She leads the firm’s International Trade & Supply Chain group.

Camron Greer is an Assistant Trade Analyst in Husch Blackwell LLP’s Washington D.C. office.

payment

How to Make Important Adjustments to Your Payment Strategy

The first couple of weeks of sheltering in place regulations saw finance and accounts payable organizations scrambling to set up remote operations and get payments out the door. Most were able to accomplish these goals quite well. Now we’ve moved into the next step–establishing efficient workflows and productive practices. It’s still challenging, however. Companies have to find ways to keep people safe while executing paper-based processes that keep their teams office-bound. For example, many companies still have to go into the office to pick up mail, circulate invoices for approval, and prepare checks for mailing.

They also must consider the best way to move forward and develop strategies for managing their teams through economic uncertainty. The Conference Board, a non-partisan economic think tank, recently sketched out three possible scenarios. Their best-case scenario predicts a 3.6% decline in US GDP for 2020, while the worst case would see a 7.4% decline. In other words, nobody knows what the next six to 12 months are going to look like.

That means AP needs to focus on conserving cash while keeping operations moving. They can expect more calls from suppliers since Accounts Receivable teams typically ramp up their efforts in tough times. They need to prioritize payments and capture early pay discounts. Procurement is going to reach out to try and renegotiate prices or terms. Treasury is going to be very interested in the timing of payments and managing working capital. It’s on the AP team’s shoulders to make sure they’re engaging with these teams and coordinating efforts.

At the same time, they’ve got to consider the efficiency and the productivity of their own team as we continue to work remotely. Among other things, that means coming up with a strategy for shifting to electronic payments at scale.

Many organizations have had this goal for a long time, but, depending on the research you look at, around 40 percent of business payments still issue by check. This number is down from a decade ago, but still problematic in a remote work environment. So why don’t businesses pay more of their suppliers electronically? Well, as everyone who rushed to shift suppliers to ACH payments when shelter at home orders took effect has learned, you can’t just flip a switch and move all your suppliers.

It’s easy enough to find a bank to handle ACH transactions for you. It also sounds a lot cheaper upfront than checks—if you only look at transaction processing costs, which are usually well below $1.

But with ACH, you have to enable your suppliers one by one, and then store and update their data securely. That becomes a fixed cost because there’s a constant churn of suppliers and their bank data–changes usually around once every four years per supplier. You should also expect to manage exceptions that arise with ACH file submissions and more nuanced supplier questions.

Thinking ACH is cheap or straightforward is one of the biggest misconceptions holding companies back from paying electronically. That’s not to say you shouldn’t make ACH payments. That said, they should be part of a holistic strategy that addresses the entire payments workflow, encompassing all forms of payment, including international wire payments.

What does that look like?

Card first

If you’re going to reach out to suppliers to enable them for electronic payments, you should first ask them to accept payment by credit card.

Virtual cards–sometimes known as single-use ghost accounts or SUGAs–are not as well-known as they should be in finance and accounting circles. Still, they can be an incredibly valuable part of your payment strategy. Unlike P-cards or company-issued credit cards, virtual cards exist to pay suppliers easily. Each card has a unique number that can only be used by the assigned recipient in the designated amount. That provides AP with substantial control and makes it one of the most secure, fraud-proof payment methods. You also should expect to receive rebates to offset some of your AP costs.

The main challenges are enablement and outreach, which don’t require significant effort on the part of AP teams since virtual card payment and remittance are relatively straightforward for suppliers. All that’s left is to structure your rebate program to support your team’s efforts and then some.

ACH for most

If a supplier declines to accept card, which often happens due to the interchange fee, your second request should be to enable them for ACH. Most vendors will say yes to this; in fact, they’d prefer it to check. Just be sure you have a realistic appreciation of the true ACH payment operating costs, including enablement and data management, as well as fraud support.

Check for holdouts

While the number is dwindling, there are some suppliers with a ride-or-die mentality who won’t accept anything but checks. For these suppliers, an outsourced payment provider can do a print check from an electronic file, so your team doesn’t have to handle all the paper.

Your payment strategy should include automating the payment workflow. Fintech ePayment providers wrap these disparate workflows into one interface so that all AP has to do is click “pay.” Then their payments will issue to their suppliers in the method they elected to receive. Because these platforms are in the cloud, payments can be approved and scheduled remotely, with visibility for multiple team members.

