BrandQuantum - NEWS #Identity Theft

GADGET | Should customers trust you?

Sat, 12 Feb 2022 14:15:58 -0500

Article first published on gadget.co.za on 28 January 2022, written by Paula Sartini

There is no shortage of stories about data breaches and hackers gaining access to personal information across the globe. With customers growing increasingly aware of the dangers of identity theft, companies are prioritising security measures to keep customer and employee data as secure as possible.

However, at the same time, companies are implementing tools to collect user data either via various websites or even from 3rd party solutions to increase customer engagement levels, drive targeted marketing campaigns and improve personalisation.

While consumers are becoming savvier on the data collection front, putting measures in place to protect their personal information and preventing companies from tracking their data without their permission, many of the companies that consumer’s trust are using 3rd party solutions that offer the best value for money but at a cost of customer’s data. This conundrum poses the question of how secure customer data is within a company?

The end of the cookie

Companies such as Apple and Google have committed to prioritising consumer privacy and doing away with cookies, aligning to privacy regulations around the world such as the California Consumer Privacy Act and Protection of Personal Information Act (POPIA). This creates a great challenge for marketers.

For several years marketers have relied on tracking to collect user data via various websites and use this information to engage customers with targeted marketing campaigns and product information. However, the increased regulations and shift in technology companies prioritising customer data and doing away with tracking technology, means that many marketers will need to find new ways to source customer data.

The rise of the data broker

According to HBR, data brokering, which involves collecting and selling data about people is estimated to be a $200 billion business and growing. However, while data brokers most often gathered data by tracking browsing behaviour across different websites, with the end of cookies in sight, these brokers will need to obtain data using alternative sources.

Some ways in which they may gather customer data include loyalty cards, public records, social media posts and even tracking email behaviour using 3rd party solutions that have access to relevant consumer information which is then sold to data brokers. In these instances, the famous quote of 1973 rings true, “If something is free, you’re the product.”

How to secure your customer data

While there are several 3rd party tools available today that value customer privacy and offer built-in-security to help limit possible data hacks and identity theft, some solutions that are used widely track customer data and sell this information to data brokers without the knowledge of the customer.

Although email tracking isn’t new, as is evident in Apple introducing Mail Privacy Protections to prevent senders from using “tracking pixels”, which can identify when someone has opened an email, and introducing a new Hide My Email feature which enables users to respond to emails with random addresses to keep their email address private.

These privacy-centric measures will go a long way in helping to protect customer data, but what does it mean for marketers?

Rethink data collection

As more people become aware of how their data is being gathered and used without their knowledge or consent, companies are going to have to increase security and turn to their own first-party data to engage customers.

According to McKinsey, the right path for each stakeholder will be different, the cornerstone effort should be to create and sustain consumer relationships that produce a value exchange based on trust.

With this in mind, companies need to adopt a zero-party approach to collect customer data, as customers are getting more selective in what information they are giving out and to who. To achieve this, companies need to offer a value exchange to customers, either in the form of promotion, discounts or access to information in exchange for information. They also need to show customers that you value and protect their data by giving them the choice to make their own decisions for example to subscribe to an email newsletter or not. Finally, customers are looking for valuable experiences and want to see the data they have provided, be used to give them the experience they want.

However, trust remains the cornerstone of the customer relationship and to establish customer trust, companies need to demonstrate that they value customer privacy by using secure technologies and having measures in place to protect customer data.

Securing customer data

Establishing customer trust is critical to the success of any business. To maintain this trust there are a few key considerations that companies should be aware of when selecting a 3rd party technology partner to ensure that you are able to keep customer data secure. These include:

Technologies implemented should have security built upfront
Technologies should be built with segmentation of risk to safeguard customer content
Emails should not be rerouted to third parties to tamper with content
3rd party solutions should not have access to customer data
Solutions implemented should be independently tested and align to European standards
Customer data should be stored securely by the company to prevent possible data breaches

However, while getting the security elements right is critical to building trust, companies cannot compromise on the customer experience in an effort to secure customer data. Getting the customer experience right and keeping customer data secure is a balancing act that marketers need to get right if they are to create meaningful connections and establish a relationship of trust.

IT-ONLINE | ISSUES TO CONSIDER ON WORLD BACKUP DAY

Sun, 18 Apr 2021 14:53:23 -0500

Article first published on it-online.co.za, 31 March 2021 | see article here

It’s World Backup Day today (31 March), and IT organisations now have to consider the issue of backup against the backdrop of remote working forced on us by Covid-19.

Bizmod Consulting’s Abri Vermeulen says, that with the lockdown last year, many companies and employees were sent into a tailspin as working from home became a reality.

