Connect with us

Strategies

Tips for staying secure while working from home

Because many devices attached to home networks don’t get patched or updated as frequently as corporate devices, the most common exploits detected so far in 2020 have targeted older systems. Nearly two-thirds of attacks targeted vulnerabilities disclosed in 2018, and a quarter targeted vulnerabilities from 2004.

Published

on

Due to the global pandemic, nearly two-thirds of companies have moved half or more of their employees to telework. Sixty-two percent of employed Americans, for example, say they have worked from home during the crisis, with the number of remote employees doubling between March 13 and April 2 of 2020, and this is not just a temporary change. Nearly a third of all organizations with remote workers expect that half or more will continue working from home after the pandemic. 

The security implications of such a dramatic transition in such a short period of time cannot be overstated. Under normal circumstances, moving an entire workforce from secure IT environments to home networks with very little cybersecurity would take long-term planning and preparation. But that was not an option in 2020. As a result, 32% of respondents to Fortinet’s 2020 Securing Remote Work Survey found that setting up and managing secure connectivity to be the most challenging aspect of switching to telework.  

Part of the problem was that the devices at the company’s core network were not designed to manage the volume of VPN connections required. As a result, many connections were not secure. Or even if they were encrypted, existing firewalls were incapable of inspecting VPN tunnels to ensure they weren’t being used to deliver malware – at least not without significantly slowing down connections. 

But the other part of the challenge is that many home networks were not setup to support the bandwidth requirements of VPN, let alone bandwidth-hungry business applications such as video conferencing. In addition, end user devices (many workers began working from home using a personal device) were often unpatched and unsecured as were other devices connected to the home network. These challenges made home networks an ideal target for cybercriminals. 

Cybercriminals Are Targeting Remote Workers 

And as one might expect, threat researchers saw a significant shift in the behavior of cybercriminals. According to the latest Threat Landscape Report from FortiGuard Labs, global sensors detected that the top attack targets identified in the first half of 2020 switched from targeting corporate devices and applications to things like consumer-grade routers and devices such as DVRs normally attached to home networks.  

There was also a significant increase in attacks targeting end users that used concerns about the coronavirus to lure them into clicking on malicious web links or open attachments infected with ransomware or other malware.

Part of the problem was that the devices at the company’s core network were not designed to manage the volume of VPN connections required. As a result, many connections were not secure.

The FortiGuard Labs team saw an average of about 600 new phishing campaigns per day during the spring. And because home users were no longer protected by corporate security devices, web-based malware became the most common attack vehicle, outranking email as the primary delivery vector used by cybercriminals for the first time in years.  

And because many devices attached to home networks don’t get patched or updated as frequently as corporate devices, the most common exploits detected so far in 2020 have targeted older systems. Nearly two-thirds of attacks targeted vulnerabilities disclosed in 2018, and a quarter targeted vulnerabilities from 2004. 

Seven Recommendations for Remote Workers 

During the last several months, IT teams have been scrambling to close the security gaps in their remote worker strategy. But while 92% of organizations report budget investments to address teleworker security, end users are still the front line of any security strategy – and never more so than now. Here are a few suggestions of what they can do to reduce risks. 

  1. Learn to Spot Attacks: Many organizations are sponsoring training programs to help their workers identify suspicious emails, websites, text messages, etc. In addition, there are free programs available online to provide end users with essential security training and information. And make sure everyone at home using the network, from roommates to children, get cybersecurity training as well. 
  2. Harden Passwords: Another easy step is to simply make passwords harder to guess, and also use different passwords for different accounts. To manage these passwords, use a secure password management system that can remember passwords. Then all anyone needs to remember is the login information for that one application. 
  3. Use Multi-Factor Authentication (MFA): Also known as two-factor authentication, MFA combines something a user knows, such as a password, with something they have, such as a fingerprint or a security token. MFA should especially be used when accessing financial information or logging onto the company network. 
  4. Patch Home Devices: Have users look at all of their devices at home and make sure they are running the latest versions of their operating systems. Even gaming and entertainment systems have options that let users check to see if they are running the latest version. 
  5. Secure Home Networks: This is probably a good time to consider adding or upgrading a security application to protect the home network and devices from attacks. In addition, many home routers now include gateway security which should also be enabled. Some cable operators and internet service providers also provide free security. Remote workers should make sure that logging onto the home WiFi requires a password. They should consider an email gateway that can detect and filter out malicious email attachment and links. 
  6. Improve Device Security: New advanced endpoint security solutions, known as endpoint detection and recovery (EDR), not only provides better threat detection, but also prevents infections that manage to get onto your device from executing their malware. EDR solutions should not only be applied to remote worker devices, but also on other endpoint devices in the home.   
  7. Upgrade Internet Connections: Remote workers should consider upgrading their internet service so they can run business-critical applications even when others are streaming movies or playing online games. Companies should consider providing funds to help offset the cost of a bandwidth upgrade. 

