by Felicien | Jan 12, 2018 | Education
Even leaders in tech-adjacent fields — like the toy industry — know the importance of investing in technology expertise and a more robust IT infrastructure.
As much as we try to predict the future, it’s never been easy. The catch has always been that as soon as you’re sure of what’s coming next, it’s probably too late to take advantage of it.
What’s worse is that we’re often too short-sighted to make the next leap – as Henry Ford himself put it, “If I had asked people what they wanted, they would have said faster horses.”
This quote, attributed to one of the world’s greatest innovators, illustrates both why it’s so important to think ahead of what consumers want, and why it’s so troubling when you fall behind. When customers ask for the wrong thing (faster horses), it’s up to innovators to match that request with the perfect solution (automobiles). Another great example is the iPhone – nobody was asking for a smartphone, but Apple knew it was what was next.
However, while you may not know for sure who’s going to win the Super Bowl, or what tomorrow’s lotto numbers are, more and more experts and leaders have begun to bet on one thing for sure: technology.
“How do we embed, in all our toys, the 21st-century skills that children need to succeed?”
That’s the question that Mattel CEO Margot Georgiadis asked herself and her company, shared in a Fortune interview with Suzie Gharib. What Georgiadis and many other business leaders are coming to realize is that the future belongs to those who embrace it – not those that fight against it.
“This company started in a garage, just like Google, by passionate entrepreneurs, and so much of what I’m trying to do is the anchor the company back in that entrepreneurial, creative space that made us so successful,” said Georgiadis.
“One of the areas that I really think a partnership is important in is technology – there are so many capabilities that are being developed that we can actually leverage if we create the right ecosystem that’s simple and easy to use.”
She’s not alone. More and more, business leaders are finding that investing in technology by building a strong IT infrastructure soon leads to growth, expansion, and innovation.
Consider the cloud-first movement, which prioritizes investment in cloud technologies over any other type of technology. Spearheaded by the US government back in 2010, more and more members of the tech industry today are finding that by focusing on providing the best possible cloud solutions (and using them themselves), they can grow more rapidly and command a larger market share.
However, as Georgiadis notes, it’s not just the cloud that’s important.
“We can leverage new developments in robotics and artificial intelligence, in general, to plug into our toys in a more platform-centric way, the way you would in a tech company,” said Georgiadis. “You take ideas from inside and outside, and when you put those together, change happens a lot faster.”
This is all in an effort to help shepherd the next generation into greater tech-literacy. By investing in how children think about and use technology, Georgdalis believes we can build a better future.
“One of the things that have been amazing in getting tech companies to want to partner and help us is this whole need for STEM education to be advanced,” said Georgiadis. “To ensure that boys, girls, and minorities are falling in love with this technology from as young an age as possible and really see that as a potential career. We do not want to leave anyone behind, and we all have a role to play in shaping a world where everyone is included in this incredible set of changes that are going on in our world – to me, that’s a huge area of passion, it’s one of the most important reasons why I took this job.”
How is Georgiadis shaping the future of Mattel?
Georgiadis is focusing on technology simply by investing in the company’s technology, primarily by hiring Mattel’s first-ever Chief Technology Officer, Sven Gerjets. The first step is for them to develop a more robust infrastructure and ensure that Mattel can survive in a tech-centric business world.
“What he’s really doing is not just upgrading and ensuring that we have the infrastructure to be a faster, leaner, more data-driven company, but he’s also ensuring that all the technology products are moved from an item approach to a platform approach,” said Georgiadis. “It’s much more efficient, and allows us to embed our capabilities in far more products more cost-effectively.”
With technology firmly positioned as the foundation of today’s business operations, the need to make the most of an available technology budget is more critical than ever. Whether it’s for a massive enterprise like Mattel, or a small business, getting the absolute most out of your technology investment can be a key part of your business’ success.
