Tag Archives: technology

The Bots Are Coming!

Automated and AI-driven Programs for Business

By Elena Langdon

Elena Langdon- AI

Automation and artificial intelligence (AI) are all the rage these days, for good reason. The technology behind once too-good-to-be-true tools like facial recognition and 3D printing has advanced by leaps and bounds. Many of us own or pine for “smart” devices and use dozens of apps a day for personal purposes. So what about business? How far can automation and AI help boost productivity and profit at work? And what are the no-go zones for this exciting area of development?

First, some terms

“Automation” and “AI” are often used interchangeably, but there are important differences. “Automation” refers to processes that can be undertaken through a chain of events that trigger each other, without human interference. We’ve seen it in manufacturing for decades. Simple contemporary business examples would be Hootsuite or Buffer, the programs that help automate a business’s social media participation.

“Artificial intelligence” refers to machines undertaking processes and making choices, on their own, based on their programming and what they learn from it. There are different levels of AI, and the most powerful two—levels at which a machine can understand human thoughts, and be self-aware, respectively—have not been reached. So what can be accomplished now?

The digital-assistant revolution

While C-3PO from Star Wars or Ava from Ex Machina are not in our immediate reality, AI is a driving force behind many business applications.

Personal digital assistants like Siri and Cortana are good examples of AI-driven programs that can boost productivity, save time, and facilitate our lives. With one of these programs you can delegate scheduling, play music, and check the stock market, all without typing, thanks to voice recognition capabilities. Pen, paper, and typing can be eliminated from the entire process.

Google Duplex is a newer digital assistant that takes automation to a whole new level. It makes calls to humans to schedule appointments, request information, and order food. Instead of speaking with a typical robotic tone, Google Duplex mimics real speech patterns and uses fillers like “um” and “hmm.” Plus, this bot interacts with human responses and can carry on a conversation. Probably for this reason, its reception so far has included a mixture of awe and trepidation.

Proceed with care

Caution might be needed for that type of digital assistant, especially from ethical and privacy standpoints. Should a human receptionist know he is talking to a machine? Is he being recorded so that Google can learn from the exchange? Nevertheless, most of the tasks accomplished by Google Duplex involve little personal risk. If your haircut gets scheduled at the wrong time, it would be a nuisance, but probably not a big loss.

However, some types of AI-driven programs must be approached with caution when it comes to business because of the risks involved. For example, in language translation, the technology cannot yet match the human capacity for communication. Automatic translation engines are great for getting the gist of a letter or website, but using them for business can result in embarrassment, misinformation, and even financial loss. Most companies put time and money into writing compelling and clear texts; foreign-language copy requires the same attention. Despite recent advances in deep learning, machine translation is not like Google Duplex—it does not “sound” human, much less eloquent. More importantly, accuracy is seriously compromised with automatic translation—just think of all the menus with indecipherable items like, “The water fries the potato” and signs that say, “Beware of safety.”

The same caution is needed for verbal translation, or interpreting, which has made headlines with programs that combine machine translation with voice recognition. Holding a conversation with someone in a language you don’t know by using “translator earbuds” might work for casual exchanges with inconsequential outcomes. However, if you need to speak to an employee about her performance or to an international branch manager about next quarter’s sales goals, you cannot rely on AI to accurately transmit your message. Between speech recognition flaws, cultural differences, and the incredible creativity behind any human being’s speech, it’s best to stick to a professional interpreter for bilingual business communication.Work patterns and skills are certainly changing, but the bots are not taking over just yet. Click To Tweet

Lawyer up or bot up?

If creative speech is one reason not to trust the machines, what about legal discourse? Does it make sense for a business to rely on automated contract-writing programs or document-reviewing apps? As with many machine-based applications, such programs can work, albeit in a limited context for limited purposes.

AI-driven programs will review legal documents at a fraction of the cost of a lawyer. This review process takes humans significant time, and lawyers take years to master it, yet computers have apparently learned the skill. That said, even app’s websites make it very clear that the apps will not provide legal advice, and that it should be used only for the specific purpose of reviewing documents. The formulaic language and boilerplate nature of legal documents lends itself well to AI, and frees up time and money for actual legal strategy. In some ways, it’s similar to translation—you can get some entry-level tasks done, just not anything that requires tactics or nuanced meaning. And of course, nothing that involves any risk to your business.

Look both ways before you leap

Next time you see an ad for a new app that looks like a miracle cure for what’s ailing your business, by all means, don’t ignore it. There are many good applications for automated and AI-driven programs. Just be sure to research the program and consider its uses. The more complex the task, and the more it involves human reasoning, the less likely it will work for business, at least in an all-encompassing manner. Work patterns and skills are certainly changing, but the bots are not taking over just yet.

