5 REASONS WHY RESPONSIVE DESIGN IS MORE IMPORTANT TODAY THAN EVER

/0 Comments/in /by

by Tom Ewer

A KEY CHARACTER TRAIT SHARED BY MOST SUCCESSFUL BUSINESSES IS ADAPTABILITY.

Businesses that prosper in an ever-changing environment are the ones that know how to stay up-to-date with the latest developments, and how to change their way of interacting with their world to stay on top.

With that in mind, if you don’t have a responsive web platform to showcase your services and/or products, you’ve already been left behind.

According to comScore, smartphones and tablets now account for 60% of time spent online. That trend is set to continue, with mobile devices on the rise and desktop browsing continuing to dwindle.

Obviously more people prefer using an app than a laptop to access Facebook, book a flight, or browse an online marketplace. That is understandable, given the convenience of a pocket-size tool that offers many of the benefits of something ten times the size. The statistics can be confirmed by simply looking around and noticing how many people are constantly glued to their smartphones.

As early as 2008 the forecasts indicated the trend, and in 2014 it became reality. Responsive design is no longer a luxury or a ‘nice to have’, but a necessity. Here are five reasons why.

1. Keeping Your Business Visible Is More Complex Today

More and more people are using the odd moment of free time to take care of emails while they wait in line, or browse social media while commuting, and so on. As the smartphone culture continues to seep into our day-to-day lives, we are beginning to take advantage of the new opportunities available to us.

However, there’s nothing more frustrating than browsing a website that doesn’t ‘work’ on your phone!

It is hard to estimate the value of potential sales that are lost because of this oversight, but numerous studies show that conversion rates are impacted by responsive design.

The rate of innovation continues to follow an exponential curve. New devices with new display capabilities are appearing faster than web architects are able to adapt. Responsive design is the solution.

Google, the market leader in the search engine world, also prefers responsive design, and it always pays to take note of the Big G’s evolving approach to SEO regarding new technology. Pierre Farr, Google Webmaster Trends Analyst, confirmed the company’s methodologies relating to responsive design in 2012, and today their Googlebot-mobile engine still prefers sites which are set up to be responsive and use a single HTML and URL set.

By making it easier for Google to crawl your site, you’re improving your SEO impact and ensuring a constant stream of visitors to the website you’ve worked so hard to create. As never before, SEO is impacted by your site’s responsiveness.

2. Continuity Has Become Vital

These days, you can’t get away with a website that only performs at its best on Internet Explorer. Your site needs to maintain its look and feel across the full spectrum of browsing platforms and devices.

Instead of having to zoom or shrink text and images while browsing on a mobile device, users would rather skip the hassle and look elsewhere. One statistic on Google’s Think Insights on Mobile puts the figure at a61% chance of losing the sale.

This is how it might go wrong:

A potential client notices your enticing advert while browsing on a PC at work, follows the link, and likes what he sees.

He makes a mental note to follow it up while on his lunch break. An hour or two later he sits down with his sandwich and gets onto your site via his new smartphone, but finds a site which looks different, and with information that doesn’t agree with what he’s already set his mind on.

Struggling to navigate the search option, he eventually gives up, and decides to try something else.

Your bounce rate just went up a notch.

With good responsive design, content, grids and images move freely across all screen resolutions and devices. The fluidity of the design allows your customer to access exactly the same information, and the scenario just described is a thing of the past. Nurturing the sale becomes seamless.

3. Ease of Use Is Evolving

As technology and design trends evolve, so do the expectations of your potential customers. Your business portal is perceived as trustworthy, up-to-date and worthwhile based largely on how easy it is to connect with you. It is becoming ever more difficult to impress.

Responsive design means more than just a website that looks good on a smartphone. The browsing experience is developing towards a smarter, more interactive level, with sites being able to determine your location, your browsing device and many of your preferences. Being responsive means seeing each user as an individual, with his or her own likes and dislikes.

