Connect with us

Business

Device Management Is Crucial in Enhancing Cybersecurity for Interactive Touchscreens

By Nadav Avni, CMO of Radix Technologies

Elevate your cybersecurity defenses with effective device management strategies for interactive touchscreens. Unleash the power of secure interactivity while safeguarding sensitive information.

The education sector’s digital transformation is helping students keep pace with modern technology. The internet has made it easier than ever for kids to access learning materials, submit assignments, and participate in group activities. In addition, schools now use interactive touchscreens instead of antiquated tools such as whiteboards, projectors, and video cassette players. All that’s remaining is to ensure school devices have the right device management support to keep them safe.

Like everything else, technology also has a dark side. For the education sector, cybersecurity breaches often mean great risks to student privacy. Awareness, best practices, and device management can help minimize the damages from cybersecurity breaches. After all, when school districts commit to a full and safe digital upgrade, students win.

Identifying Cybersecurity Challenges in Education

What’s the best medium of instruction for students who grew up immersed in the internet, usually via their parent’s smartphones and tablets? Interactive touchscreens, of course! Touchscreens provide a natural extension for kids who learned to type letters on phone screens and play videos with touch controls.

Unfortunately, school devices aren’t totally immune to cybersecurity issues. Many students and teachers alike fall for phishing scams, where they inadvertently share their user accounts and passwords with online thieves. These criminals will then access their private data to steal whatever they can.

Additionally, cyber gangs can also use brute-force hacking and SQL injections to gain access to restricted servers. In some cases, institutions fall victim to ransomware, where they’re forced to pay gangs to return access to critical data in exchange for money.

Negligence in cybersecurity measures

 is the major reason for online breaches. However, the use of obsolete technology is also a factor. A single device that has yet to update to the latest software version leaves the entire system vulnerable to attacks. Reminding users to practice online diligence is a good way to minimize attacks. However, school districts also need reliable device management software to protect and update devices.

Implementing Comprehensive Device Management Solutions

Comprehensive device management solutions enable school districts to enforce area-wide security protocols. A key feature of modern device management is remote ability. This allows IT administrators to remotely connect to one or all devices on demand.

What’s more, management can monitor each device to see if it runs the latest software versions and allows access only to authorized users. Remote management also allows IT teams to schedule automatic updates during device downtimes.

Another key feature of device management is assigning user access levels consistent with their duties. For example, students receive access to scheduled modules and their personal records.

Meanwhile, instructors get wider access to their student data and the course curriculum. School administrators and board members can collect user data to gather insights into school and individual performances. Finally, IT teams have access to system settings and administrative work.

Basically, each user only gets to work on their defined area of responsibility. Partitioning access reduces the risk of users overstepping their bounds and records any such attempts or incidences.

Monitoring, Patching, and Vulnerability Management

Touchscreen devices are some of the biggest expenditures schools can make as they embrace the digital classroom. Ensuring a great return on investment (ROI) for these devices means having them work optimally beyond their expected lifespan.

Providing expert care and maintenance on these machines will extend their operational years. Additionally, IT administrators should consistently apply the latest updates and fixes to system software, firmware, and applications. This ensures all school equipment uses the latest software versions. More importantly, malicious entities can’t exploit documented vulnerabilities in the software.

For this reason, remote management should remain a key feature of your device management platform. The ability to connect with one or more devices remotely lets administrators apply critical updates and patches immediately. It also enables admins to attend to devices reporting unauthorized access attempts.

With a single command prompt, admins can freeze, shut down, or disable devices to prevent any further action. If there are attempts to steal data or devices, admins can wipe all stored information or incapacitate devices. At the same time, geolocation services can identify the location of stolen or missing devices.

Educating Users: Promoting Cybersecurity Awareness and Best Practices

Embracing a totally digital educational system means being aware of the risks that come with it. Many of today’s students are digital natives, having grown up in a computerized environment. Sometimes, this familiarity leads students to boldly attempt to override school systems or hack local databases. While many will do so with malicious intent, some will do so just because they can.

