Making the move to using location-based analytics can be a big decision for your business.

On one hand, using this technology can unlock powerful insights.

Knowing how people move through your facility, how long they are there, and where they came from provides you with critical information to improve the customer experience and become more efficent in your operations.

On the other hand, tracking your customers’ movements can open your business up a whole new set of decisions about how to use and collect user data.

With new regulations about consumer data privacy, knowing what’s allowed — and what’s right — when it comes to collecting data can be confusing.

By opting to use A2 Analytics from Archetype SC, for location-based tracking and insights you can avoid these concerns. Here’s a look at how our technology compares to most when it comes to data privacy:

How most technologies use data

Whenever a consumer downloads a new app or signs up for a service, businesses put terms and conditions in place to cover all their bases in a legal sense.

For many applications and technologies, this giant wall of text states that the consumer will have data entrusted to the company, including some Personally Identifiable Information (PII) that the company owns and can do with it what they want.

Most consumers breeze right through the terms and conditions, scrolling to click “Agree” without taking the time to fully understand what they’re subjected to in exchange for the service.

Because the company owns their data, these consumers may have PII, location data, or anything gleaned from their device sold by the service they use.

How data privacy is changing

With regulations like GDPR and the California Consumer Privacy Act going into efffect in recent years, consumers are more in tune than ever with how companies use their data.

For businesses not in compliance, there are heavy penalties and sanctions that force the issue of data privacy to be at the forefront of dealings with consumers.

Thanks to these actions, users are becoming more likely opt out of having their data shared, and are now aware that they have the right to see what a company has done with their information.

Even as businesses move to update privacy policies and introduce more transparency in their data usage, many — including those in the location-based tracking space — have been slow to adapt.

How A2 Analytics handles data privacy

A2 Analytics uses passive sensors to pinpoint devices within a given area, but does not capture any Personally Identifiable Information (PII) in the process.

Using location data, combined with cloud computing and machine-learning algorythms, A2 Analytics gives a holistic look at the movement of people via the signals put off by their devices.

It cannot, however, capture information like phone numbers, contact information, or any other associated information about the owner of the signal.

Because A2 Analytics uses anonymized data, it is able to provide insights about the movement of individuals in a facility without the need for opt-in or an app on the users devices. This allows for higher capture rates, typically above 85% of all individuals in the space.

This high capture rate allows for highly accurate information about your space with minimal impact on an audience.

Cybersecurity incidents, like data breaches or ransomware attacks, have impacted nearly every industry. Hospitals, colleges, even city governments have fallen victim to cyber-attacks, many occurring because of a simple vulnerability that was exploited by a hacker.

There is a ransomware attack every 14 seconds. With more than 1 billion U.S. passengers traveling through airports in 2019, your network is open for business, to both good and bad actors.

How can your airport do more to beef up its cybersecurity measures to help keep cybercriminals at bay?

Vet your vendors (and airlines!)

While you may have control of the cybersecurity measures within your staff, you probably have less influence over your vendors and airlines using your facility. Whether it’s a concessionaire or the largest airline in the world, vetting those outside sources to ensure they’re not introducing cybersecurity vulnerabilities to your airport is a critical step in the onboarding process – and should be done regularly to ensure standards are maintained.

One of the most prolific data breaches to date, the Target breach of 2013, occurred due to a third-party vendor introducing a vulnerability, which led to 70 million stolen records and a 46 percent drop in profits for Target.

Controlling the Airport of Things

With the boom in connected devices and the expectation from passengers that those devices will work end-to-end on their travels, more opportunities for network intrusion exist than ever before.

Combining the need for connectivity with the increasingly sophisticated tools cybercriminals deploy could spell disaster for your facility. With more travelers using your systems and introducing vulnerabilities, the systems you need for daily operations, like access and departure control and security cameras, could be at risk of downtime or being hacked.

The aviation industry utilizes complex infrastructure with integrations into a number of systems that require constant protection. Introducing vulnerabilities from the outside, or via insider threat, could put your airport on lockdown.

Perform regular Vulerability Assessments

Archetype SC’s Security Risk and Vulnerability Assessment (SRVA), is a tool that uncovers network vulnerabilities that could be exploited by a cybercriminal, allowing your organization to take a proactive approach to its cybersecurity. SRVA allows our security experts to look at your network as a hacker would see it, finding areas that are susceptible to attack.