Whether it is from a personal or work perspective, there is a constant increase in our reliance on devices, he adds. “The complexity of managing a blended work and home life, has resulted in our work data ending up on our personal devices and vice versa.

Photographs, discussions and chats are now on our smartphones, which has resulted in a backup strategy being imperative for your phone and laptop or PC.

The World Backup Day website has some alarming statistics that will help to convince you if you aren’t already

More than 60 000 000 computers will fail worldwide this year;
More than 200 000 smartphones are lost or stolen every year;
Yet only one in four people make regular back-ups of their data.

“Losing your data is more common than many of us think,” says Vermeulen, “If you haven’t done so already, make a small investment in a cloud subscription, backup your files to some of the easy-to-use online solutions such as One Drive, Dropbox, Google Drive, to name a few, or purchase an external hard drive and commit to regularly backing up all your data,” says Vermeulen.

Mikey Molfessis, cybersecurity expert at Mimecast, points out that the growing volume of cyberattacks – especially since the start of the Covid-19 pandemic – means it’s more important to ensure business continuity and recovery in the event of a disruption.

According to data by the Mimecast Threat Intelligence Centre, detections of impersonation attacks, known and unknown malware, spam and blocked clicks increased by 41% in sub-Saharan Africa from 2019 to 2020, with no signs of slowing down.

In fact, when looking at 2021 data, the number of blocked clicks detected in February this year was an astounding 18 times higher than 2020, Molfessis says the rise of work-from-home has also exposed organisations and employees to increased risk. Mimecast researchers found a three-fold increase in clicks on malicious URLs in emails worldwide, during the time when social distancing and lockdowns were coming into effect last year.

World Backup Day is an opportune time to better understand the role that data backups and archiving can play in enhancing an organisation’s cyber resilience, he adds With the right solutions in place, organisations are more likely to recover from a successful attack, with minimal interruption to the business, its employees and its customers.

Molfessis points to three reasons why data backups are in the spotlight in 2021:

* More data = more risk – While all organisations are at risk from the rising tide of cyberattacks, those organisations that maintain high volumes of transactional data within their systems are especially vulnerable. By backing up historic transactional and other data to an archive in an independently secured environment, organisations can maintain a lean amount of data and reduce the attack surface. This also simplifies some aspects of compliance with privacy regulations. The growing volume of unstructured data – which already accounts for 80% of the world’s data – adds additional risks. Organisations need ways to protect and manage unstructured data – including data in emails and collaboration tools such as Microsoft Teams and Slack – in order to fully comply with the requirements of legislation such as the Protection of Personal Information Act (POPIA).

* POPIA compliance – The implementation of POPIA has put further pressure on any organisation that processes or stores personal information to provide greater transparency and control over how that data is stored, processed and used. Additionally, in line with POPIA, organisations may have to delete personal information (Right to be forgotten). Organisations can enhance their ability to comply with some of POPIA’s requirements by backing up data to a cloud archive. This holds the additional benefit of providing organisations with a platform for information governance that provides retention management, email encryption, discovery and data recovery to ensure complete litigation readiness and compliance control.

* Data is gold (and criminals want it) – Data is a highly valuable commodity, especially for cybercriminals. Once they have access to an organisation’s systems, they can hold data for ransom, modify it or even destroy it. As the number one business productivity tool, email remains the most likely attack vector used by cybercriminals.

Molfessis explains that an accurate and restorable repository of business email can allow for the fast and easy restoration of original data that may have been lost as a result of a successful cyberattack. For example, when an organisation suffers a ransomware attack, they can easily restore their data and systems without having to incur the cost of paying the cybercriminals’ ransom or suffering any significant loss of business productivity.

The implications of data loss can be huge: the National Archives and Records Administration in Washington DC found that 93% of companies that lost their data for 10 days or more filed for bankruptcy within one year of the disaster, and 50% filed for bankruptcy immediately.

According to Nitro, workers spend on average 50% of their time creating and preparing documents. If those files got lost or deleted, recreating them would come at a major expense to the organisation. Adding to this, businesses already spend on average $20 000 and lose over 21% in employee productivity on document issues.

Despite the cost and risk associated with lost documents, 60% of backups are incomplete and 50% of restores fail Adding insult to injury, Egress Software Technologies has found that employees are the biggest risk to data loss incidents in the business world.

Paula Sartini, founder and CEO of BrandQuantum, says companies can overcome the challenge of failed backups and accidental data loss by implementing document management solutions that will not only help to free up employee time and improve customer experiences but will also help a company to recover from a disaster quicker and easier.

She points out that, according to Cybersecurity Ventures, the world will have to store 200 zettabytes of data by 2025. And, while data creation is on the rise, searching through company files is estimated to cost companies almost $20 000 per worker, per year.

