SEPTEMBER 2018 | FUTUREOFBUSINESSANDTECH.COM
|
An Independent Supplement by Mediaplanet to San Francisco Chronicle
Fraud Protection Robert Herjavec of “Shark Tank” fame is helping ensure that businesses are equipped with the best fraud detection tools on the market.
LEARN what small businesses specifically can do against the very real threat of fraud.
BROWSE more stories online, including what’s trending in health information technology.
MEDIAPLANET
2 | FUTUREOFBUSINESSANDTECH.COM No business is too small to escape the eye of cyberattacks. Having cybersecurity measures in place can help. Page 6
Small businesses are big targets for fraudsters, which is why now is the time to set up even bigger defenses. Page 7
“American Greed” actor Stacy Keach explains why fraudsters are more dangerous than we think they are. Online
4 Health Information Technology Trends to Watch Health information technology is providing ways to make health care safer, less costly and more organized.
E
arly in the year, many people wonder what lies ahead in their lives and their health. Personally, my focus is on making smart, cost-effective decisions that support my family’s health. My passion and my career are all about making sure the right health information gets to the right person at the right time so that people can make the right decisions. Here are four health information technology trends I know I’ll be watching: 1. Protecting electronic health information from the bad guys We face a challenging situation: health information must be available when a patient or caregiver needs it, yet securely protected from curiosity-seekers or those who mean to do harm. In light of cyberattacks and other compromising situations, the health sec-
devices that securely share this information with clinicians, patients can improve the quality of the care they receive, expand their access and reduce the overall cost.
tor is keenly focused on securing and protecting our health data. 2. More patients benefit from “virtual visits” with their clinicians Telemedicine allows patients and caregivers to connect via video, phone or email, a wonderful tool for patients who are too far away from those who can provide the best possible care. In 2016, 15 million Americans virtually connected with their doctor, nurse or other caregiver; I wouldn’t be surprised to see that number continue to rise. 3. Patient-generated data makes its way into clinicians’ electronic records Whether it’s home-based blood glucose levels, weight or vital signs, patients are generating more and more data about their own health status. Using smart
Carla Smith, M.A., FHIMSS, CNM, Executive Vice President, Healthcare Information and Management Systems Society
4. Patients benefit from connected, coordinated care The ability to securely, appropriately and consistently share electronic patient health information with those who need it is known as interoperability. With widespread interoperability, the right information is available to the right people at the right time. That means clinicians and patients can securely send and receive health information across towns, regions, states — ensuring patients, clinicians and loved ones have the information they need to have when they need it the most. n
Publisher & Business Developer Abraham Freedberg Managing Director Luciana Olson Designers Chris Espino, Tiffany Pryor Copy Editor Benny Regalbuto Director of Sales Shannon Ruggiero Director of Business Development Jourdan Snyder Director of Product Faye Godfrey Content Strategist Mina Fanous Production Coordinator Josh Rosman Cover Photo Herjavec Group All photos are credited to Getty Images unless otherwise credited. This section was created by Mediaplanet and did not involve USA Today.
KEEP YOUR FEED FRESH. FOLLOW US @MEDIAPLANETUSA
EMAIL CONTENT INQUIRIES TO EDITORIAL@MEDIAPLANET.COM
PLEASE RECYCLE AFTER READING
MEDIAPLANET
4 | FUTUREOFBUSINESSANDTECH.COM
Robert Herjavec Breaks Down the Essentials of Fraud Detection for Retailers Machine learning provides retail professionals with the tools they need to deflect potential threats. “Shark Tank” star Robert Herjavec has plenty of insight on which tools are best suited to the industry.
R
etail outlets struggle with cybersecurity. According to a survey by ACI Worldwide, 53 percent of retailers do not have a common set of fraud prevention or payment security capabilities. An escalating problem Unfortunately, cybersecurity tools aren’t a priority for many retailers, according to Robert Herjavec, founder of the Herjavec Group, which provides cybersecurity products and services.
“Most retailers struggle with narrowing margins,” he explains, “and security isn’t always seen as an accepted budgetary line item.” But it’s time to change that, Herjavec believes. “Outside of the standard threats, there are two things that should keep retail businesses up at night: lack of awareness and brand credibility.” Improving awareness Popular hacking tactic “social engineering” — which relies on
various techniques to trick the end user into breaking security protocols — fools employees, vendors and customers into clicking on links or opening attachments loaded with data-breaching malware. Awareness begins with educating team members about these communications. At the same time, retailers should take advantage of technology to better prevent these attacks, like fraud prevention software and artificial intelligence.
