by Fronetics | Aug 15, 2018 | Blog, Data Security, Data/Analytics, Logistics, Strategy, Supply Chain
Data breaches are all over the news lately, but data analytics may be the key to tighter security — and better customer service.
A growing number of high-profile organizations have been in the news recently for data breaches that put customers at risk, and the trend shows no signs of stopping. Collecting data about customers allows organizations the advantage of personalizing their services, but safeguarding that data comes with major security concerns.
[bctt tweet=”Collecting data about customers allows organizations the advantage of personalizing their services, but safeguarding that data comes with major security concerns.” username=”Fronetics”]
Data analytics, or the way organizations process the information they collect to learn about their customers, is becoming increasingly effective at de-anonymizing large amounts of data and tying it back to specific individuals. While personalized data is a goldmine in terms of marketing and services, it’s also exactly what cyber-criminals target.
But information expert Sam Ransbotham, in the MIT Sloan Management Review, says that de-anonymizing people through data analytics coud be a powerful security tool itself, and can even improve customer service along with way.
How data analytics plays into security
Ransbotham points out that authenticating identity is one of the most important parts of keeping data secure. Whether online or over the telephone, authenticating your identity usually means answering a string of questions first to identify your account and then to affirm that you are who you say you are.
Data analytics, however, offer a better way of authenticating identity. A number of companies in the banking sector have already begun to use speech processing to identify a caller’s voice based on recordings of previous telephone calls. These “voiceprints” can confirm identity almost instantly and reduce the chance of someone stealing a personal identification number (PIN).
Using an automated system of voice-data analysis gives banks the added benefit of being able to adjust their security protocols for all customer service interactions at once. This allows for faster responses to updated assessments of security threats, rather than having to re-train customer service representatives.
Customer service advantages
Instead of making callers identify themselves by answering “security challenge questions,” data analytics allows the security process to take place behind the scenes. Customers experience a more streamlined calling experience that immediately addresses their needs. They save time and are spared the hassle of answering questions to identify themselves.
Security challenge questions are, Ransbotham says, “adversarial by design. … This authentication process must begin with the assumption that the caller is a malefactor impersonating the real customer.” By performing the authentication process behind the scenes, voiceprints help re-define the customer service experience as helpful instead of combative.
Organizations, in turn, can save time on employee training. They can focus on training employees for service rather than security.
Data analytics does not have to involve a trade-off between security and service. Techniques like collecting and analyzing voice data can actually start providing solutions to some of the security concerns that data collection raised in the first place.
As Ransbotham suggests, data analytics has the potential for further applications. Voice analysis can detect speech patterns that indicate if someone is being coerced or suffering from impairment, which could be adapted for security and service purposes, too.
Related posts:
by Elizabeth Hines | May 29, 2018 | Blog, Content Marketing, Current Events, Data Security, Data/Analytics, Manufacturing & Distribution, Marketing, Strategy, Supply Chain
While information-heavy companies employ entire teams dedicated to cyberattacks, American factories have quietly been growing more and more susceptible.
It’s been eight years since the widely publicized Stuxnet virus was released to wreak havoc on its unsuspecting victims. Are we in a better place now to deal with a highly sophisticated next-generation Stuxnet-style attack?
[bctt tweet=”Information heavy companies have entire teams dedicated to cyber defense, while American factories have been left more and more susceptible.” username=”Fronetics”]
Most experts say no. In fact, studies suggest that manufacturers, in particular, are increasingly vulnerable to cyberattacks. While information-heavy companies have grown to employ entire teams dedicated cyber defense, American factories have quietly been growing more and more susceptible.
Time to Pay Attention
Ransomware attacks, in which hackers use malware to encrypt data, systems, or networks until a ransom is paid, are alarmingly common. According to a recent report from Radware, 42% of global companies have dealt with this kind of attack. That number has been steadily rising. The number of companies reporting financially motivated attacks has doubled in the last two years.
Manufacturers — if you haven’t been paying attention yet, it’s time. This summer, about half of the organizations targeted by the sweeping Petya ransomware cyberattack were manufacturers. The recent WannaCry virus actually forced a Honda plant in Japan to halt production.
And there’s a bit more: The Wall Street Journal recently reported on what they call a new type of cyberattack that targets factory safety systems. Hackers who attacked a petrochemical plant in Saudi Arabia last year specifically focused on a safety shut-off system.
