Connect with us

Business

THE RISK VERSUS REWARD QUESTION AROUND COLLABORATION TOOLS

By Dave Henderson, co-founder BlueFort Security

 

Financial services organisations are increasingly recognising the importance of digital technologies as a driver for increased profits, regulatory compliance, and enhanced customer experience. As remote and mobile access have become more commonplace, digital technologies, including collaboration tools, have shifted from a ‘nice to have’ to a ‘must have’.

IT security teams within financial services, in particular, operate under the understanding that there must always be careful consideration to ensure privacy and security for all users, and their data. There are good reasons that laws and regulations like GDPR, CCPA and HIPAA exist and regulated firms must satisfy the FCA and PRA that they are operating within the strict guidelines that are in place.

However, if IT security teams weren’t stretched enough before March 2020, they’ve certainly got their work cut out for them now.  A geographically dispersed workforce, with hundreds of computers and devices all operating outside the protection afforded inside the corporate network has all the hallmarks of a cybersecurity disaster waiting to happen.

For financial services firms, the need to ensure markets are ‘clean’ and free from abuse is paramount. Working from home – which many will still be doing – places an immense burden on IT security teams as they must prove that appropriate controls over inside information and effective information barriers remain in place, regardless of where their teams are working from.

Julia Hoggett, Director of Market Oversight at the FCA, recently spoke out about the “challenges of surveillance driven by our new ways of working and the importance of effective culture to manage those risks”.

No wonder 91% of CISOs say they suffer from moderate or high stress.

 

Collaboration Application Sprawl

As employees have adopted a wide variety of tools for internal, external and ad hoc communications, many organisations find themselves in the challenging, and risky, situation of collaboration application sprawl. For the most part remote workers have simply been trying to find a quick and easy communication workaround to being physically separated from their colleagues. There was no malice intended.

However, there is a large elephant in the room when it comes to these collaboration platforms. The simple fact is that Slack, Microsoft Teams, Zoom and the majority of other similar tools aren’t very secure, and neither are shadow IT apps such as WhatsApp. Their sudden and widespread adoption has the potential to be a recipe for security disaster. Even if the legitimate user has no malicious intentions, these platforms are wide open for exploitation by cyber criminals. Earlier this year, Standard Chartered became the first global bank to ban the use of the Zoom video conferencing app and Google Hangouts, as a direct result of these security fears.

 

But what exactly is at stake here?

If a malicious actor is able to compromise a user account, there is a strong probability that they’ll gain access to a company network. And then once inside the corporate network there’s untold damage that could result. For example, they could pose as a trusted employee to share malicious documents or files to move laterally into other devices. Depending on how the platform is configured, they may also be able to move into file-sharing apps such as G-suite or Sharepoint to gain access to sensitive data.

 

Here are some classic collaboration platform cybersecurity mishaps:

  • TeamViewer is a collaboration software that facilitates remote control, desktop sharing, online meetings and file transfer.  A couple of years ago, the software had to issue an emergency patch for a bug that could have let attackers access users’ machines via desktop sessions. A separate social-engineering attack earlier last year used an illegitimate version of the software to trick users into surrendering access to their computer.
  • More recently, Abnormal Security researchers highlighted a multi-pronged Microsoft Teams impersonation attack where attackers were impersonating genuine Teams notifications to target employee credentials.  With newly registered domains and multiple URL redirects, these attacks demonstrated levels of sophistication far exceeding those seen in standard phishing campaigns.

Another significant security loophole with these collaboration platforms is that legacy security and data loss prevention (DLP) tools that have been in place for years to handle on-site collaboration and work environments are simply ineffective now that Google, Slack and Dropbox are part of our daily modus operandi. A key reason for this is because collaboration apps lack granular controls, meaning enterprises can only do so much to restrict how they’re used.

Also, because of the informal nature of the chat function in these platforms the lines between what’s appropriate to discuss – and what is not – can become blurred, leading to conversations straying into discussing sensitive data. The potential fallout from this could be  just as damaging to a company as the fallout of a successful phishing attack.

 

Minimise the risk, focus on the reward 

Clearly employee training is an important, and ongoing priority.  But for financial services firms, trust lies at the heart of everything, the focus has to be on protecting the data itself. And that means as organisations allow sensitive information to move off premises and into new collaboration platforms, they must ensure that employees are using and securing data properly.  As previously mentioned, there are good reasons that laws and regulations like GDPR, CCPA and HIPAA exist.

Strong data loss prevention (DLP) policies combined with a Cloud Access Security Broker (CASB) and Secure Web Gateway (SWG) will be ‘must have’ tools of the trade for any financial services organisations that are embracing digital technologies. These will provide both visibility into collaboration tool usage across the organisation – on a user, device and activity level – as well as the ability to enforce granular security policies, for example on files or messages containing sensitive or restricted data.

As we start to look ahead to next year, the only certainty for security teams is that 2021 will continue to be full of uncertainties. With the ‘work from home’ model now likely to be the norm, rather than the exception, IT security teams could face their toughest year to date.

Financial services firms are subject to especially stringent controls – and quite rightly so. When it comes to the introduction of new communication tools there is an expectation they will update their policies, refresh their training and put in place rigorous oversight reflecting the new environment. For example, policies should prevent the use of privately owned devices where recording is not possible.  Ultimately, there is definitely risk around collaboration platforms – but when robust, cybersecurity policies and tools are deployed, and enforced, the rewards win out every time.

 

Business

GOING GLOBAL: 7 TIPS TO GET STARTED

The idea of selling your products or services to new markets across the globe is an attractive prospect for any business, large or small. But while reaching new customers and unlocking the potential for further growth can seem exciting initially, adapting your business to foreign markets is no small feat. Factors such as cost, communication and cultural differences can all affect your business’ success when going global. This guide will explore some of the key considerations to make when you’re thinking of expanding your business overseas.

 

Evaluate Your Finances

One of the main questions to ask when looking to go global is whether or not your business can afford to do so. Crossing borders can be a complicated and expensive process which can take away time and resources from other opportunities at home. Growth for businesses abroad is often a slow process; establishing products and services in other countries takes time, so you will need to factor this into your planning. Thorough analysis of domestic and international markets should always be undertaken before making the decision to expand your business overseas.

 

Location, Location, Location

Choosing the right location is crucial to the success of your business expansion. International business network Going Global Live says that taking your business to the right countries initially can save you money on excessive marketing and advertising, putting you face-to-face with your target market from the outset. You should weigh up the pros and cons of potential locations, such as the likelihood of being able to fill your new HQ with prime, homegrown talent, as well as access to desired markets aided by foreign investment bodies. It is also important to consider the relevant laws and regulations laid out by national and regional governments.

 

Ensure You Have the Right Infrastructure

Making sure your business has the right infrastructure to handle expansion abroad will put you in a good place going forward. Implementing a clear management strategy, both locally and centrally, will set your business up for a smooth and successful launch overseas. Having up-to-date IT and communications systems at the centre of your business will allow you to share information and data securely. When it comes to shipping, choosing the best – and most efficient – transport and storage providers will give you the peace of mind that your products are safe in transit. Companies such as S Jones are ideal for businesses looking for more information on storage solutions for shipping overseas.

 

Build a Strong Team

Appointing a strong team to oversee your expansion is crucial to your company’s success in new markets. Hiring people with a good knowledge of your target market, as well as a focus on your business’ interests, is key when establishing your overseas HQ. Working with local partners can help you to communicate your business’ unique selling point in a meaningful way. Having an experienced partner or mentor that you can trust to oversee the expansion will allow you to stay focused on the bigger picture and ensure that your attention isn’t taken away from your core customer base.

 

Have Faith

Once you’ve made the move to globalise your business, be sure to have faith in your ideas and don’t be deterred by slow progress. Dr Shai Vyakarnam of the Cranfield School of Management says that while there is a fine balance between faith and stubbornness, you’ll need “incredible levels of self-belief and faith in your idea” to succeed, and that you “only need to be able to turn a few key people in your favour and the others will follow”. Making well-informed decisions quickly will allow you to stay on track and will nullify the threat of any lingering self-doubt. While progress may be slow at first, be sure to remain patient and be prepared to build personal relationships to gain the trust of your new partners and customer base.

 

Consider the Impact of New Ideas

When implementing new ideas for your business as whole, consider how they will be received by your new international customers, as well as by your existing customer base at home. What might be seen as a positive idea in your home country could be perceived as offensive or alienating by your customers abroad. Factors such as differing time zones, languages and cultural appropriateness should always be taken into consideration when making key decisions to eliminate the risk of alienating foreign customers and damaging your reputation overseas.

 

Be Adaptable

While it is important to have faith in your business and be patient initially, you should also be willing to make changes as things develop. Acting on the advice of experts is key to navigating new markets successfully. It may be that your products and services require innovation to meet demand, or that cultural differences lead you to make changes to your marketing strategy. Being adaptable will give you the best chance of meeting consumer demand on a global scale.

When trying to expand your business to an entirely new customer base, try to bear in mind some of the above points. As long as you remain patient and open-minded, then you should have little difficulty in marketing your business globally.

 

Sources

Continue Reading

Banking

REDUCING FRICTION ONLINE HAS BECOME BUSINESS CRITICAL

Andrew Shikiar, Executive Director at the FIDO Alliance

 

The global pandemic has pushed the importance of remote access and authentication right up the agenda for many businesses. All those occasions where people would normally show up in person to open a bank account or pick-up some high street essentials were simply not possible for large parts of the year. Even as restrictions have eased across the country, these kinds of face-to-face transactions remain an unappealing prospect or a last-resort to many.

Not surprisingly, this has led to unprecedented demand for online and remote services. This brings with it a host of challenges and opportunities, and we have seen many examples of companies brilliantly adapting and reacting to this new way of life. But one issue that businesses and individuals have been grappling with for years – that of frictionless transactions and authentication – has now been put under a brighter spotlight as it is increasingly critical to get right.

 

Friction impacts the bottom line

The core challenge facing businesses is how to strike the right balance between giving customers the best possible experience of online service, and the necessary regulatory and security implications that directly affect – and often contradict – that ideal user experience.

We’ve all likely experienced the very real kinds of friction I’m talking about – it’s the account you gave up on registering for, or the purchase you abandoned because the process was just too frustrating.

Friction like this has direct bottom line impacts through the loss of sales and/or disaffected customers –  and it is substantially more pronounced in the current climate. People have less money to spend, they are spending a greater proportion of this reduced pot online, and businesses are competing for their livelihoods to claim their share. Providing a frictionless experience can be the difference between success and failure.

 

Banking and retail lose out

Nowhere is this problem more keenly felt than in the retail and banking industries. Countless transactions simply don’t happen each year due to issues with passwords or mobile One Time Passwords (OTPs) at the point of signing-up or checking-out.

Data from Statista shows that 69.57% of digital shopping carts and baskets are abandoned and the purchase not completed. And Mastercard’s analysis estimates that up to 20% of mobile e-commerce transactions are abandoned or otherwise fail (e.g., from undelivered SMS OTPs) mid-way.

In addition, independent web usability research institute Baynard found that one out of five consumers abandoned their online shopping carts citing the checkout process as “too long and complicated”. That means 20% of customers taking their custom elsewhere, likely to a competitor, because the process presented too much friction.

 

Passwords are a major part of the problem

Organisations have struggled to strike that balance between frictionless yet secure online log-ins in large part because of historical dependence on passwords – which simply aren’t fit for purpose in today’s online economy. Passwords were designed to be simple but, as we can all likely attest, they have become incredibly cumbersome and difficult to manage.

The demands placed on consumers to remember and keep track of the array of different passwords they need, and the different requirements of password complexity which varies from provider to provider, is proving to be untenable.

Not only are passwords a major cause of consumers giving up on purchases or preventing them from signing up for new services, but they also fail in delivering on their primary objective: to protect accounts and sensitive data. All too often the password has proven to be a single point of failure, and one that is all too easy for hackers and fraudsters to get hold of – a trend accelerated by the coronavirus pandemic.

 

Reducing friction

There has been a move toward developing and adopting open standards that enable any online service provider to authenticate users in a way that is both highly secure and almost completely frictionless – with all major platform and cloud service providers coalescing around a common approach.

It’s clear from the way consumers have embraced using their fingerprints and FaceID to unlock their devices that simple, natural gestures work – and that they are often preferred over using a password. By adopting the latest authentication standards, organisations can enable their customers to use these same easy gestures on their every-day devices to prove their identity and approve even the most sensitive of transactions.

The standards also improve security by moving away from the traditional model where your password or similar piece of ‘secret’ information is stored on a server, to one where credentials are stored on an individual’s device. This means they cannot be phished or divulged through other means of social engineering, while also inherently stopping the large-scale breaches that impact millions or billions of users in one go.

Due to these developments, the kind of poor user experience that leads to abandoned shopping carts and lost customers during the sign-up process is completely avoidable. There is now nothing stopping banks, retailers, and a range of other businesses from offering a superior, and low-friction user experience while also maintaining the safety and integrity of the networked economy.

 

Continue Reading

Magazine

Trending

Finance23 mins ago

CFOs PLAY A STRATEGIC ROLE IN RECOVERY

Frederic Portal, Finance Solution Director at Workday   With so much uncertainty around what the next year may have in...

Finance2 days ago

MASTER YOUR DATA: TACKLING CUSTOMER RETENTION CHALLENGES IN FINANCIAL SERVICES

Helena Schwenk, Market Intelligence Manager at Exasol   Customer retention has always been crucial to financial institutions (FSIs), with the majority...

