Trending Now

Building a Resilient Supply Chain with Advanced Predictive…

New Articles

HOW TO GO GLOBAL: WHAT E-COMMERCE SHOPS CAN LEARN FROM THE BEST ENTERPRISES

e-commerce online
Archives, Global Trade Daily, International Trade

HOW TO GO GLOBAL: WHAT E-COMMERCE SHOPS CAN LEARN FROM THE BEST ENTERPRISES

Leave a comment

Organizations face inherent risks and challenges on the path to globalization, due in part to each country’s regulations, inflation rates, currency and currency exchange rates, language and cultural barriers, foreign politics and policies, and consumer behaviors and preferences.

With almost 200 countries participating in international business, worldwide commerce presents an opportunity for enormous organizational growth if these hurdles can be cleared. Several large enterprises have expanded well internationally (Apple, McDonalds, etc.) by following some key touchpoints.

Surprises at checkout can lead to high cart abandonment.

The last thing an online merchant wants is to have a successful purchase in progress, only for additional fees, unaccepted payment methods, or extra taxes to tempt the consumer to abandon the cart. With online shopping cart abandonment estimated to be around 69.8%, it is the responsibility of the merchants to be aware of foreign regulations and payment challenges that could potentially add costs and corrupt the customer experience.

Equally as important is to be forthcoming about this information. All taxes and fees which may be associated with purchasing internationally should be upfront, and merchants must consistently highlight what the entire cost of the product is going to be, even if this includes additional wording in the checkout. Furthermore, e-commerce merchants need to be clear about the payment methods they accept, as this can vary significantly from country to county.

Merchants need to start paying attention to what consumers want to pay with.

When it comes to localization in e-commerce, customizing payment options is essential. Established enterprises and e-commerce merchants alike should not approach payments with a one-size-fits-all mindset. For example, while Americans prefer to pay with credit and debit cards, Europeans favor bank transfers and digital wallets (such as PayPal), and Asian consumers gravitate to QR codes. Narrowing down the scope even further, demographics within those counties play a role.

Therefore, e-commerce merchants need to tailor their payment methods to what will work for their target consumers.

Data breaches are far too common and are only on the rise.

Recently, international enterprise giants such as Microsoft, Estee Lauder, and MGM Resorts suffered security issues. From accidentally exposing confidential customer data online (such as credit or debit card information, home or office addresses, birth dates, buying history, and more) to malware and hacking incidents, these events significantly harmed consumer trust and brand reputation for these businesses. Even more, cybercrime is a substantial financial liability as the cost of patching, compensating victims, and possible litigation leaves many companies unable to recover fully.

The good news is that there has been much investment from established enterprises to create solutions that cross-border e-commerce merchants entering the market can utilize. For example, innovative technology is allowing faster responses to suspicious activity to ensure that transactions remain secure. As e-commerce merchants now realize that they are at risk if they decide to hold sensitive data in-house, they are discovering new ways to safely store information that is susceptible to threats.

Global merchants must take a lot of things into consideration. 

The established enterprises that have thrived worldwide do so because they understand their target audiences. They know that the key to success overseas is localization starting from a very high level, such as transparency and communication. It then goes down to payment preferences and choices, followed by assuring security and local compliance.

For global e-commerce merchants, this is a roadmap they can follow. For an e-commerce merchant to grow internationally, they need to identify what they want to accomplish, how local they want to be, what resources they have in-house, how to create the best experience and their KPIs.

This is where the right payments infrastructure partner can be of great value. By helping global merchants discover optimal ways of implementing payment methods, defining the best digital experiences based on preferences by the local consumers, and determining conversion metrics, they help merchants connect with more consumers, whether they’re 10 or 10,000 miles away.

Therese Hudak is the Head of Enterprise Account Management at PPRO

compliance
Archives, Global Trade Daily, News

The Art Of Compliance: Doing What’s Right, Not Just What’s Required

Leave a comment

The rest of society got a taste of what corporate compliance officers go through when the pandemic forced restrictions and requirements on the entire population.