Is the WSJ right? Is this a new trend? Will hackers begin targeting control-system computers that manage American factory floors, chemical plants, and utilities on a more regular basis? Maybe.
There are plenty of theories that even the most crippling ransomware attacks like Petya and WannaCry are, at their core, motivated by something other than money, namely sheer pleasure in chaos and disruption. The potential damage to factory production and safety systems is growing. Now is the time to wake up and pay attention.
Factories Growing More Susceptible
Factories and manufacturers are at a heightened risk for a few coinciding reasons.
The complexity of our supply chains is a liability. With parts and materials from diverse and sometimes changing sources, as well as networks that can span all phases of production, our supply chains are large and constantly adapting and, because of this, extremely vulnerable.
The intensity of the manufacturing schedule raises a second issue. Many manufacturing facilities run around the clock, and halting factory production for testing is often cumbersome and costly.
The third reason is, of course, the byproduct of a manufacturing sector that has become steadily more data-driven and dependent on information technology. As manufacturing has steadily merged with technology to create the Industrial Internet of Things, we too have unknowingly created a space in which hackers see the potential for massive amounts of under-protected data, equipment, networks, and intellectual property.
How Can We Prepare
We’ve all heard the mantra, “The first step to solving any problem is admitting you have one.” A core concern has been the manufacturing sector’s inability or unwillingness to face this growing threat.
A report summary issued through a joint venture between MForesight and the Computing Community Consortium warned, “There’s a widespread failure to reckon with the risks.” The report recognizes that solving the issue will be long-term and complicated, but offers a few suggestions, including wide-reaching efforts to increase awareness, collaboration with trusted third-party partners, and cybersecurity research and development.
In the shorter term, maybe this can help. Last year the National Institute of Standards and Technology (NIST) released a Cybersecurity Framework Manufacturing Profile that provides a roadmap to managing cybersecurity and reducing risk to your manufacturing systems.
But I think Sridhar Kota, professor of engineering at the University of Michigan, hit the nail on the head in his article entitled A Plan for Defending U.S. Manufacturers from Cyberattacks, when he wrote: “Cybersecurity needs to become a deeply ingrained part of every manufacturing company’s culture — embedded in management decisions, workforce training, and investment calculations.”
The risks to manufacturers are growing from all-too-common ransomware attacks to sophisticated Stuxnet-style assaults targeting our safety systems. Its’s time that we in the manufacturing sector think of cybersecurity, and cyber defense, in absolutely every decision we make. To do otherwise is reckless.
Related posts:
by Fronetics | Nov 25, 2015 | Blog, Data Security, Data/Analytics, Strategy
Apple has been making lives easier for years with its personal electronics devices, and its new step towards security will bring relief to many people and, in the age of BYOD (bring your own device) many businesses with be grateful. An increase in two digits, from four to six, might not sound like a big difference, but, in fact, it is. With a four digit passcode there are only 10,000 possible combinations, and the bump up to six digits allows for 1 million possible combinations. According to the website Cult of Mac, “With a brute-force computer, it takes on average 40 seconds to attempt every passcode; theoretically, it would take a maximum of 111 hours, or 4.5 days, for a computer to crack a four-digit passcode. Bump it up to a six-digit passcode and it’d take the same machine 11,000 hours, or 458 days.”
The Age of Flexible Work Arrangements & BYOD
Companies and employees are increasingly going the route of allowing personal devices to be used in the workplace, and allowing people to work from home. According to a recent study by the Quarterly Review of Economics, people who work from home are more productive (the study showed a 13% increase), less exhausted, and less likely to leave a job. As more people work from home and on the road, and want to immediate access to their personal and professional information, BYOD has become popular.
According to a thorough Ponemon Institute study on the security impact of mobile device use by employees, many employees want to use their cell phones, but don’t have a full grasp of how security is being impacted or could be breached. Here are some telling numbers:
- 70% of respondents said that BYOD makes them more productive because they have access to personal and professional information in one spot
- A total of 62% of the respondents reported that access to corporate information via mobile devices is “essential” to productivity
- 38% said that they are more efficient and work time was reduced by roughly 30 minutes
- Only 20% of participants reported receiving training on security of corporate content on mobile devices. Of those who were trained, 74% reported that it was not helpful in reducing security threats on mobile devices.
