What is MDR? Managed Detection and Response (MDR) was created in response to the need for a service that could address cyber threats that traditional Managed Security Services (MSS) could not detect accurately and respond to. This service is a combination of technology and skills that deliver advanced threat detection, faster mitigation, deep threat analytics, […] The post MDR and Its Significance in Digital Transformation appeared first on Netswitch Technology...

What is MDR?

Managed Detection and Response (MDR) was created in response to the need for a service that could address cyber threats that traditional Managed Security Services (MSS) could not detect accurately and respond to. This service is a combination of technology and skills that deliver advanced threat detection, faster mitigation, deep threat analytics, global threat intelligence, and collaborative breach response 24x7x365.

It is important to remember, however, that MDR was not developed as a replacement for traditional MSS such as log monitoring, log management, security device management, and vulnerability scanning. MDR enhances MSS with focus on detecting and responding to breaches by making use of technology and services on security analytics, threat intelligence, and response orchestration that complement existing MSS technology.

Netswitch has been named by the Gartner Group as a market representative provider in the MDR space. Netswitch’ SaaS offering is based on the company’s Securli Advanced Threat Protection platform and SecurliXF extended threat intelligence service. The service correlates disparate data feeds from different sources to provide predictive threat intelligence along with monitoring, incident response and remediation capabilities.

Netswitch MDR service follows the NIST Framework for Improving Critical Infrastructure Cybersecurity or what is more popularly known as the Cybersecurity Framework.

What is the NIST or Cybersecurity Framework?

The U.S. Commerce Department’s National Institute of Standards and Technology (NIST) developed a framework “with a focus on industries vital to national and economic security, including energy, banking, communications and the defense industrial base.”

This is a voluntary Framework that consists of standards, guidelines, and best practices to manage cybersecurity-related risk. It is a prioritized, flexible, and affordable approach that helps promote protection and resilience of critical cybersecurity infrastructure and other sectors that are important to the economy and national security.

This framework has been proven to be “flexible enough to be adopted voluntarily by large and small companies and organizations across all industry sectors, as well as by federal, state and local governments.”

The NIST or Cybersecurity network is a collaborative effort that involves stakeholders from government, industry, and academia.

In May 2017, President Trump issued the Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure, directing all federal agencies to use the Cybersecurity Framework.

How does Netswitch deliver MDR?

At Netswitch, we take a multi-layered security strategy called Defense-in-Depth. This concept is based on what is taught in the military that in battle, the enemy cannot easily break through a complex and multi-layered defense system.

Defense-in-depth, therefore, protects an organization’s most important data with many layers of security while less important data may be less restricted.

What is the benefit of Defense-in-Depth?

Having a multi-layered strategy means the organization can tailor security to different levels. Not all data needs to be completely secure. Proprietary and confidential information are typically the most critical assets of a company and these can be protected by the most restricted settings in Defense-in-Depth.

There is no single solution that can prevent a cyberattack on organizations. There will always be exploits and vulnerabilities. With Defense-in-Depth, even if one system fails, there are other systems that remain functioning.

Three-step defense-in-depth strategy for prevention and response to network attacks:

1.    Use a smart firewall for external threats

A smart firewall offers more protection compared to a traditional firewall because it can look inside content rather than just block content based on sources and destination. It acts as your gatekeeper and first layer of defense shielding your organization from different types of attacks. It should stop unsolicited traffic from accessing your network and only allow responses to traffic originating from “known” sources.

A smart firewall can scan emails and catch malicious traffic coming into your network like rogue links to infected and intentionally harmful websites, attachments with malware, and phishing emails that manipulate recipients into providing credentials or divulging private data like passwords or key account information.

A smart firewall can also operate bidirectionally – it can also detect suspicious outbound traffic. It can catch embedded netbots that are trying to communicate out of their command centers. This allows you to catch infections on the way out and results in apprehending various instructional attacks like the working netbots in the Target Stores data breach.

Smart firewalls ignore network packet identity “claims” and actually look inside packets to see what they really contain. They can see if the packets are legitimate or if they have been corrupted. A smart firewall can block them if they contain malware or if they are impersonators.

A smart firewall can also identify and detect a compromised laptop inside your network through internal segmentation. If the compromised laptop has access to your public-facing web server trying to get to your mail server or database server, the smart firewall will block it and shut it down.

Smart firewalls contain sophisticated intrusion prevention technology (IPS) which monitors network traffic and all system activities looking for malicious activity. They can drop malicious packets, send alarms, reset connections, block traffic from extensive lists of known IP addresses, automatically correct cycling errors and fragmented packet streams while cleaning up unwanted transport layer messes.

Smart firewalls require initial configuration and ongoing tuning and maintenance so that they remain relevant to your environment. Different protocols and different applications using the same protocol will require different types of scrutiny. However, it is worth the effort. If your organization does not have the resources or does not want to maintain resources for that purpose, Netswitch can do it for you.

2.    Network infection detection

After implementing a smart firewall solution, the next step is network protection. Even with the smart firewall in place, your organization is still vulnerable to attacks from other sources such as email and infected mobile devices.