Suddenly, people were told to wear masks, social distance, and wash their hands more regularly and thoroughly than ever before. Plenty of people didn’t like that, trying to dodge the new rules or openly defying them, even as clerks, store managers, police officers, and health professionals firmly reminded them they needed to comply.

In somewhat the same way, compliance officers for a business may appear to act as the resident scolds, reminding people when their plans or actions come into conflict with state or federal rules and regulations that govern their industries.

It doesn’t always go over well.

“People often resist compliance because they don’t like to be told what to do,” says Steve Vincze, president and CEO of Trestle Compliance (www.trestlecompliance.com) and author of the upcoming book Winning with Compliance: Strategies to Make Commercial Compliance Your Competitive Advantage.

“But compliance is about doing what’s right, not just what’s required.”

Companies can face hefty fines when they fail to comply with rules that govern their activities, whether the non-compliance was inadvertent or intentional. A couple of examples: In 2020, Capital One was fined $80 million for a data breach that exposed customers’ personal information the previous year. The Cheesecake Factory came under scrutiny and reached a $125,000 settlement with the U.S. Securities and Exchange Commission over the SEC’s allegation that the company misled investors about the impact of the COVID-19 pandemic on its business.

So, whether you are the CEO of the company or a compliance officer, how do you make sure people are doing what they need to do? Vincze offers a few tips:

Listen. If you want people to listen to you and embrace your advice, you need first to listen to them, to understand their fears, their challenges, and their motivations, Vincze says. “You need to be able to answer the ‘why’ behind the what,’ “ he says. “Why do I need to comply? What’s in it for me if I do?  When it comes to compliance, the key message is that you have to listen well, hear what they are saying, and then mirror back to that person that you understood them.”

Inspire and motivate. Logic alone doesn’t always win out, which may be frustrating for some leaders, but that’s when the art and science of compliance and of leadership must come to the fore, Vincze says. “You need to touch both hearts and minds to inspire and motivate people,” he says. “The trick is to get people to want to comply. Depending on who you are speaking to, you may be able to reach them rationally and sensibly. But sometimes you may need to go deeper and find out what motivates them. For example, if you are dealing with young people fresh out of college, you might show them how compliance connects to a broader purpose, that it’s not just about following some rule but about helping people in some way.”

Be tough. Eventually, though, you may need to get tough. “You have to draw limits,” Vincze says. “You have to discipline people if they don’t comply and put themselves and others in jeopardy. You have to know where to draw the line, but you have to do it consistently and fairly, and you must communicate the limits very clearly.”

“At the end of the day, effective compliance boils down to understanding people as human beings, and using that understanding as an effective leader to inspire the desired behavior,” Vincze says. “You have to connect compliance and each individual’s role to a cause greater than any one person, a cause greater than themselves. Connect with their passion and you will inspire their compliance. Fundamentally, most people are good and want to do what is right. Apply that understanding to win them over to start winning with compliance.”

___________________________________________________________________

Steve Vincze is president and CEO of TRESTLE Compliance, LLC. (www.trestlecompliance.com), a consulting firm that provides compliance, risk and regulatory services. He also is author of the upcoming book Winning with Compliance: Strategies to Make Commercial Compliance Your Competitive Advantage. Vincze has more than 25 years of experience in regulatory compliance matters, from government policy and enforcement to private sector business implementation considerations. Prior to forming TRESTLE, Vincze split his private-sector career between service as an in-house or outsourced senior vice president or vice president chief of compliance and privacy officer for several life science and healthcare companies, and as a consultant, as a senior leader with a Big 4 firm, and forming his own firms. He also served as an officer in the U.S. Marine Corps.

DDos
Archives, Global Trade Daily, Software

Why DDoS Attacks Are the Biggest Threat to Your Business in 2021

Leave a comment

In the 21st century, it’s hard to imagine functioning without technology. Just think of how many times a day you look at your phone or switch on your computer. When you need an answer, you turn to Google; when you want to relax, Netflix is there. In fact, it seems that the internet can take care of your every need — be it social, financial or recreational.

