How to protect your business from a security disaster

How to protect your business from a security disaster

MICROSOFT / Friday, June 15, 2018

Prevent a security disaster

Small businesses are seen as easy prey for hackers, but you can bolster your defences by turning to the cloud.

The biggest risk for many small businesses lies in the traditional server. For businesses that rely on sharing essential documents via servers, when they crash, it’s panic stations.

Then there are the sole traders, who store all their data on a single computer, and risk losing everything when there’s a theft or technical crash.

Add to that mix ransomware, phishing and hacking – there’s no shortage of security threats when it comes to your precious business data.

A major security breach or technical disaster can bring your business to its knees, so you need solid lines of defence combined with a disaster recovery plan to help you get back on your feet quickly.

So, what can you be doing to protect your business from a security breach?

Layers of defence

“I normally speak about security being like an onion,” says Mike Fernando – general manager of Perth-based IT support provider TechBrain.

“Security cannot be addressed by just one product or policy, it requires multiple layers to provide the best possible chance of a security threat being mitigated.”

The cloud removes many of these risks. In fact, your cloud vendor is investing in enterprise-grade secure storage for you, meaning you’re not only safeguarding your data, but you’re potentially saving in security investments.

Find out how the Microsoft Teams hub within your existing Microsoft 365 package can help protect your business from a security disaster.

The cloud can also underpin a unified approach to business communications, ensuring that interactions with the outside world are streamlined and safeguarded.

When it comes to protecting your email data, Fernando suggests extra lines of defence outside antivirus software and spam filtering – this can include Advanced Threat Protection, such as content filtering, scanning for phishing attempts and catching malicious web links within messages.

The benefits of the cloud

Ensuring your staff are working within the same cloud ecosystem doesn’t just ensure they’ll all be on the same page. It also reduces your exposure to security vulnerabilities, such as losing your data.

For Leonie Van Rooyen, owner of Zuri Boutique Hair & Beauty in St Kilda, one such vulnerability hit her business hard earlier this year when her salon was broken into, and the thieves stole her computer and hard drive.

“I lost all client entries, the client history over the past six years, all my financials … the only thing I didn’t lose because of online bookings were names and numbers.”

“If I were on the cloud earlier this wouldn’t have happened,” she admits.

It was a difficult lesson for Van Rooyen, but one which resulted in her expediting her existing plan to move all her systems onto the cloud to avoid any further security breaches in the future.

Cloud platforms automatically back up data, meaning a power surge isn’t going to mean losing all your work. In addition, collaboration tools mean document version control is no longer an issue – with people both within and outside of the business able to work on the same live documents in real time –  and sensitive data no longer needs to be shared between systems that can’t talk to each other.

Outside of security, the cloud also offers businesses with practical systems that can improve their productivity, particularly in instances of staff turnover.

By having everyone within your business operate in the same cloud platform you are ensuring that your data is protected when people leave your organisation. Business owners – or the owner of IT operations – can deactivate accounts to ensure that no sensitive information is taken from an organisation. Conversely, this can also make onboarding a lot simpler – with all documentation and data readily accessible to new hires.

Keep your guard up

While ransomware – such as the 2017 Wannacry attack – makes headlines, Fernando says phishing scams are becoming more prevalent, along with attempts to impersonate senior staff in order to dupe subordinates.

“Examples include bogus email directives, supposedly coming from the boss, requesting that accounts payable staff transfer funds to offshore accounts,” he says.

“These types of issues are best addressed by educating staff to spot fakes, as emails typically display the correct name but are often sent from an outside email address.”

Safe and sound

The cloud has empowered Perth-based marketing agency Brand One to remain agile as the business grows, all the while keeping a focus on data protection, says creative director Scott Campbell.

“We wouldn’t be as effective or responsive using a traditional software model,” he says.

Brand One’s time-critical business requirements such as job tracking, billing and documentation are all hosted in the cloud. These in turn are fully integrated with a cloud-based accounting solution, while email and data backups are also hosted in the cloud.

“There are plenty of threats out there but working in the cloud ensures that our data is safe and secure,” Campbell says.

“We can control the flow of information, to reduce risks to the business, and quickly get back on our feet should disaster strike.”