These devices may be a corrupted USB memory stick or a wearable fitness device that can be used to download malware. Even a clean mobile phone can act as a conduit for pathogens and email remains an extremely popular way for hackers to trick recipients into downloading malicious code.

Organizations have anti-virus and software to deter malware infections but these programs often require daily or weekly updates and are always a step behind the latest malware and miss a significant portion of advanced threats.

Malware developers design their code and botnet ecosystems to self-update whenever they start getting detected. Antimalware software discovers and identify millions of malware variants but are always one generation behind and fail to spot the code that has been self-modified to avoid discovery. This makes them an ineffective layer of defense.

Netswitch uses one intrusion detection tool in particular in our managed security services called NetTrust. It examines the actual contents of the packets and works by performing real-time analysis of your organization’s network traffic and correlates suspicious network events to detect patterns that indicate the presence of malware.

NetTrust is designed to analyze events from routers, switches, firewalls and all other devices within the network so that you have real-time discovery of anomalistic behavior as it occurs at every point along the network.

A scoring system based on the number of malicious conditions is used to provide each host with a dynamic score that indicates the potential risk of the host at any given time. This scoring system is displayed in a simple and actionable reporting format.

3.    Internal Threat Detection

After implementing a solid perimeter solution and taking care of your core network defenses, the last step is to address internal threats.

This type of threat is intentional and designed to steal intellectual property and valuable proprietary information like engineering drawings, software code, algorithms, etc.

Addressing this threat requires monitoring the behavior of the organization’s internal staff as well as external contractors and contract employees. Vendors and service providers should also be monitored as well as external databases that they use to store the data that they are working on, whether it is software code, research, trading data or customer account information.

According to the Kroll’s Global Fraud and Risk Report 10^th Annual Edition 2017/18, overall, 84% of surveyed executives report their company fell victim to at least one incident of fraud in the past 12 months, up from 82% in 2016. In addition, 86% of surveyed executives said their company experienced a cyber incident or information/data theft, loss, or attack in the last 12 months.

Employees who have access to sensitive information and are about to leave the company are high risk and most of the time, employers become aware of data theft only after these employees have resigned from their jobs.

Implementing technology to detect insider threat as it happens is another critical layer in your defense-in-depth security strategy and Netswitch has managed security solutions available to help organizations design and implement a layered security strategy specific to each company’s security needs.

Today’s organizations will go through digital transformation whether they like it or not and although there are clear benefits in this process, there are also drawbacks.

Attacks on your organization’s network are inevitable and your assets are vulnerable. It is, therefore, imperative that you protect your data and sensitive customer information.

Netswitch offers you a wide array of security solutions for all types of businesses.

Contact Netswitch today for a consultation.

The post MDR and Its Significance in Digital Transformation appeared first on Netswitch Technology Management.

Digital transformation has been taking place in several organizations around the world. In fact, according to the 2018 State of Digital Business Transformation survey by IDC (International Data Corporation), approximately 37% of organizations have already started integrating and executing a digital-first approach, and 7% say they are already an enterprise-wide digital business. However, 45% of […] The post How to Integrate Cybersecurity with Digital Transformation appeared first on...

Digital transformation has been taking place in several organizations around the world. In fact, according to the 2018 State of Digital Business Transformation survey by IDC (International Data Corporation), approximately 37% of organizations have already started integrating and executing a digital-first approach, and 7% say they are already an enterprise-wide digital business. However, 45% of IT and business leaders surveyed say their companies are in the very early stages of becoming a digital business.

The report lists the following factors as the obstacles to achieving success with digital business initiatives:

• Lack of sufficient budget             39%
• Lack of staff and/or correct skill sets 36%
• The need to replace legacy systems 34%
• Cultural issues 33%

Despite these challenges, however, these organizations are aware that digital transformation is a must in today’s business landscape if you want to have a competitive edge.

When asked about applying digitalization, survey respondents said top five technologies that they have already implemented are: big data/analytics (58%), mobile technologies (59%), private cloud (53%), public cloud (45%) and APIs and embeddable technologies (40%).

The Crucial Role of Cybersecurity in Digital Transformation

The benefits of digital transformation in today’s organizations are clear: operations are consolidated and become more customer-centric; customer strategy is enhanced and as a result, digital transformation provides a universal customer experience; it also drives data-based insights and ultimately, costs are reduced and sales increase.

However, it is also important to remember that as organizations implement digital transformation, risks also increase in quantity and complexity.

Today’s digitalized business landscape requires businesses to provide available services continuously to customers. Organizations have to prove that they are reliable if they want to keep current customers and if they want to acquire new ones.

It is of utmost importance, therefore, to embed security solutions into all procedures and processes of the business in order to mitigate risks.

How can organizations integrate cybersecurity with digital transformation?

1.    Cybersecurity should be prioritized, not treated as an afterthought

The truth is, everyone knows that cybersecurity is important for all types of organizations.  Still, for several companies, cybersecurity remains an afterthought. Unfortunately, many organizations still view security as slowing down a project rather than enabling its success. Since most projects come with pressure to get them up and running as quickly as possible, companies typically end up making decisions that lack sound security considerations.