- 66% said that they “frequently” or “sometimes” download apps that aren’t approved by their companies
- Only 19% check for viruses or malware, and 22% believe this behavior invites any danger to their company
Can a Passcode Fix Security Problems
Apple’s new security option is going to help, no doubt. Breaching a password is one issue, but security concerns extend beyond passwords. One of the major benefits of Apple’s new passcode option is that many companies will have to review their mobile device policies. Emails, client information, legal documents, finances, and other important information are sent from and stored in mobile phones. To say this is delicate information is an understatement.
Here are some suggestions for tightening security:
- Review all vulnerabilities in security including devices, networks, and applications
- Require password protection
- Have detailed security protocols for each electronic device
- Determine which activities can be performed and which can’t on devices
- Consider periodic IT check-ups on devices
In the modern workplace, being able to balance flexibility with security is key to a productive and safe business. Properly training employees, setting clear expectations, and instilling trust in employees is important. If employees are trusted they will want to protect your company’s valuable information, but they can’t do the right thing without clear and accessible policies.
This post originally appeared on Electronics Purchasing Strategies.
by Fronetics | Oct 28, 2015 | Blog, Consumer Electronics, Data Security, Data/Analytics, Logistics, Strategy, Supply Chain
When it comes to IT Asset Disposal here are 5 must-ask questions for third-party providers.
When the industry thinks of data breaches it raises the specter of a savvy hacker lurking very far, and yet very close, intermingling with a larger organization of internet criminals, breaking into our technology and gathering most private information: credit card and bank account details, social security numbers, and personal health and income data. The recent breaches at Anthem insurance and the retail giant Target make users worry about the trail they leave when they swipe a card or populate a form with personal information. This is how individuals think identities might be exposed. Individuals often don’t think about what happens when a company retires old servers, computers, printers, copiers, and scanners. What happens to confidential data? This is something businesses must think about.
ITAD
Receipt, processing, destruction and disposal of hardware and software are a necessary and growing business. The Blumberg Advisory Group’s 2014 ITAD Trends Report shows that data security is the number one reason why companies implement an IT asset disposition (ITAD) strategy. News reports highlight examples of sensitive data being found on retired assets, frompersonal photos and information to matters of national security. The costs associated with data breaches and with the improper disposal of IT assets are great. They include financial implications such as penalties, the loss of customer loyalty, and the tarnishing of one’s reputation. To mitigate risk, asset recovery management is critical to companies operating in today’s global supply chain.
According to Transparency Market Research (TMR) as reported inElectronics Purchasing Strategies, ITAD represents an estimated $9.8 billion handling 48 million tons of discontinued or excess technology gear. According to TMR, by 2019 the predicted market will grow to $41 billion made on 141 million tons of used equipment. Concerns about data security have resulted in companies becoming more aware of the need for ITAD and the need to budget for it. In 2014, 87 percent of companies reported having an ITAD budget; 38 percent more than in 2012.
Outsourcing this complex work can be a necessity for many companies who don’t understand the intricacies, regulations, labor and cost of asset disposition. Electronically stored data is subject to stringent HIPAA/HITECH, FACTA, SOX, GLB, and FERPA regulations, complicating responsible disposal. Secure and thorough “wiping” of data is critical, and the environmental impact of retired assets is also a vital concern.
More and more companies, 65 percent of companies larger than 10,000 workers and up to one third of all businesses, are turning to 3rd-party service providers to manage end-of-life assets. The factors seen as most important in selecting a 3rd-party service provider include: adoption of industry-recognized compliance standards (97 percent); a well-documented and enforced chain of custody (95 percent); and high-quality, thorough client reporting (95 percent).
Reduce, Reuse, Recycle
ITAD is expensive and it can be risky. It is, therefore, important to find a 3rd-party service provider who can ensure as much safety and security as possible. Many ITAD companies have a split business model working with upstream partners to collect and process retired material, then turning to downstream partners who are looking to purchase used technology gear. Given this model, your server could be someone else’s server one day. Ensuring proper receipt and processing is critical.
Must-Ask Questions
These are must-ask questions businesses should ask 3rd-party providers before hiring them. Be certain these questions are answered thoroughly and confidently.
1. What is your specialization?
2. Is there uniformity in the process?
3. Who would manage our relationship?
4. How flexible are your operations?
5. What if something goes wrong?
Companies operating in today’s global supply chain need to take the necessary steps to mitigate risk when it comes to asset recovery management.