Unfortunately, though, technology isn’t just useful to you but also to those who want to harm you. As technology grows more advanced, hackers and cybercriminals obtain new and sophisticated tools to launch their DDoS attacks, threatening your safety. But what is a DDoS attack, and why is it so dangerous? Keep reading, and you’ll find out!

What Are DDoS Attacks?

DDoS stands for distributed denial of service, and it’s one of the most common tactics hackers use to bring down a server. To put it simply, they flood a network with so much traffic at once in order to overwhelm the server, and it crashes. To do this, hackers use a large group of compromised computers called a botnet.

Now, the problem is that anyone can become a part of a botnet without even realizing it. If your antivirus program isn’t up to date, or you visit unsafe sites, your computer can become infected by malware. Contrary to popular belief, malware doesn’t just corrupt your files or damage your device. In fact, hackers often use it to covertly gain control over your computer and use it for their malicious purposes.

An infected device works as usual, but you’re no longer in charge. The actual owner, the hacker, can order your device to start sending requests to a server of their choice, along with hundreds of other devices. Ultimately, that leads to a crash.

Of course, servers can crash when they gain a lot of traffic naturally. But that’s not a DDoS attack — DDoS always comes with malicious intent. The hacker who’s launching it rarely does so just for fun – they usually have rather serious motives.

Why Do Hackers Perform DDoS Attacks?

If you’re new to the world of cyberattacks and criminals, it might not be obvious what the purpose of DDoS is. What could a hacker gain from disrupting a server? Sadly, there’s no easy answer — the motives behind these attacks vary. Here are some of the most common reasons.

Financial Gain

Hackers often use DDoS attacks to target corporations and large businesses, knowing that they have high profits. Once they bring their servers down, they send a message asking for a ransom. The network stays under their control until they receive the sum they asked for, after which everything goes back to normal.

Ideology

Political and ideological wars are no longer waged out in the battlefield. These days, the real frontlines are in cyberspace. Whether it’s rebellious groups using hackers to protest against oppressive governments or those governments targeting protesters, DDoS attacks are commonly used in this type of warfare.

Gathering Information

If a large business handles lots of private information, it can easily become the target of a DDoS attack. In such a case, the attack serves as a distraction. While everyone is busy trying to resolve the problem, the hacker gains access to classified records and finds the information they need. The most sophisticated hackers leave very little trace, and no one even knows they were there.

Why Are DDoS Attacks Detrimental to Businesses?

Whatever the hackers’ motives may be, the most common DDoS attack targets are businesses. Large or small, they all face a similar danger as long as they are online. But how can a DDoS attack hurt your business, exactly?

Just imagine that a hacker attacks your company’s servers and brings them down for a few hours. The customers that would typically visit and purchase your products suddenly don’t have access to your site. New clients may be trying to visit your site too, but when they see that your website isn’t functional, they’re unlikely to return. In short, you can lose hundreds, if not thousands, of dollars as well as potential new clientele.

The longer your servers are down, the worse it gets. Soon enough, you’ll need to hire a team of experts to deal with your problem, which obviously won’t come cheap. On top of that, the hacker might ask for ransom, and after a few hours of losses, you’ll probably be more than willing to pay it.

But the worst damage you’ll suffer isn’t financial — it’s reputational. If your clients find out that your servers were hacked, they might have trouble trusting you with their personal information. No matter how loyal they were in the past, no one wants to believe their personal information is vulnerable. Soon enough, your pristine reputation will be tarnished, and not even by your own fault!

The only way to avoid this worst-case scenario is to put in place measures against DDoS attacks. That means you’ll need firewalls, antivirus software and perhaps even a special IT department to monitor your servers. It will surely cost you more, but in the long-run, you’ll be glad to have some peace of mind.

Protect Yourself Against DDoS Attacks

DDoS attacks are not child’s play — in fact, they have become the biggest threat to businesses in 2021. If anything, this threat will only get worse as our world becomes more digital. Don’t let yourself become a target; start looking into DDoS protection today. It’s the only way to ensure your customers’ safety and your company’s rise to success.