Ease of use and an intuitive viewing experience is no longer optional – it is a necessity. Your approach to design needs to take note of the developing environment in which it exists. Ignoring the change will impact negatively on your growth.

4. Responsive Is Cheaper and the Way of the Future

With the recent introduction of smart watches into the mix of new browsing devices, more designers and marketers are realizing the importance of an adaptive approach. Add to that the capability of browsing the web using your TV remote on your large flat screen at home, and you can see that the future of web marketing is headed one way.

The future is uncertain, as always, so it’s a wise move to opt for a design solution that can adapt. Whatever innovation the propeller heads in gadget laboratories come up with, responsive design will ensure that your marketing efforts can be viewed easily and consistently.

Instead of maintaining multiple versions of your online information, responsive design lets you keep everything up to date in one place. Why waste resources maintaining multiple SEO campaigns? It makes sense to combine everything into a single adaptive site.

5. Being Responsive Shows That You Care

Despite a heavy focus on marketing, and ultimately making more money, we sometimes forget about the most important thing: people.

Behavioral Psychology models show us that three key factors are at work when users access your site:

  1. Motivation. This one’s up to you and/or your marketing team.
  2. Ease of use. Once a user has the necessary motivation, they need to be able to perform their intended behavior.
  3. A trigger. Or even better, multiple triggers. This ties in with ease of use – there should be multiple, clear opportunities for users to execute their intended behavior.

In other words, design your site with the aim of making it easy for the user to do what you want them to do.

If you think of customers as human beings rather than as numbers or sales targets, responsive design offers the best way to interact. Showing a person that you care about his or her opinion is a good way to foster trust. By designing your interactivity to be user-centric, and customizing your approach to fit the user’s personal needs, you’re taking steps in the right direction.

Going beyond simply making your site adapt to a device, consider implementing a responsive philosophy. This means fitting the overall experience of visiting your page within an appropriate context, lending more weight to features that the individual user will find beneficial. Rather than getting a ‘one-size-fits-all’ treatment, people enjoy feeling special.

Conclusion

Besides pure design elements such as ghost buttons, flat design and supersize HD images – which are all trending elements in the design marketplace right now – responsive design is the number one hot topic. The reason for this is not hard to see, given the reasons we’ve explored above. There is no doubt that the trends will continue into 2015 as they have in the past two years, and now is the time to change if you haven’t done so already.

There’s more reason than ever before to update your approach to marketing. The proliferation of new mobile devices, together with the boom in app sales, all point in the same direction.

As people take advantage of smartphones and tablets with fantastic new features, you need to keep re-inventing your ideas about what works and what doesn’t. With new avenues for exposure opening up, and old ones going the way of the dodo, it pays to keep your business visible, whether it happens to be on a large screen at home, or a tiny screen worn on someone’s wrist.

By incorporating responsive design into your strategy, you’re making sure that you have all the bases covered. Don’t get left behind!

 

9 Facts About Computer Security That Experts Wish You Knew

/0 Comments/in , , /by

Article Provided By: Annalee Newitz via Gizmodo

Every day, you hear about security flaws, viruses, and evil hacker gangs that could leave you destitute — or, worse, bring your country to its knees. But what’s the truth about these digital dangers? We asked computer security experts to separate the myths from the facts. Here’s what they said.

1. Having a strong password actually can prevent most attacks

Yahoo’s Chief Information Security Officer Alex Stamos has spent most of his career finding security vulnerabilities and figuring out how attackers might try to exploit software flaws. He’s seen everything from the most devious hacks to the simplest social engineering scams. And in all that time, he’s found that there are two simple solutions for the vast majority of users: strong passwords and two-factor authentication.

