By Spencer Young, RVP, Imperva
‘Data is the new oil’ is old hat. Data is so plentiful these days that it’s more like the new air. Our society runs on digital information in ways that would have been utterly imaginable just decades ago. Data runs through everything we do, and the amount in circulation is only going to increase.
To put the sheer amount of data that’s whizzing around in perspective, we currently generate about ten zettabytes of information globally every year. That’s ten trillion gigabytes, which equates to about two trillion DVDs or 62.5 billion iPod classics. If you stacked those iPods on top of each other, the tower would be 812,500 kilometres high – more than double the distance to the moon. That’s a lot of data.
Give it six years, though, and we’ll be producing eighteen times that amount – 180 zettabytes for every trip round the sun. Now you’ve got 1.2 trillion iPods. The stack is 14.6 million kilometres high. At that rate, it’d only take three and a half years to fill enough iPods to build a bridge to Mars – and Mars is a really long way away.
Using data effectively
The relatively sudden availability of all this information begs the question: what on Earth (or Mars, for that matter) are we doing with it all? For businesses, the rise in available data should be a strategic benefit – the more you know, the more intelligent your decision-making should be. That’s the theory, but is it the reality?
We pay a lot of money for data collection, hosting and maintenance, so how do we go about creating a data driven organisation that reaps the rewards of data analysis and insights? By going through the process of discovering where your most valuable data is stored, you can actually use compliance mandates as an opportunity to put data at the centre of your business.
Compliance programs, such as preparing for GDPR, provide the right level of impetus for your organisation to investigate and locate sensitive data so that you can efficiently protect these assets. By getting a better handle on where your sensitive data sets reside, and the best practice processes for overall security, you’re creating a data governance program that provides greater control over your data assets.
In any data governance and compliance prep program, the first step will involve an assessment of your current data environment. This should include a few different steps, starting with a discovery process and comprehensive inventory of all of your known and unknown data repositories. You’ll then need to look at how data flows within your organisation, including all of your touch points and sub-processors, before mapping out your current security and compliance technology to see where any gaps might be hiding.
For most organisations, this level of data discovery and inventory of sensitive data isn’t a process they can realistically perform manually. Many will have a combination of large and disparate database environments, so the first technology investment to look into should be in data discovery and classification.
The other important point is that data is increasingly dynamic by nature. That’s why your discovery and classification process should be occurring on a regular basis, as the nature of your data will continue to change.
But going through this process then provides you with actionable results for ongoing audits and compliance reporting. If you can leverage automation within these processes, you can also transition from basic discovery and classification to policy application, activity monitoring and user rights management – the next step in developing a robust, layered security posture.
When implemented effectively, layered security allows businesses to significantly reduce the amount of private data they manage, improving overall business efficiency.Layered security also drastically reduces the risk of a data breach, while facilitating a rapid incident response and reporting process to ensure compliance with the breach notification requirements.
To ensure they get real value out of their compliance projects, companies need to ensure that their data privacy solutions meet key components of these regulations out of the box and provide the most effective automated data protection available. The best security systems help companies to understand where databases are located and what type of information they hold by automatically scanning enterprise networks – making the process of regulatory compliance smoother and giving companies a deeper understanding of what’s going on inside their systems.
With so much data now in play, businesses must prioritise the creation and maintenance of a detailed, real-time inventory of data scattered across their organisations and enable automated, scheduled scans and holistic identification of sensitive data. Once these processes are in place, the company will not only benefit from a lighter compliance admin load, but also from a more joined-up, data-centric approach to running the business.
Like all digital services, cybersecurity has a key role to play in building an effective data-handling strategy for the new data age. Businesses must take action now to ensure their defence systems are supporting the overall effort to make the most of data – as securely as possible.
Why cybercriminals have ‘Gone Vishing’ during the COVID-19 Pandemic
- More than 215,000 vishing attempts in the last year alone
As new coronavirus restrictions look set to confine much of the UK population to their homes this winter, cybersecurity specialists Panda Security are warning consumers to be on guard for an explosion in ‘Vishing’ attempts by cybercriminals.
Vishing, or voice phishing, is a social engineering technique used by fraudsters posing as someone from an IT helpdesk or support services, in order to obtain personal information from a victim. They will then look to use this information to hack into secure systems and defraud victims.