Five tools that can help protect your business from a security breach

  1. Cloud office suite – This handy tool ensures you can access your documents securely in the cloud
  2. Cloud collaboration – Collaboration tools, like Microsoft Teams, unifies email, workplace chat, file sharing and online meeting tools, creating platforms for secure communications
  3. Cloud backups – Backing up your data to the cloud ensures you have data offsite in case a disaster strikes
  4. Anti-virus and spam filtering – These filters will help block malicious applications and questionable emails
  5. Advanced Threat Protection – Checks for phishing attacks and catches malicious links

Original article found HERE at SmartCompany.com.au

Posted in Uncategorized | Leave a comment

“Sham operation” which sent SMEs fake domain name renewal letters fined $2 million by the ACCC

“Sham operation” which sent SMEs fake domain name renewal letters fined $2 million by the ACCC

DOMINIC POWELL / Monday, June 18, 2018

domain name

A group of domain name companies who scammed Australian small business owners out of a collective $2.3 million have been penalised by the Australian Federal Court and ordered to pay fines of nearly $2 million for breaching Australian Consumer Law.

Domain Corp Pty Ltd and Domain Name Agency Pty Ltd were handed down fines of a combined $1.95 million after the Australian Competition and Consumer Commission (ACCC) took them to court over a series of letters sent out to small businesses’ mailboxes back in 2016.

These letters claimed to be invoices for SMEs to renew their already existing domain names, but instead were registration letters for completely new domain names to the tune of $249 to $275 each. The ACCC found that over 300,000 of these unsolicited notices were sent to businesses, and approximately 10,000 businesses ended up paying the invoices.

Through sending the fake renewal notices, the two domain name companies were found to have made false and misleading representations and engaged in misleading and deceptive conduct.

“The Domain Companies misled businesses into thinking they were renewing payment for the business’ existing domain name, when in fact the business was paying for a new domain name,” ACCC acting chair Delia Rickard said in a statement.

“These sham operations target small businesses, capitalising on a lack of understanding of the domain name system or a busy office environment. We encourage businesses to be vigilant when paying invoices, especially if it is for a domain name registration service.”

At the time of the original scam, which was sent close to Christmas, security experts warned SMEs against rushedly paying invoices at busy times, when letters like these are more likely to “land on the desk of someone who assumes someone has already authorised paying it”, cyber security expert at Sense of Security Michael McKinnon toldSmartCompany at the time.

McKinnon also advised SMEs to be regular with their domain name renewals, saying business owners are generally “particularly bad” at managing them, believing the majority of domains are renewed on the same day they expire.

“Small businesses are particularly bad at managing domain name renewal. They’ll come into the office and realise emails are bouncing, and then they’ll renew the domain,” he said at the time.

“Because of this companies can get anxious about the next time they have to renew their domain, so scams like this can be particularly effective.”

The director of both the companies has also been ordered to pay the ACCC costs of $8,000 and has also been barred from managing a corporation for five years.

Original article found HERE at SmartCompany.com.au

Posted in Uncategorized | Leave a comment

Trust is the heartbeat of business, sales and society

Trust is the heartbeat of business, sales and society

SUE BARRETT / Monday, June 18, 2018

I have been writing about consumer trust in sales and business for many years. However, this year has seen a rise in my output on this topic, especially with the fallout from the Banking Royal Commission with posts such as: The Flight to Ethical Selling – how the banks can avoid a royal commissionWhat does Selling Better mean for customers and shareholder return?; and What are the biggest issues facing CEOs and sales leaders today?

Yet trust is the heartbeat of business, sales and society.

Without this life force pumping vitality through our collective systems every day we start to wither and recoil. We become weak and anaemic. We close ourselves off and lose sight of what is real and important to our survival.

However, trust is much more present in our daily lives than the media and governments might have us believe.

Most of the people we rely upon to get us through our daily lives are strangers to us. The infrastructure for us to travel on and live within, the clothes we wear, the food we eat: all rely upon the endeavour of strangers for the most part, and we trust that they are doing the right thing. And for the most part people are; it is heartening and comforting if we lend our attention to this fact.

Yet, when the things we are meant to trust fail, like banking institutions – i.e. the fallout from the Banking Royal Commission – we feel betrayed, let down, angry and confused. We start to question what is true and what is not. We become wary, cautious, and more anxious, especially about the intentions of others.

As cited in the Australian Financial Review article this week:

Former ANZ CEO John McFarlane calls for rethink of banking philosophy…  he has called for a shift in corporate philosophy away from the focus on making money to making a contribution to society. In an essay about long-term sustainable value, McFarlane admits that as a banker, “today I am ashamed of the reputation of our banks”.