Big data vs. fraud “One of the greatest challenges we face is trying to find the abnormal or criminal activity across large quantities of normal behavior,” Herjavec adds. He likens it to looking for a “cyber needle in the haystack of data.” Data logs hold all the information and communications with the network, and that’s where IT departments find anomalies. However, two things are needed to identify good and bad data: manpower and technology. “Through the advancement of big data analytics, we can better target abnormal behavior, p e r f o r m f a ste r qu e r i e s and identify more complex behavioral pat terns,” explains Her javec. B u t mos t ret a ile r s ar e n’ t absorbing the data logs in their environment. Third party vendors can play an important role in improving security practices and alerting businesses to potential dangers.
It’s not all bad news Compliance is driving improved behavior, according to Herjavec: “PCI security standards are technical and operational requirements set to protect cardholder data. The standards apply to all entities [linked to] cardholder data, with guidance for software developers and manufacturers of applications and devices used in those transactions.” Cybersecurity may not come easily; smaller retailers can find it hard to commit the time, personnel and financial resources required for comprehensive security. “Cybersecurity isn’t just a onetime expense,” Herjavec contends. “Businesses need to cover the basics in order to be compliant, particularly with the PCI DSS standards. [They] should engage with a knowledgeable security partner who can help them prioritize their technology needs.” n Sue Poremba
6 | FUTUREOFBUSINESSANDTECH.COM
Shielding Businesses From Cyberattacks
Jack Koziol CEO and Founder, InfoSec Institute
Paragons of the cybersecurity industry discuss what they think is putting small businesses at risk of cyberthreats, what to watch out for and more. From your experience, what would you say is the most common reason small businesses fall victim to cybersecurity fraud? Jack Koziol: There is a common misconception among many small businesses that they are not large or valuable enough to be cyberattack-worthy. It’s easy to think as a smaller organization that you can safely fly under hackers’ radar. Unfortunately, this mindset is the biggest contributor to the rapid growth in server message block (SMB) cyberattacks. Today’s hackers readily take advantage of an
Charla Griffy-Brown, Ph.D., Professor, Graziadio School of Business, Pepperdine University
SMB’s constrained investment in security controls, or they exploit a false sense of securit y tha t i n -p lace p rotect ion, detection and response systems will catch all malicious activity — ultimately exposing a vulnerable second line of defense: employees. While there are many types of fraud out there, what do you think is the most dangerous threat to small businesses right now? How does digital security translate into a real impact? Charla Griffy-Brown: Wire transfer schemes, also known as “business email compromise,” are increasing exponentially. These social engineering tactics are powerful methods for cyber criminals to compromise organizations.
Gill Langston Senior Product Manager, SMB, Avast Software
In addition, crime as a service is making it harder for criminals to get caught through the use of thirdparty tools and services. John Bandler, one of our Cyber Risk Professional Certification board members, suggests, “ Rather than focus on the ‘fraud-du-jour,’ companies should focus on developing strong information security programs built on a solid foundation of the basics.” A strong, risk-based cybersecurity program enables enterprises to protect their bottom line and is an essential top line investment, enabling strategic initiatives to have their intended business impact. What are the best practices/tools that business owners can implement to make sure they are protected from an attack?
Gill Langston: From a tools standpoint, it is critical to protect all entry points from attackers with multiple layers. This means protecting email flow from phishing and malware, having a good endpoint protection solution, reviewing web traffic for malicious websites and downloads, performing regular security audits of your passwords and making sure you are applying patches to software. And of course, training your employees on what to look out for in emails and other communications that might seem out of place are components for a strong defensive posture. Contracting a third party to do an assessment from time to time can also alert you to additional items to address in your security posture.
Gerry Beuchelt Chief Information Security Officer, LastPass
Without being an expert in cybersecurity, is there anything that business owners can look out for in their day-to-day operations that may be red flags to potentially fraudulent activity? Gerry Beuchelt: No central security function can be allknowing, even in the most sophisticated enterprises. It is paramount for business owners to develop a strong security program for all employees to help identify threats and fraudulent activities. It will only be through a joint effort that businesses can thwart attacks and defend themselves against bad actors. Security is a team sport. n
To read the full Q&A, visit us online: FUTUREOFBUSINESSANDTECH.COM
MEDIAPLANET | 7
Implementing New Ways of Preventing Business Fraud Tricia Phillips, senior vice president of product and strategy at Kount, Inc., advocates for machine learning and biometrics in securing business data and information.