2.    Cybersecurity experts should have an active part when organizations make critical decisions

Often, security experts are not included in marketing planning or business meetings when critical decisions are being made. If security experts are not present, organizations are exposing themselves to critical risks that could damage their reputation. Instead of calling in security experts when an attack has occurred, organizations should make sure that these experts take an active part at the beginning of digital transformation.

3.    Employee training should remain one of the top priorities

Cybersecurity should not be limited to IT personnel only. A 2017 report states that almost 90% of cyberattacks are caused by human error or behavior. Since the majority of the workforce handle computers, all employees in the organization should undergo training for cybersecurity best practices.

According to a survey conducted by Ovum, a data research and consulting firm, 11% of employees are prepared to share passwords with co-workers from inside the business. In addition, 5% of employees surveyed are actually prepared to share their passwords with non-employees. Furthermore, 64% of organizations surveyed had no technology in place to avoid unnecessary password sharing. In fact, 78% of IT executives surveyed acknowledged that they do not have complete control over cloud apps that their employees use and 68% of these executives admit that this lack of control opens their organization to significant risk.

Training employees is not a guarantee that cyberattacks will no longer take place but teaching employees how to avoid opening doorways for hackers to get into, will certainly reduce these attacks considerably.

4.    Roles and responsibilities of everyone in the organization should be clearly defined

This is especially true for personnel who will manage cyber defense and incident response.  They should have a plan on how they will work together if a breach occurs and they should also help educate other employees on how to prevent attacks from taking place at their end.

5.    Effective communication channels and relationships should be established with IT, operations and external service providers

Good relationships and open communication contribute greatly to the success of any organization. When communication is open and honest among team members, any problems with procedures, processes, and cybersecurity can be identified quickly and mutual cooperation will make it easier to come up with the best solution for every problem.

6.    Robust security operations should always be conducted within the organization

Security operations should continuously monitor threat intelligence, technical intelligence and vulnerability management as an integrated process. Constant monitoring can help quickly identify problems thus, enabling incident response and recovery teams to apply the appropriate security solution to a specific problem.

Cyberrisk management plays a crucial role in digital transformation. It must be included from the very beginning and cybersecurity solutions should be embedded across the organization from all types of technology used to the organization’s culture.

We are in the age where businesses are expected to provide available service continuously to customers wherever they may be. Technology has made this possible but it has also made it convenient for criminals to steal from organizations and individual consumers.

It may not be possible to completely stop cyberattacks but integrating cybersecurity with digital transformation is an organization’s best defense and will significantly reduce these attacks.

For many companies, digital transformation can be difficult. The best way to ensure that transitioning to digitalization is successful is to consult cyber experts.

Netswitch offers Managed Detection and Response (MDR) services to all types of businesses. Our company has been named by industry analysts as one of the leading MDR services in the world.

We deliver advanced threat detection through security analytics with 24/7 monitoring and alerting. Remote incident investigation and response are also included in our end-to-end service. Our services are available at a price point that is affordable to small and medium businesses.

Contact Netswitch today for a consultation. Our cybersecurity experts will help guide you in developing a unique cybersecurity strategy that you can integrate into your organization’s digital transformation.

The post How to Integrate Cybersecurity with Digital Transformation appeared first on Netswitch Technology Management.

As of December 31, 2017, there were 4,156,932,140 internet users around the world. That is approximately 54.4% of the world population (7,634,758,428) at the time. Basically, every person who can afford to have an internet connection and electronic devices, do almost everything online. It is no surprise, therefore, that organizations around the world need to […] The post The Importance of Cybersecurity in Digital Transformation appeared first on Netswitch Technology...

As of December 31, 2017, there were 4,156,932,140 internet users around the world. That is approximately 54.4% of the world population (7,634,758,428) at the time.

Basically, every person who can afford to have an internet connection and electronic devices, do almost everything online. It is no surprise, therefore, that organizations around the world need to go through digital transformation.

What is Digital Transformation?

Digital transformation takes place when digital technology is integrated into products, processes, and assets of a business for the purpose of optimizing operational efficiency, improving customer experience, expanding into new markets, and managing risk.

Digital transformation can be difficult for some organizations. However, the increased use of digital technologies such as the cloud, IoT, AI, big data, and mobile in more areas of business and society, in general, have proven that digitalization is the only way to go if companies want to have a competitive advantage.

Although digital transformation is discussed mostly within the business context, all types of organizations need to evolve to adapt to the changing business landscape.

What are the benefits of Digital Transformation?

1.    Operations become more customer-centric

The main concern of digital information is the ability to use technology to improve customer experience. Digital transformation helps the organization focus and pay more attention to what customers want since service becomes consistently improved across all channels.

2.    Operations are consolidated

New technology helps streamline business workflows and overhead that are typically associated with outdated solutions is eliminated.

3.    Customer strategy is enhanced

New technology gives the organization, capabilities that help in acquiring, retaining and assisting customers.

