Cybersecurity, A Top Priority

The highest priority in 2019 for asset owners and managers must be reviewing and even spending money to fortify the cybersecurity of their institutions, both in-house and with all the firms that provide them with services, such as custodians, consultants, asset managers and brokerage houses.

Hackers have become more cunning, often not attacking a target directly but indirectly through a service supplier, sometimes a minor one. This was the case in a 2017 attack, allegedly by Russian hackers, on the U.S. power grid. The attack did not use sophisticated software, but simple phishing — sending emails pretending to be someone entitled to requested information, according to a reconstruction of the hack by The Wall Street Journal in a Jan. 10 report.

The hackers launched an attack against a 15-person excavating company in Oregon that works with utilities and government agencies involved with the nation’s electric grid, seemingly an unlikely target for attackers aiming ultimately at the power grid. From there, they worked their way up a chain of the company’s contacts at utilities and government offices for which it had worked, gaining access to the information they wanted.

What is to prevent a similar strategy used to gain control of the computer systems of major financial institutions and causing havoc in the capital markets? It’s only intense concentration on cybersecurity at all levels of the industry — from the smallest research boutique or consulting firm to the largest index fund managers or custodians.

Institutions must first review their own internal cybersecurity practices and controls, continually updating anti-malware software. They must also constantly remind employees to beware of emails with attachments or requests for seemingly innocent information, even apparently from friends or contacts. In addition, they must carefully review who has access to key data. Data privileges, if spread too widely, can be a key point of vulnerability.

Then they must ask those firms that provide services for regular reports on the steps they are taking to ensure their systems are as hack proof as humanly possible, and what they are doing to ensure employees do not inadvertently breach data security.

The key to successful defense is constant vigilance, constant updating of anti-malware software, and constant reminders to employees that they are a key part of the defense.

source:  pionline

Government Shutdown Has Chilling Effect on National Cybersecurity

The US government shutdown is having a chilling effect on national cybersecurity, with 80 government web certificates having already expired without being renewed and FBI agents issuing a stark warning.

Vendor Netcraft claimed on Thursday that the lapsed certificates include those affecting “sensitive government payment portals and remote access services” at agencies like NASA, as well as the Department of Justice and the Court of Appeals.

The impact of this administrative snafu is to render the sites inaccessible or insecure. If HSTS is properly implemented, modern browsers will now not allow users to visit sites with expired certificates, said Netcraft.

“However, only a few of the affected .gov sites implement correctly-functioning HSTS policies. Just a handful of the sites appear in the HSTS preload list, and only a small proportion of the rest attempt to set a policy via the Strict-Transport-Security HTTP header — but the latter policies will not be obeyed when they are served alongside an expired certificate, and so will only be effective if the user has already visited the sites before,” it explained.

The concern is that as the shutdown continues, growing numbers of certificates will expire without being renewed, increasing the security risk.

The National Institute of Standards and Technology (NIST) is particularly badly affected by the shutdown, with an estimated 85% of personnel furloughed and its website shut.

That’s bad news for the information security community as NIST guidance documents and frameworks are widely consulted to improve baseline security practices around the world.

As if that weren’t enough, FBI special agents have signed an open letter warning that the shutdown could hurt operations and even force agents to consider roles elsewhere.

“As those on the frontlines in the fight against criminals and terrorists, we urge expediency before financial insecurity compromises national security,” they said.

Suzanne Spaulding, a former Department of Homeland Security (DHS) under-secretary and Nozomi Networks advisor, warned that the loss of so many government employees means the US is “losing ground against our adversaries.”

“And the timing couldn’t be worse, with Congress just having established the new Cybersecurity and Infrastructure Security Agency (CISA) at the DHS,” she added.

“Getting this agency fully operational requires a lot of work and it’s like repairing an airplane while you’re flying it. You try to avoid disrupting the critical operational activity even while you make changes to improve the organization. This shutdown is a disruption CISA can ill afford.”

source:  Info Security 

The Web Giants From 1998 To 2018

With each passing year, an increasingly large segment of the population no longer remembers images loading a single pixel row at a time, the earsplitting sound of a 56k modem, or the domination of web portals.

Many of the top websites in 1998 were basically news aggregators or search portals, which are easy concepts to understand. Today, brand touch-points are often spread out between devices (e.g. mobile apps vs. desktop site) and a myriad of services and sub-brands (e.g. Facebook’s constellation of apps). As a result, the world’s biggest websites are complex, interconnected web properties.

