Management

Category Archives

stratecta - ransomware security

Overcoming The False Hope of a Ransomware Attack (Part 1)

Every modern business deals with a certain amount of technology. From tech companies that consist internally of nothing but professionals at computers to minimally technical industries that still rely on databases and business software to keep everything running smoothly, the need for a secure network and backups of archived business data is universal. When your data is in danger and it looks like there’s a chance of recovering anything that has been lost, most companies will jump through flaming hoops for any either planned or, worse, unplanned recovery method. That is exactly why ransomware is so terrible. The hope of getting your files back after a disaster is often more powerful than the fear of losing them in the first place.

While you may think that your files are being held hostage, your disaster recovery plan is much more reliable than any hacker’s “promise” that you’ll see your files again.

Malware Has Always Wiped Files

To understand the innovation of ransomware, it may help to have a better grasp on the history of malware as a whole. Ransomware is just one of the most recent innovations in a long chain of malicious, invasive software. In fact, while there has been a significant rise in the ability of malware to actually do something like steal credit card numbers or extortion, malware has traditionally been almost completely pointlessly evil. Worms have roamed the web since before the internet unification seeking out vulnerable systems and often infected websites are simply left up to hurt anyone who comes across them.

When an infection is successful, whether it was targeted or random, the malware’s goal is simply to cause pain. Spamware makes your system unusable with constant pop-ups, spyware steals your login information and uses it for fraud or more spam, and many forms of malware despite the name will simply explore your files, deleting or corrupting them as it goes. Hackers have always deleted files for fun and there’s no reason to assume that they’re going to stop now just because they’ve also figured out how to make a little side cash.

What Ransomware Does

When ransomware gets onto your computer, it’s first act is usually to lurk around for a while. During this time, it may finish installing itself, spread from the first computer into the local network, and map all your files. These processes usually happen quietly using background resources and the delay often masks the true infection point, whether it as a bad website, a phishing email, or an actual hacker security breach in which the ransomware was placed on your computer. Continue reading

stratecta

Digital Transformation: Things a Digital Document Can Do that Paper Can’t

When companies are wondering whether or not to go through the most basic stage of the digital transformation, moving from paperwork documents to digital document management, there are often a lot of fears about how implementation and unfamiliarity with the new system will slow down productivity and potentially confuse the staff. However, the same things can be said about any major change, including drastically altering the catered lunch menu. The real thing that administrators and business owners should be considering about the digital transformation is all the ways that digital document management can enhance the efficiency of your business both in predictable and unpredictable situations.

To help you understand the drastic difference between a business run on paper and a business run through digital documents and software, let’s narrow the focus down to the humble document. All the things that can be done with a digital document, but on for which the original and every copy is paper.

1) Same Document Form for Drafts and Final Copies

The first thing to realize is that no one writes their documents on typewriters anymore which means that nearly 100% of modern documents and paperwork start in digital form on a word processor. That word processor saves a digital document which is then printed out. Though many companies who work with paper still think of a paper copy as ‘the original’, in truth, the originals of all but historical documents are now digital. The paper is the real copy and every time an edit is made or a new version is drafted, the document is created in digital form, printed to paper, and then interacted with.

Why not just skip the paper stage? When you work with digital documents, there’s no need to print unless a client needs a physical copy for a specific reason like pen-and-ink signatures or they request a hard copy for their own private records. Otherwise, you can receive, develop, work with, and submit documents all in a single digital form.

2) Infinite Editing of a Single Document

When you’re working primarily with physical copies of your paperwork, edits are not just challenging in that they must be done carefully and neatly. Every old copy will need to be tossed in favor of new print-outs of the edited work. Edits on paper are permanent or, even with hand-written documents done in pencil, require wear and tear on both the eraser and the paper.

Digital documents, on the other hand, can be edited an infinite number of times, revised, corrected, and collaborated on without an eraser white-out/liquid-paper, or constant printing and re-printing because digital edits are easy and cost nothing. Along the same lines, the edited document and the original can be the same file, ensuring that everyone who has access now has access to the updated version. Continue reading

stratecta

Gender Identity for AI

Artificial neural networks have given AIs the functionality for complex problem solving and pattern recognition, and they have entered the workforce, particularly in areas of big data analysis and global finance. As we begin to interact with and study these new learning machines, interesting questions arise. Are they going to take on human behavioral and gender distinctions (gender identity), because they have been programmed with data sets that have unconscious bias? Will those who are giving the learning machines feedback to focus their problem solving allow behavioral constraints into the teaching? If we give the AIs a woman’s voice, and a woman’s name, will we interact with her as if she was a woman? And does that mean she will in turn internalize those social expectations and become more female?