4.    Digital Transformation provides universal customer experience

When technology and enterprise-wide systems are connected, customer experience is simplified and becomes universal regardless of when, where, or how customers choose to interact with a brand.

5.    Digital Transformation drives data-based insights

Digitalization enables a company to combine data from all customer interactions, allowing them to optimize their strategies and processes to help them achieve better results.

6.    Costs are ultimately reduced and sales increase

Organizations need to spend on new technology at the start of digital transformation. However, as stated earlier, operations become more focused on customers and tasks become more efficient. As a result, the workforce is more productive and customers are happy. When customers are satisfied, they do more business with the brand and there is a high probability that they will refer the company to others.

These benefits clearly prove that digital transformation is best for organizations. For this reason, senior management in various organizations in different industries has put this as a priority. However, management should also realize that, although there are benefits to digital transformation, there are a number of risks involved.

Technology improves company operations and this results in improved customer experience but at the same time, may leave organizations open to cyberattacks.

According to a report by Cybint, 230,000 new malware samples are being launched every day. In addition, there is a hacker attack every 39 seconds, affecting one in three individuals in the U.S. alone. Since 2013, there have been 3,809,448 records stolen from data breaches that occurred on a daily basis. That means, 158,727 records per hour, 2,645 per minute and 44 every second of every day. The report also states that approximately $1 trillion is expected to be spent globally on cybersecurity from 2017 to 2021.

According to, “The State of Cybersecurity: 2016” study conducted by ISACA (formerly known as the Information Systems Audit and Control Association), approximately 82% of organizations feel that their board of directors is concerned or very concerned about cybersecurity. However, as the aforementioned statistics show, there seem to be gaps between what many organizations want regarding cybersecurity to what they actually do about it.

Why is cybersecurity lagging in digital transformation?

1.    All organizations know that cybersecurity is critical but few people like to be confronted with this requirement

With technology, user experience, performance and agility are crucial. Security, of course, is also important. However, to several users, having to go through other procedures to make sure that network systems are secure, make them uncomfortable. As a result, security has become built-in practically everywhere.

There has to be a change in outlook. The focus of digital transformation in most organizations has been on speed, automation, optimization, innovation and other transitional goals. Digitalization should also focus on cybersecurity and compliance. Instead of viewing cybersecurity as a cost, companies should view it as a fundamental requirement.

2.    Many seem to believe that cybersecurity slows down digital transformation

Digital transformation involves change, connectivity, speed, agility, improved service, enhanced customer experience, etc. However, when you add cybersecurity into the mix, many find it boring because of the rules and regulations, training, and everything that is included in the implementation of security.

Much is going on in terms of marketing within the context of digital transformation but cybersecurity is barely mentioned when a company draws up plans for increasing sales. In fact, many users do not want connectivity, speed, performance, and customer experience to be affected by security solutions. This is not the case with new technology anymore. These days, security solutions can even be done in the cloud. Unfortunately, many organizations do not involve their security team at the beginning of the process. In fact, they are often called in too late.

3.    Some organizations do not seem to have a sense of urgency to implement security in new technology

According to a survey conducted by Dell, 97% of survey respondents say they have been investing in digital technologies that will transform their business, including mobile, cloud infrastructures and applications, and IoT. However, only 18% confirmed that security has been involved in all of their digital transformation initiatives.

Surprisingly, the same survey showed that 85% of respondents admit that if security teams are involved from the beginning of the project, those initiatives could have been better enabled by security.

4.    Cybersecurity is not a simple process

Cybersecurity is not an easy fix to potential cyberattacks. It requires developing a strategy that involves prioritizing the most critical processes and systems within the organization, as well as identifying and protecting potential sources of vulnerabilities or attacks.

5.    Making a business case for cybersecurity can be difficult

Unlike other aspects of business where you can project what it can bring into the business (improved customer experience, increased sales, etc.), you cannot predict how much an attack will affect the company. Even if you can factor in potential losses if cybersecurity is not properly implemented, you will only accurately know when an attack has occurred.

6.    Mobile technology has changed security parameters

Technology such as mobile and IoT has made security parameters more complicated. The cybersecurity perimeter is practically all over the place. Since there are several channels through which attacks can take place, anti-virus and firewall solutions are no longer enough for today’s mobile user.

7.    Data and information are undervalued

Organizations often undervalue data and information. These are the essence of the businesses and a source of revenue and new business models. But this is not reflected in the cybersecurity initiatives of many organizations.

How can organizations address these issues?

Overall, a change of mindset regarding cybersecurity should take place. Security should be involved from the start of digital information in an organization. Cybersecurity should be embedded into the company network. Treat cybersecurity as assets and strengths that is crucial to the success of the company instead of looking at it as an additional cost. It is also important to have the CISO or another executive in charge of cybersecurity to be part of the team.

Cybersecurity is essential for a successful digital transformation. To ensure that your organization’s network is secure as you go through this process, you need to consult cyber experts.