Enhance Your Remote Work Security Now 

Cybercriminals will continue to target remote workers, with no signs of letting up. Adding these seven steps to any corporate security strategy is the right way to begin protecting today’s distributed networks that include remote workers. 

BizNews

Tweak pitches based on how innovative an idea is

Pitches promoting radical ideas are better received when framed in concrete and explanatory ‘how’ terms, while progressive ideas do better with abstract ‘why’ style of pitches.

Published

on

In a study examining styles of pitching ideas to audiences, researchers found that pitches promoting radical ideas are better received when framed in concrete and explanatory ‘how’ terms, while progressive ideas do better with abstract ‘why’ style of pitches.

Previous research found that professional audiences, like investors, prefer concrete pitches with how-style explanations, while lay audiences such as students and crowdfunders respond better to ‘why’ style pitches for abstract ideas.

Professor Simone Ferriani, Professor of Entrepreneurship at Bayes Business School (formerly Cass), City, University of London, said: “We wanted to identify the best way for entrepreneurs to pitch their ideas to get audiences’ attention and investment. Could the way they pitch affect their success? What if they had great ideas but were pitching them in the wrong way? We wanted to explore which styles of pitching work best with differing types of ideas.”

To test this, academics conducted two experiments using an online survey with business students evaluating pitch decks, to see when new ideas were more likely to be viewed positively. The study used entrepreneurial pitches and varied the ideas’ originality and the style of abstract ‘why’ the idea works versus concrete ‘how’ the idea works. They looked at how these factors influenced people’s reception of the idea and their willingness to support it.

The results indicate that the pitching strategy should match the idea’s novelty to make it more appealing and likely to attract investment.

Professor Ferriani added: “Imagine a tech startup introducing a groundbreaking new virtual reality (VR) gaming platform that revolutionises the gaming experience. Our findings suggest that in their pitch to potential users, they should emphasise concrete usability details such as the advanced feedback technology, the immersive 360-degree visuals and the seamless integration with existing gaming consoles. When ideas have the potential to disrupt the status quo, this explanatory approach is key to offset the puzzlement that novel ideas can cause. Conversely, when ideas are less of a leap and more of a step forward, such as with incremental innovations, abstract language that paints the ‘why’ can be more effective.”

Denise Falchetti, Assistant Professor of Management at George Washington University School of Business (GWSB), added: “This strategy taps into the audience’s existing knowledge and expectations, connecting the new idea to familiar concepts and emphasizing its place within a broader vision or goal.”

Gino Cattani, Professor of Management and Organizations at New York University Stern School, concluded: “The research advises a tailored approach: for groundbreaking innovations, detail the practicalities; for incremental improvements, focus on the overarching vision. As the language of entrepreneurship continues to evolve, this study offers a compass for navigating the intricate dance of persuasion and influence, providing a linguistic toolkit for turning novel concepts into embraced innovations.”

The paper, ‘Radically concrete or incrementally abstract? The contingent role of abstract and concrete framing in pitching novel ideas’ is published in Innovation: Organization & Management.

Continue Reading

BizNews

Companies in strategic alliances get better access to financing, more desirable terms

Companies in alliances can gain access to new technologies and customers while keeping their autonomy.

Published

on

Shoppers browsing through blouses and blenders at Target know they can also quaff a cappuccino at one of more than 1,700 Starbucks cafes housed within Targets. The strategic alliance benefits both corporations by helping them reach new markets, boost their brands, and add incremental sales.

Collaborative partnerships such as this have grown at a pace of 3,600 per year, according to the SDC Platinum database. That’s partly because companies in alliances can gain access to new technologies and customers while keeping their autonomy.

New research from Texas McCombs highlights another advantage of alliances: They also make borrowing money easier.

Urooj Khan, associate professor of accounting, finds that companies entering strategic alliances can get both better access to financing and better terms through the financial networks of their partners. Banks that have already lent to one partner offer lower interest rates to a company entering the alliance.

The reason is that having a relationship with one partner helps them get insight into the other company, beyond what’s found in financial statements and alliance agreements, such as the strength of its commitment to the alliance and its ability to execute the alliance effectively. Such inputs are critical for assessing the credit risk of a borrower.

“It’s really hard to see whether a company will live up to its strategic alliance commitments, even if they put it on paper,” says Khan. “But these alliances have significant consequences for the companies’ financial futures, cash flows, and revenues.”

Knowing that an alliance can improve a company’s bottom line, banks can lend with less uncertainty, he adds. They can spend less on screening and monitoring, making it possible to extend a lower-interest loan to the new partner.

With Vincent Yongzhao Lin of Washington University in St. Louis, Zhiming Ma of Peking University, and Derrald Stice of Hong Kong University, Khan analyzed 5,343 U.S. bank loans issued to 1,254 borrowers in strategic alliances from 1991 to 2016.