Vishing has increased as hackers are taking advantage of employees working remotely. Since August last year, HM Revenue and Customs (HMRC) has received reports from the public of more than 215,000 vishing attempts. These scams often offer fake tax refunds or help with claiming Covid-19 related financial support.[i]
The hacker can be very convincing and will often have done a lot of research into the company and the person they are contacting, to make what they are asking you for sound plausible. At times they even spoof phone numbers, so it looks like the caller ID is authentic and the same number as the real business.
European Cybersecurity Month: Keeping the ‘Vishers’ at bay
During European Cybersecurity Month, Panda Security is raising awareness of the dangers of vishing and is calling on consumers and businesses alike to take some simple measures in order to protect their data. Hervé Lambert, Global Consumer Operations Manager at Panda Security, gives his top tips to avoid being a victim of a vishing attempt this winter.
- Never give out your personal details: You should never give anyone your personal details such as bank details or passwords verbally over the phone or via email. Hackers will often find data about you on the internet and through social media networks and use this to convince you they are legitimate
- Be suspicious: It is right to be apprehensive of unknown callers, particularly if you are not expecting the phone call. Ask the caller questions or give deliberately false statements, and if you do not feel comfortable with their answers, hang up and phone the company or person back directly
- Don’t always trust caller ID: Hackers can often spoof legitimate phone numbers and make you believe that the phone call is coming from a credible source. Remember that legitimate businesses will never ask for your personal details unsolicited over the phone
- Install security measures: While internet security will not completely protect you from fraud, installing measures such as antivirus software will help protect your digital identity and make the job of the hackers much more difficult
- Keep calm: Often the hacker will try to panic you into reacting very quickly and scare you into providing them with your information. Take a moment to breathe and slow the conversation down
Commenting on the raise in vishing attempts, Hervé Lambert, Global Consumer Operations Manager at Panda Security says: “Vishing is not a particularly new or sophisticated technique, and yet the “new normal” of working from home has been a boon for cybercriminals looking to exploit vulnerable people in this way. Hackers will scour the Internet and social media networks for any information they can glean about a potential victim before making a call. Once they have secured the victims trust they are then in a position of power to defraud them.”
Lambert continues: “It is essential that consumers take preventative measures to protect their digital identity, while remaining vigilant and question anything that seems unusual. Our key piece of advice remains: never give out your personal details over the phone.”
Five golden rules of recruitment
Former investment banker and entrepreneur, Connie Nam, discusses five ways in which basing your recruitment process around understanding a candidate’s personal passions, motivations and personality can improve staff retention and strengthen your workforce.
Ex-investment banker Connie Nam saw a niche in the UK jewellery market and built a £10m business from her kitchen table in just eight years. Today, as CEO and founder of cult jewellery brand Astrid & Miyu, she is continuing to grow her business as well as her team despite the unprecedented challenges of a global pandemic.
As founder and CEO of a rapidly growing business, Nam’s role is ultimately to create a clear vision, run the business, continue its growth and – most importantly – lead and support her team in their work and in their progression within the business. Nam started her business on her own and, as the brand grew exponentially, she had to become quickly accustomed to managing people and continually refining her recruitment process to attract and retain the best talent to grow with the business.
Now, with a team of more than 80 across the business, Nam and her senior management team have built a rigorous recruitment process, driven by strong cultural values, to identify the perfect candidates and ensure there are world class managers heading up each department as her team continually expands.
The key to recruitment and retention according to Nam, is that the people and culture element is part of the wider company strategy, not just part of a HR strategy in silo. Nam believes that people should be at the heart of any business and that taking the time and asking the right questions to understand a candidate’s personal passions, motivations, goals and personality during the recruitment process is vital to building and retaining a unified team. Here are five key benefits of taking this approach, according to Nam:
- Bring any missing qualities into a business
We’re always reviewing our business and team which allows us to identify gaps and bring in missing qualities into the business. One thing I do – which I’d recommend any business leader does – is hold strategy meetings with my leadership team every quarter where we review the brand, business, and above all team strategy. These meetings allow us to find out what we’re missing in a team – in terms of communication, skillsets, values and personalities – and look to bring people in to fill those gaps.
- Craft a cohesive team
When crafting a cohesive team, it’s important to recruit based on values and ensure that a candidate’s own values align with those of the business. Values are such an important part of our business and this is true to everyone’s heart in the business; it’s not just coming from me – or from the top – it’s not corporate spiel rather it is instilled in everything we do.
We recently redefined our values which are: grow together, celebrate each other and break all boundaries (or throwing out the rulebook!). We take these values very seriously and build the team on these foundations. Whenever we recruit, we look for these three signals and if people don’t fit into these three values then they won’t be hired – values are not just a company buzzword, they are important and just underpin everything you do as a business and as a team.