A SRVA is a multi-pronged approach to vulnerability scanning, consisting of an internal scan, external scan, interviews with key staff, and qualitative assessment of your security posture. Combining these elements into a deliverable report broken down by severity provides your airport with a remediation plan to shore up areas of weakness.

Our current global health situation and resulting efforts to slow the spread has resulted in an unprecedented number of people working remotely. Technology is a great enabler to allow us to continue to be productive, but remote work presents new challenges and risks that need to be considered.

Cybercriminals are presented with millions of new targets, and users don’t have the ability to simply walk over and ask IT what to do in a situation.

Archetype SC is proud to offer a free consultation to help your business determine what tools, policies, and procedures your business needs to make it through the current situation.

To help with the transition, we have compiled a list of tools we use or recommend for making remote work easier and less risky from a cybersecurity perspective. As an added benefit, many of the tools have special offers in place to help you get started fast.

Collaboration Tools

Office 365

Office 365 users have access to some of the best cloud-based collaboration tools, helping employees stay productive and secure from any location or device. As more teams transition from working collaboratively in an office environment to working remotely, the capabilities provided by Office 365 allow your business to continue to function as usual.

Taking the familiarity of classic programs like Word, Excel, and PowerPoint to the cloud gives your team the ability to work collaboratively within a document, making changes and edits in real time. Office 365 also includes programs like:

  • One Drive: for cloud-based storage solution
  • Outlook: for email and scheduling
  • Flow: for automating workflow and process
  • Teams: for internal (and external) communication via chat, voice, and video

Offer: Microsoft is offering a free 6-month Office 365 E1 trial, which includes Outlook, Teams, OneDrive, and Microsoft Office capabilities.

Cybersecurity

PC Matic

The two prominent approaches to keeping endpoints (computers, servers, laptops, tablets, etc.) safe from malware are blacklisting and whitelisting.

Legacy antivirus programs like TrendMicro, Norton, and McAffee, rely on teams of researchers to compile profiles and lists of known bad programs, code, etc. These known risks are then blacklisted and blocked from infecting your endpoints. A newer approach is to create whitelists of programs that are known to be good—and block anything that is unknown.

This approach leads to a 99%+ catch rate, as opposed to the blacklist rate of 60%. Providers have already built very large whitelists, but new “known good” programs are able to be quickly and easily added.

PC Matic is a leader in the whitelist approach to antivirus, having built its PC Matic Pro platform around whitelisting. The technology has been proven to provide real-time protection against ransomware, advanced persistent threats, and zero-day attacks to keep your endpoints secure.

For companies that would like their antivirus managed, Archetype SC offers a managed service to offload the work from your IT staff.

Offer: PC Matic is offering free cybersecurity protection through June 30 in response to the influx of remote workers during the COVID-19 pandemic.

Okta

Traditionally accounts have been protected by a username and password but that is no longer enough. Multi-factor authentication (MFA) offers an added layer of security to help ensure that users are who they say they are, helping to safeguard your data.

Okta is recognized by Gartner, Forrester, and users as a leader in MFA. They provide solutions that can easily add MFA to almost any software you or your company uses that has a username and password.

Offer: Key pieces of the Okta Identity Cloud are being offered free, including Okta Single Sign-On (SSO) and Okta Multi-Factor Authentication. This offer gives all users protection for up to 5 apps for six months at no charge.  

IBM Security MaaS360

While employees are working away from your office – and your network – protecting the endpoints they’re using is critical.

Mobile device management (MDM) allows your IT staff to control the usage of devices like smartphones, tablets, and laptops by enforcing business policies on devices, securing a lost or stolen device, and allowing or disallowing certain applications.

IBM Security’s MDM offering, MaaS360, simplifies the complex practices of securing the devices accessing your business data. Using AI and analytics, MaaS360 accelerates support and provides native identity management to ensure authorized users access appropriate resources.

Offer: IBM is offering MaaS360 at no charge for clients through June 15.

Virtual Meetings

If your company hasn’t had the need to virtually meet and doesn’t have a preferred provider of those services, consider Microsoft Teams or GoToMeeting to keep your employees in touch with each other and clients.