A good start for school districts is to educate students about the need to protect their own data. This includes assuming the responsibility of securing and updating their passwords and encrypting or protecting their documents. Additionally, students should learn to always log out of shared devices after use.

However, awareness is just the beginning. School districts should also enlist the help of reliable device management software, which can take the pressure off individual users.

Having a platform that monitors, manages, and secures all school devices is a great deterrent against wanton online aggression. More importantly, a good device management platform has the tools to secure devices and counter any unauthorized access attempts.

Enjoy the Full Digital Experience With Reliable Device Management

Touchscreen devices and other digital school equipment are great tools students can use to learn proper cybersecurity. With their assigned accounts and devices, they can practice diligent password management and proper document storage. Instructors can also spend a few sessions teaching students about common cybercrimes such as phishing, malware, and ransomware.

In short, awareness combined with reliable device management practices can set up a great learning system in schools with digital equipment. Embracing technology means recognizing the possible dangers that go with it. Doing so is a win-win situation for both school districts and the students themselves.

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Business

The Power of Purpose in the Financial Services Industry

Source: Finance Derivative

Becky Willan, CEO and Co-Founder of Given

The Challenge

Banks and businesses in the financial services industry are coming under greater scrutiny for not only how they invest their money but, increasingly, who they invest it with.

In June, Barclays came under attack – quite literally, with 20 branches vandalised across the UK – over accusations of links to defence companies supplying Israel. This led to the suspension of their sponsorship of all Live Nation music festivals, and prompted the bank’s chief executive, CS Venkatakrishnan, to write an opinion piece in the Guardian about what he called “a ​​campaign of disinformation against Barclays”.

Lloyds Banking Group is another high profile example after its AGM was disrupted by pro-Palestinian and climate activists in May. Two years ago the bank committed to end direct funding of new oil and gas exploration projects, but for some this does not go far enough, with the protesters demanding Lloyds divest from all fossil fuel and arms companies.

This comes amid growing concerns about the lack of sufficient capital to fund the transition from “grey to green”. As we have seen, financing projects from oil and gas companies, even if there’s a clear decarbonisation agenda, now comes with increasing reputational risk for banks. And yet we can’t achieve a low carbon economy without system-wide transformation.

The banking industry operates in a challenging space when it comes to navigating purpose, but do these institutions deserve the level of criticism we’re seeing in the media?

What we do know is that businesses operating in the sector need to have more clarity and focus around what their purpose is.

Our recent Purpose Gap Report revealed that over a quarter of respondents in the financial services industry (26%) are actively thinking about leaving their current job role due to their company’s failure to deliver on corporate purpose promises. This compares to a 13% average across all sectors looked at in the report. At twice the rate of dissatisfied employees, financial services appears to be lagging behind other industries.

Additionally, over half (56%) of consumers say it is important to them that their bank acts sustainably and/or ethically. It is therefore essential for businesses in the financial services industry to consider carefully their purpose and corporate values and ensure they align with the causes their stakeholders are passionate about.

Making this change, while important to the longevity of the institution, can be complicated to implement and investment decisions are not always clear-cut.

According to the same report, additional blockers cited by those in finance wishing to make positive change were among the following:

  • It is too costly
  • There is a lack of understanding across the business around potential positive impact
  • It is not a business priority
  • There is an overall lack of commitment from leadership
  • There is a lack of integration of purpose within employees’ roles

A year on from the fallout of the Coutts / Nigel Farage scandal, which saw Dame Alison Rose step down from her position as NatWest’s chief executive, some are fearful of the risks associated with moving away from business as usual.

Widely reported at the time was Coutt’s internal memo that the Reform UK MP’s views were “at odds with our position as an inclusive organisation.” Whether this was about principles, or politics, the scandal brought purpose into the spotlight.

Missteps can happen in any walk of business, but we need to remember that purpose is about good business and strategic focus, not taking a moral high ground.

Adopting a purpose-driven business approach is also not in lieu of profitability – indeed it is essential. Profit without purpose is meaningless and purpose without profit is unsustainable.