________________________________________________________________

MJ Shoer is SVP, Executive Director, CompTIA ISAO, at CompTIA, the Computing Technology Industry Association. CompTIA is the world’s leading tech association. Its mission is to advance the global technology industry. The CompTIA ISAO is an Information Sharing and Analysis Organization whose mission is to raise the cybersecurity resilience of the global tech industry. MJ has over 30 years’ experience in the IT industry, having founded and run an MSP for nearly 20 years before it was acquired as well as consulting with MSPs, SMBs and channel organizations.

cybersecurity
Archives, Global Trade Daily, Software, Special Reports

The Evolution of Cybersecurity

Leave a comment

Last year we saw cybercriminals seizing a massive business opportunity.

Our rapid shift to working from home due to COVID-19, plus heightened financial, political, social, and emotional stressors presented a perfect storm:

-The consumer-grade routers and electronics we use at home are inherently less secure than the centrally managed commercial-grade devices at our offices. 

-Many home networks are already compromised. In April 2020, BitSight found that 45% of companies had malware originating from an employee’s home network.      

-Social engineering hacks like phishing, vishing, and smishing thrive when victims are preoccupied or fearful. 

Our organizations became very vulnerable very suddenly, and bad actors did not hesitate to cash in. In March alone scammers ramped up COVID-related phishing scams by 667%. Overall, the FBI’s Internet Cybercrime Complaint Center (IC3) saw a 400% increase in reported cyberattacks in 2020. 

While the events of last year presented a unique scenario for all of us, the swift and aggressive response from bad actors is indicative of a trend that will, unfortunately, persist: cybercriminals have organized themselves into a successful enterprise that continues to innovate and evolve for maximum profit.

And that profit is sizable: According to a March 2020 study by Atlas VPN, cybercriminals bring in over $1.5 trillion per year in revenue—more than Facebook, Walmart, Apple, Tesla, and Microsoft combined.

Why does it matter?

Our only option when it comes to mitigating (not eliminating) the risk of a breach is to match ever-evolving threats with an ever-evolving security strategy.

Cyber defenses cannot be “set and forget” anymore; while antivirus software, firewalls, and active monitoring tools are essential components of that defense, they are no substitute for human vigilance. 

Not only that, but our concept of vigilance must recognize the potential for highly sophisticated cyber breaches that span weeks or even months. Instead of snatching valuable data in discrete intrusions, cybercriminals are siphoning it off via prolonged, methodical interactions with victims. One popular scam works like this: 

-The bad actor identifies who in your organization processes payments.

-They gain access to that person’s email account, generally through a standard phishing email.

-They monitor the email account over a period of time to identify high-dollar vendors.

-They craft a spoofed domain and impersonate that vendor (think accounting@optima1networks.com).

-The target receives an unassuming email from the “vendor” with instructions to remit future payments to a new account (guess whose).

-The target continues paying the fraudster until you or your vendor realizes the mistake.

These targeted exploits cost US victims roughly $1.7 billion in 2019, up 33% from 2018. 

Attacks like this harm your business in two ways: 

-Directly: In addition to funds stolen by a hacker, you may incur ransom payments, downtime while your data is recovered, and steep labor costs for emergency IT support. In the case of ransomware attacks, average downtime is 19 days, and costs to remediate average $730,000 for those who don’t pay the ransom, and $1.45MM for those who do.

-Indirectly: Your reputation takes a hit when news of a breach gets out (every state government requires some form of disclosure). Cybersecurity audits are becoming a popular precursor to business engagements and memberships, and 38% of businesses report losing customers because of real or perceived gaps in their cybersecurity posture.

While there will never be a silver bullet when it comes to cybersecurity, it’s imperative we adapt both our defenses and our mindset to best protect ourselves in this new landscape.

Our recommendations

More cybercriminals are entering the space, and they are more organized, disciplined, and persistent than ever. This means that our cybersecurity strategies must rise to meet this new challenge, and that what we used to view as “advanced” measures must now become our baseline.

At minimum, we recommend you implement the following:

1. Advanced Endpoint Protection on all machines accessing corporate data. Centralized anti-malware only checks for known virus definitions. Add Next Generation protection that uses Artificial Intelligence to flag all “unusual” behavior, and either kill the process or alert a Security Operations Center (SOC) to intervene.