 

Elena Langdon is a certified Portuguese-to-English translator and interpreter and an active member of the American Translators Association (ATA). The American Translators Association represents over 10,000 translators and interpreters across 103 countries. For more information on ATA and to hire a translation or interpreting professional, please visit www.atanet.org.

What Do My Employees Need To Know About Cybersecurity?

By Bryce Austin

http://www.bryceaustin.comIf you are not educating your employees on cybersecurity best practices, you are missing the biggest opportunity for improvement in your entire cybersecurity profile. Your employees have business-need access to a lot of important data, and their ability to protect that data—or to inadvertently let it walk out the door of your organization—is strong.

Lack of education was at the heart of a number of incidents of a major security breach. You have probably heard about the new HR employee that got an email from the president of the organization asking for all the W2 information on every employee, so that person sent them exactly as instructed. The employee did not recognize the fact that the email came from a hacker impersonating the CEO, and a major security breach took place. Your employees need to be educated on cybersecurity best practices. Click To Tweet

Entire business models are based on this kind of fraud. Let’s pretend that I am going to build a site with the world’s best collection of cute pet pictures. I’ll give you the first ten for free (and those ten are the most adorable pictures you have ever seen), but to see more, you need to set up a username and password. The access is still free, though.

No big deal, right? Wrong. In this scenario, I own this website and I am a criminal, and my business model is to try to use the username and password you just entered at every major banking website, on all major email providers, on your company’s VPN portal, and anywhere else that I think you might have used the same username and password. I will then extract any valuable information I can from those sites, sell the information for a profit, possibly ransom your own data from you to make even more money, and then move on to the next victim.

Need some numbers to illustrate why educating your employees about cybersecurity practices is important?

  • Per IDG’s 2016 Global State of Information Survey, 48 percent of data security breaches are caused by acts of malicious intent. Human error or system failure account for the rest.
  • According to the Ponemon Institute, 60 percent of employees use the exact same password for everything they access. Meanwhile, 63 percent of confirmed data breaches leverage a weak, default or stolen password.

So where can your company start? Start with a training program. Your employees need to be educated on cybersecurity best practices.   One of the issues that any cybersecurity awareness training program should address:

Implement real password policies:

There’s no easy way to say this, so I’m just going to say it: Passwords stink. They are no fun to create, no fun to remember, and no fun to type in. That being said, passwords are still the most common authentication method today. It is imperative to implement a password policy requiring complex passwords that can’t easily be guessed, and end-user training to go along with it. Microsoft’s Active Directory “require complex passwords” setting is a start, but end-user training is also mandatory.

Many users use the same passwords for every online system they need a password for. This is a problem. If one site gets hacked, cybercriminals will try your credentials at all common websites, and possibly at your business’s VPN. It is imperative that your cybersecurity awareness training program encourage your team members to use different passwords for different sites, and especially for any system that your company uses.

Most companies have some sort of safety guidelines that their employees must follow or be aware of and cybersecurity should be no different.  There are a number of companies that specialize in this type of training, and they may or may not be a good fit for your company culture. Picking the right type of training is critical; having a good cultural fit is more important than the actual content. Be sure to do proper due diligence to ensure that the training content offered by the company or companies you are considering is a good fit for the culture of your company.

The important message here is that you already know you must train your employees on certain things in order to have them perform their job functions. Cybersecurity is one of those things. If you are uncertain as to how to structure a cybersecurity training program, find an advisor that can help you.

Questions to explore this topic further with your company’s leaders:

  • When was the last time you were trained on cybersecurity? What did you take away from it?
  • Do your team members who have access to sensitive data get additional training above and beyond those who do not?

Bryce Austin is the CEO of TCE Strategy, an internationally-recognized speaker on emerging technology and cybersecurity issues, and author of Secure Enough? 20 Questions on Cybersecurity for Business Owners and Executives. With over 10 years of experience as a Chief Information Officer and Chief Information Security Officer, Bryce actively advises companies across a wide variety of industries on effective methods to mitigate cyber threats. For more information on Bryce Austin, please visit www.BryceAustin.com.

Does the Virtual You Byte? Managing Your Digital Twin

By Kate Zabriskie

Kate Zabriskie“We were ready to make him the offer, but then I saw the domestic abuse arrests. With a quick Google search our clients could easily find the same information. I don’t need to ponder the larger risks because this problem alone is a showstopper.”

“Why would I buy from someone who chooses a middle finger shot as his Twitter profile picture? Goodness knows I made some bad choices early in my career, but clearly, he’s not ready to manage an account like ours. It’s too bad. I liked his presentation.”