Netswitch has been named by industry analysts like Garner as one of the leading Managed Detection and Response (MDR) Services in the world. The company delivers advanced threat detection through security analytics, with 24/7 monitoring and alerting, and remote incident investigation and response included in the end-to-end service. The services that we provide are available at a price point that is affordable to small and medium businesses.

How does MDR protect digital transformation?

MDR services will protect your investment and core competencies and enable your business to compete as global changes take place. Traditional cybersecurity solutions can only protect your assets while its technology lasts.

The risks in digital transformation are huge. MDR will not only to protect your brand. It will protect all your investment because MDR will also monitor all changes involved.

Your employees play an important role in the success of your company. MDR can help enhance their expertise to make sure that they perform tasks up to par. MDR will help ensure that your investment in people and technologies will work for your company, and your team.

Contact Netswitch today to schedule a consultation. Our cybersecurity experts are on hand to respond to your queries and other concerns.

The post The Importance of Cybersecurity in Digital Transformation appeared first on Netswitch Technology Management.

Recently, a study, conducted by security firm Cybereason, revealed that cybercriminals are now using automation to do their crime. A fake server known as a honeypot was used to log everything done to it by hackers. When it was put online, it was quickly found and hijacked in a matter of seconds by a bot […] The post Hackers Have Gone Automated So Should Your Cybersecurity Defense appeared first on Netswitch Technology...

Recently, a study, conducted by security firm Cybereason, revealed that cybercriminals are now using automation to do their crime.

A fake server known as a honeypot was used to log everything done to it by hackers. When it was put online, it was quickly found and hijacked in a matter of seconds by a bot that was able to break through its digital defenses.

According to Ross Rustici, Cybereason’s head of intelligence services, “The bot did all the hard work.” Rustici added, “It shows how lazy hackers have become.”

When people talk about hackers many years ago, they imagined a person or a group of individuals sitting in front of laptops typing malicious code. Attacks were perpetrated by humans with programming knowledge.

Today, as technology advances, going through day-to-day activities has become easier for ordinary individuals. It follows, therefore, that even cybercriminals will come up with methods that will make it easier for them to obtain sensitive data that they can use or sell.

In Cybereason’s study, the bot found the server after being online for only two hours. It then started taking over the server aggressively. Passwords created for protecting some of the server’s functions were intentionally weak. As expected, the bot cracked the passwords and stole the fake information on the server. It took only up to 15 seconds for the bot to completely own the network, siphoning 3GB of data.

Cybercriminals have been using bots to perpetrate crimes for a number of years. Typically, bots are used to seek out vulnerable servers and a full-blown breach is done by a human. This particular bot was able to carry out 80% of the work a human would have to perform thus, proving that hacking into systems has become easier and faster.

According to Cybereason’s report, “If exploit automation wasn’t enough of a concern for security teams, this technique has grown even more potent with attackers using bots that can automatically exploit vulnerabilities, create backdoors, dump passwords, conduct network reconnaissance and laterally move in seconds.”

For this reason, organizations, regardless of size, should be prepared to take a proactive approach to protecting network systems. It is time to use “threat intelligence” as a tool to stop cybercriminals in their tracks when attempting to attack – not just use it for forensics when breaches have already taken place.

How?

Since 2017, Netswitch has partnered with ThreatSTOP in providing advanced threat detection through security analytics, with 24/7 monitoring and alerting, and remote incident investigation and response included in the end-to-end service. This service comes at a price that is affordable to small and medium businesses.

ThreatSTOP describes itself as “a cloud-based automated threat intelligence platform that converts the latest threat data into enforcement policies, and automatically updates your firewalls, routers, DNS servers, and endpoints to stop attacks before they become breaches.”

ThreatSTOP emphasizes the importance of a DNS Firewall to a company’s network security. According to ThreatSTOP, it has more than 50 threat intelligence sources integrated into its platform and threats are continuously discovered by their security researchers. These threats are automatically shared as policy updates direct to the DNS Firewall.

The DNS Firewall prevents attacks by neutralizing malware’s ability to contact its command and control center thereby eliminating destruction of data or exfiltration that has bypassed existing network security layers.

All connections with the internet start with a DNS query. Users rely on DNS to connect to apps, websites, and other resources on company networks. In the same way, malware needs DNS to communicate back to their command and control servers to steal data, deliver ransomware, or turn networks into botnets to be used for criminal activities.

The DNS Firewall also performs advanced reporting which provides full visibility into DNS queries that have been blocked and identifies impacted machines. This makes remediation more accurate and efficient.

According to Netswitch CEO, Stanley Li, “The integration of ThreatSTOP’s next-generation IP and DNS Firewall Services provide Securli® with the ability to stop all inbound malicious IP addresses, along with outbound communications with threat actors. This now enables the same world-class threat detection capability as the Fortune 100 enjoys, but with pricing affordable to the mid-market. Our unique offering is now accessible to everyone seeking the best cyber-threat defense available anywhere.”

Founder and CEO of ThreatSTOP, Tom Byrnes, said, “The combination of ThreatSTOP and the Securli® MDR platform is a one of a kind offering, bringing the middle market access to the best end-to-end cyber-threat defense on the market.”