Stamos says that the biggest problem is that the media focuses on stories about the deepest and most complicated hacks, leaving users feeling like there’s nothing they can do to defend themselves. But that’s just not true. He told me via email:

I’ve noticed a lot of nihilism in the media, security industry and general public since the Snowden docs came out. This generally expresses itself as people throwing up their hands and saying “there is nothing we can do to be safe”. While it’s true that there is little most people can do when facing a top-tier intelligence apparatus with the ability to rewrite hard drive firmware, this should not dissuade users from doing what they can to protect themselves from more likely threats and security professionals from building usable protections for realistic adversaries.

Users can protect themselves against the most likely and pernicious threat actors by taking two simple steps:

1) Installing a password manager and using it to create unique passwords for every service they use.

2) Activating second-factor authentication options (usually via text messages) on their email and social networking accounts.

The latter is especially important since attackers love to take over the email and social accounts of millions of people and then automatically use them to pivot to other accounts or to gather data on which accounts belong to high-value targets.

So I would really like the media to stop spreading the idea that just because incredible feats are possible on the high-end of the threat spectrum, doesn’t mean it isn’t possible to keep yourself safe in the vast majority of scenarios.

Adam J. O’Donnell, a Principal Engineer with Cisco’s Advanced Malware Protection group, amplified Stamos’ basic advice:

Oh, and my advice for the average person: Make good backups and test them. Use a password vault and a different password on every website.

Yep, having a good password is easy — and it’s still the best thing you can do.

2. Just because a device is new does not mean it’s safe

When you unwrap the box on your new phone, tablet or laptop, it smells like fresh plastic and the batteries work like a dream. But that doesn’t mean your computer isn’t already infected with malware and riddled with security vulnerabilities.

I heard this from many of the security experts I interviewed. Eleanor Saitta is the technical director for the International Modern Media Institute, and has worked for over a decade advising governments and corporations about computer security issues. She believes that one of the most pernicious myths about security is that devices begin their lives completely safe, but become less secure as time goes on. That’s simply not true, especially when so many devices come with vulnerable adware like Superfish pre-installed on them (if you recall, Superfish came pre-installed on many Lenovo laptop models):

That’s why the Superfish thing was such a big deal. They built a backdoor in, and they built a really bad, incompetent one, and now it turns out that anybody can walk through.

When you’re relying on code delivered by somebody else, a service online or box that you don’t control, chances are good that it’s not acting in your interest, because it’s trying to sell you. There’s a good chance that it’s already owned or compromised by other people. We don’t have a good way of dealing with trust and managing it right now. And all sorts of people will be using that code.

The other issue, which erupted in the media over the past day with the FREAK attack, is that many machines come pre-installed with backdoors. These are baked in by government request, to make it easier for law enforcement and intelligence agencies to track adversaries. But unfortunately, backdoors are also security vulnerabilities that anyone can take advantage of. Says Saitta:

I think one thing that is really important to understand is that if you built a monitoring system into a network like a cell network, or into a crypto system, anybody can get in there. You’ve built a vulnerability into the system, and sure, you can control access a little. But at the end of the day, a backdoor is a backdoor, and anybody can walk through it.

3. Even the very best software has security vulnerabilities

Many of us imagine that sufficiently good software and networks can be completely safe. Because of this attitude, many users get angry when the machines or services they use turn out to be vulnerable to attack. After all, if we can design a safe car, why not a safe phone? Isn’t it just a matter of getting the tech and science right?

But Parisa Tabriz told me via email that you can’t look at information security that way. Tabriz is the engineer who heads Google’s Chrome security team, and she believes that information security is more like medicine — a bit of art and science — rather than pure science. That’s because our technology was built by humans, and is being exploited by humans with very unscientific motivations. She writes:

I think information security is a lot like medicine — it’s both an art and science. Maybe this is because humans have explicitly built technology and the internet. We assume we should be able to built them perfectly, but the complexity of what we’ve built and now hope to secure almost seems impossible. Securing it would require us to have zero bugs, and that means that the economics are not on the side of the defenders. The defenders have to make sure there are zero bugs in all software they use or write (typically many millions of lines of code if you consider the operating system too), whereas the attacker only has to find one bug.