Heightened fraud protection

Your payment strategy should also include fraud protection. The pandemic, the move to remote work, and challenging economic conditions have created a perfect storm for a rise in all types of crime, including payment fraud. It’s essential to have strong internal controls, especially now that sensitive information is residing in your teams’ homes and on their personal networks. Preventing theft is a key component of cash management.

It used to be that organizations mainly worried about check fraud, and that’s still a problem, but it’s reduced quite a bit thanks to controls such as Positive Pay, Positive Payee, and watermarks on checks. So far, there aren’t similar controls for ACH. As businesses have gravitated towards ACH solutions, such payments have become more of a target for fraudsters. That’s a problem because the funds move faster, making it much harder to recover a fraudulent ACH.

Business Email Compromise (BEC) schemes are the most common type of attack. These involve fraudsters masquerading as suppliers, company executives, or other high-ranking personnel, requesting that funds route to a new, fraudulent bank account. We’re already seeing that the pandemic has provided BEC scammers with new material to convince an overwhelmed AP to comply with these requests.

To protect your team, you need a partner who can support your enablement and fraud protection goals, so your team can stay focused on cash management.

Finance and AP have long intended to go electronic, but the transition has been slow. It’s not just the flip of a switch or the sudden addition of a new payment type. Very few businesses realize how strategic the shift is until after they’ve committed to an update. Many companies that don’t plan accordingly have had to revert to check payments when they realized the actual cost and effort it takes to switch suppliers over. Rather than trying to attack a single pain point, you have to address the whole process from top to bottom.

Now we are going to see an acceleration of this shift with the remote workforce and challenging economic conditions. There is a new imperative, and there is also new technology. Interestingly enough, a lot of the fintechs providing B2B payments technology got their start during the great recession, when the financial system collapsed, and cloud technology was being born. These are now mature companies, ready to “cross the chasm” and transition their partners to 100 percent electronic payments.

________________________________________________________________

Derek Halpern is the SVP of Sales for Nvoicepay. He has over 20 years of technology sales and leadership experience, including 16 years in the fintech and payments space. Derek’s previous positions include VP of Sales at Billtrust, an AR automation technology company, and Sales Director at TranZero, a payments company. Previously, Derek co-founded a company called ProService Software, which was sold to Solomon Software. Derek became the Western Region Sales Manager for Solomon following the acquisition. Derek earned a BS in Business Management from Pepperdine University.

Josh Cyphers is the Vice President of Product & Strategy for Nvoicepay. For the past 20 years, Josh has managed successful growth for a variety of companies, from start-ups to Fortune 100 companies. Prior to Nvoicepay, Josh was a Senior Manager and Consultant at Microsoft, Vice President of Finance at Visa, and Business Planning and Analysis Manager at Nike. Josh is a lapsed CPA, and has a BS in Economics from Eastern Oregon University.

data security

Why the Keys to Maintaining Data Security in a Remote Environment are Control and Visibility

Remote workforces are nothing new to most organizations. According to Buffer’s 2019 State of Remote Work report, 44% of respondents noted that at least part of their team was “full-time remote,” and 31% said that everyone on the team works remotely. Further, at the time of the report, 30% of respondents said that their entire company worked remotely. However, the COVID-19 pandemic accelerated the work-from-home model. By March 31, 2020, the percent of users working remotely had increased 15 percentage points since the start of the COVID-19 outbreak. With that in mind, organizations are assessing how they can maintain granular levels of control and visibility when business data is being accessed remotely.

Adopting Contextual Controls to Protect Data

Most organizations already leverage role-based access controls. These controls, which align data access privileges and job function resources, provide a baseline for data governance. However, they often lead to excessive levels of data access and, in turn, produce additional risks. Contextual controls enable an organization to dynamically control access to data during varying contexts of access, often aligning to least privilege best practices. Migrations to cloud applications are largely due to contextual controls being a business requirement, simply because the interconnected applications required a more dynamic approach.

With the move to a remote workforce, organizations need to create more detailed and more dynamic access controls. With attribute-based access controls (ABAC), a company can incorporate additional context such as geolocation, time of day, and IP address to both ensure the appropriate user is accessing the resources and prevent users from having more access than they need. For example, if the organization knows that an employee should be working from Connecticut, ABAC can prevent access to resources if the user’s location is suddenly California – or a foreign country.

Contextual controls provide both the prevention of access policy violations, along with alignment between business requirements and security protocols. Because the organization can limit access according to the principle of least privilege, it reduces the risk of data leakage and financial fraud. Meanwhile, by creating more granular, data-centric access privileges, an organization can ensure that users do not get too much or not enough access – limiting the potential negative effects of restricting access excessively.