“I joined the industry over forty years ago where the bank manager was the doyen of the community,” he says. “Not so today. We must return to the philosophy that banking is a profession as well as a business, and that contribution rather than reward is its centre of gravity.”

Short-termism, adherence to higher and higher shareholder returns, win-at-all-costs hyper aggressive greed based ‘bro’ cultures, and affluence creation as a sole purpose in of itself: all are factors that breach trust and bring organisations to their knees with the likelihood of customers, members, patrons, patients, shareholders and employees leaving in droves.

When consumer trust is breached by individuals or organisations, it is very hard to come back to that entity and feel completely safe. Our radar is heightened and alert: it’s hard to relax when we are not sure of their intentions and we stay wary, looking for signs of more danger. We end up questioning the motives of others, with good reason – because if we don’t, we may become their victims.

This is the dance of all human relationships.  I confess I start out with trust as the default setting; however, I know of others who start the other way around. Wherever we start, we are working with the tension between trust and mistrust. We look for signals that help us navigate our relationships and whether we can feel safe with people or not. This is true internally within organisations and teams, with customers, and people in general.

Hard earned over many years, trust can evaporate overnight.

Trust Building Elements

So what do we need to do to develop, encourage, support and sustain trust-based relationships in sales, business and society?

Here is a list of Trust Building Elements for your consideration:

  • Expertise: have the ability, knowledge and resources to meet customers’ realistic expectations in our areas of expertise
  • Dependability: do what we say we will do. Make promises we can keep and keep the promises we make. Be reliable. Deliver quality.
  • Authenticity: be genuine.
  • Candour: cultivate the quality of being open and honest. Frankness.
  • Customer orientation: Place as much emphasis on our customers’ interests as our own.
  • Respect
  • Compatibility: create a common connection. Find something in common. Be caring.
  • Clarity: be clear about what you can and cannot do for people. How you help them.
  • Collaboration & Cooperation: work together, with each other. Aim for win-win relationships. Sort out differences in a respectful manner. Find common ground to work from.
  • Consistency: set clear guidelines, expectations and accountabilities and stick to them.
  • Communication: maintain frequent, open and meaningful communications. No confusing terms, tricky jargon or asterisks. Communicate any changes in a timely manner to give people a chance to adapt, and act if desired.
  • Principles & Purpose: design and lead a culture around principles, not rules. Define a higher purpose that supports mutually beneficial, fair and sustainable long term practices, values and outcomes.

Principles not Rules

John McFarlane calls for a system governed by principles not rules. He says:

Organisations need to take the actions necessary to earn long-term trust and commitment as a foundation for long-term value creation. Our actions and decisions must therefore be socially beneficial, culturally desirable, ethically justifiable, economically feasible, ecologically responsible and above all, convincing and transparent.

Selling Better Manifesto

This is precisely why we created and released the Selling Better Manifesto.

It is designed as an antidote – an alternative business philosophy – to the short-termism, win-at-all-costs, hyper aggressive, greed-based ‘bro’ cultures that desecrate trust on every level and do not deliver real value.

It is our intention to reclaim and practice the true essence of selling for a sustainable and prosperous world. Consumer trust is the heartbeat human-centred sales and leadership strategies and practices designed for a collaborative world

We are dedicated to the proliferation of human-centred sales, and leadership strategies and practices that deliver win-win business relationships, enhanced reputations, aligned customer-centric cultures, sustainable business practices, satisfied customers and much better sales results.

Original article found HERE at SmartCompany.com.au

Posted in Uncategorized | Leave a comment

What is the borderline between disrespect and workplace bullying?

What is the borderline between disrespect and workplace bullying?

EVE ASH / Tuesday, June 19, 2018

The borderline between disrespect and workplace bullying or harassment is when negativity becomes habitual, concentrating on one person.

Snide, snappy, dismissive?

A manager whose snide comment dismisses that you were late because your child was sick and the babysitter cancelled, or the know-all in a group workshop who says your summarising is “too slow”: these comments are disrespectful because they are dismissive of the context. Someone’s one-off verbal aggression or throwaway putdown is hurtful, unpleasant, unwarranted; but you can choose to deflect or respond as you see fit.

Continual disrespect?

When a person keeps up disrespectful behaviour, this veers towards workplace bullying and harassment. However they might not actually be a bully, particularly if no-one’s yet called out what they’re doing, or perhaps reminded them there’s an office policy against that.  They are insensitive, lacking empathy, but still capable of rehabilitation. They are rude several times, others decide to jump on them, and generally that’s the end of it.

Cruelty?

Bullying in many ways is akin to bullfighting.  The matadors circle and goad the poor bull with their sharp banderillas: the aim is to kill, in an orchestrated way. It is, for its fans, an elaborate dance of ancient origins – but no less bloody and cruel for that.

Resilience and assertiveness

There’s a lot of discourse about the importance of resilience in dealing with bullies, but it tends to be simplistic. What acts as a trigger for your feelings of humiliation or persecution might have little effect on me, and vice-versa.  So it’s not useful to prescribe what a person should or shouldn’t be feeling, nor is it helpful to reduce the problem to how a person ‘ought’ to handle a situation. Assertiveness and resilience are skills we all need and it should be taught at work. But we should also have places to refer those who experience bullying and harassment, if we don’t have people skilled and qualified in-house.

Characteristics of a bully

When we look at these characteristics, it is hard to accept that bullies are unaware of their actions and crushing impact on others. In fact, the opposite is most often true.

  • Derives pleasure from torment: just as bullfighting crowds cheer at the first blood, the harasser or bully gloats. It is not enough to wound: they must ‘finish’ their victim off. Remember the sadistic sensei in The Karate Kid? Such people and their followers deeply fear their own weakness; it’s always so much easier to inflict pain on someone else. It’s cowardice, but not the knee-trembler variety. Bullies feel elevated by trampling on others – theirs is an extremely limited, adversarial world view.
  • Believe they have the power: nostrils quivering, the bully scents the minutest whiff of their advantage or another person’s disadvantage, usually because there’s more than one bully (in which case you’ve got a gang), or because the bully occupies a higher rank in the office foodchain.
  • Relentlessly mean and nasty: whether it’s teasing, badmouthing, gaslighting (making a victim question their reality) or outright persecution, they will not stop. They find opportunities to have another go at a person. They may specialize in one or more types of persecution: written, online, physical verbal, sexual, emotional. In their crocodile brain, it’s all about destroying the opponent or at least shattering them into a million pieces in the expectation they won’t recover.

Confronting the bully is difficult for many of us

They often simply deny it, pretend that it’s ‘all in your head’ or accuse you of bullying them. They are revealed, though, in the ways they condemn, exhort others to denigrate, act as though their views are the only legitimate experience going on. Their methods (not necessarily their manner of expressing themselves) are crude, vicious; they are not interested in reasonable discussion or evaluation. The ‘victorious’ matador takes the ear of the mortally wounded bull as a souvenir.

What to do about it?

It’s quite clear that there’s a slippery slope between disrespect and the sport of stomping on others. The legal maxim “when there is no remedy, there is no right” holds true. As people rise up and speak out about wrongful attitudes and practices, workplaces and institutions (parliament, government, schools, etc) must continue the work: criminalise hazing rituals, prohibit bullying, penalise harassment and discourage disrespectful talk and behaviour. Investigate complaints, explore differences, mediate solutions, nip problems in the bud. Strengthen the grievance process; ensure that mediation is handled competently and acutely. Be sure the lines are drawn, not undermined.

The best thing organisations can do is teach people respectful communication skills. We shouldn’t just identify and outlaw the bad behaviour, we should provide clear examples of positive communication and respectful relationships.

 Original article found HERE at SmartCompany.com.au
Posted in Business Investigations | Leave a comment

Combining the facial recognition decisions of humans and computers can prevent costly mistakes

Combining the facial recognition decisions of humans and computers can prevent costly mistakes

 

File 20180604 177134 149ocx3.jpg?ixlib=rb 1.1

Students tested on their ability to tell whether two images were of the same person were wrong 30% of the time.
Shutterstock

 

David White, UNSW

After a series of bank robberies that took place in the US in 2014, police arrested Steve Talley. He was beaten during the arrest and held in maximum security detention for almost two months. His estranged ex-wife identified him as the robber in CCTV footage and an FBI facial examiner later backed up her claims.

It turned out Talley was not the perpetrator. Unfortunately, his arrest left him with extensive injuries, and led to him losing his job and a period of homelessness. Talley has now become an example of what can go wrong with facial identification.

These critical decisions rest on the ability of humans and computers to decide whether two images are of the same person or different people. Talley’s case shows how errors can have profound consequences.