There will always be bugs in software. Some subset of those bugs will have security impact. The challenge is figuring out which ones to spend resources on fixing, and a lot of that is based on presumed threat models that probably would benefit from more insight into people’s motivations, like crime, monitoring, etc.

RAND Corporation computer security researcher Lillian Ablon emailed me to say that there is simply no such thing as a completely secure system. The goal for defenders is to make attacks expensive, rather than impossible:

With enough resources, there is always a way for an attacker to get in. You may be familiar with the phrase “it’s a matter of when, not if,” in relation to a company getting hacked/breached. Instead, the goal of computer security is to make it expensive for the attackers (in money, time, resources, research, etc.).

4. Every website and app should use HTTPS

You’ve heard every rumor there is to hear about HTTPS. It’s slow. It’s only for websites that need to be ultra-secure. It doesn’t really work. All wrong. The Electronic Frontier Foundation’s Peter Eckersley is a technologist who has been researching the use of HTTPS for several years, and working on the EFF’s HTTPS Everywhere project. He says that there’s a dangerous misconception that many websites and apps don’t need HTTPS. He emailed to expand on that:

Another serious misconception is website operators, such as newspapers or advertising networks, thinking “because we don’t process credit card payments, our site doesn’t need to be HTTPS, or our app doesn’t need to use HTTPS”. All sites on the Web need to be HTTPS, because without HTTPS it’s easy for hackers, eavesdroppers, or government surveillance programs to see exactly what people are reading on your site; what data your app is processing; or even to modify or alter that data in malicious ways.

Eckersley has no corporate affiliations (EFF is a nonprofit), and thus no potential conflict of interest when it comes to promoting HTTPS. He’s just interested in user safety.

5. The cloud is not safe — it just creates new security problems

Everything is cloud these days. You keep your email there, along with your photos, your IMs, your medical records, your bank documents, and even your sex life. And it’s actually safer there than you might think. But it creates new security problems you might not have thought about. Security engineer Leigh Honeywell works for a large cloud computing company, and emailed me to explain how the cloud really works. She suggests that you begin thinking about it using a familiar physical metaphor:

Your house is your house, and you know exactly what the security precautions you’ve taken against intruders are – and what the tradeoffs are. Do you have a deadbolt? An alarm system? Are there bars on the windows, or did you decide against those because they would interfere with your decor?

Or do you live in an apartment building where some of those things are managed for you? Maybe there’s a front desk security person, or a key-card access per floor. I once lived in a building where you had to use your card to access individual floors on the elevator! It was pretty annoying, but it was definitely more secure. The security guard will get to know the movement patterns of the residents, will potentially (though not always, of course!) recognize intruders. They have more data than any individual homeowner.

Putting your data in the cloud is sort of like living in that secure apartment building. Except weirder. Honeywell continued:

Cloud services are able to correlate data across their customers, not just look at the ways an individual is being targeted. You may not [control access to the place where] your data is being stored, but there’s someone at the front desk of that building 24/7, and they’re watching the logs and usage patterns as well. It’s a bit like herd immunity. A lot of stuff jumps out at [a defender] immediately: here’s a single IP address logging into a bunch of different accounts, in a completely different country than any of those accounts have been logged into from ever before. Oh, and each of those accounts received a particular file yesterday — maybe that file was malicious, and all of those accounts just got broken into?

But if it’s a more targeted attack, the signs will be more subtle. When you’re trying to defend a cloud system, you’re looking for needles in haystacks, because you just have so much data to handle. There’s lots of hype about “big data” and machine learning right now, but we’re just starting to scratch the surface of finding attackers’ subtle footprints. A skilled attacker will know how to move quietly and not set off the pattern detection systems you put in place.