Naturally we are interested in all things having to do with gender. It is the first sentence the world places upon us, when the midwife announces boy or girl. We love gender. We give our teddy bears genders, and can describe in detail why we think-no, why we know that our little darling is a boy or girl. We give our cars genders, names, and personalities. It’s just because we’re human, and we want to humanize the things we love, and that surround us. And part of humanizing inanimate objects is to give them a name, a gender, and shower them with affection.

Part of our fascination with gender has led to some poor science, the popularity of which has trickled down into our collective consciousness. The idea that male brains and female brains are different in a significant way is probably not true, though the debate rages. Structure follows function, and hormones affect the developing brain. But even with minor structural and functional differences in the brains that are most probably hormonally-based, there is very little difference in boys and girl’s brains. There is a much wider variance between individuals than can be measured than between generalized groups based just on gender. We are more complicated than can be described in pop-science about hardwired aggression and nurture vs nature.

What is different between genders is communication, how we use language, and there the gender differences are significant enough to be measured. If we think of communication as the way we input data into our brains, we grow our biological neural networks with the complex range of human communication to which we’re exposed. And there are differences between male and female communication.

So with the science showing that biological neural networks- aka human brains- are more complex than can be measured, but are influenced by hormones, language, biology, and the wide range of human culture, we are left to consider if artificial neural networks will also be influenced by language and human culture. (This is assuming that the artificial neural networks that are biology and hormonally mediated are still a few years in the future.) Continue reading

stratecta

How to increase employee engagement

Successful businesses tend to share similar values that boost their employee engagement. A loyal, dedicated, and energized staff, working toward a common goal, is the gold standard for a happy and engaged workforce. Across size, industry, market share, intellectual property, and other economic variables, employee engagement stands out as the hallmark of a successful company. What does the engaged workforce value in their employers? Diversity and inclusion, social and environmental stewardship, and transparency in company values and practices.

In a just society, the workforce should reflect the population. In universities, high tech startups, factories, farms, the workforce should reflect the color, age, and gender of the population. If this criteria is used to judge, there is not a just society on this earth. Education influences career, and gender, age, and color effects access to education. How can business step beyond the way things have always been, into the world of the future, where everyone will have equal access to education and economic opportunity? A world in which we have access to our full human potential?

Diversity and inclusion in the workforce is a company value that is appealing to workers across ages and socioeconomic strata. Efforts to recruit and hire a qualified and diverse workforce are aided by programs such as Textio, the AI system that evaluates job descriptions for language that discourages diverse applicants. Blendoor is a merit based recruiting app that removes pictures and names from applicants CVs, so issues of color, appearance, and gender are more neutral in the application and recruiting process. But companies that engage these types of programs have already taken the first big leap–understanding and acknowledging that unconscious bias is present in most humans, and efforts must be taken and progress regularly evaluated to make sure that unconscious bias is not keeping businesses from recruiting and hiring the most qualified workforce. Continue reading

win the crown

5 Techniques to Help Dealership Staff Improve Cyber-Security (Part 2)

Welcome back to the second half of our two-part article on how to help your dealership staff become an important part of the cyber-security effort. They are responsible for handling reams of customer personal information and protecting the financial interests of every client who comes through your doors. This means keeping account information safe, even from people who claim to be the friends and family of your customers. Last time we talked about line of sight on staff computer screens and the reasons why personal data is so vital to protect. Let’s pick up on access to employee computers.

3) No Customer Access to Employee Computers

There are two kinds of computers in a dealership, those set aside for customers to manage their finances and buy insurance on, and those that employees use to sell cars and manage customer accounts. If it can possibly be helped, do not let customers use employee computers. These have software, data access, and possibly saved log-in information that could give customers access to information and actions they should not have.

Worse than accidentally letting a customer access your control software is the fact that not all hackers live in Russia. There are plenty right here in the states and they will absolutely take an opportunity to ‘phish themselves’ on your machine, quickly pop in a malware-riddled USB device, or find a way to email themselves data on your system. If a customer is allowed to use an employee computer, watch them very closely and do not, under any circumstances, allow outside data devices to be plugged into a dealership computer.

4) Never Open Email Attachments

Speaking of phishing, the current leading form of hacking and social engineering all tied into one. Phishing occurs when a hacker sends a false email with an infected attachment. The email either appears to be from a friend or coworker or it can pose as a message from a concerned “customer”. There are many different phishing strategies ranging from convincing the victim that the attachment is an important work document to thinking it’s a funny cat picture. The only thing in common is that the hacker must convince a staff member to click their infected link in order to spread the malware. Continue reading

security

5 Techniques to Help Dealership Staff Improve Cyber-Security (Part 1)

Car dealerships have everything that hackers and scam artists love. You deal with high-value items and handle large amounts of money. You deal with people’s banks directly and process stacks of personal information that could be used for identity theft. You process payment information like debit and credit cards and cars are a favorite way to blow through stolen money or ruin the life of someone whose identity has been stolen. To a hacker, a car dealership looks like a playground which means that it’s your job as the honest professionals trying to run a business to protect yourself, your customers, and your staff members from the inevitable attacks.

Cyber-Security and Social Engineering

However, having a strong firewall, encryption, and virus-scanning software isn’t enough anymore to stop the really determined cyber-criminals. The new name of the game is social engineering, using deception and false human connection to lure staff members into making a critical mistake. Sometimes, the scam isn’t even to get malware onto your computer, but rather to steal information directly from the employee themselves, tricking them into giving away important personal or account information about a customer or performing an action that they shouldn’t. In order to keep your employees safe, it’s vital that they are fully trained in data protection on every possible level.

1) Protect Line-of-Sight

Start by explaining that hackers aren’t the only criminals. People can and will come in under false pretenses, hoping to get a look at someone else’s account information. Guests claiming to be the spouses, friends, and family members of your customers may ask to check on information, then try to get a look at something else while the account is up on the staff member’s screen. There are several reasons why someone might want a peek at another person’s car dealership information including looking for financial information, an identity to steal, or stalking.

Because you can’t know who is scamming right off the bat, you are obliged to be helpful and go along with any reasonable requests but be very careful about line of sight. Never show someone another customer’s information and if your office door isn’t closed, don’t turn your monitor around at all just in case someone sees something from across the hall. Be aware of windows, people walking behind you, and reflective surfaces. Yes, scammers and stalkers get that devious to steal personal information.

2) Never Answer Personal Questions

People will come in person, call you on the phone, and send you emails asking for information about accounts, cars, services, and customers. Naturally, the vast majority of these contacts will be business-as-usual but every staff member needs to be on their guard for the one call in two hundred that is loaded and dangerous. To be ready even if you don’t see a scam call coming, never ever give out personal information on customers or your fellow employees. Continue reading

stratecta beans

Disaster Brewing: Climate Change and Coffee Beans

Global stakeholders throughout the coffee industry, consumers, foodies and farmers are beginning to understand the catastrophic nature of global climate change: it is not just that the world is in danger, but our supply of high quality coffee beans is affected, and that catastrophe is happening right now. In the highlands of Ethiopia, coffee bean quality and yield had dropped. Costa Rica and India have had similar decreases in yields. Worrisome pests, disease, changes in global weather patterns, and the entire coffee ecosystem teeters on the brink of disaster. What is going on, and, more importantly, what is being done?

Coffee needs a relatively narrow band of climate, weather, and elevation to produce really superb beans, in the quantity needed for global demand. The cloud-forests and fragile, diverse mountain ecosystems that grow the best coffee have a unique blend of temperature, rainfall, sunshine, nurse-trees, companion plants, and pest and disease resistance. Even a change in global temperature of a degree can change rainfall patterns and promote diseases that can impact the coffee crop radically.

For many countries in the narrow tropical zone that supports the coffee ecosystem, this commodity product in one of only two that grow uniquely in these areas- the other being cacao- and entire political and economic systems depend on the revenue brought by this product. Climate change has the potential to destroy the coffee farms across this tropical zone.