2. Two-Factor Authentication (2FA). Strong passwords are no longer sufficient. Turn on two-factor authentication for any accounts and systems that don’t already have it. Check regularly to make sure all accounts are covered.  2FA makes it much harder for unauthorized users to gain access to your system even if they obtain your password.

3. Backup and recovery for all cloud apps. Most popular applications (like Microsoft 365) have some backup built-in, but in a limited capacity. Do you have sufficient retention policies? Would you be able to restore files encrypted or lost to malware? Protect your Microsoft 365 email, SharePoint, Teams, OneDrive, and other online apps with a supplemental cloud backup service.

4. Firewall with Intrusion Detection. An up-to-date firewall is a start, but we recommend also employing Intrusion Detection to monitor network traffic for potentially malicious behavior.

5. Security Awareness Training. In addition to annual training, continually feed your employees security tips, and continually test with phishing simulations. It is essential that security remains top-of-mind year-round.

There are several security frameworks like NIST, ISO, and CMMC that can provide structure to your security efforts even if you aren’t subject to compliance regulations. These can feel overwhelming to tackle, but the items above will get you well on your way to fulfilling the core requirements.

Beyond this, it’s critical to embrace the mindset that a network is only as secure as its users are vigilant and adaptive. The sophistication and sheer volume of today’s cyber threats demand that:

-Cybersecurity expenditures get their own line item in your annual budget.

-Your cybersecurity posture needs annual review as new threats are emerging all the time. 

Most importantly, you need a resource who is qualified to assess your specific business needs and construct a solution that coordinates the technical and human components of your cyber defense.

________________________________________________

Heinan Landa is the Founder and CEO of Optimal Networks, Inc., a globally ranked IT services firm, the creator of Law Firm Anywhere, a virtual desktop solution that helps attorneys work seamlessly and securely from anywhere, and author of The Modern Law Firm: How to Thrive in an Era of Rapid Technological Change. After earning his B.S. and M.S. in Electrical Engineering and Computer Science from Johns Hopkins University, Heinan went on to receive his MBA from The Wharton School of Business. Featured in Legal Management, Legal Times, Chief Executive, Inc. Magazine, Forbes, CIO, and with regular appearances on ABC7, CBS9, and FOX5 TV, Heinan is a trusted leader in the legal, technology, and business spaces. For more, www.optimalnetworks.com, 240-499-7900, or hlanda@optimalnetworks.com.

security
Archives, Global Trade Daily, Software, Special Reports

Top Security Threats E-commerce is Facing Today — And How to Solve Them

Leave a comment

E-commerce has been on an upward swing in recent years. And with COVID driving many businesses to migrate online, e-commerce is growing faster than ever before, with companies like Amazon and Alibaba at the helm of the virtual ride. But this rapid, transformative, and digital journey is not without its threats and dangers. Ironically, the same emerging technologies enabling the growth of e-commerce also present the most pressing and imminent security threats.

With Great Connectivity Comes Great Responsibility

Medium explains how the Internet of Things (IoT) refers to smart devices connected over the web. This includes everything from smartphones and smart home appliances to web-controllable sensors and switches in industrial equipment. The GPS and web-enabled systems in private cars and cargo vehicles are part of the IoT as well. And so are smart medical health-monitoring devices and specialized industrial sensors. All of this allows the IoT to be used to collect the most comprehensive big data sets on consumer behavior in the history of commerce. It’s also obvious how smartphones have been an integral part of e-commerce growth. With all that being said, each smart device that has access to your network is a potential gateway to stealing you and your customers’ data.

The usefulness of universal connectivity stops at any point that hackers can exploit. This is why the operating systems of our phones and laptops continuously update, and why companies should likewise always practice updating the security software of their own internal systems. As 5G enters the picture and makes the IoT even bigger, these measures are more crucial than ever before.

The Bigger the Data, the Bigger the Threat

Hackers target e-commerce companies because of the large potential for finding financial and other useful data. This risk will be exacerbated by the emerging technologies that will come to dominate e-commerce transactions. Augmented reality (AR) is one such technology, as it allows consumers highly unique perspectives on the items they want to buy. Using advanced AR, all you need is to point your phone at your living room to see how that new couch will look, or turn the camera to yourself to get a preview of how you’ll look in a certain hairstyle. All of these applications and more will enable the creation of new data in the form of actual footage of consumer behavior and their private spaces – potential new avenues for hackers to exploit.

Poor Security Education

All of these threats point to the alarming reality that everyone from consumers to e-commerce executives are still poorly educated in terms of cybersecurity. In fact, there’s been a spike in the national demand for cybersecurity professionals in recent years. But the good news is that some of America’s top universities are already rising up to the challenge. The rapidly growing cybersecurity program at Indiana State University (ISU) for instance has recently partnered with three different tech firms in efforts to meet the growing demand. ISU’s partnerships are aimed at not only enabling distance learning or online coursework for students but also giving them the penetration skills necessary to immediately get cybersecurity positions upon graduation.

This is not a new approach. Any graduate of the long-standing online cybersecurity master’s program at Maryville University is a trained ethical hacking expert who is also a Certified Information Systems Security Professional and EnCase Certified Examiner with a CompTIA Security+ qualification. As those two universities show, companies looking to hire cybersecurity experts to work full time or consult should not be put off by those who have an online degree, as they are just as valid as traditional on-campus degrees.

Armed with professional-level cybersecurity knowledge, you and your team can more confidently tackle threats through consistent security practices and by developing a long-term cyber protection plan. Keep updating these practices and your strategy as cybersecurity changes with the times. Be aware of the dangers you may face as your company adopts new e-commerce technologies. Learn as much as you can about protecting your e-commerce business from the hackers of the future.

data breaches
Archives, Global Trade Daily, Special Reports

The Largest Data Breaches in U.S. History

Leave a comment

COVID-19 has led to major changes to daily life for Americans, including a shift toward remote and at-home work. While these changes have led to more flexible working conditions for employees, they have also increased data security risks. New data from the Federal Trade Commission and the Identity Theft Resource Center indicates that heightened security risks brought on by more remote work are of particular concern when considering that data breach and identity theft reports doubled between 2014 and 2019.

Certain sectors are more vulnerable to data breaches than others. In 2019, the largest number of breaches occurred in the business and healthcare sectors, at 644 and 525 total data breaches, respectively. The business sector has become increasingly vulnerable to data security issues, as breaches in this sector increased by nearly 150 percent between 2014 and 2019. In contrast, data security remains strongest in the banking and government sectors, both of which saw a decline in total data breaches between 2018 and 2019.

Data breaches often compromise a company’s most sensitive records. The majority of them stem from hacking and intrusion cases and unauthorized access to records, which comprised more than 75 percent of all data breaches in 2019. On the other hand, employee error and negligence accounted for less than 11 percent of data breaches in 2019. However, with an increase in at-home and remote work, breaches stemming from a lack of employee knowledge or training is now more of a priority among employers.

To profile the most significant data breaches of U.S. companies, researchers at Spanning analyzed data from the Identity Theft Resource Center and the Federal Trade Commission, while also reviewing major news reports. Data breaches were defined as any unauthorized exposure to a company’s records, and incidents were ordered based on the total number of records exposed.

Between 2013 and 2019, companies involved in social networking and media, such as Yahoo and Facebook, were the most vulnerable to data breaches. For these companies, data breaches were most likely to occur through hacking and intrusion or accidental internet exposure. Emails, passwords, and other personal information were the most frequently compromised types of information.

Here are the 10 largest data breaches of U.S. companies in history.