The significance of profitability with purpose

The business case for purpose is now truly evident. Financial services organisations that contribute positively to a sustainable and inclusive future are simultaneously driving their own success.

A report by Deloitte last year found that most consumers agreed that a business’s commitment to sustainability affects their level of trust in the company. The study also suggests around a quarter of shoppers are willing to pay more for products that are more sustainable or committed to more ethical practices.

With investors, customers, and wider society increasingly demanding ethical, sustainable and positive actions from businesses, purpose-driven companies not only attract a wider, more impact-conscious group of stakeholders, but also see improved performance and greater resilience.

An Interbrand study found that purposeful brands, set on improving our quality of life, outperform the stock market by 120%.

Additionally, purpose-led brands attract and retain the best and most passionate employees, with EY reporting 84% of staff found it important to work for an organisation that positively impacts society.

A better way to bank

Nationwide is an example of a financial services model flourishing while helping change the world for the better. The building society has experienced year-on-year growth in the number of current accounts held since 2011, with a market share of 10.4% last year.

Boasting over 17 million customers, and a balance sheet of £272 billion, the institution celebrated its £2 billion profits earlier this year by offering a £100 profit share to each of its members under the Fairer Share initiative.

Additionally, the institution also donates 1% of pre-tax profits to charity, as part of its Fairer Futures initiative – a project developed alongside us at Given.

Led by its social purpose, Nationwide donates to partners working to combat homelessness; families living in poverty; and those suffering with dementia. Last year alone, charitable donations came to £15.5 million.

Asking the right questions

In the highly regulated financial services sector, boards of directors play a critical role in ensuring compliance with environmental, social, and governance (ESG) standards.

This extends beyond simple financial oversight to include the integration of ESG principles into the company’s goals and risk management frameworks, along with promoting ethical conduct and sustainability practices.

Board members will not find their questions answered by an aspirational turn of phrase about an organisation’s role in the world. Instead, purpose must be understood as a complete management strategy that is embedded into every part of an organisation. The right questions go beyond the ‘why’ to consider the ‘what’ and the ‘how’ too.

Businesses must create a space for learning, reflection and the idea that they can do better. Most boards regularly evaluate their effectiveness in governing a business. Not many look at this through the lens of purpose.

An annual “purpose stock-take” could ultimately be a valuable exercise ensuring that purpose really is embedded into the company culture and governance structure. It could involve asking the following five big questions:

  • Are we satisfied with how much of our balance sheet is aligned with our purpose today?
  • What are the biggest opportunities our purpose could unlock for our business?
  • Would our different stakeholders recognise our purpose as more than simply words on a page?
  • Are we clear on our “red lines” – the purpose promises we won’t break in pursuit of profit?
  • When was the last time we challenged a decision on the grounds of our purpose?

Final Thoughts

Financial institutions are now being scrutinised more than ever, but there is more than just reputational risk at stake. There is one final question those in the sector should ask themselves: what risks are we exposed to by not clearly defining and living our purpose?

The repercussions here could be incredibly damaging to the overall health of a business: falling foul of regulation; reduced employee morale and productivity; lack of consumer and investor trust; lack of long-term growth and resilience.

This can be avoided if businesses take the time to define and embed their purpose and values, using them as a management approach to profitably solve problems of people and the planet.

Adopting a purpose-driven approach is a strategy that may seem daunting at first, but asking the right questions and implementing an open and collaborative approach is a step in the right direction.

Continue Reading

Business

Why financial institutions must prioritise contact data quality if serious about fraud prevention

Source: Finance Derivative

By Barley Laing, the UK Managing Director at Melissa

According to Nasdaq’s 2024 Global Financial Crime Report $3.1 trillion of illicit funds flowed through the global financial system in 2023.

As a result, it’s not surprising that most in financial services are investing heavily in advanced ID verification technology to protect themselves from fraud and meet Know Your Customer (KYC) and Anti-Money Laundering (AML) regulatory standards.

However, to bolster their ID verification efforts they need to do more, and the best way is by improving customer contact data quality from the outset.