What is being done to protect the world from what can only be described as a global catastrophe? The SCA, the Specialty Coffee Association, sponsored a conference in October in Guatemala City to address the challenges and look for solutions. With stakeholders from across the coffee supply chain, the conference, called Avance, sought cross-cultural collaboration and problem solving to address the changes in the industry. Topics under discussion included farm labor and the development of producer’s cooperatives, issues affecting profitability of coffee farms, including new markets outside of traditional commodity markets, and climate-smart practices for farmers. Some of the climate-smart practices, specifically developed to address the impacts of climate change, include reforestation, encouraging diversity, and safe pest and disease control.  Continue reading

onboarding

10 Essential Onboarding Topics for New Employees (Part 2)

Welcome back to the second half of our two-part article on how to cover absolutely everything you need in a single onboarding lesson plan. Last time we talked about the first half of this process including giving a little background on the company, handling the HR paperwork, and clearing up questions about time off and benefits. Today, let’s pick up at compliance, an undeniably important topic that should not be left until later.

6: Policy and Compliance

Companies are complex and their policies reflect that. While you can’t expect your trainees to memorize every policy, give them the list and highlight everything that has daily significance. Conduct expectations, travel procedures, expense reporting, and workstation upkeep are all good focus topics for the policy section. Compliance, on the other hand, are things that are absolutely necessary for the smooth legal functioning of your company. Rules about how to deal with clients, health considerations, and maintenance procedures for things like heavy machinery or perishable goods can help your trainees avoid critical mistakes down the line.

7: Safety and Security

From thievery to ransomware, no company can do without a thorough security system but the actual measures in place will depend on your industry, facilities, and company culture. New trainees need the full rundown on building keys, ID keycards, workstation logins and security measures, how to maintain client information security, and parking policies. By thoroughly covering how to enter and exit the building, you can reduce the number of instances a new hire accidentally locks themselves out and has to be retrieved from the roof, parking lot, or locking supply closet. Continue reading

onboarding

10 Essential Onboarding Topics for New Employees (Part 1)

You’ve gone through the process of finding a batch of great new hires, chosen carefully from dozens of applicants and considered prospects. No doubt, your business runs like a finely tuned machine and each of your employees is a skilled operator. Your new recruits have all proven that their personalities and skills will fit well into your company structure but they don’t start on day one knowing all of your intricate internal procedures. That’s what orientation training is for. Of course, you want the most helpful and efficient coursework possible. Structuring your training program with these ten essential topics will make sure that you have all your bases covered and the new team members are ready to start their work tasks by the end of the orientation sessions.

1: Welcome

Show your new employees how happy you are to have them, then introduce them to the company, buildings, and their new jobs. A quick tour around the office or facilities can help them get that movie-opening impression of how things work and where everything is. This is a great time to show them their new assigned workspaces and answer initial questions.

2: Company History and Culture

Tours can be exciting and difficult to listen through, so don’t start the real content until you’ve settled back into the orientation space, then dive straight in with the company history. Many companies have an interesting or unique founding history that will engage new hires and help them grasp the company philosophies from the root. From here, you can segue smoothly into company culture, making it clear the kinds of shared attitudes and break room behaviors that are supported. If you have company sports teams, group outings, or favorite catering days, now is the time to share them.

3: New Hire Paperwork

One of the primary reasons to gather and do orientation together is to fill out the new hire paperwork completely and accurately. Normally this doesn’t take very long, but tends to occupy everyone’s attention for a few minutes as they write in personal details and double-check legibility. Make sure to collect the forms promptly to avoid any possible risk of loss or coffee stains. Continue reading

Bell Curve

The Social Credit Score and the Bell Curve

The Social Credit Score is a system that China has had in trials for several years, and that uses the principles of credit scoring- data streams from several specific sources- to formulate a predictive score. The current credit score uses data from the past to predict future behavior, and allows financial institutions to evaluate risk. The social credit score is taking this model and enlarging it to fields of interest beyond financial behavior.

Some data sources are going to provide information that has a better predictive value for future behavior than others. And while humans often surprise their families and themselves by going off the rails, some patterns of behavior are bound to be repeated. The social credit score attempts to find the behaviors with the best predictive value, and use these values to determine how well a person functions in society.

With a large population, concerns of governments are the needs of the population. And population dynamics are different from tribal, family, or individual dynamics. As the world population grows and human society becomes more complex, we will be facing new challenges. We will be living in significantly denser social groups, for instance. Policy decisions will be made for the good of the entire group, and it is believed by those making these plans and decisions that the populations as a whole will be best served if everyone toes the line.

Toe the line. Follow the rules. Do what you are supposed to do. If you screw up, it goes on your permanent record. Very permanent. People can check your score. Employers, landlords, parents of the person you want to marry. Continue reading