Company
Rank
Number of records exposed
 Type of breach
Industry
Types of information compromised
Yahoo – 2013 1 3,000,000,000 Hacking/intrusion Media Name, email, phone number, date of birth, login information
River City Media – 2017 2 1,370,000,000 Accidental web/internet exposure Marketing Name, IP address, physical address, email
People Data Labs / OxyData.io – 2019 3 1,200,000,000 Accidental web/internet exposure Data Name, email, phone number, social media profiles
First American Corporation – 2019 4 885,000,000 Accidental web/internet exposure Financial Bank account number, bank transactions, drivers license, Social Security number
Facebook / Cultura Colectiva – 2019 5 540,000,000 Accidental web/internet exposure Social network Account name, account ID, Facebook comments and reactions
Yahoo – 2014 6 500,000,000 Hacking/intrusion Media Name, email, phone number, date of birth, login information
Marriott International – 2018 7 500,000,000 Hacking/intrusion Hospitality Name, physical address, phone number, email, passport number, date of birth, gender, reservation information
Facebook – 2019 8 419,000,000 Accidental web/internet exposure Social network Name, account ID, phone number, country
FriendFinder Networks – 2016 9 412,000,000 Hacking/intrusion Social network Account name, email, password, join dates, user’s last visit
MySpace – 2016 10 360,000,000 Hacking/intrusion Social network Email, password

For more information, a detailed methodology, and complete results, you can find the original report on Spanning’s website: https://spanning.com/resources/industry-research/largest-data-breaches-us-history/

Archives, Commentary, Global Trade Daily

How To Ditch The Techie Jargon And Improve Your Organization’s Cybersecurity

Leave a comment

An office memo that tosses around terms like DRM, botnet, FTP, spear phishing and worm could be a quick, easy read for the head of the IT department.

But for everyone else in the organization it may or may not be one big mass of confusion.

And with that bewilderment comes potential danger, says J. Eduardo Campos, co-founder with his wife, Erica, of Embedded-Knowledge Inc. (www.embedded-knowledge.com) and co-author with her of From Problem Solving to Solution Design: Turning Ideas into Actions.

“There’s a serious gap in communication skills between cybersecurity pros and their general audiences, and it’s essential for the people on the IT side to bridge it,” Campos says. “Increasingly complex security threats demand that cybersecurity professionals use plain language when they are communicating with those less familiar with tech talk.”

Otherwise, he says, an organization could be vulnerable to hackers even if the staff had been warned about what to look for, simply because the employees didn’t understand the language behind the warning.

After all, cyber threats aren’t just a technology problem – they are a people problem, says Campos, who worked on cyber threats as a former employee of Microsoft.

“People are the weakest link in computer security and many companies don’t promote a company philosophy of ‘computer security is everybody’s business, ” he says.

Campos suggests a few ways to improve communication between those in charge of cybersecurity and everyone else in the organization:

Incorporate this need into the hiring process. When hiring new staff for your IT and cybersecurity team, look for experts who have not only tech skills, but also the skills necessary to comfortably interact socially and clearly communicate in lay terms with all the stakeholders in the organization.

Focus on training. Cybersecurity teams can be trained to become solution designers who can connect the dots, Campos says. They can then capture, clarify, and address all stakeholders’ concerns, helping them to determine and keep their goals aligned. Such cybersecurity pros enable success by listening to everyone involved before sharing their own viewpoints.

Realize this is an ongoing process. It’s important to ensure that the improved communication is sustained over the long haul, and people don’t revert to old ways down the road, Campos says. “You will want to monitor the situation so that you can quickly spot and head off any problems,” he says. “You can create a feedback loop so that the employees are encouraged to let you know how things are working.”

“Data breaches, data ransom plots, and email hacks intimidate us all,” Campos says. “Cybersecurity teams themselves feel hard-pressed enough to prepare themselves for the onslaught of these gremlins, let alone to accomplish the challenging task of communicating to stakeholders about how to mitigate and deal with cybersecurity risks.”

“But for organizations to keep their information and systems safe, that communication needs to be done, and in a way everyone can understand.”

About J. Eduardo Campos

J. Eduardo Campos is co-author with his wife, Erica, of From Problem Solving to Solution Design: Turning Ideas into Actions. Campos spent 13 years at Microsoft, first as a cybersecurity advisor, then leading innovative projects at the highest levels of government in the U.S. and abroad.  His consulting firm, Embedded Knowledge Inc. (www.embedded-knowledge.com), works with organizations and entrepreneurs developing customized business strategies and forming partnerships focused on designing creative solutions to complex problems.