Microsoft Teams

One of the most widely used messaging applications for businesses, Microsoft Teams is a program with features to keep your employees connected.

Features like video chatting, file sharing, and messaging allowed Microsoft Teams to add more daily active users the week of March 16th, 2020 than Slack has TOTAL, including a 500 percent increase in Teams meetings.

Teams was built with efficiencies in mind, as users can communicate, collaborate, and continue working from the desktop app or mobile version.

Offer: Microsoft is offering a free 6-month Office 365 E1 trial, which includes Outlook, Teams, OneDrive, and Microsoft Office capabilities. Additionally, Microsoft is giving Teams access to non-licensed users through January 2021.

GoToMeeting

For meetings where screen sharing and high definition video are critical, GoToMeeting is a long-standing top ranked option for quick meetings or in-depth presentations.

Offer: GoToMeeting has a free version that will allow users to perform basic tasks and organize meetings from sign up. Additionally, GoToMeeting is increasing its ability to offer customer support for remote employees.

Backup Solutions

Your organization would be lost without its critical data that keeps operations running. The consequences of a mass data loss or cyber-attack include lost sales, dissatisfied clients, and unproductive employees.

A backup solution delivers protection from data loss by creating supplementary copies of files, databases, or computers.

Acronis

A leader in the backup space, Acronis has multiple options for backup, disaster recovery, and storage. Solutions provided protect data in any environment, including physical, virtual, cloud, mobile workloads, and applications.

Offer: Acronis is offering free licenses to its Acronis Cyber Files Cloud file sync and share solution to its service provider partners through July 31.

How we can help

Selecting and using new technology can feel like a complicated task, but our motto is “we do complicated.”

Archetype SC can be your partner every step of the way, helping with selection, implementation, support, and security.

Contact us today to schedule a free consultation to help your business understand and prepare to meet the technology challenges from Covid-19.

Note: Each month, the security experts at Archetype SC chime in on trending stories in cybersecurity to help you stay in the know about how to stay safe in your business and in your daily life. For more updates on cybersecurity news as it happens, follow us on LinkedInFacebook or Twitter.

Taking advantage of the panic around the Coronavirus is just the next step for cybercriminals.

Coronavirus-themed domain names are 50% more likely to be malicious and have already infiltrated some notable organizations, including Johns Hopkins University, with a tracking map to follow the spread of the virus. The map features a downloadable-link that is compromised and will infect users with malware.

Similarly to the hand-washing information given out by medical professionals, cybersecurity experts are stressing the importance of following best practices for what users click, download, and visit online.

COVID-19 forcing employees to work remote – don’t give your company a different virus

As the spread of the Coronavirus cancels more events and prevents large crowds from gathering, it may also force employees to work from home. Doing so for physical safety and security is important, but could also open up your business network to cybersecurity issues.

Since the World Health Organization classified COVID-19 as a pandemic, businesses, including Google, have moved to remote work. For a tech giant, this move is easy, as employees are set up to work remote on a regular basis and have contingencies in place.

For traditional businesses that work strictly from an office environment, the change could expose critical business data to cybercriminals.

Putting multi-factor authentication in place to ensure correct access, refreshing your company’s phishing training, and implementing network standards for employees’ home networks should all be done before rolling out a remote option.

Two RSA Conference Attendees Test Positive for Coronavirus

A pair of cybersecurity employees that attended RSA Conference 2020 in February have tested positive for the Coronavirus, or COVID-19.

Both employees worked for Exabeam Inc., a California based SIEM provider. One of the individuals lives in Connecticut and began experiencing symptoms soon after leaving the conference, leading to his hospitalization.

Information about the other individual is unknown.

“While we cannot confirm whether they contracted COVID-19 prior to, at or after the conference, if you came into contact with our staff, please be vigilant in monitoring yourself for symptoms,” Exabeam said in a release.

The RSA Conference draws more than 35,000 individuals to the San Francisco area where cybersecurity is at the crux of discussion. This year, many organizations opted not to send employees to the conference or to refrain from shaking hands.

Small businesses are the target of cyber attacks.

In terms of preparation, this may be news for some business owners.

In 2019, 58% of cyber attack victims were businesses with fewer than 250 employees or small businesses. Often, small businesses find themselves broiled in cyber attacks because of a “too small” mentality. Many business owners think they are too small to fall victim to a data breach and have budgets that are too small to combat the problem.