My research focuses on how to improve the accuracy of these decisions. This can make society safer by protecting against terrorism, organised crime and identity fraud. And make them fairer by ensuring that errors in these decisions do not lead to people being wrongly accused of crimes.




Read more:
DNA facial prediction could make protecting your privacy more difficult


Identifying unfamiliar faces

So just how accurate are humans and computers at identifying faces?

Most people are extremely good at recognising faces of people they know well. However, in all of the critical decisions outlined above, the task is not to identify a familiar face, but rather to verify the identity of an unfamiliar face.

To understand just how challenging this task can be, try it for your self: are the images below of the same person or different people?

 

Same or different person? The correct answer is provided at the end of this article.

 

 

Humans versus machines

The above image pair is one of the test items my colleagues and I used to evaluate the accuracy of humans and computers in identifying faces, in a paper published last week in Proceedings of the National Academy of Science.

We recruited two groups of professional facial identification experts. One group were international experts that produce forensic analysis reports for court (Examiners). Another group were face identification specialists that made quicker decisions, for example when reviewing the validity of visa applications or in forensic investigation (Reviewers). We also recruited a group of “super-recognisers” who have a natural ability to identify faces, similar to groups that have been deployed as face identification specialists in the London Metropolitan Police.

Performance of these groups compared to undergraduate students and to the algorithms is shown in the graph below.

 

Accuracy of participant groups and face recognition algorithms in Phillips et al (2018).
PNAS

 

Black dots on this graph show the accuracy of individual participants, and the red dots show the average performance of the group.

The first thing to notice is that there is a clear ordering of performance across the groups of humans. Students perform relatively poorly as a group – with over 30% errors on average – showing just how challenging the task is.

The professional groups fare far better on the task, making less than 10% errors on average and nine out of 87 attaining the maximum possible score on the test.

Interestingly, the super-recognisers also performed extremely well, with three out of 12 attaining the maximum possible score. These people had no specialist training or experience in performing face identification decisions, suggesting that selecting people based on natural ability is also a promising solution.




Read more:
Class action against Facebook over facial recognition could pave the way for further lawsuits


Performance of the algorithms is shown by the red dots on the right of the graph. We tested three iterations of the same algorithm as the algorithm was improved over the last two years. There is a clear improvement of this algorithm with each iteration, demonstrating the major advances that Deep Convolutional Neural Network technology have made over the past few years.

The most recent version of the algorithm attained accuracy that was in the range of the very best humans.

The wisdom of crowds

We also observed large variability in all groups. No matter which group we look at, performance of individuals spans the entire measurement scale – from random guessing (50%) to perfect accuracy (100%).

This variation is problematic, because it is individuals that provide face identification evidence in court. If performance varies so wildly from one individual to the next, how can we know that their decisions are accurate?

Our study provides a solution to this problem. By averaging the responses of groups of humans, using what is known as a “wisdom of crowds” approach, we were able to attain near-perfect levels of accuracy. Group performance was also more predictable than individual accuracy.

Perhaps the most interesting finding was when we combined the decisions of humans and machines.

By combining the responses of just one examiner and the leading algorithm, we were able to attain perfect accuracy on this test – better than either a single examiner or the best algorithm working alone.

Face recognition in Australia

This is a timely result as Australia rolls out the National Face Identification scheme, which will enable police agencies to search large databases of images using face recognition software.




Read more:
Close up: the government’s facial recognition plan could reveal more than just your identity


Importantly, this application of face recognition technology is not automatic – like automated border control systems are. Rather, the technology generates “candidate lists” like the one shown below. For the systems to be of any use, humans must review these candidate lists to decide if the target identity is present.

 

A ‘candidate list’ returned by face recognition software performing a database search. Humans must adjudicate the output of these systems by deciding whether the person in the ‘probe’ image – the image at the top – is pictured in the array below, and if so to select the matching face. The correct answer is provided at the end of this article.

 

 

In a 2015 study my colleagues and I found that the average person makes errors on one in every two decisions when reviewing candidate lists, and chooses the wrong person 40% of the time!

False positives like these can waste precious police time, and have potentially devastating effect on people’s lives.

The study we published this week suggests that protecting against these costly errors requires careful consideration of both human and machine components of face recognition systems.


The ConversationCorrect answers: The pair of images are different people. The matching image in the candidate list is top row, second from left.

David White, Scientia Fellow, UNSW

This article was originally published on The Conversation. Read the original article.

Posted in Uncategorized | Leave a comment