For more details on how your organization can have a DNS Firewall can protect your network, contact Netswitch today and our cyber experts will assist you.

Tip of the Week

Cyber risk is a different category of risk in an organization

Many make the mistake of separating cyber risk from other types of risks in a business or company. It is the same risk that encompasses everything from protecting intellectual property to productivity and safety of company staff. Cyber risk needs to have the same level of attention from the executives down to the rank and file employees. Everyone should be educated about cyber risk and trained on how cyberattacks can be prevented.

The post Hackers Have Gone Automated So Should Your Cybersecurity Defense appeared first on Netswitch Technology Management.

Source: Convert GDPR May 25 is just around the corner. Are you GDPR-compliant yet? The General Data Protection Regulation (GDPR) brings more protection for EU citizens’ personal data. This is clearly something that EU citizens are looking forward to but for many business owners, the GDPR’s imminent arrival is quite worrisome. This is understandable because […] The post The GDPR and its Benefits to Your Organization appeared first on Netswitch Technology...

Source: Convert GDPR

May 25 is just around the corner. Are you GDPR-compliant yet?

The General Data Protection Regulation (GDPR) brings more protection for EU citizens’ personal data. This is clearly something that EU citizens are looking forward to but for many business owners, the GDPR’s imminent arrival is quite worrisome. This is understandable because of challenges that come with the implementation of the GDPR, including budget, infrastructure changes, data discovery, existing data movement analysis, and awareness training. Despite these challenges, however, the GDPR also provides benefits to a business.

What are the benefits of GDPR compliance?

1.    GDPR enhances security

In 2017, there were 868 reported security breaches and/or cyberattacks. This is double the rate of the 2016 attacks. Data protection has always been part of organizations’ security strategy but as statistics show, cyberattacks are still taking place. With the GDPR in place, however, organizations are expected to take appropriate steps to increase data protection or else face more serious consequences. Being GDPR-ready does not just make your organization compliant, it also enhances your company’s security posture. It is important to take note, however, that improving security does not involve purely technical solutions. This also involves training people and improving overall processes within the organization.

2.    GDPR significantly improves your business reputation

According to the Cyber Security Breaches Survey 2017, 70% of large firms in the United Kingdom alone, were found to have suffered a cyberattack. Reports like this, understandably make consumers wary of sharing their data. It follows, therefore, that organizations that are certified as GDPR-compliant will have an edge over those who are not. Having this certification will boost your business reputation because, as far as potential customers are concerned, your company can be trusted with their personal information.

3.    GDPR compliance can bring about increased customer loyalty

According to the Data Breaches and Customer Loyalty 2017 report based on a survey conducted on more than 10,000 consumers worldwide, 70% of the respondents would stop doing business with companies that experienced a data breach. Additionally, seven in ten consumers or approximately 69% of respondents feel that businesses don’t take the security of customer data seriously. If a company is certified GDPR-compliant, it is seen as a business that truly cares for its customers by ensuring that all data is secure. This will greatly improve loyalty among existing customers and will encourage potential customers to try doing business with the company.

4.    GDPR will improve data management

Your organization should audit all data that you handle in order to be compliant. You need to identify and get rid of redundant, obsolete and trivial (ROT) files – files that your organization keeps despite not having any business value. This will enable you to minimize the data you hold and collect. It will also allow you to organize data storages. Deleting sensitive ROT data of former customers needs to be done in order to reduce risk to your organization (e.g. risk of being sued by former customers in case a data breach takes place). In addition, GDPR allows customers to access their personal data AND inspect and validate stored information. The new regulations require data controllers to correct any errors data subjects will identify thereby increasing the levels of accuracy of stored data.

5.    GDPR helps reduce maintenance costs

Organizing stored data also involves consolidating information present in silos or stored in inconsistent formats. It may also mean retiring data inventory software and legacy applications that are no longer relevant to your operations. All these changes will help reduce maintenance costs which would be incurred via unnecessary man-hours and infrastructure maintenance.

6.    GDPR helps organizations improve decision-making

Organizations can no longer make automated decisions based on customers’ personal data under the GDPR. For example, decisions on who among customers can be granted a loan and/or the minimum or maximum amount of the loan that can be provided. The GDPR dictates the right to obtain human intervention thereby reducing room for uninformed decisions. Human intervention will also allow your organization to learn more about your customers and identify areas where customer needs or expectations are not met. As a result, your company will be able to make better decisions based on effective use of customer information which can also result in better ROI.

7.    GDPR helps increase ROI (Return on Investment)

The GDPR requires organizations to implement an opt-in policy and have permission from data subjects to process their personal data. This, combined with deleting ROT information that stalls marketing efforts, such as unengaged addresses or lost leads, will provide you with a database of highly relevant leads and customers that genuinely want to hear from your organization. When you have this information, you can tailor your message to the specific needs of your audience that show an interest in your brand. Consequently, by utilizing this marketing approach, your brand will have higher click-through, conversion rates, and increased social sharing. This, in turn, will result in increased ROI because marketing budgets and efforts are spent sensibly.