As data breaches and hacks have advanced, so has the need for proper security measures to protect business data.

QUESTION 1

Do your employees help or hurt your security?

  • The problem: Human error accounts for 25% of data breaches and represents one of the largest weaknesses in security for most businesses.
  • The solution: Regular training to recognize ransomware, phishing, and general security protocols are critical in the “all hands on deck” approach to security employed by small businesses.

QUESTION 2

How are your accounts secured?

  • The problem: Poor passwords create one of the largest vulnerabilities for businesses, as more than 70% of passwords are recycled from other accounts.
  • The solution: Implementing multi-factor authentication protects accounts by requiring more than just login credentials. Using a text message, tokens, or biometrics adds an additional layer of security to accounts.

QUESTION 3

Are you protecting your endpoints?

  • The Problem: There were 10.5 billion malware attacks in 2018; antivirus software detects over 350,000 pieces of malware daily.
  • The Solution: Antivirus software has been around for a long time but is still effective. While no antivirus software is 100% effective, having a platform in place can help detect and prevent malicious attacks.

QUESTION 4

Is your data backed up?

  • The Problem: Ransomware attacks lock your data and demand money, with companies paying an average of $84,116 to recover data in Q4 2019.
  • The Solution: Backing up your data from devices and the cloud locally and to an off-site server will protect your business from potential ransomware and system crashes.

QUESTION 5

Have you limited access to sensitive data?

  • The Problem: More than 80% of organizations do not have a plan for privileged access management, leading to double to breaches.
  • The Solution: Ensuring the data that runs your business is not open to all employees by using identity and access management technologies will mitigate risk when a data breach occurs.
    Critical business data should not be accessible to all employees.

QUESTION 6

How is your network monitored?

  • The Problem: 68% of data breaches take months, not days, to uncover for businesses, creating a larger impact and more expensive recovery.
  • The Solution: Network monitoring tracks the entire IT infrastructure of an organization, providing an early warning system of potential threats.

QUESTION 7

What is your data recovery plan?

  • The Problem: More than 60% of companies have experienced some form of data breach over the past two years, making it a when not if scenario for most businesses.
  • The Solution: Creating an incident response plan organizes your employees to help recover from a breach and return to normal working conditions.

QUESTION 8

What are your vulnerabilities?

  • The Problem: One in every three data breaches is the result of a vulnerability that should have been patched.
  • The Solution: A vulnerability assessment can provide your organization with the knowledge of how a hacker would gain access to your network, giving you a head start to shoring up issues before they are exploited.

There’s no doubt about it: the RSA Conference 2020 is where the world talks security. As the biggest event in cybersecurity, it attracts nearly 50,000 participants each year, including many of the biggest names in the industry.

With this year’s conference just around the corner (February 24-28, 2020) there’s a lot to be excited about.

It’s a chance to learn about cutting-edge technologies, a time to meet a wealth of new contacts, and a time to enjoy the many parties and events that happen throughout the week.

RSA really is what you make it — the choice is yours!

As a veteran attendee, here’s a few tips I’ve discovered over the years for getting the most out of the event and having a great time while you do it:


1. Be sure to pace yourself.

Attending the many sessions and keynotes throughout the week is really the bread and butter of any trip to RSA.

With more than 500 sessions and 700 vendors at RSA Conference 2020, it can be easy to get overwhelmed and burnt out quickly. So make sure to pace yourself and prioritize what will benefit you most.

No matter what your specialty is, you’re likely to find a session that will fit your exact niche or interest, but it’s also good to diversify. RSA is not only a great chance to learn from thought leaders who are pushing the envelope in your field, but its also a chance to get great insight into other avenues of the cybersecurity industry you may not be as familiar with.

Remember, that the best connections at any conference are usually made in the hallways in between sessions, so make sure and give yourself some space between events to wander the area, browse the expo floor and meet with other attendees.


2. Make sure you take advantage of all the free stuff.

Speaking of browsing the expo floor, exploring the 700+ Vendor booths can be a great way to find out about new technologies, speak face-to-face with potential partners and to rack up plenty of fun, free swag.

But if silly (i.e. awesome) promo items aren’t your cup of tea, there’s also plenty of other great freebies to be had throughout the week.