PHOTO: ALEX KOTLIARSKY
5 Ways Small Businesses Can Protect Themselves From Fraud
What is the biggest mistake that companies make when it comes to data and information security?
With small businesses at higher risk of fraud damaging them more than their larger cousins, it’s only natural that they want to fortify themselves.
F
raud affects organizations of all sizes, but it can prove esp ecia l ly devastating to small businesses. According to the Asso c iati o n of Ce rtified Fraud Examiner’s 2018 Report to the Nations, small businesses lost almost twice as much per fraud scheme in comparison to organizations with more than 100 employee s. Small bu sinesses typically have fewer resources to prevent, and recover from, fraud. The cultural structure of small businesses also tends to have a more potent atmosphere of trust, which can lead to fraudsters taking advantage. Here are five ways small businesses can protect themselves from fraud: 1. Be proactive Adopt a code of ethics for management and employees. Evaluate your internal controls for effectiveness and identify areas of the business that are vulnerable to fraud. Make it clear to employees that fraud is something you take seriously. 2. Set up a fraud hotline Regardless of the size of the organization, fraud is most likely to be
detected by a tip. Providing an anonymous reporting system for your employees, contractors and clients will help uncover more fraud. 3. Separate duties Small businesses often run lean; e mp l oy e es ca n b e e xp e ct e d to fulfill multiple roles to keep the organization running. However, when the same employee is in charge of writing checks and approving them, it creates an opportunity for fraud. Out of fraud cases reported in small businesses, 22 percent of the schemes involved check and payment tampering — that’s a much larger amount than the 8 percent that organizations with more than 100 employees reported. Ensuring that duties are separated and approved by multiple people is important in removing the opportunity for fraud. 4. Provide fraud training for management and employees According to the Report to the Nations, only a little more than 20 percent of small businesses had fraud training for their employees.
Education is a pivotal part of fraud pr even t i o n. If e mpl oyees an d managers don’t know how to spot signs of fraud, how can they report it? Ensure that everyone in your organization is aware of what fraud looks like and how to report it. 5. Increase the perception of detection Communicate regularly to staff about anti-fraud policies, ways to report suspicions of misconduct and the potential consequences (including termination and prosecution) of fraudulent behavior. Even if you are unable to implement controls, such as external or internal audits on a regular basis, performing them occasionally can go a long way to show employees that if they commit fraud, they will be discovered. While fraud prevention is not “one-size-fits-all” for organizations, small businesses can make use of the above tips to decrease their risk for fraud. Find free fraud training and awareness resources at fraudweek.com. ■ Bruce Dorris, J.D., CFE, CPA, President and CEO, Association of Certified Fraud Examiners
From a cybersecurity standpoint? Viewing the risk of fraud or account compromise without considering the business risk of poor customer experience and lost revenue. Protecting customer data and the business against fraud cannot come at the cost of the customer experience and conversion. What should businesses be looking for in a fraudand risk-management solution provider? There are no predictive machine learning models which can prevent fraud with low false positives without human aid. It takes people to define the machine learning features, as well as train, reinforce and supervise the models. A comprehensive fraud prevention solution must include machine learning, an engine supporting business policies, investigation/analysis capability and the ability to evaluate outcome data to enable continuous improvement. How is machine learning being used to better prevent fraud? Machine learning can identify new fraud trends and identify low-risk activity, ensuring that good customers are inconvenienced as little as possible. Enhancements in computing and data processing technologies have enabled the productionalization of advanced data analytics tools and theories to work in real time to detect anomalies and calculate fraud likelihood. Unsupervised machine learning catches emerging fraud trends which haven’t been explicitly observed or modeled; supervised machine learning is a predictive method of detecting and preventing fraud. By the time older machine learning models were released into production, they were already months behind the latest fraud trends. Today, tools exist to update models much quicker for predictive value. What is the biggest advantage of biometric security solutions in protecting businesses from fraud? Theoretically, biometrics can’t be compromised. The reality is that most biometric authentication methods can still be compromised by determined attackers because liveness detection is still underdeveloped in the hardware technologies available in most B2C authentication scenarios. Biometrics are usually harder to break than passwords, but in most cases, they are not without points of failure. What do businesses need to consider before introducing biometrics? Consider biometrics to be a means of reducing friction in an authentication scenario by enabling further corroboration of the identity of a known customer when combined with other familiarity signals.