Choosing something like an Infrastructure as a Service solution has great advantages to offer businesses in both the short-term and long-term. In the short-term, employees are given the tools they need to work efficiently and offer better service to their customers. As the business becomes more comfortable with the accessibility and flexibility the cloud provides, there will soon be a growing number of options available to streamline business processes and eliminate repetitive and time-consuming tasks.
Furthermore, as the business continues to grow, the cloud will easily grow with it. Scalability is one of the biggest selling points for Infrastructure as a Service, as its potential to adapt and expand as needed is a fantastic asset for any business. It would be difficult to find any other technology that’s as universally well-suited as Infrastructure as a Service, making it not just a smart technology investment, but a smart investment in the future success of a given business, such as Mattel.
“[Gerjets has] been bringing together all the people working on those products, he’s been streamlining what we’re focused on, and he’s been deciding the four or five key technologies that we’re going to bet on across the company, and ensure we have a scalable approach,” said Georgiadis.
If there’s one thing you can bet on, it’s technology. The question is: are you going to wait until your competitors have eaten up the market share of consumers looking for businesses with a technology focus? Or will you start investing in IT infrastructure today?
by Felicien | Jan 12, 2018 | Education
The recent announcement of the vulnerabilities found in the Intel, ARM, and AMD processors has sparked a new phishing campaign and not the good kind of fishing with bait and largemouth bass. Although, these hackers are using a particular kind of bait.
While Meltdown and Spectre require access to your system, hackers have various ways to gain access. Already hackers are using phishing emails to trick users into giving them access. They send out an email claiming to contain a patch for Meltdown or Spectre. Instead, the email installs malware on your system. This malware gives the hacker access to your system, allowing them to exploit the bugs and take the unprotected data.
Be wary of social engineering scams like phishing emails. Hackers are all too eager to take advantage of problems like this, and unfortunately, some people are so eager to fix the problem that they might not realize that the “patch” they just clicked on is now allowing a hacker to steal all their data.
WHAT IS PHISHING?
Phishing is a hacking technique that “fishes” for victims by sending them deceptive emails. The “ph” replaces the “f” in homage to the first hackers, the “phone phreaks” from the 1960’s and 1970’s. Virtually anyone on the internet has seen a phishing attack. Phishing attacks are mass emails that request confidential information or credentials under pretenses, link to malicious websites or include malware as an attachment.
Many phishing sites look just like the sites that they are impersonating. Often, the only difference in many spoofed sites is slight, and easily missed the difference in the URLs. Visitors can easily be manipulated into disclosing confidential information or credentials to the hacker if they can be induced to click the link. Even blacklisted phishing sites can often get by standard filters through the technique of time-bombing the URLs. Then the URL will lead to an innocent URL initially to get past the filters but then redirect to a malicious site.
Although malware is harder to get past filters, recently discovered and zero-day malware stands an excellent chance of getting through standard filters and being clicked on, especially if malware hides in a non-executable file such as a PDF or Office document. This is how many of the recent ransomware attacks were pulled off.
Now with Meltdown and Spectre looming over us, the average person is more susceptible to “quick fixes” and solutions to this issue.
Despite the lack of personalization, an astonishing 20% of recipients will click on basically anything that makes it to their inbox.
SPEAR PHISHING
Spear phishing is an enhanced version of phishing that aims at specific employees of the targeted organization. The goal is usually to gain unauthorized access to networks, data, and applications. In contrast to the mass emailing of a phishing attack, which might see hundreds of attack messages sent out to random recipients within the space of a couple of hours, spear phishing is methodical and focused on a single recipient. Often the initial email will contain no URL or attachment. Instead, it will simply try to invoke the recipient into thinking that the sender is who they say they are. Only later on will the hacker request confidential credentials or information, or send a booby-trapped URL or attachment.
The additional customization and targeting of a spear phishing email, along with the lack of easily recognized blacklisted URLs or malware customization results in click-rates more than 50%!
by Felicien | Jan 12, 2018 | Education
Technological advancements have, without a doubt, had a positive impact where your business is concerned. But they have also led to hacking, data breaches and the likelihood that rogue employees will use tools to jeopardize the security of your data.
What is a Rogue Employee?
A rogue employee undermines your business by ignoring rules and policies. They might openly break these rules, without concern of being fired, or covertly subvert them to prevent from being discovered.
Their actions might be relatively harmless or serious enough to pose a risk to the security of your data. In the worst-case scenario, a rogue employee will attempt to undermine your organization by giving your data to a competitor or engaging in corporate espionage.
The rise of BYOD in businesses, where employees are allowed to use their personal devices at work, and mobile apps and cloud-storage solutions, provides the rogue employee the vehicles to do his “dirty work.”
There are three types of rogue employees:
1. The ambitious, resourceful and independent individual: These rogue employees are driven to get a job done, even if it’s illegal. They’ll stay up all hours to find a way to circumvent your rules–rules they perceive are obstacles that just slow them down. They view these rules as only for less capable employees and resent having to comply with them. These rogue employees can be dangerous to your organization because they are so capable.
2. Disgruntled employees with access to highly confidential data: This employee pushes boundaries so they can be involved in as many processes as possible. However, as they get access to more systems your risk mounts. They hold a grudge and want to do you harm in the end. When they quit or are fired, they may steal proprietary information and leak it.
3. Negligent employees: These employees disobey rules and protocols because they’re either incapable of understanding and following them, or they’re just plain lazy. These are the individuals who leave their login IDs and passcodes on sticky notes pasted to their computer monitor or share sensitive data in emails for whatever reason. They aren’t trying to harm your business, they just have no idea how dangerous this behavior is.
An example of a disgruntled rogue employee succeeding in their effort was when president Donald Trump’s Twitter account briefly went offline in November 2017. Twitter learned that it was a departing employee (contractor), who took advantage of his last day to do this.
How to Stop Rogue Employees From Harming Your Business
Constant monitoring, Security Awareness Training, and more severe access restrictions are all strategies you can employ to stop rogue employees.
Monitoring
As an employer, you have the legal right to track Web surfing, emailing and other activities by employees using your company computers. Monitoring will protect your business from harm, and affirm that employees are complying with your regulations and policies.
Two-thirds of companies that employ monitoring have fired employees for infractions according to research conducted by Nancy Flynn, Executive Director of the ePolicy Institute. She believes that general monitoring for electronic abuses (with employees’ knowledge) is necessary.
“It’s a fact of business life that legal risks exist, regulatory risks exist…Employees will put your business at risk accidentally or intentionally. You need to mitigate those risks.”
Training
You must teach your employees how to minimize the risk of data falling into the wrong hands:
Explain the warning signs of a cyber attack, and how to spot phishing and ransomware attempts, and other suspicious activities. Explain what they should do when these threats come across their computer screen.
Set up mock “phishing” emails to see who takes the bait. This will teach employees to better scrutinize emails.
Make sure all employees are thoroughly trained on the security for their individual computers.
Explain to employees that a data breach could mean the loss of their job.
Install and deploy technology that will detect and alert employees when they are doing something they shouldn’t on their computers.
Access Restrictions
Install and deploy Identity and Access Management (IAM) software. This automatically grants access to resources on an “as needed” basis. This will prevent rogue employees from accessing the information they shouldn’t.
These solutions will provide you with centralized visibility and control so you can actively monitor and measure the risks inherent in your IT system. IAM software manages identity authentication, access policies, user account privileges, role-based user provisioning processes, automated workflows, and rule-based group policies.
The implementation of this type of software can be complex especially when access decisions are coded into business applications. Your IT Managed Services Provider can help you with this.
Constant monitoring, Security Awareness Training, and more severe access restrictions are all strategies you can employ to stop rogue employees. Although, unless you protect the privacy of your data, these will only alleviate the problem to some degree.
by Felicien | Jan 12, 2018 | Education
We know LinkedIn is the most popular ‘social network’ for professionals in a wide variety of industries. It’s filled with fantastic features and functions that will propel your career or business in terms of expanding your professional network and enhancing your credibility in the marketplace. So what’s the deal with LinkedIn Premium? Is it really worth the big bucks?
Here’s the Full Scoop on LinkedIn Premium Plans…
LinkedIn Premium plans aren’t exactly cheap – costing around $29.99 to $47.99 per month for job seekers, $69.99 per month for business development or sales professionals, and $99.95 per month for recruiters looking to fill positions.
The base plan, Premium Career ($29.99 per month), is great for job seekers who want to connect with people within any company, industry or geography. You’re able to enhance your profile for greater visibility while sending three InMail messages per month.
The next plan, Premium Business ($47.99 per month when billed annually), gives you unlimited searches in your extended network. Plus, you get advanced search filters and 15 InMail messages each month.
Premium Sales Navigator Professional ($64.99 per month when billed annually), possibly one of the most useful plans, is phenomenal for business development or sales professionals alike. Why? LinkedIn stores mass amounts of data on people from all sorts of companies and industries.
This data is seriously game-changing when you’re trying to make that next sale or add leads to your ever-growing funnel. You not only receive lead recommendations and invaluable insight into existing accounts, but you also get 20 InMail messages each month.
Premium Sales Navigator is also available in a multi-seat version known as Sales Navigator Team ($99.99 per month when billed annually). This option gives you 30 InMail messages, 10 PointDrive presentations, 25 Out-of-Network profile unlocks, and much more.
Premium Sales Navigator Enterprise takes it to the next level with 50 InMail messages and an unlimited number of seats. All of the Premium Sales Navigator plans give you the following great features, so it’s entirely dependent on what extras you need and what you’re willing to spend:
100-mile maximum search radius from specific postal codes
1000 profiles shown per search
15 saved search alerts each week
Unlimited number of saved searches, accounts, and lead recommendations
Advanced search filters
Access to the mobile app
Last but not least, LinkedIn’s Talent Solutions, starting at $99.95 per month when billed annually for the starter tier: Recruiter Lite. Recruiter Lite gives you 30 InMail messages, advanced search, automatic candidate tracking and integrating hiring, and more.
Recruiter Lite is great for those who need to make a few hires. Recruiter, the next tier, is great for those who are always in search of people to add to their team. Pipeline Builder, the last tier, is great for creating a constant pipeline of talent for your team.
Need more information? Call {phone} or email us at {email} to find out more about Premium Career, Premium Business, Sales Navigator Professional or Recruiter Lite. Our team is always here to help.
What’s the Final Verdict?
LinkedIn Premium is absolutely worth the splurge (and of course, we would recommend choosing to be billed annually to get the discounted price of whichever plan you choose). Upgrading is well worth your time and money if you’re looking to:
See more than just the last five individuals who have viewed your profile in the last 90 days.
Access expanded search results with features like filtering results by industry or job title.
Send messages to members of the site (professionals or employers) who are not currently contacts of yours.
Receive lead recommendations and insight into existing accounts easily to keep your funnel constantly up-to-date.
Find great talent to join your company, whether you’re hiring a few people or an entire team.
Learn more about your industry and increase your chances of securing employment within that field.
As an added bonus, LinkedIn Learning and LinkedIn Salary are included with all four versions of LinkedIn Premium. LinkedIn Learning gives you the most in-demand technology, business or creative skills through industry expert-taught courses.
LinkedIn Salary, on the other hand, gives you a breakdown of salaries by job title and location. You can also view data on specific businesses, such as geographic expansion, employee turnover, and other useful information.
If you’re ready to get started with one of the plans mentioned above, get in touch with us now at {phone} or {email}. We’ll answer any questions you might have about LinkedIn Premium and what the right plan can do for you.
by Felicien | Jan 11, 2018 | Education
Accidentally creating two LinkedIn accounts is a common mistake. You may have created the accounts years apart, having forgotten that the first account existed, or maybe you were invited by different users based on different email addresses. Whatever the case, there is a solution to this issue.
Of course, you would want to save your contacts from both accounts, assuming there are not duplicate connections on both pages. It is important to choose which account you will be closing. It is recommended to keep whichever account has the most activity or recommendations, as these are both aspects of LinkedIn that are good for you and your company. After choosing which account you will be keeping, it is time to think about exporting your contacts.
Saving your LinkedIn contacts is easier the fewer contacts the account has. All contacts should have their email listed at the bottom of their account. After you locate the email, you can copy and paste it into a Word document. You can use this file to reconnect with your other LinkedIn account.
If you have exponentially more contacts, the process is a little harder and more like a glitch in the system. To export the emails of many contacts on LinkedIn
Click contacts then click connections.
Click export connections at the bottom of the page.
Export the file to a CSV file.
A yellow bar will appear at the top of your browser. You must click the yellow bar to continue exporting.
Save the file as a .csv, not a text file.
Open the file in Excel.
Delete all columns except the email column.
Save the file as a .txt file.
Use .txt file as an input file.
Finally, invite the contacts to your account.
This process is very confusing and difficult. If you do not want to follow these ten hard-to-follow steps, you can always contact the LinkedIn helpdesk which will provide you with whatever service you are requesting.
It is important to make sure you delete one of the profiles, so connections in the future will not be confused by your multiple profiles or recommend the wrong profile. You also want to ensure that others in the future will not invite you to LinkedIn via a different email address. To make sure everything goes smoothly, link your other email account to your LinkedIn account. Connecting more than one email to your account is easy, and will save you potential misunderstandings in the future.
To delete the account that you will no longer be using; you can either email the LinkedIn help desk or follow the directions below.
Navigate to account setting in the top right corner.
Select ‘personal information.’
Select the 4th option ‘close your account’ and follow the links there.
Keeping your LinkedIn account up to date is important when trying to stay in touch with other professional online. Don’t let yourself make this mistake more than once because it is difficult to fix and might be confusing to some of your connections. Make sure all contact information is correct, even if it means having multiple emails. It’s better to take the time to connect with other the right way the first time, rather than sending them new invites to your LinkedIn profiles over and over again.
by Felicien | Jan 11, 2018 | Education
It’s no secret that the healthcare system is wracked with ransomware attempts. In fact, it was one of the leading concerns for 2017. These ransomware attempts are due to the significant amount of personal information that’s in the hands of the healthcare providers. All this private data is an attractive target for hackers who want to make a quick, albeit illegal, buck.
According to McAfee research, the healthcare sector has suffered more than most when it comes to ransomware.
Part of the reason for this is the surprising lack of focus on cybersecurity amongst many hospital administrators and healthcare providers—They are more worried about HIPAA compliance regarding data protection, rather than overall IT security.
Healthcare providers focus must change. Ransomware attacks are predicted to be more numerous and disastrous than ever before. They have a hidden purpose–to severely harm your IT network, business and potentially your patients.
Hospitals, healthcare systems, and providers must take cybersecurity seriously and make it a priority.
Raj Samani, Chief Scientist at McAfee, predicts that not only will ransomware attacks continue as they have traditionally, but hackers will also introduce pseudo-ransomware attacks:
“The healthcare sector has probably suffered more than most, regarding ransomware,” said Samani. “What we see today is the broken proliferation of ransomware–which started in healthcare.”
According to Samani, pseudo-ransomware is a significant challenge. It looks like a virus, but its purpose is something entirely different. These attacks will take hold of your data and hold it for ransom. However, no longer will hackers merely lock down your computer screen or workstation, they’ll take your data. And if you refuse to pay them, they’ll expose your private information.
In 2017, multiple medical facilities in the U.S. were the target of different attacks. Some ended up paying thousands of dollars to retrieve their files. The hackers used ransomware to encrypt data, lock computers and hold the information for ransom payments. These attacks should be a primary concern for healthcare administrators and providers who store a significant amount of private information.
According to the FBI, we see an increase in these types of cyber attacks, particularly against organizations because the payoffs are high.
The FBI doesn’t support paying a ransom in response to a ransomware attack. “Paying a ransom doesn’t guarantee an organization that it will get its data back, said FBI Cyber Division Assistant Director James Trainor—We’ve seen cases where organizations never got a decryption key after having paid the ransom. Paying a ransom not only emboldens current cybercriminals to target more organizations, but it also offers an incentive for other criminals to get involved in this type of illegal activity. And finally, by paying a ransom, an organization might inadvertently be funding other illicit activities associated with criminals.”
Ransomware attacks are not only increasing, but they’re also becoming more sophisticated.
One reason for the increase in ransomware is because, ironically, we’re better at defending against it. Increasing IT security, decreases the likelihood that you’ll be the target of an attack, right? Wrong – hackers only supplement their efforts with new forms of ransomware. When they succeed, they’ll steal your information and make you pay obscene amounts of money for it.
Hackers have proven that no information off limits to them. They will take whatever information will get a reaction from the owner of the data, no matter how personal or sensitive. For this reason, it’s essential to have a good cybersecurity defense in place to protect your organization and confidential data.
The FBI advises that you take a multi-pronged approach to battling hackers. This includes implementing software restriction policies, backing up data regularly, patching operating systems and restricting access to some necessary files or directories.
The best way to prevent ransomware attacks is to use these best-of-breed solutions to keep the attackers out of your network. An architectural approach to IT security is the most effective way to prevent a ransomware attack from succeeding in the first place. With these protections in place, the criminal will move on to another, more vulnerable IT system to attack.
To safeguard your protected health information from ransomware and other malicious threats, your Managed Service Provider (MSP) can leverage a new best-of-breed security architecture with a layered protection that extends from the DNS layer to email, network, and endpoints.
There are numerous phases to a ransomware attack. The criminal must first design an Internet infrastructure to support the execution of command-and-control (C2) phases. Your MSP can implement an umbrella-like protection that blocks this before establishing a connection—One that can prevent the C2 callbacks and stop your system from releasing data.
To prevent you or your staff from unknowingly being targets of ransomware, you should do the following:
Ask your Managed Service Provider (MSP) to conduct security-awareness training sessions on a regular basis. They should provide information on the latest threats and tactics, and train your staff on incident-reporting procedures, so they feel comfortable relaying that they’ve been the target of an attack.
Reinforce your security policies, such as not revealing or sharing user credentials (usernames/passwords). Plus, your staff should only use company-sanctioned software and applications.
Sign up for Software-as-a-Service (SaaS) applications to share files, exchange documents, and collaborate on projects, rather than relying on an email that might contain malicious attachments.
Make sure your staff never enables macros in Microsoft documents. Macro-based malware is on the rise and is very difficult to detect.
Use non-native document rendering for pdf files and files in the cloud. Applications for desktops aren’t patched regularly, where cloud applications are.
Don’t forget about physical security. Shred paper documents, keep track of who is in your office, and prevent practices like shoulder surfing, piggybacking, and dumpster diving.
Have your MSP conduct ongoing risk assessments to find any vulnerabilities in your IT system:
Conduct periodic port and vulnerability scans.
Centralize your data logging and event-management platforms (SIEM).
Practice timely patch management.
Stop using unnecessary services and follow system-hardening
Practice strong password requirements, and use two-factor authentication whenever possible.
“There’s no method or tool that will completely protect you or your organization from a ransomware attack,” said FBI Cyber Division Assistant Director James Trainor. “But contingency and remediation planning is crucial to business recovery and continuity — and these plans should regularly be tested.”