Whether it’s free coffee and breakfast treats outside the center each morning, free food at events like RSA After Hours or complimentary drinks at events like the Expo Pub Crawl, there’s no reason not to take advantage of all the freebies RSA has to offer.

This week is also a great chance to catch up with friends in the industry for some coffee, grab lunch with your sales contacts or sit down and hash out the details of a new project with your partners over a fancy dinner.


3. The nightlife is worth the price of admission.

Going to RSA just for the conference is kind of like to going to the Super Bowl just for the game (… sorry to all my fellow 49ers fans for bringing it up).

What REALLY makes the RSA Conference great for many attendees are the events and parties outside of the conference that offer a chance to get out of work mode and into fun-mode.

Getting out and talking nerdy with other cybersecurity professionals in a relaxed environment can help you create connections and further relationships that will personally and professionally pay off down the road.

The parties hosted by Cisco and BugCrowd are always huge — like 30-minute wait to get in outside in the rain, huge — while events like the CyBEER Ops Networking, CYBERTACOS offer a fun, themed alternative.

One event I’ll definitely be attending this year is the PulseSecure RSA Party at 3rd Street Taproom, from 7-10 p.m. on Wednesday February 26. Click here to register and come introduce yourself while you’re in town (I’m the one with the mohawk.)


4. Don’t forget to go outside.

There really is no place quite like San Francisco. Whether you’re a first-timer or an RSA veteran, taking in a bit of the beauty that’s just outside the conference is a nice change of pace.

The best place to do this is nearby Yerba Buena Gardens.

Hit the doors of the Moscone Center and venture down Howard Street to find an escape of green space, gardens, public art, restaurants, and a relaxing atmosphere. Take a walk, read a book, or browse some of San Francisco’s coolest public art like the Green Glass Ship, Genesis, and Shaking Man — with free admission.

The park is open daily from 6 a.m. until 10 p.m.

In the hustle and bustle of a major conference like RSA Conference 2020, taking 15 minutes to reconnect with nature and take in the finer things in life can be just the reset you need to before jumping back into the grind.


5. You should definitely check out the RSA Innovation Sandbox.

This is definitely one of the coolest events at all of RSA.

The RSA Innovation Sandbox Contest is is where some of the most-promising and most-interesting emerging security technologies to showcase their innovations.

Now in its 15th year, the sandbox features companies innovating in the areas of data access visibility, employee security risk, and phishing attacks, among many others.

Each of the 10 finalists will present a three-minute pitch on-stage, then will have a round of question-and-answers and will run a demo of the technology for a panel of judges.

Previous winners in the sandbox competition include Axonius in 2019, BigID in 2018, UnifyID in 2017, with other notable companies like Imperva and Phantom also having won the competition.

In late February, two cybersecurity researchers happened upon one of the largest non-password protected email databases on the web.

Bob Diachenko and Vinny Troia of the website SecurityDiscovery.com, found the online database of email addresses and personal information with more than 150GB of data, totaling over 800 million records with limited-to-no security. Their astounding find rooted back to the email validation service company Verifications.io.

In the database, Verifications.io had three folders titled "businessLeads," "Emailrecords," and "emailWithPhone," with each making up millions of records. "Emailrecords" had nearly 800 million alone, while the other two folders had more than 4 million and 6 million, respectively. In addition to email addresses, "Emailrecords" also contained zip codes, phone numbers, addresses, gender, and date of birth information.

Diachenko alerted Verifications.io of the breach via a ticket on the company's website, which prompted the removal of the database from the web and a response from the company stating no personally identifiable information had been included in the records.

Verifications.io is an email validation service for marketing companies, which works by keeping records of deliverable emails and vetting addresses against a company's email list. The service will send an email to an address to see if it will be delivered or bounce back, then keep a record of active addresses for companies to utilize with marketing email campaigns. These services keep marketing companies from being flagged as spam by sending multiple emails in a short timeframe.

Protecting your email address is as simple as routinely changing the account password with a strong credential, using a secure email service, and selecting obscure (or false) information about yourself for security questions.

If you have concerns around business email security, contact Archetype SC's security team to set up a consultation for SRVA, our security assessment tool that can scan your network for vulnerabilities that could be exploited by cybercriminals.

cross linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram