Daily Tech Digest - October 11, 2021

How businesses can combat data security and GDPR issues when working remotely

Whether using a business or personal device, having robust Secure Device Management and effective Mobile Device Management (MDM) is key to implementing security measures to keep data on mobile devices secure from threats. Adopting data encryption across software and devices being used remotely also allows data to be kept safe and secure from unauthorised use, even in the event of a security breach. In addition, implementing a corporate Virtual Private Network (VPN) enables an encrypted connection from a device to a network that allows the safe transmission of data from the office to remote working environments. Employees should have access only to the data they require to complete their work to mitigate against unnecessary risk of unauthorised access, with measures that restrict data on a ‘need-to-know’ basis implemented where possible. Crucially, companies should provide all employees working from home with a clear and documented remote working policy that outlines precisely how personal and company data should be handled to keep it secure.

Digital transformation: 4 excuses to leave behind

Outdated, manual, and siloed processes not only slow your business, but they boost costs because it is more expensive to maintain broken, outdated processes. As we emerge from the pandemic, most businesses are realizing that their existing business processes are not sustainable in the new normal. With remote and hybrid work becoming standard, organizations have had to think on their feet to maintain business as usual, and digital transformation makes this possible. COVID lockdowns made it urgent for enterprises to enable secure remote operations, which in turn made them realize the importance of migrating their operations to the cloud. There has been an exponential increase in the adoption of cloud technology post-pandemic. It has enabled businesses to operate in a remote environment without impacting the speed and quality of services. If you haven’t already done so, start by identifying the “low-hanging fruit” – i.e., processes that are best for your initial automation roadmaps. Then start scaling up. Transitioning to the cloud gives you countless possibilities, from reducing IT infrastructure costs to achieving scalability per business needs.

4 questions that get the answers you need from IT vendors

Enterprises don’t plan on how to adopt abstract technology concepts, they plan for product adoption and deployment. Network vendors who offer the products are the usual source of information, which can be delivered through news stories, vendor websites, or sales engagement. Enterprises expect the seller to explain why their product or service is the right idea, and sellers largely agree. It’s just a question of what specific sales process is supposed to provide that critical information. Technology salespeople, like all salespeople make their money largely on commissions. They call on prospects, pitch their products/services, and hopefully get the order. Their goal is a fast conversion from prospect to customer, and nearly all salespeople will tell you that they dread above all the “educational sell”. That happens when a prospect knows so little about the product/service being sold that they can’t make a decision at all and have to be taught the basics. The salesperson who’s teaching isn’t making commissions, and their company isn’t hitting their revenue goals.  

3 Things to Consider Before Investing in New Technology for Your Small Business

When you are searching for tech to suit your business's unique needs, it’s important to keep the happiness of your employees at the forefront. That’s what authentically attracts new talent to your company and entices people to stay. In many cases, happiness is derived from productivity. If workers know what they need to do but just don’t have the tools to do it quickly, they will get discouraged and customers will complain because they didn’t have a great experience. So, stop and assess why they’re experiencing each challenge as they move through tasks. Consider what you genuinely wish could be better or easier for you, your employees and everyone else involved. Then think about how technology may be able to solve each problem. If you equip a first-day employee with a mobile device that helps them get through a full inventory count comfortably and without making a single mistake, they are going to leave work feeling empowered. They’ll share their positive experience with friends, family and (if you’re lucky) social media. Word will spread about how great it is to work for your company.

Cloud Cost Optimization: A Pivotal Part of Cloud Strategy

To maintain an optimal state, you need to ensure that sound policies around budgeting are adhered to. In terms of Governance, the framework should oversee resource creation permissions as well. ... Once you gain visibility into spending metrics, you must observe which unused resources can be disposed of and which resources could be optimized. The journey for any cloud cost optimization starts with initial analyses of current cloud estate and identifying optimization opportunities across compute, network, storage, and other cloud-native features. Any cloud cost optimization framework needs to have a repository of cost levers with associated architecture and feature trade-offs. Businesses would need governance — the policies around budget adherence, resource creation permissions, etc. — to maintain an optimal state. A practical cost optimization framework requires all three of the above. Achieving initial savings would entail analyzing the estate and identifying optimization opportunities across compute, storage, and networking, focusing on the highest costs first and/or incremental/additional cost, month over month- cloud vendors provide access to the costs and utilization.

Applying Behavioral Psychology to Strengthen Your Incident Response Team

Orlando says it's natural for relationships to form, and for trust to form, in an incident response team and within a larger organization. In his experience, he often encounters what he calls the "rock star problem." "You've got one or a few people [who are] very, very capable, very knowledgeable, and the team sort of coalesces around those individuals," he says. "Which is not necessarily a bad thing, but it can create issues when those individuals inevitably move on, or maybe they [have] less than optimal work habits, or behaviors, or things we want to try to account for." Compounding CSIRTs' collaboration issues is a prominent focus on technical tools and skills, Orlando adds. Incident response teams are "often inundated" with tools to address technical problems in security and incident response; however, there is a "definite lack" of tools to address some of the social and collaboration challenges CSIRTs face in operating within the context of a multigroup, multiteam system as they need to do.

Netherlands Says Armed Forces May Combat Ransomware Attacks

Countries are being held accountable for their actions and inaction via diplomatic responses such as actions against cross-border criminal cyber operations and measures such as sanctions, which are more powerful if they are designed in a broad coalition context, Knapen says. "Within the EU, the Netherlands has therefore been a driving force behind the EU Cyber Diplomacy Toolbox and the adoption of the ninth EU cyber sanctions regime in May 2019, and the Netherlands is committed to further developing these instruments. This provides the EU with good tools to respond faster and more vigorously to cyber incidents. Recent EU statements and sanctions show that these instruments are delivering concrete results," he notes. Knapen is also pushing for diplomatic channels for bilateral cooperation between countries in judicial investigations against ransomware, which he says can be useful if cooperation through international judicial channels is insufficient. "The Netherlands can then emphasize the importance attached to cooperation through diplomatic channels," he says.

Can India Address the Growing Cybersecurity Challenges in the Nuclear Domain?

India has established several key agencies to counter the growing challenges on cybersecurity. However, the effectiveness of its cybersecurity policies in the nuclear domain lies with the ability to effectively incorporate cybersecurity, cyber infrastructure, and its operating agencies into the larger nuclear security framework. Efficient and effective cybersecurity mechanisms require cohesive inter-agency coordination to strengthen said mechanisms. It is also essential for government authorities to acknowledge, interact with, and evolve cybersecurity protocols and procedures regularly to reflect a rapidly changing security environment. An effective cybersecurity policy also requires clear demarcation of roles, responsibilities, and contingency plans for short and long-term implementation and altering based on circumstances and technological advancements. Additionally, and most importantly, a renewed emphasis on understanding cyber risks and acknowledging the importance of cyber-nuclear security is essential in the Indian context.

How technology can drive positive change in insurance post-COVID

From forced closures to operational transformation, the COVID-19 pandemic has impacted businesses both UK and worldwide. The world of insurance is no exception to this rule – but the nature of the industry and its interests have led to a layered set of challenges and opportunities beyond the obvious disruptions to working practices. These challenges have been laid out in a recent report from EY, which lists a number of early pandemic issues for the industry including the tricky transition to remote working, a “strong push toward digitisation”, and the embrace of virtual interactions for clients and distribution partners. While these concerns may feel familiar, EY’s report goes on to draw out the specific difficulties faced by insurers, where COVID-19 has occasioned “mounting consumer, political, and legislative pressure to cover pandemic-related business interruption claims”. Not only has the industry needed to embrace new technologies and practices to adapt to the pandemic, but it has also needed to address some of the COVID-driven burdens faced by clients. 

Safe and secure disposal of end-of-life IT hardware

First, your business needs to develop a plan of action that brings together your IT, information security and office management staff, with oversight from senior executives. To be fully effective, it should establish a decommissioning strategy that covers the compliant disposal of retired hardware and the destruction of data. Next, you need to ensure that all the data on your old hardware has been permanently eradicated and is non-recoverable. Given the importance of this step, it is likely that you’ll need assistance from a third-party disposition expert. Third, you need to know the whereabouts of your assets throughout the disposition process. A secure chain of custody is vital to prove compliance and so, once again, it is advisable to employ the services of an outside expert – a company that offers rigorous security practices, such as asset itemisation, GPS tracking and protected transportation, all backed up with supporting documentation. Having a secure chain of custody is critical because it ensures that the IT assets are tracked during each step of the process from pick-up to final disposition.

Quote for the day:

"The final test of a leader is that he leaves behind him in other men, the conviction and the will to carry on." -- Walter Lippmann

No comments:

Post a Comment