On top of this Tech Crunchies estimates that employees spend approximately 18 minutes searching for a document, while M-Files states that 83% of employees recreate existing documents that they can’t find on the company network. All of this contributes to productivity loss and increased costs for the company.

Sartini says a cloud-based document generation and management platform that is easily accessible using the technology solutions employees are accustomed to using daily, makes business sense. It also meets the requirement of 81% of employees who want to have access to company documents remotely. This is particularly relevant and useful as many countries have implemented Covid-19 lockdown regulations and employees are trying to meet customer needs whether they are office-based or working remotely.

Implementing a sound document generation and management solution not only improves employee efficiencies and saves the company money on time wasted searching for and recreating documents, but also helps to ensure brand consistency and compliance across all templates and standard documents that the company uses to send to customers, she explains. This aids in delivering consistent brand experiences across the organisation, regardless of who sends the files and contributes to a positive working environment.

BLOG | COMPANIES NEED TO PROTECT THEIR CUSTOMERS FROM IDENTITY THEFT

Wed, 04 Nov 2020 00:00:00 -0500

Identity theft and data breaches are on the rise with Fraudscape[1] stating in its 2019 report that identity theft hit an all-time high of more than 174,000 cases in 2017 in the UK alone. Locally the figures are just as grim with TransUnion[2] research revealing that 49% of South African consumers have either been a victim of ID theft, or know someone who has. As identity theft is a growing concern for consumers, they are encouraged to take precautions to prevent falling victim to cybercrime and identity theft. The Banking Association of South Africa[3 ] has provided customers with several tips on preventing identity theft, including not disclosing personal information to anyone without knowing who you are disclosing the information to and what it is being used for.

While customers may be taking precautions to safeguard their personal information and verify the companies they provide personal information to, they are entrusting organisations with their details and expect them to have measures in place to ensure that their data remains secure. However, according to the World Wide Worx State of Enterprise Security in South Africa 2019 study that was conducted in association with Trend Micro and VMware, only 35% of South African IT decision-makers were prepared for cyberattacks at any time in the next 48 hours. Companies need to take action and have processes in place that not only protect their customer’s details but also provide their customers with tools to help prevent them from falling for phishing scams or spoofing emails for example.

EMAIL VERIFICATION TOOLS

Email spoofing occurs when recipients receive emails that resemble official organisation emails. For example, a client may receive an email that appears to be sent from his bank with the corporate logo and similar distinct graphics that have been sourced online or copied from legitimate emails sent from the organisation previously. These images are embedded into spoof emails to convince recipients that the emails are legitimate and encourage them to follow specific phishing instructions for example.

However, email spoofs are not only sent to customers, there are instances where emails appear to be sent from internal sources to company departments and employees with particular instructions. These include instructions that request immediate payment of funds or for funds to be released or even requesting particular customer details. Without the necessary verification tools in place, these emails are often actioned with immediate effect.

With approximately 93 percent of malware coming from emails[4 ], it is evident that companies lack mechanisms for email authentication. These emails often look legitimate at quick glance and as such the recipient is likely to action it as per the instructions included. To overcome this, company email signatures should aid in enhancing security. This could include providing recipients with a verification page that provides additional information about senders, qualifications, titles, and details about the company.

The details included on the verification should be approved by various departments within the organisation to ensure that the job title and qualification for example, are accurate. In addition as email correspondence can constitute a legal document, the organisation should put measures in place to ensure that all emails that leave the company authenticate the identity of the sender on behalf of the organisation.

By adopting these security measures, companies provide added peace of mind to their customers that emails they receive from the organisation are authentic.

SECURING COMPANY TEMPLATES

Looking beyond email signatures, companies need to put measures in place to secure company documents and templates from third parties. This includes removing former employees from systems and limiting the access vendors and other external parties have to company documents. For example, if important documents such as company letterheads are easily accessed via an unsecure platform, anyone could use the document to spoof recipients into providing valuable personal data or releasing funds.

For added security, company documents and templates should be housed centrally on a cloud platform that restricts usage to only those departments and individuals that need access to these documents. In addition employees should not be able to save company documents to their desktops for future use as these can be easily tampered with or shared with employees that do not need access to them. Companies should incorporate a tracking system that provides line of site of who is accessing documents and when, as well as providing executives with statistics of user template compliance at any point in time.

This is supported by Varonis which states that fewer people should be able to access to sensitive company information as some of the biggest data breaches in the past year stem from a user who had access to files they shouldn’t have been able to see in the first place[5 ]. In addition they found that on average, only 3% of company folders are secured leaving employees open access to the majority of company documents and customer information.

PROTECTION FROM THE INSIDE OUT

In many instances, companies have invested significantly into improving IT security with firewalls and antivirus and antimalware software, however, internal security measures have fallen through the cracks.