We are also planning to put these three values formally into our appraisal system so when we do our biannual reviews with colleagues – aside from the business KPIs – these values will be a very important factor in their progression and development within the business. I would advise any business leader to make sure you take the values seriously and live and breathe them so everyone in your team feels equally passionate – that is the secret to crafting a truly cohesive team.
- Enable empowerment of individuals
Empowering individuals in your team is so important, not only for their own personal development, but for the benefit of the wider team and even the business as a whole. It’s important to allow people to play to their own strengths and give them a sense of ownership if you want them to fulfil their role with as much passion as though it was their own business.
As we have grown so rapidly, it has put a lot of challenges and pressure on the team, but at the same time they have been able to grow as individuals and step up very quickly to becoming industry leaders in their fields. Our last value is to break all boundaries and we give a lot of freedom to individuals and allow them to take risks (within the means of their roles). Everyone at Astrid & Miyu owns some segment of the business; they have clear boundaries and budgets but –if they act within that and meet business targets and KPIs – they’re free to do their job however they like. They can take risks and if they fail, we don’t have a blame culture. If they fail within the means, we actually celebrate it as it allows people to reflect on the key learnings which I think is quite powerful in terms if empowering individuals.
- Enhance job satisfaction
Job satisfaction seems like an obvious one, but it really is one of the most important elements of maintaining a loyal and motivated workforce. As I’ve already mentioned, we ensure everyone has a very specific role with strong sense of ownership, and we let people run with their work within very clear boundaries with clear expectations. Aside from business KPI reviews we also carry out regular personal development reviews where every individual comes up with what they want to learn for the full year or for the quarter and how they want to develop and their manager will guide them – even if it’s not related to their immediate job – so they have something to look forward to which keeps them satisfied in their role and motivated. That learning and sense of ownership, development and progression really enhances employee satisfaction.
- Improve staff retention
Clearly, staff retention goes hand in hand with job satisfaction – if people are satisfied, they will stay in their role. As well as having a sense of ownership, having clear goals and enough progression opportunities form a big part of staff retention; teams and individuals need room to grow. We have always made sure there are progression opportunities for our people, though we have been lucky to experience continual growth that allows us to have even more progression opportunities for those who are able to keep up.
We have a very transparent progression scale, which includes total transparency when it comes to pay – something that isn’t common in the fashion industry or a start-up environment but is vital for ensuring teams are motivated and trusting of the company. Everyone at Astrid & Miyu knows what their salaries would be if they get promoted to certain levels and what their band is – if they’re on the same level, everyone is on the same pay, so I think that’s highly motivating. This is something we implemented at the end of last year to make things very transparent and open and I think people are definitely more motivated because they’re not left in the dark, which can be the feeling when remuneration is done on a case by case basis. Now we have a very clear process and salaries attached to job titles so there’s no room for complaints and the team all know exactly what they need to do to progress.
The fact it’s very clear and transparent makes people trust the business and trust the leadership. Our transparency when it comes to pay is reminiscent of the structured progression routes you see in the corporate arena of banking and accountancy which is where I started my career – I know it can become political and chaotic if you don’t have this, which is not going to aid staff retention, it will do the opposite.
Though these are the five building blocks of a successful recruitment and retention strategy, I would add that businesses should not be afraid of making hard decisions. Although it’s important to foster a supportive workplace culture and help your people with their career progression, the onus needs to be on the individual – if they are not working hard and to the business’ values, their role within the company should be reviewed – don’t let people slip at the detriment to the wider team. This can be avoided if you find the right people at recruitment stage which is why recruitment is so important because, if it doesn’t work out, companies should not be shy of letting people go if they are not committed and the right cultural fit. I think that is motivating for the people who do work hard – it can be very disheartening for employees who are working hard to see one of the team is not pulling their weight. It is important that businesses are constantly reviewing their recruitment strategy and that there is a strong set of values and a clear onboarding process to ensure a strong and united workforce.
Using data analytics to improve SME cash flow and treasury management
The pressure facing SMEs this year is widely known, and they are looking for ways to improve their cash flow and payment decisions. Data analytics is a hidden gem that many SMEs are not tapping into. Smart data-driven decision-making could potentially be transformational for small businesses owners, writes Neo’s CEO, Laurent Descout.