You may also like:
The importance of Asset Recovery Management in the Global Supply Chain
Content marketing ROI for reverse logistics companies
This article was originally published on Electronics Purchasing Strategies.
![How to Keep Your Company Data Safe in a BYOD Environment [Infographic]](https://www.fronetics.com/wp-content/uploads/2024/10/BYOD-policy-checklist-800x675.jpg)
by Fronetics | Sep 16, 2015 | Blog, Data Security, Data/Analytics, Marketing, Social Media, Strategy
While the Bring Your Own Device (BYOD) concept has quickly gained traction in the business world, many companies have been slow to address its threat to their data privacy. Even for companies that have recognized the need to prioritize digital security, many have struggled to establish policies that support personal device use while protecting their data. And that’s risky given the high level of connectedness many employees now enjoy – with or without formal guidelines or policies. It leaves businesses open to enormous potential for data leaks.
To avoid the potential leak of data, your company should establish policies on the use of personal and mobile devices such as tablets, smart phones, and laptops that may be used to access your company’s computing and communications systems. Here are six crucial items to consider as you set out to mitigate the risks of your own BYOD culture.
by Fronetics | Sep 15, 2015 | Blog, Data Security, Data/Analytics, Marketing, Social Media, Strategy
Personal connected devices – our laptops, cell phones, and tablets – are arguably the most complicit tools in the recent blurring of the parameters between personal and work life. And while most businesses have generally recognized the benefit of allowing employees to use their personal devices for work purposes, the bring-your-own-device (BYOD) revolution has certainly thrown a curve ball to those responsible for safeguarding company data. Although corporate finance groups are singing the praises of the trend due to its inherent reduction in costs, it’s not all rosy in the BYOD world. That’s why it’s crucial to format a corporate strategy policy that will protect your company from a potentially dangerous data-leak train wreck.
Here’s why: Employees are now widely accessing corporate data from their own computer, a tablet, even their mobile phone. With so many of us bringing more and more smart devices inside our office environments and hooking them to our corporate networks, the potential for data leakage grows exponentially. When anti-virus and digital security software company BitDefender set out to explore the connectedness of typical American workers last year, they found that over half stored work-related data on their personal devices. Shockingly, almost 40 percent of them had nothing in place to prevent unauthorized access to their device. Further, in a study conducted by the University of Glasgow, 63 percent of used smart devices purchased through second-hand stores and eBay-like marketplaces still had data on them. This data included personal information as well as sensitive business information.
The problem is there’s no chain of custody in the BYOD world. Think about it. When the corporations owned your cellphone and your PC or laptop, they controlled its issue to you, how you used it, what software you put on it, and when and how it was turned in and destroyed. A solid internal tracking of electronic assets coupled with a solid electronic asset disposal solution provider meant that, for the most part, the corporate digital assets were safe. In the BYOD world, the corporation does not own the IT equipment. Personal smart devices are being linked to corporate IT environments. This mating of personal and professional equipment and data is happening everywhere. Your corporate data is being commingled with secure and non-secure access points to the Web, cloud, etc. Not to mention the fact that those devices metaphorically walk in and out of your office every day, and you have no control.
Companies are scrambling to address this issue in a number of ways. Some have addressed the problem via software solutions at the enterprise level (think Blancco or BlackBerry enterprise), some at the device level (think solutions like Apple Find My Device, etc.), and some at the human resources and legal levels with policies and procedures that prohibit users’ use of corporate information. But the truth is, without a chain of custody model incorporated with these solutions, once the corporate data is accessed or downloaded, it’s already gone — you just don’t know it yet.
The reality is that it’s going to take some time for the corporate world to catch up with what some have called the “semi-private information revolution” like the cloud, Facebook, or social media. Secure file sharing, essential for an organization’s BYOD guidelines, is one of the best options available. Services are now available to help with cloud encryption and it’s changing the way we share and monitor files. Encrypting data is crucial and minimizes the risk of sharing sensitive data and having it tampered with. Rely on your electronic asset disposal provider to help your company develop a strategy and process that is aligned with your corporate information sharing guidelines. Right now, your corporate data is only as safe as the process that you create.
Fronetics Strategic Advisors is a leading management consulting firm. Our firm works with companies to identify and execute strategies for growth and value creation.
We advise and work with companies on their most critical issues and opportunities: strategy, marketing, organization, talent acquisition, performance management, and M&A support.