The average company got loans from banks that had existing relationships with an alliance partner, as well as other loans from banks that did not. That allowed the researchers to compare lending outcomes. They found that in the four years after an alliance commenced:

  • Borrowers in alliances were 6% more likely to get financing from alliance-related banks than from non-alliance-related banks.
  • Interest rates on loans from alliance-related banks were 0.13 percentage points lower, on average, than loans from banks with no alliance connection. These cost savings represented a 7% decrease in the average cost of borrowing.

Alliance-related banks gave even more favorable rates when:

  • An alliance was economically important, as measured by its closeness to the company’s core businesses, similar markets for the partners’ products, or the equity markets’ reactions upon the alliance’s announcement.
  • The borrower’s transparency and accounting quality were low, making inside information from its partner even more critical to assessing its risk.

The findings have implications for banks and for companies considering entering a strategic alliance, Khan says.

Banks can look at new alliance partners of their existing clients as avenues for potential business growth.

For companies — especially those that anticipate needing a loan — the findings can help them decide whether to pursue an alliance in the first place.

“Companies typically consider access to new markets and technology or cost savings as the main benefits of forging strategic alliances,” he says. “Our research shows that partners can also benefit from each other’s financial networks through alliances.

“Thus, the quality and extensiveness of a firm’s banking relationships is an important factor in choosing an alliance partner.”

Strategic Alliances and Lending Relationships” is published online in The Accounting Review.

Continue Reading

BizNews

To promote your brand, stop hiring rogue social media influencers

Social media influencers are using bogus claims, deceptive editing and reinforcing gender stereotypes in a bid to gain popularity.

Published

on

Rogue social media influencers are relying on gender stereotypes, bogus claims and deceptive editing to monetise their content and increase their following, a new study has found.  

Influencers using these questionable tactics, which would otherwise be impermissible under marketing rules, are seemingly able to hide in plain sight thanks to the existing focus on ad labelling within the influencer industry.  

In the absence of a legal definition and comprehensive guidelines on influencers, some are able to operate in regulatory blind-spots, with the only real requirement that sinks its teeth is for them to be transparent on what type of content they are producing (eg. advertising) rather than the substance of their messaging. 

New research by the University of Essex’s media law expert, Dr Alexandros Antoniou, has unearthed some of the dark arts being used by rogue influencers.  

He has identified four questionable strategies which were recurring themes during his analysis of more than 140 rulings from ASA between 2017 and 2024. 

The rulings related to advertising and promotional content, which had been referred to the watchdog amid concerns it broke marketing regulations. 

Dr Antoniou, of Essex Law School, said: “Even though influencers are seen as trustworthy figures in online brand communities, my findings expose long-standing issues of non-compliance with established marketing rules. 

“The current heavy emphasis on ad labelling is misguided as site users are already aware of potential paid endorsements by influencers.” 

The four recurring themes and breaches identified by Dr Antoniou were: 

  • Promo-masquerade – exaggerating products through visual enhancements, mishandled give-away campaigns and prize mismanagement that leaves deserving participants empty handed or confused about terms of engagement. 

Example: The ASA found an influencer failed to deliver a £250 voucher from a fast-fashion retailer without justification and lacked evidence to show they had distributed three out of four prizes as part of a competition they were running.  

  • Risk-fluence – making impermissible and baseless health and nutrition claims, showcasing prohibited products, and the irresponsible promotion of age-restricted goods. 

Example: An influencer was found in breach of marketing rules by ASA after they promoted an alcoholic product which used playful words to suggest the drink was low in calories. 

  • Mone-trapment – encouraging followers to part with money through questionable ‘get rich quick’ schemes and high-risk investments. 

Example: The ASA ruled an influencer broke marketing rules when they promoted betting and gambling as a good way to achieve financial security 

  • Stereo-scripting – using stereotypical images of masculinity and femininity as basis for promotions, reinforcing harmful gender norms. 

Example: The ASA found an influencer used cheerful visuals and energetic soundbites to recount her experience of breast augmentation surgery, which merely reinforced societal norms tying a woman’s worth to physical appearance, thereby perpetuating superficial ideals and unrealistic beauty standards. 

Dr Antoniou is calling for a new regulatory framework to be established to ensure there are clear expectations and boundaries in which influencers can operate in. 

He has also suggested a new certification scheme, backed by the ASA, could be used in the influencer sphere to give the industry a more professional outlook.  

Dr Antoniou hopes these measures will make influencers more responsible for their content and help the influencer sector evolve into a mature industry.   

“The existing approach to regulating social media influencers is not working as it’s reactive, and seeks to apportion blame after bad ads have already had their impact on followers,” he said. 

“Instead, the aim should be to establish a clear baseline of expectations; a ‘floor’ through which influencers cannot fall.” 

Dr Antoniou added: “There is currently no evidence that influencers’ malpractice stems from wilful disregard as opposed to mere ignorance and it is the lack of specific guidance that impedes their ability to learn from mistakes.” 

Continue Reading
Advertisement
Advertisement

Like us on Facebook

Trending