Why is contact data quality so important?

From our experience the quality of contact data is key to the effectiveness of ID processes, influencing everything from end-to-end fraud prevention to delivering simple ID checks; meaning more advanced and costly techniques, like biometrics and liveness authentication, may not be necessary.

When a customer’s contact information, such as name, address, email and phone number are accurate the verification process becomes more reliable. With this data ID verification technology can confidently cross-reference the provided information against official databases or other authoritative sources without discrepancies that could lead to false positives or negatives.

A big issue is that fraudsters often exploit inaccuracies in contact data to create false identities and manipulate existing ones. By maintaining clean and accurate contact data ID verification systems can more effectively detect suspicious activity and prevent fraud. For example, discrepancies in a user’s phone or email, or an address linked to multiple identities, could serve as a red flag for additional scrutiny. This basic capability is more important than ever as identity fraud becomes increasingly sophisticated.

Address verification is the foundation of contact data quality

Address verification – having a consistently accurate, standardised address – is usually recognised as the cornerstone of contact data quality. Once you have access to up-to-date customer addresses it makes it much easier to match and verify identities across multiple sources.

Therefore, verifying the accuracy and legitimacy of an individual’s address should be the first step in any identity related process, with any discrepancies between a claimed address and official records highlighting a potential fraudster.

By catching these inconsistencies early ID verification technology can help mitigate risks, ensuring only legitimate users are granted access to services, protecting both their business and customers from fraud. 

Address verification also plays an important role in regulatory compliance, by ensuring that the address information provided meets KYC and AML regulatory standards.

Phone and email verification

As I’ve already touched on it’s not all about having an accurate address, the role of phone and email verification is also vital as part of a comprehensive ID verification process, and therefore in preventing fraud. Particularly when it comes to helping organisations to identify and mitigate possible fraudulent activity early on. Verifying all three contact channels together contributes to enhanced security by filtering out fake or high-risk contact information, improving the accuracy of the ID verification process.

Email verification involves analysing various factors such as the age and history of the email address, the domain and syntax, and whether the email is temporary. After all, new and poorly formatted email addresses are often tell-tale signs of fraudsters. Furthermore, the association of a single email with multiple accounts could highlight criminal activity. It’s only by checking if an email address exists and works, then examining those elements I’ve already mentioned, that organisations can identify possible high-risk indicators.

Phone verification is equally important in fraud detection. By verifying the type and carrier of the phone number, organisations can identify high risk numbers, such as those associated with VoIP services, which are commonly used in fraudulent activities.

Checking the validity, activity and geolocation of a phone number also ensures it’s not only functional, but consistent with the user’s claimed location. And like with email, a single phone number linked to multiple accounts can indicate fraudulent behaviour. 

Deliver contact data accuracy with autocomplete / lookup tools  

The best way to obtain accurate customer contact data is to use autocomplete or lookup services.

With an address autocomplete tool it’s possible to deliver accurate address data in real-time by providing a properly formatted, correct address at the onboarding stage, when the user starts to input theirs. Tools such as these are very important because around 20 per cent of addresses entered online contain errors; these include spelling mistakes, wrong house numbers, and incorrect postcodes, as well as incorrect email addresses and phone numbers, typically due to errors when typing contact information. Another benefit of the service is the number of keystrokes required when entering an address is cut by up to 81 per cent. This speeds up the onboarding process and improves the whole experience.

Similar technology can be used to deliver first point of contact verification across email and phone, so these important contact datasets can also be verified in real-time.

In summary

The success of ID verification technology, and therefore fraud prevention, hinges on the accuracy and quality of customer contact data. Having such data not only enhances fraud detection, but improves the user experience and operational efficiency. Financial institutions must make sure that data verification tools are used across address, email and phone, alongside their ID verification technology.

Continue Reading

Business

Fortifying Email Security Beyond Microsoft

By Oliver Paterson, Director of Product Management, VIPRE Security Group

Most organisations today are Microsoft software houses. Microsoft 365 is the go-to productivity suite, offering comprehensive tools, flexible licensing, and built-in security features. Employees live and breathe in Outlook, and so many different technologies seamlessly integrate with this indispensable communication tool to deliver productivity gains to business professionals.