User Activity Monitoring for Security and Managing Productivity

Monitoring user access to resources and tracking how users interact with data provides an additional benefit for many organizations as their workforces move towards a remote model. Most organizations recognize the benefit of monitoring user access – but not just instances of logging in and logging out of applications. Understanding data access and usage is now a key requirement when maintaining visibility over business data. Organizations are turning to analytics platforms that both include granular access details, along with a visualization element (for example, SIEM). Data is only as useful as the insights it provides, and rapid aggregation and visualization of user access data is a crucial requirement for data security.

Using “Virtual” Work Hours

Looking at a common security use case, many organizations leverage “virtual” work hours to detect anomalies. For example, an employee usually works between the hours of 8 AM and 6 PM but monitoring and alerting to activity around sensitive data at 3 AM, for instance, can be indicative of unauthorized behavior. This uncharacteristic behavior may be an anomaly, but the organization needs to monitor the user activity more closely. If the user denies accessing the information at 3 AM, then the organization needs to focus its monitoring and have the employee change their password. If the organization detects additional unusual activity, then it may need to review the employee’s activities or investigate a potential data breach.

Monitoring User Productivity

From a workforce management perspective, organizations can leverage these insights to review employee productivity. Two use cases present themselves. First, many organizations have contracts that stipulate late payments incur a late fee. If the organization knows that employees should be processing payments ten days prior to the payment date, then they can leverage these reports to ensure that employees meet their timelines, even from a remote location. Additionally, by tracking resource usage data, organizations can monitor whether workforce members are appropriately prioritizing their workdays. If the employees are only accessing a business application at the end of the month, then they are likely waiting until the last minute to input payment information. Preventing these potential revenue losses or rush projects in other areas by speaking with the employee enables the organization to stay on top of its financials.

Enabling Visibility for Business Applications Has Never Been More Critical

Creating trust within and across distributed workforces ensures productivity. However, continued status update meetings across multiple time zones decrease workforce member efficiency. Organizations already monitor user access to their systems, networks, and applications. As part of a robust security posture, organizations should apply protections at the new perimeter – user identity. Rather than micromanaging employees via emails or chats, managers can gain valuable insight into how users are accessing resources and prioritizing work schedules by reviewing data and resource usage.

In an unprecedented time, companies need to find ways to enable their levels of control and visibility over business data. Whether a business application is on-premise or in the cloud, enhancing these solutions should be a mission-critical objective.

Risks against an organization are prevalent in a remote environment, whether those risks are security-related or employee-related by fraud, theft, and error. The keys to maintaining data security ultimately lie in your ability to provide oversight for your data, and the time to act is now.

_______________________________________________________________

Piyush Pandey, CEO at Appsian (www.appsian.com ) is a technology executive with 18 years of global experience in strategy, sales, mergers & acquisitions, and operations within software companies. Over the last 10 years, he has worked with enterprise software companies including Oracle, Epicor, Concur, Citrix and Microsoft on various transactions. He has held various leadership positions at Procera, Deutsche Bank, Stifel, Wipro Technologies and a wireless startup.

banks

OUT WITH THE OLD: WHY BANKS MUST ADOPT FINANCE TECHNOLOGY TO REMAIN RELEVANT

The term “FinTech” continues to saturate the news and financial institution reporting in recent years. It’s not surprising that streamlining financial services in the age of automation is something traditional banks struggle with adopting as global markets capitalize on technology. The trade sector on a high level is already purging antiquated, traditional processes involving paper, phone calls, Excel spreadsheets and tedious, unreliable methods of tracking and invoicing.

Now that FinTech is part of the bigger financial picture, it only makes sense that more companies in the global trade market are adopting FinTech as the norm rather than an option. This presents its own set of challenges for banks to overcome as much as it presents opportunities in optimization and risk mitigation. FinTech has its own challenges to overcome as well before it can successfully replace the traditional financial processes currently in place.

To understand exactly how FinTech fits into the bigger picture, we must break it down and evaluate all angles. To start, trends in emerging finance technology include variables from governments and dominating players to emerging acquisitions positioning big tech as a disruptor and solution to trade finance. So, what are some of the top emerging trends currently found in the financial technology space? According to experts at Azlo, a no-fee digital banking platform, government regulation will weed out fly-by-night FinTech while ownership of a self-sovereign identity will become more prevalent for risk modeling. Additionally, FAANG companies are currently positioned to become major players in the FinTech space as they continue to raise the bar for consumers and businesses alike.

Azlo also maintains that banks must adopt FinTech and emerging tech to remain a relevant part of the financial industry, warning that if they don’t, European, African and Asian markets, which possess less regulation and oversight, will own the space very soon. Additionally, optics, trust and inevitable obsolescence will ultimately serve as supporting reasons behind the adoption of emerging tech in the banking space in the near future.

From a safety and risk mitigation point of view, cybersecurity requires a sophisticated and advanced system to combat various strategies hackers utilize to disrupt the financial industry. Cybersecurity goes hand-in-hand with the recent surge in FinTech and will present itself as a challenge for financial companies to mitigate. How will this risk impact banks from a cost perspective? Think of it in terms of compliance and regulation. Circling back to Azlo’s expert point that once the government starts implementing harsher regulations, the days of FinTech will take a different stance in the financial industry. An example of this is found in Mexico’s FinTech law that took full effect this year and in the Latin America markets. As noted in a November Nasdaq article: “The goal of the FinTech law was to help bring more people into the formal economy. Additionally, it would help to reduce the amount of cash in circulation, which would cut down on money laundering and corruption as well.”

Nasdaq experts also point out the significant progress FinTech has made within the Mexico and Latin America markets. “In January 2019, Albo raised $7.4 million, sparking a surge in investor interest in Mexican neobanks,” states the article. “In March 2019, Mexican neobank, Fondeadora, announced a $1.5 million round of investment, and in May 2019, Nubank, Brazil’s largest neobank with over 15 million users, announced its plans to expand into Mexico.”

Considering the reputation for cash dependency in Mexico paired with the more than 273 FinTech ventures operating in the country, it’s no surprise that FinTech is disrupting and recreating opportunities for global markets while changing the way cash flow is approached.

FinTech will not necessarily hurt the traditional banking model, as it does offer an automated and sustainable approach for customers while keeping up with what is expected of companies on a cultural scale. To remain relevant, banks should consider what customer generations are emerging while maintaining the changing ecosystem supporting efficiency, sustainability and cost-savings.

Furthermore, FinTech is changing the way investments and lending are assessed. FinTech allows for much larger sets of data, providing a new level of visibility. Possessing the ability to manage multiple information streams that reflect the health of a company is found as an unmatched solution provided by FinTech, according to Azlo. With this information, companies can further evaluate next-step approaches and what actions in place need to be revisited, revamped or completely eliminated. The name of the game is data visibility, folks, and that is exactly what FinTech is doing to redefine how finances are approached.

“FinTechs are relying on different information when underwriting consumers, looking at things traditional banks have never considered and providing more people with access to personal and business capital,” explains Donna Fuscaldo in her blog, “The Rise of Fintech: What You Need to Know & Financial Services Now Offered.”

“Traditional financial institutions may be late to the FinTech party, but they haven’t missed it altogether,” Fuscaldo writes. “Many of them are creating their own services or partnering with established FinTechs to bring services to their clients. It’s happening in every aspect of FinTech from robo advisors with Charles Schwab’s Schwab Intelligent Portfolios to digital payments with Visa’s Visa Pay digital payment service. Even heavy hitters like JPMorgan are turning to FinTech’s data to evaluate applications for loans, and Quicken Loans, the online mortgage lender, launched its Rocket Mortgage app that can churn out mortgage approvals and rejections in minutes. All of this action on the part of the traditional financial services industry make for more choices beyond just the startups.”

With cybersecurity and automation consistently creating new ways for companies to optimize their payments while maximizing data and integration, only time will tell how much regulation global governments will impose and whether that reshapes the FinTech marketplace. One thing is certain: Traditional banking will continue to be challenged to redefine how customers are served, transactions are protected and how the investment and lending sectors approach opportunities throughout the international and domestic markets.

vulnerabilities

Top 4 Teleworking Vulnerabilities (and How to Mitigate Them)

Between social distancing guidelines and stay-at-home orders, it’s clear that we’ll all be spending a lot of time at home.

While many of us might normally work from home a day or two out of each week, few firms are used to having all their staff work from home for weeks at a time. 

This means that many companies have not implemented security measures that are most appropriate for a fully remote team.

To help you make the adjustment, here are some big-ticket vulnerabilities along with recommendations on how to best mitigate them.

1 – Using personal devices

The laptops and desktops your firm owns are secure. They have up-to-date patching and anti-malware. They have simple but important polices like an automatic screen lock. They’re backed up and might even have hard drive encryption and remote wipe capabilities.

Do the personal devices accessing your data even have anti-virus beyond Windows Defender? Are any running Windows 7, which has been out of support for months?

If a vulnerable machine is accessing your firm data, that data becomes vulnerable.

Best practice is to only allow your people to work from firm-owned equipment. If you try purchasing new equipment today, though, you will probably run into significant delays with manufacturing. Your second-best option is to roll out workstation management software to these personal devices. Your IT team can help with this.

2 – Heightened scam activity

Scammers are having a field day with this pandemic. We’re anxious, we’re distracted, we’re working with new and unfamiliar technologies, and we’re accessing confidential data outside of our secure office network.

In a span of just seven hours, cybersecurity company ESET detected 2,500 infections from malicious emails that played on COVID-19 themes. Phishing emails that appear to come from legitimate sources like the World Health Organization offer links or attachments with information about the spread, face masks, a vaccine—anything that will tempt recipients into clicking and infecting their machines with spyware, ransomware, or otherwise.

And the massive success of these scams means that hackers will double-down.

Fortunately, we can avoid these scams by practicing the same awareness tactics you’ve heard before:

-Don’t click links or download attachments you weren’t expecting.

-Watch for poor grammar and generic greetings (sir/ma’am)

-Don’t offer up personal information unless you can verify the request (by calling the sender, logging directly into your Facebook account, etc.)

Regarding coronavirus specifically, be sure to stick to official websites (WHO, CDC) for the latest news on the outbreak.

3 – Not using multi-factor authentication

Multi-factor authentication keeps you protected even if you make a mistake—which, as I mentioned above, is a lot more likely in today’s landscape.

Say you fall for a phishing scam and enter your Office 365 credentials onto a fake web page. But, your Office 365 account is set to send a verification code to your cell phone. Even with your email address and password in-hand, the hacker still can’t access your account unless they’ve also managed to steal your cell phone.

In January 1.2 million Microsoft accounts were compromised. Microsoft has said “multi-factor authentication would have prevented the vast majority of those one-million compromised accounts.”

Work with your IT team to (forcibly) enable multi-factor authentication on as many applications as you can. This is often not labor-intensive, and it can do wonders to keep your accounts locked down.

4 – Sharing devices with others

If you live with roommates or family members, you may find them asking to borrow your machine for anything from their distance learning assignments to streaming movies.

Whether this machine is personal device or owned by the firm, letting others onto the same equipment being used to store and access client data puts that data at risk. It only takes one wrong click to put your threat detection and response software—assuming any is installed—to the test.

And in some cases, someone just seeing an open document on your machine is a compliance violation.

Your firm policy may already have guidelines against sharing devices, but keep in mind that this is new territory for all of us, and that some may need help finding an alternative.

_________________________________________________________________

Heinan Landa, CEO and Founder of Optimal Networks, a globally-ranked IT services firm, and author of The Modern Law Firm: How to Thrive in an Era of Rapid Technological Change.

trading market

Modern Tendencies of Global Trading Market

The world is now a global village. Hence, globalization is a concept that has affected every aspect of human existence. The exchange of goods and services across nations and individuals, regardless of geographical limitations, is becoming increasingly seamless.

A Brief History of Global Trading Market

If you take a trip down memory lane, you’ll notice that global trading has come a long way. The origin of international or global trading dates back to the 19th century after the French war. The trade relations among nations increased significantly from 1865 to 1913, just before World War I broke out.

When WWI broke out, global trading fell rapidly. There was a massive dip in the export market. As it is with war, arms sales enjoyed enormous proliferation.

After World War I, things began to fall back to normal. It took a while for global trade volumes to rise to the peak reached before 1914.

The most significant rise in global trading came after World War II. In 1947, the General Agreement on Tariffs and Trade (GATT) was signed in Geneva by 23 nations. It marked a new dawn for global trading markets.

However, to better understand the modern tendencies in the global trading market, we need to look at the industrial revolutions that have happened over time. We can then link them to how they affect the global market in recent times.

Global Industrial Revolutions

There is an age-long relationship that exists between industrialization and globalization. The global industrial revolution that started in the late 18th century ushered in an abundance of raw materials. Industrialization led to the creation of new products and markets.

The products and raw materials that came, as a result of industrialization, needed to reach consumers across the world. That’s what led to the expansion of global trading markets.

Products were made in Europe from American raw materials and exported to Asia for consumption. A consequence of this affair between industrialization and globalization was the creation of trade routes. These trade routes connected America to Europe, Europe to Asia, and other continents of the world that needed the products.

We can talk about the early days of global trading markets without the pros and cons of globalization. The good that happened to the world was that manufacturers had more markets to sell their products. On the flip side, it created the opening for Europe to colonize the world.

The Journey from Then to Now

At this point, it’s safe to look deeper into how the industrial revolutions changed the course of global trading markets.

The First Industrial Revolution (1760 to 1830)

This is the period when Britain dominated and monopolized the global market. At the time, they had control of machinery, manufacturing techniques, and skilled laborers. Knowing that they were ahead of the world in industrialization, they kept everything within the confines of the British territory.

The embargo on the exportation of the industrialization that gave Britain a huge advantage didn’t sit well with some British businessmen. These folks began to seek more significant market opportunities outside Britain.

In 1807, two Englishmen took the industrial revolution to Belgium. The revolution further expanded global markets at the time.

Though it took a while for other countries to get on the wagon, it eventually happened after almost over a decade of British Monopoly. European countries like France and Germany came on board the ship to industrialization.

When the United States came into the picture, they gave the Britons a good run for their money’s worth. America became an industrial giant in the late 19th century.

Other countries that joined the industrial revolution at the time were Japan, the defunct Soviet Union, China, and India.

The Second Industrial Revolution (1870 to 1914)

While the first phase of industrialization focused on machinery and skilled labor, the next step introduced the manufacturing of more natural and synthetic products. It was in this era that synthetic materials like plastics began to flood the global market. Global trading expanded as a consequence.

The expansion in marketable products demanded a more straightforward way of doing business. Hence, this era brought computers into the fold. These computers now gave rise to what was called automatic factories.

With the global market expanding, governments began to get more involved. Economic policies came into play to establish checks and balances. Hence, averting an impending global financial and market crisis due to laissez-faire ideas that were at play at the time.

World War I marked the end of the second industrial revolution. Global markets were on shutdown as trade routes were either closed or manned by warring nations.

The Third Industrial Revolution (1990 to Present)

The advent of the internet marked the beginning of the third industrial revolution. The global market has shifted from the exchanges that took place at country borders to a peer to peer market setting.

With the world dealing with a myriad of global issues like natural disasters in, overpopulation, and poverty in some of the most populated cities of the world, there was the need to make the world a global village.

Trade deals can go on from anywhere in the world. People now have access to computers and the internet. It doesn’t matter if you’re a college drop out or a graduate from some of the best universities in the world, you can be a part of the global trading market.

In the first and second industrial revolutions, skilled labor was an exclusive reserve of a few countries that dominated industrialization. Today, remote workers can come from anywhere in the world, thanks to the advent of the internet.

For instance, you can hire labor remotely over the internet. An example is getting content writers from content review websites like Pick The WriterWriting Judge, and so on. The global market has now become more internet and remote-based.

However, the third industrial revolution has its significant cons. One of which is cybersecurity. With a lot of data shared over the internet, there are concerns about the unauthorized use of personal information for fraudulent activities.

With small businesses increasing, the dependence on the internet of things is increasing, thereby posing further cybersecurity challenges in the global trading market.

Statistics available shows that 43% of cyber attacks are targeted at small businesses. Sadly, over 60% of these small businesses go out of business within six months of the attack.

What’s The Way Forward?

As we gradually move from the third into the fourth industrial revolution, we expect that some of these cybersecurity challenges will reduce. Each industrial era comes with its pros and cons. However, the higher we go, the better we get – and the global trading market isn’t left out.

Already, technological advancements like Artificial Intelligence (AI), are with us. We are getting ready for an industrial revolution that will completely alter the way we live and do business. Industries are shaping up for what is coming with this technological revolution.

One sure thing is that the global economy will improve and life will be better for many people all over the world. Most bottlenecks in living standards and business opportunities will disappear to a large extent.

We envisage an era where technology will make life a lot easier. Trading platforms like crypto will make massive inroads into the global market systems. It’s a progressive world, and all we can do is get ready for the imminent.

______________________________________________________

Anna is a specialist in different types of writing. She graduated from the Interpreters Department, but creative writing became her favorite type of work. Now she improves her skills while working as a freelance writer for Pick The Writer, Writing Judge to assist a lot of students all over the world and has free time for another work, as well. Always she does her best in the posts and articles. 

maintaining

Maintaining Business-as-Usual When Nothing is Usual

As we watch the evolving global response to the COVID-19 pandemic, it is abundantly clear that organizations are facing a business continuity challenge for which most had not precisely prepared. With little to no strategic planning for it, organizations are being forced to shift from an on-premises employee base to a remote distributed workforce. The choice is clear, shift or shut down, and those trying to shift have significant hurdles to overcome. Enterprises need to protect their employees and ensure business operation continuity by making this immediate pivot to a remote workforce.

The aforementioned hurdles are numerous, indeed. A few key ones fall around maintaining compliance, ensuring security with developmental practices and keys, and maintaining visibility into risk when monitoring tools are overwhelmed with signals.

Uncompromised Compliance

Meeting compliance rules in a diverse IT ecosystem is arduous on the best of days but can be overwhelming for organizations dealing with the unanticipated tide of remote workers, non-controlled devices, and unmanaged locations. Yet without access to the business-critical and sensitive information required to perform job responsibilities, productivity would grind to a halt.  Organizations meet the competing priorities of employee access and regulatory compliance in spite of an ongoing pandemic. Compliance frameworks such as SOX, HIPAA, HITECH, and PCI, require implementing and monitoring a large number of controls to ensure compliance, even with remote workers. This is a herculean task, especially across multiple clouds, sites, and external work locations.

In order to establish compliance, many compliance frameworks require organizations to begin with a risk-based assessment of the ecosystem. The information gathered from this assessment determines what controls are necessary and how they can best be configured to integrate with the environment. For organizations needing to move swiftly, it is absolutely essential to utilize automated tools to manage this process and ensure that no controls are left out or partially implemented. Even after implementation, the ecosystem should be reviewed and monitored in order to maintain continual compliance.

Remote Development

Developers working from home come with the challenge of ensuring the codebase that they are working on is secure and that it can safely be moved through the development lifecycle. Fortunately, developers have already been moving down this path with the development lifecycle in the cloud using a CI/CD pipeline to streamline and automate the process from development to production. However, this requires the issuance of high-privileged keys to developers to move code between environments and execute the code. Protecting these privileged keys is challenging and can leave individuals with excessive rights that violate the principle of least privilege. In the worst scenario, a bad actor could insert malicious code, self-promote the code all the way into production, and have the code execute with a permanently issued privileged key, all without any checks along the way.

The best way to ensure that the CI/CD pipeline remains secure is to ensure there are zero standing privileges when they are not directly needed to perform functions in the environment. To aid in this effort, storing privileged keys and using a system to programmatically check them out at the time of code execution allows them to be available when needed but otherwise keeps them inaccessible. This can further be improved upon by using scoped keys that have an expiration built into them so that even if a high-privilege key was compromised, its ability to be utilized by bad actors is limited.

In order to maintain compliance, it’s also important for a solution to see and control when a developer may have a risky or toxic combination of access, such as the capability of both writing code and performing QA on that code. Keeping these duties separate is key to preventing poor code hygiene, and it also reduces the risk of a backdoor being written in and pushed into production.

Pinpointing Anomalous Behavior

When dealing with multiple external workers and the sudden change in traffic, the vast amount of real-time activity and behavior data coming in from different areas can complicate visibility into anomalous behavior. An IT ecosystem that ranges from on-premises assets to multiple clouds generates a huge volume of log data, and SIEM tools and vulnerability scans only add to the total. Each of these is generally contained in its own environment and has separate interfaces for reviewing and monitoring, and there is limited correlation to find anomalies that might not be readily apparent from any given individual interface.

While managing a strong remote work environment, an organization is going to need to double down on monitoring. In order to understand holistic risk and keep from missing trends only visible when broader data is analyzed, organizations should seek ways to integrate the data from these disparate systems to attain visibility not possible from looking at each as a silo. A quick response can make the difference between a bad actor being stopped cold and walking off with the keys to the kingdom.

When Business IS Usual

Whether adapting to a pandemic or evolving to follow the trend of offering remote work to attract top talent, ensuring your organization’s data is secure is top priority. Even when the IT landscape of your organization changes, you need to maintain business continuity with solutions that include automated response to risk while documenting continual compliance. Whether securing file access or enabling software development, ensuring only the right people have the right access to the right digital resources at the right time should be more than a clever catchphrase. It should be business as usual.

___________________________________________________________

Diana Volere is a strategist, architect, and communicator on digital identity, governance and security, with a passion for organizational digital transformation. She has designed solutions for and driven sales at Fortune 500 companies around the world and has an emphasis on healthcare and financial verticals.  In her role as Saviynt’s Chief Evangelist, she delivers Saviynt’s vision to the community, partners, and customers, addressing how to solve present and future business challenges around identity.  Her past twenty years have been spent in product and services organizations in the IAM space. Outside of work, she enjoys travel, gastronomy, sci-fi, and most other activities associated with being a geek.

automotive cybersecurity

Automotive Cybersecurity Market to Cross USD 837 Mn by 2024

The automotive cybersecurity market is set to grow from its current market value of more than $187 Mn to over $837 Mn by 2024, as reported in the latest study by Global Market Insights, Inc.

In an era where connected cars are deemed to mark the future of mobility, the market is indeed set to occupy a pivotal stance in smart and sustainable tech space. The cyber threats or security breaches in connected cars enable external access to the vehicle’s network and not just compromise the driver’s data privacy but can also pose serious threats to the driver’s physical safety and car’s operation. With data security breaches becoming intensely sophisticated, the automotive cybersecurity industry has turned out to be an inevitable investment spot that would aid the automotive sector’s continued roadmap toward connectivity without risk.

Speaking of competitive trends, strategic collaborations and partnerships have emerged as two of the top-notch measures adopted by the automotive cybersecurity market giants. One of the recent trends in this regard has been the JVs established between the automotive companies and technology conglomerates, in a bid to understand and resolve the security complexities in modern or connected vehicles.

The compulsion of connected services in vehicles for offering features like improved comfort, convenience, road safety and assisted parking will greatly benefit the automotive cybersecurity market, which apportioned revenues of over USD 187 million in 2017. With the mounting probability of a vehicle being hacked, a number of IT companies are partnering with automakers to develop security features and enhance vehicle safety measures. The  industry caters to every type of vehicle, from average passenger and luxury cars to heavy-duty trucks. Estimates suggest that close to 70 million connected vehicles will be running on the roads by 2020, a significant surge in comparison with the 2016 figure of 28 million. These statistics represent the vast amount of electronic control units (ECUs) that would be required in order to enhance the vehicles, instigating the market.

The network security dominates the automotive cybersecurity market and is projected to generate a market revenue of USD 236.4 million over the forecast timescale. The in-vehicle networks carry a variety of personal and operational identifiable information such as microphone recording, location, and call and navigation history, due to which protecting the data and messages over the network bus is important for privacy and operational security. Moreover, network protocols, such as Local Interconnect Network (LIN), Controller Area Network (CAN), automotive Ethernet, FlexRay, Wi-Fi, 5G network, Bluetooth, and Dedicated Short-Range Communication (DSRC), also aggravate cybersecurity threats. Therefore, it is important to adopt improved security techniques by interacting with security-enhanced network protocols to provide authenticity, integrity, and reliability of transmitted data.

One of the recent instances that validates the growing stance of collaborations & JVs as prominent growth tactics has been the partnership between SafeRide, one of the formidable automotive cybersecurity market players and Netherland based digital platform security giant, Irdeto. Under the terms of the recently inked partnership, SafeRide in collaboration with Irdeto is claimed to provide the OEMs and tier -1 automotive suppliers with a holistic cybersecurity solution for autonomous and connected vehicles.  Allegedly, SafeRide’s flagship vSentry solution would be integrated with Irdeto’s famous Connected Transport solution, Cloakware, to offer a multi-layered approach in protecting the platforms against tampering, automated attacks, and reverse engineering.

Europe’s automotive cybersecurity market is witnessing a fast growth rate and is projected to reach USD 224 million by 2024. Germany dominates the European automotive cybersecurity industry as it is the home to some of the leading automobile manufacturers including Ford, Volkswagen, BMZ, Audi, Mercedes-Benz, Opel, and Porsche. These companies are working with various software cybersecurity providers to increase the security offering aimed at maintaining passenger safety while traveling. For instance, in 2016, Volkswagen collaborated with three Israeli cybersecurity experts to establish an automotive cybersecurity company aimed at making vehicles and their ecosystem highly secured against cyber-attacks.

The companies functioning in the automotive cybersecurity market are investing in research and development strategies aimed at bringing about innovations in the automotive cybersecurity solutions. Some of the major vendors operating in the automotive cybersecurity industry are Audi, BMW, Ford, Honda, Nissan, General Motors, Volvo Car Group, Volkswagen, BT Security, Cisco Systems, Lear Corporation, Symantec Corporation, Argus Cyber Security Ltd., Intel Security, Arilou Technologies Ltd., Continental AG, and Karamba Security.

Source: https://www.gminsights.com/industry-analysis/automotive-cybersecurity-market