The ability to maintain positive cash flow is one of the biggest challenges SMEs are struggling with during the COVID-19 pandemic. In times like these, the ability to monitor outgoings versus income, make payments to staff and suppliers, be paid on time and preserve a healthy order book of customers, is an extremely difficult task.
Governments around the world have done their best to help business owners in different ways, with fixes such as direct cash injections and loans to covering staff costs. As welcome as these are, they are short-term solutions. As businesses hopefully start to emerge from the pandemic, SMEs need tailored support and guidance that address their specific challenges – not a one-size-fits-all strategy.
What many business owners may not realise is that they are sitting on a treasure trove of information that could go some way towards helping them in this regard.
Tapping into data and analytics for smarter decisions
Every SME will be facing their own challenges. Each business’ trading histories, payment cycles and cash reserve levels are unique. Over a period of months and years, through a process of trial and error, they increased oversight of their finances and improved their overall decision-making and performance.
They can go one step further and make smarter business decisions by using tailored data and analytics derived from their company’s history of trading, payments and cash flow. By utilising comprehensive analytics of their business functions, owners can have a complete view of their corporate behaviour, backed by intelligence.
Ever wondered if all of your payments made on time, or even too early? Or what percentage of their customer’s payments are delayed, and by how much? How can temporary cash shortfalls be addressed more effectively?
Knowing the answer to such questions and more can result in improved forecasting, detecting patterns and anomalies and automating processes. This enhances financial decision making, risk management and cash flow monitoring. Critically, the answers derived from these analytics are unique to each business.
There are other benefits too. Time is saved from participating in routine and straight-forward bookkeeping processes, which improves productivity, while decision making is more informed. Furthermore, improved forecasting and predicting customer preferences can lead to an improved experience as well as new business opportunities.
The need for a treasury system to navigate difficult times
Of course, this requires access to a treasury management system (TMS), something which has historically presented a hurdle. It is estimated that three-quarters of SMEs have no treasury function; rather, they often rely on spreadsheet software, but these were never designed for this purpose.
The events of 2020 have caused many people to reassess how they manage their businesses, especially while working remotely. For SMEs, modern fintech treasury management systems (TMS) could provide a solution.
Once solely at the disposal of large corporations, there is now a wave of innovation in treasury technology systems, which has democratised access through lower costs, and offer access to customised interfaces that are easy to use and tailored to individual business requirements.
The phrase ‘cash is king’ is often used more frequently during crises to highlight the critical importance of maintaining positive cash flow. Having a comprehensive oversight of your treasury management operations is essential for effective business and risk management and maintaining positive cash flows. Tailored data and analytics can be crucial for achieving this.
This has become even more important during the current pandemic. With the majority of finance teams around the world likely to be working remotely for a substantial period, and with social distancing expected to continue in some form throughout the year and likely into next in many countries, now is the time to make smarter decisions to sustain small businesses through a difficult period.
Will covid-19 end the dominance of the big four?
By Campbell Shaw, Head of Bank Partnerships, Cardlytics Across the country, we are readjusting to refreshed restrictions on our daily...
Why cybercriminals have ‘Gone Vishing’ during the COVID-19 Pandemic
More than 215,000 vishing attempts in the last year alone As new coronavirus restrictions look set to confine much of...
Risk Mitigation vs. Risk Avoidance: Why FIs Need to Maintain Risk Appetite and Not Place All Bets on De-Risking
De-risking aims to protect financial institutions from the increasing pressures placed by regulators and threats, associated with clients operating in...
Using AI to identify public sector fraud
When it comes to audits in the public sector, both accountability and transparency are essential. Not only is the public...
Five golden rules of recruitment
Former investment banker and entrepreneur, Connie Nam, discusses five ways in which basing your recruitment process around understanding a candidate’s...
Using data analytics to improve SME cash flow and treasury management
The pressure facing SMEs this year is widely known, and they are looking for ways to improve their cash flow...
Why dependency on SMS OTPs should not be the universal solution
By Chris Stephens, Head of Banking Solutions at Callsign In our day-to-day lives, SMS one-time passwords, also known as OTPs, have...
The chosen one
By Jesse Swash, Co-Founder Design by Structure. The lessons for the future lie in the past. The same truths still hold. This time...
How PR can help franchise businesses emerge stronger from 2020
By Mimi Brown, Head of Entrepreneurs & Business at The PHA Group A second wave of coronavirus is gathering pace...
Cash and digital payments – a balancing act to aid financial inclusion
By Matthew Jackson, Head of Partner Development, EMEA at PPRO The cashless debate is one that continues to spark both conversation...