“I couldn’t believe it when I came across what I did. She works for a great non-profit and I liked what she had to say, but that’s not her only career. The boudoir shots and escort activities are an interesting sideline. Call me judgmental, but I just don’t want to work for her. I can’t be associated with people involved in those kinds of activities.”

A little digging on the internet can reveal of wealth of information. Some of it is true, some of it isn’t, and all of it is out there for the world to see.

Fair? Probably not, but it is what it is. Our digital doppelgangers have tremendous power, and as long as finding information online is easy, it will be found.

So, what’s a person to do to get control of his or her online image without spending a fortune? By following seven simple steps, you can take charge of your digital reputation.

Step One: Understand Your Digital DNA: The first step in managing the cyber you understands who creates him or her. If you use social media, you’re contributing to your footprint. If you have ever owned property, had a land line, donated to charity, sat on a board, or participated in any activity where information is published in an online newsletter, that information is part of the digital you.

You need to understand your digital twin has lots of parents, and some of them are more concerned about presenting him or her in a positive light than others. Google yourself, and make a list of from where information is coming.

Step Two: Choose a Strategy: The key to an effective online presence (or absence) is planning. Without a strategy, you have no plan. To manage the online you, you must decide what you want people to find. You might choose to present yourself as a well-rounded candidate for a job, define yourself as an expert on a particular topic, or align yourself with a cause that means something to you. Whatever the choice, one should have a goal for presenting an online picture that matches your offline objectives.The key to an effective online presence (or absence) is planning. Without a strategy, you have no plan. Click To Tweet

Step Three: Remember, It’s Not All Bad: In most cases, a well-managed digital presence is better than no presence at all. Think about it; if you were in a hiring manager’s chair and could find nothing in cyberspace about a candidate you were considering for an important job, would it concern you? Maybe.

What most likely wouldn’t concern you, however, would be the discovery of a professional LinkedIn page. In fact, the existence of such a page would probably serve as additional evidence of the candidate’s qualifications and suitability for a job.

Step Four: Put the Best You Out There: A picture is worth a thousand words, and a lot of what people say about themselves when choosing a profile photo isn’t too good. The photos are blurry, old, or just inappropriate. Get a professional photo taken and use it.

Your virtual you should be congruent with the real you. In other words, don’t promise one thing and deliver something else. Update your photo every five years or after you’ve had any significant physical transformation.

Next, check your privacy settings on all social sites into which you opt in. Do you really want people knowing what you’ve “liked” online, what your following, and so forth? If your brand strategy isn’t to be political or provoking, think before you comment on anything controversial.

Also, don’t forget that privacy settings change, people share comments, and so forth. In short, what you say among friends may at some point be seen by people you wouldn’t expect to have access to your conversations.

When it comes to social media, be disciplined, and make choices that fit with your strategy.

Step Five: Manage Unflattering Information: If you’ve got information out in cyberspace you wish weren’t there, and you are blessed with a common name, your dark data is probably buried pretty far down in the search results—especially if you actively publish other information about yourself.

If you have a rather unusual name coupled with a bad PR problem, you’ll need to be more proactive. Make site-by-site requests for information removal, and start publishing. Comment on reputable blogs using your real name, leave product reviews also using your real name, publish articles, and so forth. Your goal is to create noise and push negative information to the bottom of the pile. The stronger the sites where you post “good” data, the more likely those items will appear at the top of the results.

For most people, a do-it-yourself approach is sufficient, but if you’ve tried and are still struggling, you can always hire an expert. Prices vary widely, so shop around.

Step Six: Set Up an Auditing System: Online reputation management isn’t a one-and-done activity. It’s ongoing because the internet is fluid. What’s there today could be gone tomorrow and vice versa.

As your own reputation manager, this means you must be on your toes and aware of what’s being said about you. An easy way to stay in the know is to set up a Google alert for your name. Then, as that search engine finds new mentions of you, it will let you know.

Next, search the top engines for your name once a month. Check the first two pages of results for anything troubling. Finally, once a year, do a deep dive and look at every result. It’s time consuming but worth the effort—especially if you’ve encountered problems in the past.

Step Seven: Remember Why You Care: When you work hard to make the real you great, your digital twin shouldn’t be allowed to ruin your reputation. In other words, the online you should be your advocate, not your adversary, and if you don’t manage him or her, you roll the dice and take your chances.

Kate Zabriskie is the president of Business Training Works, Inc., a Maryland-based talent development firm. She and her team help businesses establish customer service strategies and train their people to live up to what’s promised. For more information, visit www.businesstrainingworks.com.

Hacking People: Why Your Biggest Vulnerability Isn’t In Your IT Department

By Clinton Henry

Clinton HenryLast week, Chris stopped off at his local coffee shop to have a chai before heading off to a trade show to deliver a keynote speech. As he sat at his usual spot near the counter, a heated discussion ensued next to him regarding the third quarter of 2017. In the middle of the morning’s caffeinated hustle and bustle, a marketing meeting was in progress.

He knew it was a marketing meeting because the three employees left the screens on their computers open to “Marketing Plans.” Much to his amazement, they abandoned the table and were apparently in line—as well as online. They left two smartphones and a couple of memory sticks out in the open, plain as a Pumpkin Spiced Latte.

While reasonable predictions aren’t always correct, there’s a strong possibility that eventually the company will experience a breach. Moreover, it’s highly unlikely that anyone within the business or IT has taken a serious look at how its users operate to protect it from this sort of vulnerability.

The biggest risk for any organization being hacked is neither the firewall nor the server. It is another problem altogether: social engineering. Social engineering is when employees inadvertently (or out of malice) give cyber thieves sensitive corporate or client information. The problem with most businesses and IT departments is while they may be eager to invest in cybersecurity measures for their organization, they often neglect investing in shielding the most common attack surface motivated hackers use to gain access: employees.Over-familiarity with and blind trust of technology can be a dangerous thing. Click To Tweet

Let’s review some of the socially engineered pitfalls that occur all too often:

Public Wi-Fi: Public Wi-Fi is to your computer network as Kryptonite is to Superman or garlic is to a vampire. Unless you are sending out information that is encrypted via a secured site, never conduct any business from an unsecured Wi-Fi hotspot.

Public Places: In the space of two seconds, it would have been possible for a thief to take screen shots of the third quarter plan with a smartphone or to swipe the smartphones and stick drives or even one of the laptops. Any document, especially any document with links to your organization, is all a cyber thief needs to get going. Never leave documents unattended.

Ever hear of visual trespass? It is the practice of someone in any public space looking over your shoulder viewing your computer screen. Here’s an apt example: Alison, the head of tax and audit for a publicly traded company, was traveling and noticed a stranger was trying to observe her computer screen in an airport while she was working on her corporation’s soon- to-be-public 10-k filing. While the stranger may have been rude (and not a cyber thief), the person working on those financials was misguided and careless.

Moreover, public conversations that should be held in private can undo a company quite easily. Recently, the same Chris from earlier was in O’Hare airport while a gentleman next to him was on the phone with a colleague who needed access to a file. The helpful companion, within earshot of Chris, decided it was a good idea to give his coworker his personal password so he could access the file. If Chris was an opportunist, he could have simply made conversation with the unsuspecting traveler later and traded business cards, giving Chris his username and company along with his password. The businessman would have been none the wiser.

Phishing: Remember those emails we once received from Nigeria, Lithuania, or Romania that named us as the heirs to great fortunes? All they needed to secure the millions owed to us was a credit card number. People fell for it in droves. Then there were fake job postings that asked us for background information. The postings looked legitimate and we fell for that too. We gave them what they asked for.

Phishing has not gone away. It has become so sophisticated that we believe it comes from our bosses, a supplier, or a nonprofit we might support. The links in the email are typically malware that can infect the entire network and grab important files. Don’t fall for it. When in doubt, always verify. An interesting fact: Millennials are more prone to falling for phishing than older employees. Over-familiarity with and blind trust of technology can be a dangerous thing.

Vindictiveness: Remember that angry employee who was terminated? What precautions were taken to make sure that he or she was immediately shut out from the network? Terminated employees can sometimes be vindictive. Have a plan and protect your data so the recently fired sales executive can’t walk to your competitor with your latest leads or biggest accounts.

Vendors: Your computer network is only as good as who has access to that network. Many cyber thieves have successfully snuck in through a back door by going through the networks of your vendors. This is a potentially huge problem for any organization having a continuous relationship with suppliers. If your network is secure but your vendors have cyber security that is more like Swiss cheese, it can potentially create a huge vulnerability in your network.

Remember that while most internal IT organizations often seek funding for the latest network security equipment or software to beef up cybersecurity, they often neglect to engage their users to harden the organization from social engineering attacks that are commonly used to compromise a company. Neglecting to offer sufficient training for their users leaves the organization vulnerable to a hacker using a company’s own employees against it.

Clinton Henry is one of the world’s leading cyber security and identify theft experts. Known for his engaging keynotes and insightful perspective on business and personal cyber security, Clinton has amassed a loyal following of business and IT executives who look to him for guidance on how to protect their corporate profits and reputation from attack or compromise.

Save

9 Surefire Steps to Lockdown Your Cyber Security

By Clinton Henry

Clinton Henry“Dear Client.” That’s how the letter usually begins.

The next few sentences are a little trickier; there is really no good way for someone to hear that their data has been stolen. Unfortunately, getting this letter is becoming an all too common occurrence in business. Businesses lose more than $100 billion a year to cyber-attacks and fraud globally.

While a security breach might be one of the last things on your mind, the most recent Travelers Risk Index report shows that it’s a top concern for your clients, customers, and contractors – “Personal Privacy Loss and Identity Theft” went from barely ranking on their survey a few years ago to being number two, right behind “Financial Security.”

The expectation of cyber security has to be met with the same fervor and drive that you strive to meet all your other clients’ expectations.

1) Engage and Educate Employees: It’s important that you create a culture of security within your organization because security is everyone’s responsibility. If you don’t have buy-in from all your team members, you’re exposing your business to unnecessary risk. The majority of attackers gain access to networks via social engineering and the manipulation of a user within an organization, not via command line “hacking” from a dark, Cheetos-filled basement somewhere, as the movies often portray. Why would someone spend days trying to crack your accountant’s password when they can simply call your IT desk pretending to be your accountant and ask him to reset it to something new?

2) Anti-Virus: Having an up to date anti-virus deployed on all of your desktops and servers is vital. An unprotected computer is an easy target for a motivated attacker. Don’t make it easy on them – pay for anti-virus and make sure it’s regularly updated by your IT staff.

3) Password Management: It’s important that you and your employees leverage strong, complicated passwords that aren’t easy to guess. There are now hacking applications you can plug into a computer that will run through the most common 10,000 passwords used in about four minutes, trying each of them. You’d be surprised how many folks with access to critical data have the password of “password,” or if they are feeling clever, “password1” (Did this just guess your password? Go change it!).

4) Secure Your Networks: Without getting too technical, just know that having a firewall between your corporate network and the Internet is very important. If you don’t, there is very little stopping someone from freely accessing your data.

5) Secure Your Cloud: No matter what cloud provider or service you use, make sure you do your due diligence on their security practices. If they can’t easily and quickly tell you how your data is secured, odds are it isn’t. Also, for any accounts used to access your firm’s data, make sure you have strong passwords and only access it via a computer you own or trust. If you access your cloud on an infected machine, a hacker could potentially learn your password and use it later on without your knowledge.

6) Protect Banking Information: Make sure that all financial data, accounts, and records are kept secure and segregated from the rest of your business’ general shared drives. If financial transactions are conducted electronically, ensure they are done over an encrypted connection and that your employees never email account numbers, credit card information, or sensitive financial documents.

7) Backups: One of the most common types of breaches now being seeing are called “ransomware” attacks. Instead of “stealing” data from your organization, these attackers find your critical data and then encrypt it (digitally locking you out of it), making it so only the person with the digital “key” can unlock and access that data. The hackers then offer the victim access to the “key” for a very large fee. If you’re hit with one of these attacks you have two options:

Pay the fee or restore the locked data from a recent backup. This is why backups are so important. Recently a very large hospital, a police department, and a public school (along with literally thousands of other victims) have been forced to pay tens of thousands of dollars to get their data back. Making sure your data is backed and stored separately from your main repository can help protect you from attacks such as these.

8) Physical Security: This one is self-explanatory but you’d be surprised how much client data is left lying around the office. Ensure your partners, trusted employees, and finance team lock away any sensitive documents when they aren’t working with them.

9) Mobile Devices: While they are a convenience and increase productivity of the staff, mobile devices mean that your clients’ sensitive data can potentially walk out your firm’s door without you ever knowing it. Make sure that all mobile devices used to access corporate data have passwords (your email server can force this requirement), and if you have employees that use laptops you should look at having the hard drives for those machines encrypted. Most modern operating systems have encryption built in (you just have to enable the feature), and it’s foolish not to leverage it. If an employee accidently leaves a laptop on a plane or in the back of a taxi, you’ll be guaranteed that all data on it is secure and protected.

Your business, your brand, and your bottom line depend on the trust you develop with your clients. Handling the items listed above will go a long way in protecting all three.

Clinton Henry is one of the world’s leading cyber security and identify theft experts. Known for his engaging keynotes and insightful perspective on business and personal cyber security, Clinton has amassed a loyal following of business and IT executives who look to him for guidance on how to protect their corporate profits and reputation from attack or compromise.

Save

Save