In other words, some automated attack methods become blatantly obvious in a cloud system. But it also becomes easier to hide. Honeywell says that users need to consider the threats they’re seriously worried about when choosing between a cloud service and a home server:

Cloud services are much more complex systems than, say, a hard drive plugged into your computer, or an email server running in your closet. There are more places that things can go wrong, more moving parts. But there are more people maintaining them too. The question folks should ask themselves is: would I be doing a better job running this myself, or letting someone with more time, money, and expertise do it? Who do you think of when you think about being hacked — is it the NSA, random gamer assholes, an abusive ex-partner? I ran my own email server for many years, and eventually switched to a hosted service. I know folks who work on Gmail and Outlook.com and they do a vastly better job at running email servers than I ever did. There’s also the time tradeoff — running an email server is miserable work! But for some people it’s worth it, though, because NSA surveillance really is something they have worry about.

6. Software updates are crucial for your protection

There are few things more annoying in life than the little pop-up that reminds you that updates are required. Often you have to plug your device in, and the updates can take a really long time. But they are often the only thing that stands between you and being owned up by a bad guy. Cisco’s O’Donnell said:

Those software update messages are [not] there just to annoy you: The frequency of software updates is driven less by new software features and more because of some very obscure software flaw that an attacker can exploit to gain control of your system. These software patches fix issues that were publicly identified and likely used in attacks in the wild. You wouldn’t go for days without cleaning and bandaging a festering wound on your arm, would you? Don’t do that to your computer.

7. Hackers are not criminals

Despite decades of evidence to the contrary, most people think of hackers as the evil adversaries who want nothing more than to steal their digital goods. But hackers can wear white hats as well as black ones — and the white hats break into systems in order to get there before the bad guys do. Once the vulnerabilities have been identified by hackers, they can be patched. Google Chrome’s Tabriz says simply:

Also, hackers are not criminals. Just because someone knows how to break something, doesn’t mean they will use that knowledge to hurt people. A lot of hackers make things more secure.

O’Donnell emphasizes that we need hackers because software alone can’t protect you. Yes, antivirus programs are a good start. But in the end you need security experts like hackers to defend against adversaries who are, after all, human beings:

Security is less about building walls and more about enabling security guards. Defensive tools alone can’t stop a dedicated, well resourced attacker. If someone wants in bad enough, they will buy every security tool the target may have and test their attacks against their simulated version of the target’s network. Combatting this requires not just good tools but good people who know how to use the tools.

RAND’s Ablon adds that malicious hackers are rarely the threat they are cracked up to be. Instead, the threat may come from people you don’t suspect — and their motivations may be far more complicated than mere theft:

A lot of the time an internal employee or insider is just as big of a threat, and could bring a business to its knees – intentionally or inadvertently. Furthermore, there are distinct types of external cyber threat actors (cybercriminals, state-sponsored, hacktivists) with different motivations and capabilities. For example, the cybercriminals who hacked into Target and Anthem had very different motivations, capabilities, etc. than those of the state-sponsored actors who hacked into Sony Pictures Entertainment.

8. Cyberattacks and cyberterrorism are exceedingly rare

As many of the experts I talked to said, your biggest threat is somebody breaking into your accounts because you have a crappy password. But that doesn’t stop people from freaking out with fear over “cyberattacks” that are deadly. Ablon says that these kinds of attacks are incredibly unlikely:

Yes, there are ways to hack into a vehicle from anywhere in the world; yes, life-critical medical devices like pacemakers and insulin pumps often have IP addresses or are enabled with Bluetooth – but often these types of attacks require close access, and exploits that are fairly sophisticated requiring time to develop and implement. That said, we shouldn’t be ignoring the millions of connected devices (Internet of Things) that increase our attack surface.

Basically, many people fear cyberattacks for the same reason they fear serial killers. They are the scariest possible threat. But they are also the least likely.

As for cyberterrorism, Ablon writes simply, “Cyberterrorism (to date) does not exist … what is attributed to cyberterrorism today, is more akin to hacktivism, e.g., gaining access to CENTCOM’s Twitter feed and posting ISIS propaganda.”

9. Darknet and Deepweb are not the same thing

Ablon writes that one of the main problems she has with media coverage of cybercrime is the misuse of the terms “Darknet” and “Deepweb.”

She explains what the terms really mean:

The Deepweb refers to part of the Internet, specifically the world wide web (so anything that starts www) that isn’t indexed by search engines, so can’t be accessed by Google. The Darknet refers to non-“www” networks, where users may need separate software to access them. For example, Silk Road and many illicit markets are hosted on [Darknet] networks like I2P and Tor.

So get a password vault, use two-factor auth, visit only sites that use HTTPS, and stop worrying about super intricate cyber attacks from the Darknet. And remember, hackers are here to protect you — most of the time, anyway.

Facebook Mentions 2.0 is Here

/0 Comments/in /by

Article Provided By: Facebook

A better way for actors, athletes, musicians and other influencers to stay in touch with their fans and the people and things they care about.

Move page down

Tell Your Story

Start conversations directly from your phone by posting updates, sharing photos or videos, or hosting a live Q&A.

Share Everywhere

Share updates across Facebook, Instagram and Twitter, all from one app.

Talk with Fans

See what people are saying about you and the topics you’re interested in.

Stay in the Loop

Get posts from the people you follow and see trending stories in one place.



App Store link

Facebook Mentions is only available to public figures with verified Pages.

Why Hackers Are Kicking Your Butt: The 5 Steps Every Business Leader Must Take to Fight Back

/0 Comments/in , /by

Original Article by: Marc Goodman

Hackers and organized crime groups have a business model—and it’s kicking your butt. Sony, Target, Home Depot and JP Morgan Chase have all been pwned, hacker-speak for being “owned” or roundly defeated by the competition. No, I’m not talking about the competition across town or your longtime corporate rival. These are the hidden, silent competitors you mostly don’t think until it’s too late: international organized crime, hacktivists and even foreign nation states, and they’re all gunning for you. They are well-resourced, motivated and poised to take you down. And most of all, they are organized, more organized that you ever imagined, as the 80 million patients insured by Anthem Blue Cross can now attest.

These are not the lone teenage hackers of yesteryear banging away at keyboards in their mom’s basement. Today 40% of cybercriminals are over the age of 35 and 80% are now working with organized crime groups, according to a 2014 study by the RAND Institute. These groups have created vast networks of front companies whose sole purpose is to penetrate your information systems and steal all the corporate, client, financial and intellectual property data that they can.

Organized crime “companies,” such as Innovative Marketing Solutions of Ukraine, are housed in multi-story office buildings with receptionists who greet clients and a corporate hierarchy that could come straight out of a Harvard Business School case-study. Just as Facebook employees go to work to write their code, organized crime teams clock in every day creating software, or rather “crimeware”, to rip you off, and crime-bosses even incentivize their most productive cyber foot-soldiers with “employee of the month” prizes like Ferraris or a briefcase full of cash.

The problem for legitimate businesses, and even individuals, is that they usually have no idea that they have been hacked. Unlike car theft when you go to the garage and discover your vehicle missing, the overwhelming majority of those businesses who have been successfully penetrated have no idea it’s even happened—for a really, really long time. According to a study by Trustwave Holdings the average time from the initial breach of a company’s network until discovery of the intrusion was an alarming 210 days. That’s nearly 7 months for an attacker, whether organized crime, the competition or a foreign government, to creep around unfettered in a corporate network stealing secrets, gaining competitive intelligence, breaching financial systems and pilfering customer’s personally identifiable information, such as their credit cards.

