Organisations are at last beginning to take ethical standpoints on machine learning and its role in automated decision-making. According to HBR, companies (including Google, Microsoft, BMW and Deutsche Telekom) are creating internal AI policies, making commitments to fairness, safety, privacy and diversity. Organisations must recognise machine learning as a predictive technology that requires the application of judgement—a key part of any such policy—ensuring interpretability and, consequently, trust. While it might be hard to remove bias from your data entirely, you can effectively minimise the effects of that bias by applying a layer of systemised judgement. This turns predictions into decisions that can be trusted. To achieve this you need technology that can efficiently and transparently automate that governance process. New platforms enable firms to apply machine-learnt predictions safely by incorporating a layer of automated human judgement into their systems.
You have a tools bias if you're spending thousands of dollars on tools and systems to integrate them into your development lifecycle. Not every tool needs to cost you a lot of money. There's a great deal of amazing, free open source tools out there. Not everyone needs to be spending that much money. Do you have tools purchased but not properly implemented into your build pipeline? Maybe they were put in and then they were removed because they were causing you pain. Or maybe you got them and you put them in a learning mode, but you never got them fully installed. That's a tool bias. You've spent the time and focus because the tool will solve the problem, but we've not actually solved the problem. We got halfway there and stopped. If there's no plan for maintaining, tuning, or configuring tools post-purchase, also known as a sales-person driven development style, then you've got a tools bias. Your tool has not made you more secure. Your tool has given you the feeling of security, but without the actual action.
Regulation is proving pivotal in conflicts created when traditional firms compete with or participate in ecosystems dominated by big tech. How many of the profit opportunities created by new regulation will be gobbled up by big tech, and how much of that profit can be internalized by their partners? For instance, regulators are asking, Is it appropriate for a dominant ecosystem orchestrator like Apple to forbid content providers from accessing customers and demanding payments directly? And, given the modest effort Apple put into setting up its App Store, is its 30% cut from every app sold there a fair practice or a blatant abuse of dominant position? Epic Games’ recent lawsuit against Apple (which centered around how people pay for the Fortnite game) sailed bravely into these unchartered waters; the judge ultimately ordered Apple to reverse some, if not all, of its practices. Consider also the drama currently playing out in digital advertising. Big tech firms, supported by their ecosystem partners, have helped spawn a successful industry focused on understanding the profile of individual customers and offering them tailored advertising.
The federal government has long acknowledged the risks presented by KBAs and the NIST’s own guidelines expressly disavows KBA for digital applications: “The ease with which an attacker can discover the answers to many KBA questions, and the relatively small number of possible choices for many of them, cause KBA to have an unacceptably high risk of successful use by an attacker.” Meanwhile a study by Google found that only 47% of people could remember what they put down as their favorite food a year earlier – and that hackers were able to guess the food nearly 20 percent of the time, with Americans’ most common answer (of course) being pizza. And even when a user does remember the correct answer to one of these questions, they sometimes forget the precise form of their answer, all of which leads to a frustrating customer experience. Protracted verification times inevitably lead to customer abandonment of transactions such as opening a new account, resulting in delayed or lost business. Unsurprisingly, the longer it takes to verify a customer’s identity, the more likely it is they will abandon the process entirely.
Objectives and Key Results (OKRs) is a flexible tool that helps people, organizations achieve their goals by erecting specific and measurable actions. It also helps them communicate and monitor progress towards them. Objectives can either be short and inspirational. It defines the goal you want to achieve. For companies, they are capable of creating three to five high-level objectives per quarter of the year. This helps them increase their brand awareness and these objectives are meant to be ambitious. Choosing the right objective for your goal can be a challenging aspect of this practice but when it's done correctly, you can tell if you have reached your objective. Key Results helps you deliver each set of objectives perfectly, so you can be able to measure your progress in achieving your goals. ... OKRs are a flexible framework, and because of this, you can set and phrase OKRs in different ways. Think of it as the pillar of your strategy for the next period. To come up with good OKRs, I will advise that connect them to your day-to-day activities.
There’s clear evidence of professional prejudice against working mothers — women are passed up for job progression and prevented from exploring other opportunities. This is called the ‘motherhood penalty’. On average, women lose 4% of hourly earnings when they start a family; a significant amount when taken as a proposition of lifetime earnings. Compared to men who gain an average pay rise of 6% after becoming fathers. Moving forward, employers must make clear to female staff that they will be judged purely on performance, not on their working schedules – opening the door to more flexible working options, letting women advance professionally without jeopardising family commitments. Likewise, the stigma around shared parental leave must be addressed, normalising a man’s role as equal caregiver when tending to a new-born. With more equitable paternity policies, female staff will be better enabled to pursue senior leadership roles.
Despite some heavy lobbying by crypto lobbyists back in August to clarify the definition of “broker” as it applies to digital assets, the proposed bill passed the Senate without any amendments. The bill was introduced and voted through the Senate within a week in August. While the bill was awaiting House approval, I spoke to some crypto tax lawyers in the U.S. about how things might play out if it is signed into law without amendments. Nathan Giesselman, a partner at Skadden, Arps, Slate, Meagher & Flom LLP, told me that, as it is written in the bill, the provision runs the risk of capturing folks like miners and developers who don’t have the same customer information that a traditional broker might have, putting them in the awkward position of not being able to comply with the required reporting. Now that the House has passed the bill, it’s clear that much will depend on how the U.S. Treasury Department interprets the definition of broker.
Big data and AI requires intense computing horsepower, so banks and credit unions are increasingly turning to the cloud to host data and applications. Not only is the cloud able to scale to handle high computing demands, but does it cost effectively. IDC states that global spending on cloud services — including hardware and software — will surpass $1.3 trillion by 2025, growing at a CAGR of 16.9%. Both shared (pubic) cloud and dedicated (private) cloud are slated to grow, says IDC, with private cloud growing at a faster rate. Since bank legacy systems weren’t designed for distributed computing environments, moving them to the cloud is challenging. However, banks and credit unions are softening up to the idea of moving legacy systems not just to the cloud but transforming them to cloud-native platforms, although few have made the leap to a fully cloud-based environment. JPMorgan Chase and Arvest Bank, have both announced that they will switch portions of their core systems to a cloud-native platform.
Every company owner should be aware of what they are looking for when it comes to cyber insurance. They should always read the fine print and understand the specifics of coverage, deductibles, and exclusions. This safety net can be highly effective if the policy is correctly written and the business is fully aware of its coverage. According to Dan Burke, the Vice President at Woodruff Sawyer (a national insurance provider), cyber insurance typically doesn’t cover three types of losses: potential future lost profits, loss of value due to the theft of intellectual property, and betterment (i.e., the cost to improve internal technology systems after the attack, such as IT upgrades after a cyber event). That said, losses other than the initial ransom are not likely to be covered by insurance. Today, most ransomware attacks do not stop at the initial breach. Take the SolarWinds incident as an example: instead of locking SolarWind’s IT systems, attackers planted malicious code into the company’s Orion technology platform, which is used by more than thirty thousand customers, including the U.S.
No matter the size of your organisation, if you’ve automated the backup process for your Office 365 environments, then you’ve taken a big first step to protect your data and ensure its quick recovery. Keep in mind that access to regularly backed up files significantly improves the chances of recovering from a system outage or malware attack. Find a solution that will let you effortlessly pinpoint SaaS data and records. Organisations need to be able to perform targeted restores, preserve critical data sets, and manage production and sandbox environments with ease. Some of this will come down to granular search and restore, but it’s also a good idea to implement point-in-time and version-level recovery tools and immediate restores. Staying secure means that it’s easier to stay compliant. Look for a solution that offers stringent standards, privacy protocols, and zero-trust access controls — this could also include isolated, air-gapped backups from source data, built-in GDPR compliance, and encrypted data when at rest or in-flight. Multi-layering your security also means you can add role-based, SSO, SAML authentication controls too.
Quote for the day:
"Curiosity is the thing that sparks a step into an adventure." -- Annie Lennox