In some instances companies rely on third party organisations for email branding to be applied in the form of banners and email signatures which are applied after the email has been sent from the sender. By intercepting these emails, the emails are effectively tampered with and could put customer data at risk. It also poses questions about email authenticity which is key to establishing trust with customers.

Identity theft can occur by neglecting to cancel former employee access to documents. When employees leave an organisation, their access to company documents and systems should be removed from the system immediately and any storage of documentation on the workstation should immediately be flushed. According to Varonis 34% of company user accounts are stale but enabled and 64% of user accounts are stale or inactive. This opens up additional opportunities for identity theft and gives hackers access to useful information that could go easily unnoticed for an extended period of time. As stated by Varonis, “if you’ve got outdated users with active accounts, it’s like handing over a new set of papers to your hacker.”

Giving employees’ access to locked content that cannot be tampered with, provides additional security for customers. This practice reduces the risk of employees and third parties from altering the content and minimises the possibility of intentional and unintentional sabotage from employees. It also adds a layer of authenticity to the email, giving recipients added peace of mind that the content is authentic.

PUTTING THE BASICS IN PLACE

While protecting customer and company data is a huge task, most companies have already started putting measures in place to minimise the risk of data breaches and identity theft. However, in order to provide holistic protection, they need to pay attention to basic requirements that can go a long way to adding a layer of protection to both the company and its customers.

Companies would benefit from building compliance standards into company documentation and emails, adding additional verification measures into emails and limiting access to specific documentation can all go a long way to helping to minimise threats and taking security to a higher level.

[1] Identity Theft and Cyber-Fraud in the UK Hit All-time High | 2019-06-18 | Security Magazine

[2] Your Identity Can Be Stolen | TransUnion

[3] The Banking Association South Africa

[4] 134 Cybersecurity Statistics and Trends for 2021 | Varonis

[5] 2018 Global Data Risk Report | Varonis

GADGET | YOU CAN PROTECT AGAINST ID THEFT, BUT COMPANIES MAY NOT

Sun, 05 Jan 2020 16:07:44 -0500

Article first published on gadget.co.za, 3 October 2019, written by Simon Murrell | see article here

Identity theft and data breaches are on the rise, with Fraudscape stating in its 2019 report that identity theft hit an all-time high of more than 174,000 cases in 2017 in the UK alone. Locally the figures are just as grim with TransUnion research revealing that 49% of South African consumers have either been a victim of ID theft, or know someone who has.

As identity theft is a growing concern for consumers, they are being encouraged to take precautions to prevent falling victim to cybercrime and identity theft. The Banking Association of South Africa has provided customers with several tips on preventing identity theft, including not disclosing personal information to anyone without knowing who they are disclosing the information to and for what it is being used.

Companies need to take action and have processes in place that not only protect their customer’s details but also provide their customers with tools to help prevent them from falling for phishing scams or spoofing emails for example.

EMAIL VERIFICATION TOOLS

However, email spoofs are not only sent to customers; there are instances where emails appear to be sent from internal sources to company departments and employees with particular instructions. These include instructions that request immediate payment of funds or for funds to be released or even requesting particular customer details. Without the necessary verification tools in place, these emails are often actioned with immediate effect.

With most malware coming from emails, it is evident that companies lack mechanisms for email authentication. These emails often look legitimate at quick glance and as such the recipient is likely to action it as per the instructions included. To overcome this, company email signatures should aid in enhancing security. This could include providing recipients with a verification page that provides additional information about senders, qualifications, titles, and details about the company.

Click here to read about the security measures companies should adopt to ensure authenticity for their customers.

By adopting these security measures, companies would provide added peace of mind to their customers that emails they receive from the organisation are authentic:

SECURING COMPANY TEMPLATES

This is supported by Varonis which states that fewer people should be able to access to sensitive company information as some of the biggest data breaches in the past year stem from a user who had access to files they shouldn’t have been able to see in the first place. They found that, on average, only 3% of company folders are secured leaving employees open access to the majority of company documents and customer information.

PROTECTION FROM THE INSIDE OUT

As stated by Varonis, “if you’ve got outdated users with active accounts, it’s like handing over a new set of papers to your hacker.”

Read more about putting the basic in place to protect customer and company data.

PUTTING THE BASICS IN PLACE

BrandQuantum develops software solutions to help companies deliver compliant customer communications and documents. The tamperproof email signatures that are sent out with every single email via Microsoft Outlook have built in verification tools to give customers added peace of mind that your company emails are authentic.

The BrandOffice solution offers permission control to company documents so that only those employees that need access to your documents have it. In addition, access to company documentation and templates is tracked and audited to give companies line of site of document usage and overall documentation compliance.