Wealth Management2 days ago

HOW ALGORITHMS CAN BOOST YOUR TRADING PROFITS

Gabriele Musella is CEO and co-founder of Coinrule   Trading, whether for cryptocurrencies or stocks, is about buying and selling...

News2 days ago

BLACK FRIDAY WEEKEND SET TO SMASH ONLINE SALES RECORDS, ACCORDING TO ECOMMERCE EXPERT

The Black Friday weekend is anticipated to be the largest for online sales on record as the UK remains in lockdown, according...

News4 days ago

ONE IN FIVE INSURANCE CUSTOMERS SAW AN IMPROVEMENT IN CUSTOMER SERVICE OVER LOCKDOWN, RESEARCH SHOWS

SAS research reveals that insurers improved their customer experience during lockdown   One in five insurance customers noted an improvement...

Technology4 days ago

PASSWORDS, BIOMETRICS AND BEYOND

By: Hicham Bouali, Pre-Sales Director EMEA of One Identity, a specialist in identity and access management   At any given...

News4 days ago

AVATRADE NOW SUPPORTING DEPOSITS VIA PAYPAL AND RAPID TRANSFER

AvaTrade continues to grow its customer offering by adding PayPal and Rapid Transfer to its supported payment methods. AvaTrade’s customers...

Business4 days ago

GOING GLOBAL: 7 TIPS TO GET STARTED

The idea of selling your products or services to new markets across the globe is an attractive prospect for any...

News4 days ago

KASHFLOW AND YAPILY PARTNER TO SUPPORT SMES WITH DIGITAL BOOKKEEPING AND CASH FLOW MANAGEMENT

KashFlow continues its mission to provide SMEs and accountancy firms with software that keeps bookkeeping easy to understand and even...

Top 104 days ago

WHY HIGH NET WORTHS SHOULD BE LOOKING AT ANGEL INVESTING IN A NEGATIVE INTEREST RATE ENVIRONMENT

By Oliver Woolley, Envestors   As England gets through its second lockdown, Bank of England policymakers report the UK we...

News5 days ago

VIVA WALLET SUPPORTS E-COMMERCE GROWTH THROUGH ITS MARKETPLACE SOLUTION

Viva Wallet’s PSD2-compliant payment solution for online marketplaces removes the requirement for them to become licensed providers of regulated payment services. Viva Wallet is able to handle the streamlined processing of customer transactions through a PSD2-compliant escrow account...

Banking5 days ago

REDUCING FRICTION ONLINE HAS BECOME BUSINESS CRITICAL

Andrew Shikiar, Executive Director at the FIDO Alliance   The global pandemic has pushed the importance of remote access and authentication...

Wealth Management5 days ago

QUICK FIXES TO LOWER YOUR CAR INSURANCE

Car insurance is something we all have to pay for, no matter how much we despise it. However, it’s not...

Uncategorized5 days ago

ALL-SEASON TYRES AND HOW TECHNOLOGY IS CHANGING THE FUTURE OF TRANSPORT

Avid vehicle enthusiasts will likely know that summer and winter tyres are developed from different rubber compounds which work at...

Business5 days ago

EQUIPPING YOUR TEAM WITH THE SKILLS TO MANAGE THE CHANGING LANDSCAPE

By David Wharram, CEO of Coast Digital   For businesses to emerge from the COVID-19 pandemic stronger than ever, companies...

Banking5 days ago

BANKING ON THE FUTURE: WHY PAYMENTS TRANSFORMATION IS THE KEY TO SUCCESS

Simon Wilson, Co-Head, Payments at Icon Solutions   Standardisation, regulation and technological innovation means payments are well on the way...

Finance6 days ago

DIGITAL FINANCE: UNLOCKING NEW CAPITAL IN DISRUPTED MARKETS

Krishnan Raghunathan, Head of Finance & Accounting Services at WNS, explores how a digitally transformed finance department can give enterprises...

Technology6 days ago

DATA DILEMMAS IMPACTING ESGS

Mario Mantrisi, Chief Strategy and Knowledge Officer, Kneip   It’s been well documented over the past few months that the...

Technology1 week ago

SIX PILLARS FOR A SUCCESSFUL CLOUD

by Giuseppe Paternò, IT Infrastructure Architect, Security Expert, and Cloud Solution Guru   COVID-19 pandemic is pushing many companies to...

News1 week ago

MARQETA CONTINUES EUROPEAN GROWTH, SIGNING THREE NEW DIGITAL BANKING CUSTOMERS

Marqeta is supporting the development and launch of three new digital banks across the UK and Europe   Marqeta, the...

Trending