However, email-borne cyber threats continue to surge. Malware delivered via email is exponentially increasing. .eml attachments, which often get overlooked in phishing emails, are growing. Cybercriminals are resorting to email scams, alongside phishing emails, and with the arrival of generative AI technologies, users are increasingly finding it challenging to spot these “expertly” written, persuasive emails too. 

The reason for this growth in email-led attacks? Cybercriminals are exploiting the ubiquity of Microsoft – and indeed our trust in the software. It is no wonder that today Microsoft is the most spoofed URL.

Microsoft, a software powerhouse, but not an email specialist

Microsoft is undeniably a technology powerhouse, but its primary focus or specialty isn’t email security. Historically centered on infrastructure, operating systems, and cloud services, email security is a small part of its vast ecosystem. For example, while the company offers features like SafeLinks and SafeAttachments to protect against phishing scams, these are often limited to the priciest licenses. As a result, many organisations aren’t able to benefit from the depth of functionality that is needed for robust email protection.

The shortcomings of Microsoft’s security tiers

Microsoft offers a range of security packages for its Microsoft 365 and Office 365 suites, from E1 and E3 to the premium E5. While this tiered approach allows organisations to tailor licenses to employee roles, it also introduces vulnerabilities. Higher-tier subscriptions like E5 provide advanced security, but they’re costly. Lower-tier licenses often lack critical protections against impersonation and zero-day threats—gaps that cybercriminals eagerly exploit.

Furthermore, Microsoft’s user caps (e.g., 300 users on Business Premium) sometimes can lead organisations to make risky compromises in pursuit of cost savings. This mix-and-match strategy can result in blind spots, as lower-tier subscriptions typically lack advanced threat visibility tools, hampering investigation and response times.

Configuration conundrums

The Microsoft security portal, while comprehensive, is also complex. Take Link Protection (aka Microsoft SafeLinks) as an example. This feature needs enabling in multiple locations, and with Microsoft’s routine updates, these settings can be moved, altered, or even disabled by default. Such inadvertent misconfigurations not only pose security risks but also burden IT teams with constant vigilance and reconfiguration.

Static intelligence versus real-time threats

Microsoft’s reliance on third-party security feeds means its threat intelligence is often outdated. The company’s vast and complex platform requires time-consuming updates, and with email security being just one part of its portfolio, critical updates may not always be prioritised. A delay of even a day or two is all a zero-day attack needs to succeed.

A layered approach to email security

So what can organisations do? In an era where a single email can cripple a business, firms need to bolster Microsoft 365’s standard security. By understanding its limitations and layering on specialised protection, organisations can fortify their email defenses, with additional, advanced security capabilities, without breaking the bank. Due to the relentless onslaught of threat actors,  such caution is essential.

Capabilities such as Link Isolation and Sandboxing are vital today to protect against zero-day threats. Link Isolation renders malicious URLs harmless, while Sandboxing automatically isolates suspicious files in a virtual environment for safe analysis. These methods provide real-time monitoring and intelligence, enabling proactive defense.

No matter how advanced technology gets, it alone can’t solve everything. User awareness is key, and “in-the-moment” training trumps the typical periodic sessions for cybersecurity education. When users are immediately informed why an email or attachment was blocked, along with the telltale signs of malice, the lesson is more likely to stick.

Many organisations, and especially the smaller and growing firms, can’t afford top-tier Microsoft licenses for all employees or indeed maintain in-house IT teams to address the gaps in security capabilities. Partnering with third-party security services providers across different aspects of the function is a viable option as no single software or platform can provide all the security techniques and capabilities. This approach is not only more cost-effective but also provides the technological expertise needed for protection in today’s rapidly evolving threat landscape. Reducing reliance on a single security provider is an astute approach to minimising business risk.

Continue Reading

Copyright © 2021 Futures Parity.