When businesses do eventually notice that they have a digital spy in their midst and that their vital information systems had been compromised, an appalling 92% of the time, it is not the company’s Chief Information Officer, security team or system administrator who discovers the breach. Rather it is law enforcement, an angry customer or a contractor who notifies the victim of the problem. According to the Gartner group, businesses are on track to spend $100 billion on cyber security and defense in the coming year and yet most companies have proven simply incapable of detecting when a hacker has breached their information systems.

Whether or not you realize it there’s a war afoot, between those who want to leverage our technological tools for good and those who wish them to exploit them by lying, cheating stealing, harming others—including you and your business. These are the 5 Steps Every Business Leader Must Take to Fight Back:

  1. Create a United Front: Too many companies segment security responsibilities in ways that no longer make sense in today’s modern world. Chief Information Officers (CIOs) deal with information security and computer systems. The head of corporate security (usually a retired FBI or police official) protects facilities, issues ID cards, hires guards and handles video cameras and alarms. Yet another person, the head of Human Resources, manages personnel security, conducting background investigations on new employees. Unfortunately, in most companies this segmentation allows too much to fall through the cracks and results in finger-pointing when something goes wrong. There needs to be a single “adult” in charge of corporate risk in the cyber age—a person with a 35,000 foot view of the rapidly emerging threats modern businesses face and the full backing and authority of the CEO and the board to own the problem set.
  1. Go Hunting: The old model of cyber security was to build the equivalent of tall fences with tools such as antivirus software, firewalls and intrusion detection systems to keep the bad guys out. Those days are over as evidenced not only by the explosive growth in data breaches but by the inability of most companies to even tell that their systems have been penetrated. Indeed, the Barbarians are no longer just at the gate—they in your laptop, network operations center, in your lunch room and wandering your virtual corridors, unnoticed for months at a time. In order to survive today’s modern cyber attacks, companies must go on the offense—proactively hunting down the bad guys that are almost certainly within your systems already.
  1. Test Your Assumptions: You think you’re safe, but how do you know? To answer this question, the military long ago implemented “red-team” exercises to try to break their own security. Specially trained personnel played the role of the “red team” during war-game exercises, so named-after the Soviet “reds” with the intent of breaking the military’s security. You too can red-team your own company, whether using internal or external resources and consultants. The fact of the matter is every day hackers and organized crime groups are trying to break into your networks. Shouldn’t you be doing the same to try to detect and respond to problems before your opponents do?
  1. Encrypt What You Want to Keep : Data leaks abound. The only hope you have of keeping your data in your hands is to make it useless in somebody else’s. Encryption does this by using large prime numbers to scramble your data so that only those with the secret key can read it. Given the obvious cyber threats, it is no longer tenable to keep any form of sensitive data in plain text. Sadly, foolish mistakes abound. During the Sony Pictures attack, hackers gained access to 140 plain-text files containing tens of thousands of passwords incredulously stored unencrypted in Microsoft office files labeled “Passwords.doc” and Password.xls. Oh, and those 80 million patient records and social security numbers stolen from Anthem Blue Cross—also entirely unencrypted. In today’s world, storing sensitive data in an unencrypted format is ridiculous, inexcusable and tantamount to corporate negligence.
  1. Have a plan: Former FBI Director Robert Mueller famously noted that there are only two types of companies—those that have been hacked and those that will be. You’ve likely already been hacked and just don’t know it yet. Cyber attacks are the “new normal,” and Sony Pictures’ deer-in-the-headlights response to their latest hack was pathetic, particularly in light of the 2011 breach of the Sony PlayStation network in which over 100 million accounts were previously compromised. “I didn’t know” is no longer a tenable excuse, and companies must develop plans that transcend just the I.T. team and include the Board, C-Suite, general counsel, customer service, marketing and public relations, because when the data breach inevitably occurs, it’s going to be “all hands on deck.” The time to develop a disaster response plan is now–not during the disaster.

Adapted from Future Crimes: Everything is Connected, Everyone Is Vulnerable and What We Can Do About it.