Complying with the GDPR can be difficult due to changes that need to be done within the organization in addition to money needed to be spent on making the necessary adjustments. But clearly, there are benefits.

According to Daniel J. Solove, John Marshall Harlan Research Professor of Law at the George Washington University Law School and President and CEO of TeachPrivacy, “Instead of seeing GDPR as a negative, companies can also see it as a positive. Being ready for GDPR will be a competitive advantage.”

Professor Solove provides a GDPR training guide to organizations who need direction on becoming GDPR-ready.

At Netswitch we have experts who can assist you in becoming GDPR-compliant. Contact us today to schedule a consultation.

Tip of the Week

Having HTTPS in the URL does not guarantee that a website is secure

When PhishLabs conducted a survey in November 2017, one of the questions was:

Source: https://info.phishlabs.com/blog/have-we-conditioned-web-users-to-be-phished

The correct answer is “encrypted communication.” HTTPS stands for Hyper Text Transfer Protocol Secure, a procedure developed by network administrators for exchanging information. With HTTPS, the traffic between the web server and a user’s browser is encrypted prior to transfer and decrypted after transfer. Encryption prevents users from unknowingly exposing sensitive information and helps prevent cybercriminals from gaining access to data. Because the word “Secure” is in the acronym and a green padlock accompanies it in the URL, this has led many internet users to believe that this is a guarantee that the website is fully secure. Unfortunately, hackers have found a way to go around encryption. In the third quarter of 2017, PhishLabs found 25% of phishing campaigns were using HTTPS websites to deceive internet users that they are legitimate. For more details on this story, read here.

The post The GDPR and its Benefits to Your Organization appeared first on Netswitch Technology Management.

Source: “Convert GDPR”   According to a report by PwC, cybercrime was the second most reported crime in 2016. In addition, the National Crime Agency reports that cybercrime now accounts for more than 50% of all crimes in the UK. Unfortunately, it takes 146 days for security experts to detect that an attack has occurred, […] The post What is GDPR? Why is it Important for Business? appeared first on Netswitch Technology...

Source: “Convert GDPR”

According to a report by PwC, cybercrime was the second most reported crime in 2016. In addition, the National Crime Agency reports that cybercrime now accounts for more than 50% of all crimes in the UK. Unfortunately, it takes 146 days for security experts to detect that an attack has occurred, according to Microsoft. As a result, the GDPR was passed into law in the European Union n April 2016.

What is GDPR?

The General Data Protection Regulation (GDPR) is a privacy regulation that will apply to all companies that sell to and store personal information about citizens in Europe, including non-EU companies around the world. Non-EU organizations will be subject to the GDPR where they process personal data about EU (European Union) and EEA (European Economic Area) citizens It will provide citizens of the EU and EEA greater control over their personal data and assurances that their information is protected. It is composed of 99 Articles and 173 Recitals which provide explanatory text to help with the interpretation of the Articles.

What constitutes personal data?

According to the GDPR portal, personal data is “any information related to a natural person or ‘Data Subject’ that can be used to directly or indirectly identify the person. It can be anything from a name, a photo, an email address, bank details, and posts on social networking websites, medical information, or a computer IP address.”

When will the GDPR come into effect?

Although the GDPR was approved and adopted by the EU Parliament in April 2016, the regulation will take effect after a two-year transition period which means that it will be in force on May 25, 2018. Unlike a directive (a legislative act that sets out a goal that all EU countries must achieve), this regulation does not require any enabling legislation to be passed by the government.

How much will GDPR preparation cost an organization?

According to a PwC survey, 24% of American corporation respondents say they plan to spend under $1 million USD. According to 68%, however, they will invest between $1 million to $10 million USD for GDPR preparations. Nine percent say they expect to spend more than $10 million to ensure that they are GDPR-compliant.

What penalties will companies face due to non-compliance?

Organizations can be fined anywhere from 2% to 4% of annual global turnover (net sales generated by a business of the preceding financial year) for breaching GDPR or €20 million (approximately $24.6 million USD), whichever is greater. There is a tiered approach to fines. For example, 2% for not having their records in order (article 28) or for not notifying the supervising authority and data subject about a breach. If the company does not conduct an impact assessment, it can also be fined 2%. However, for the most serious infringements, a company may be fined the maximum of €20 million or 4% annual global turnover whichever is greater. It is important to note that rules apply to data controllers and data processors which means “clouds” are not exempt.

Many organizations have been eagerly anticipating this development but to others, this may seem a daunting undertaking. With this article, Netswitch would like to provide you with:

12 Steps to Becoming GDPR-compliant

1.    All members of the organization should know about GDPR

All employees, including senior management, should know what GDPR is and what it entails. Executives are responsible for making major decisions and, therefore, should be well-informed on what they need to do and what the consequences are if the company fails to comply. All employees should know what the organization’s obligations are, under the GDPR with regard to collecting, processing, and storing data.

To ensure that everyone in the organization is knowledgeable on GDPR, you need to consider training management and rank and file employees. Training employees will help them understand the organization’s responsibilities and greatly reduces the probability of your staff doing something that may result in a data breach.

2.    Make an inventory of the data that your organization holds

You may need to organize an information audit. All personal data that the organization holds should be documented. You must know what personal data is held, where it came from, how it was collected and with whom it was shared. You need to identify all sources of data and all types of data relationships (e.g. third-party tools and tags on websites).

3.    Review your organization’s privacy notices and communications

You need to make a full review of your current privacy notices and make sure that they are aligned with GDPR requirements before it takes effect in May.

4.    Individuals’ rights should be checked

All processes and procedures within the organization should be checked to ensure that they cover all individuals’ rights. Under the GDPR, the following individuals’ rights should be included:

• The right to be informed;
• The right of access;
• The right to rectification;
• The right to erasure;
• The right to restrict processing;
• The right to data portability;
• The right to object; and
• The right not to be subject to automated decision-making including profiling.

5.    Update procedures regarding subject access requests

All procedures on subject access requests should be updated. You need to plan how requests will be handled under the GDPR. Following are new rules you need to take into account:

• Your organization will not be able to charge for complying with a request in most cases.
• You have 30 days to comply instead of 40 days, the current window for complying.
• You can refuse requests that are manifestly unfounded or charge for requests that are excessive.
• If you refuse a request, the individual should be told why and that they have the right to complain to the supervisory authority and a right to a judicial remedy. This should be done within one month.

If your organization handles a large volume of access requests, consider whether it is feasible to develop systems that allow individuals to gain access to their information easily online.

6.    Identify legal basis for personal data processing

Your organization should identify and document the legal basis for all processing activities in the GDPR. Your privacy notice should also be updated to explain it.

7.    Manage consent given by data subjects

Review how you seek, record and manage consent and check if you need to make changes. Existing consents should be refreshed if they do not meet the GDPR standard.

It is important to remember that consent must be freely given. It should be specific, informed and explicit. There must be positive opt-in and it should be separate from other terms and conditions. If people want to withdraw consent, there must be simple methods for them to be able to do so.

All consent must be verifiable. Generally, individuals have more rights where organizations rely on consent to process their data.

8.    Personal data of minors

The GDPR brings in special protection for children’s personal data specifically in the context of commercial internet services such as social networking. If your company offers online services to children and relies on consent to collect their personal data, you may need a parent or guardian’s consent to be able to process their information lawfully.

Under the GDPR, the age when a child can give their own consent to this processing is set at 16 although it may be lowered to a minimum of 13 in the UK. If the child is younger, you need to get consent from an individual holding “parental responsibility.”

Another important note – your privacy notice must be written in such a way that children will understand what your organization is saying.

9.    Handling data breaches

Your organization must have the right procedures in place to detect, report, and investigate a personal data breach.

If a breach is likely to result in a high risk to the rights and freedoms of individuals, the organization has to notify the individuals concerned directly in most cases. Failure to report a breach when required to do so could result in a fine, as well as a fine for the breach itself.

10. Data protection by design and data protection impact assessments

Under the GDPR, privacy by design is an express legal requirement under the term “data protection by design and by default.” Private Impact Assessment (PIA) is referred to as “Data Protection Impact Assessment” or DPIA and are mandatory in certain cases.

For example, a DPIA is required where data processing is likely to result in high risk to individuals:

• Where new technology is being set up;
• Where a profiling operation is likely to significantly affect individual; or
• Where there is processing on a large scale of the special categories of data.

11. Designate a Data Protection Officer (DPO)

The organization should designate a Data Protection Officer (DPO) who will be responsible for data protection compliance.

You are required to formally designate a DPO if you are:

• A public authority except for courts acting in their judicial capacity;
• An organization that carries out the regular and systematic monitoring of individuals on a large scale; or
• An organization that carries out large scale processing of special categories of data, such as health records, or information about criminal convictions.

12. International transactions

You need to determine your lead data protection supervisory authority if your organization operates in more than one EU member state. The lead authority is the supervisory authority where your main establishment is in the EU or where decisions about processing are taken and implemented.

This is only relevant if you have establishments in more than one EU member state or if you have a single establishment in the EU that carries out processing which substantially affects individuals in other EU states.

If you need assistance regarding GDPR compliance, contact Netswitch today to schedule a consultation.

Tip of the Week:

Passwords are no longer good enough to protect your data

Source: https://www.flickr.com/photos/61811776@N05/36758416341/sizes/m/

Although passwords are still used for internet security, other measures need to be taken to protect your data. In several cases, experts have found that passwords are often compromised even by advertisers that grab data from an online browser’s integrated password manager.

Time and again, users are instructed to come up with strong passwords – long and complex passwords. In most cases, users are also encouraged to change passwords at regular intervals (i.e. every 6 months). A better option is enabling two-factor-authentication (2FA) which requires users to use a secondary means of logging into their account, typically through a smartphone.

To ensure that your network data is protected, contact our experts at Netswitch today.

The post What is GDPR? Why is it Important for Business? appeared first on Netswitch Technology Management.