Today’s visualization, inspired by an earlier work published by WaPo, looks at which of the internet giants have evolved to stay on top, and which have faded into internet lore.

America Moves Online

For millions of curious people the late ’90s, the iconic AOL compact disc was the key that opened the door to the World Wide Web. At its peak, an estimated 35 million people accessed the internet using AOL.

By 1999, the AOL rode the Dot-com bubble to dizzying heights, with a valuation of $222 billion dollars.

AOL’s brand may not carry the caché it once did, but the brand never completely faded into obscurity. The company continually evolved, finally merging with Yahoo after Verizon acquired both of the legendary online brands. Verizon has high hopes for the company – called Oath – to evolve into a “third option” for advertisers and users who are fed up with Google and Facebook.

A City of Gifs and Web Logs

As internet usage began to reach critical mass, web hosts such as AngelFire and GeoCities made it easy for people to create a new home on the Web.

GeoCities, in particular, made a huge impact on the early internet, hosting millions of websites and giving people a way to actually participate in creating online content. If the web host was a physical place, it would’ve been the third largest city in America, just after Los Angeles.

This early online community was at risk of being erased permanently when GeoCities was finally shuttered by Yahoo in 2009, but the nonprofit Internet Archive took special efforts to create a thorough record of GeoCities-hosted pages.

From A to Z

In December of 1998, long before Amazon became the well-oiled retail machine we know today, the company was in the midst of a massive holiday season crunch.

In the real world, employees were pulling long hours and even sleeping in cars to keep the goods flowing, while online, had become one of the biggest sites on the internet as people began to get comfortable with the idea of purchasing goods online. Demand surged as the company began to expand their offering beyond books.

Digital Magazine Rack

Meredith – with the possible exception of Oath – may be the most unrecognizable name to many people looking at today’s top 20 list. While Meredith may not be a household name, the company controls many of the country’s most popular magazine brands (People, Sports Illustrated, Health, etc.) including their sizable digital footprints. The company also has a slew of local television networks around the United States.

After its acquisition of Time Inc. in 2017, Meredith became the largest magazine publisher in the world.

“Hey, Google”

When people have burning questions, they increasingly turn to the internet for answers, but the diversity of sources for those answers is shrinking.

Even as recently as 2013, we can see that,, and were still among the biggest websites in America. Today though, Google appears to have cemented its status as a universal wellspring of answers.

As smart speakers and voice assistants continue penetrate the market and influence search behavior, Google is unlikely to face any near-term competition from any company not already in the top 20 list.

New Kids on the Block

Social media has long since outgrown its fad stage and is now a common digital thread connecting people across the world. While Facebook rapidly jumped into the top 20 by 2007, other social media infused brands took longer to grow into internet giants.

In 2018, Twitter, Snapchat, and Facebook’s umbrella of platforms were are all in the top 20, with LinkedIn and Pinterest not far behind.

5 Ways to Protect Your Personal Data in 2019

Personal data theft is at an all-time high. It is important that you take the necessary steps to keep your personal information secure. Here are our top five ways to help secure your personal data for 2019:

Be Wary of Phishing

Email phishing is a threat that affects both individual and corporate users.

Phishing emails often look like real messages from legitimate senders. However, the main objective of such emails is to lure important information from you. For instance, you may receive a message saying that your system has been hacked or that there is some problem with your bank account, and thus you need to enter your password into a given form or click an outgoing link.

Phishing emails often play with your emotions, trying to make use of the fake sense of urgency. However, before you enter personal information, you have to stop and think twice whether the situation is really that urgent.

Use Strong Passwords

Just like phishing, a strong password is one of those keywords that you have encountered quite often if you are online every single day. As annoying as it might sound, strong passwords ARE important if you intend to secure your personal data online.

All of the accounts that you have, from your online banking accounts to your social media accounts have to be protected with passwords. Many people reuse passwords for different accounts (after all, that is convenient), but it would definitely prove that your personal data is far from secure.

Reusing passwords is a bad idea. Another bad idea would be creating memorable passwords. The longer the password is and the more random symbols it has, the stronger it is. At the same time, we understand that maintaining a lot of strong passwords is quite a challenge, and therefore, we would like to recommend using an app that can generate and save passwords. LastPass is a perfect example that can generate, store, and renew your passwords, thus saving you the trouble of doing everything by yourself.

Consider Using Multi-Factor Authentication

What can be better than a strong password? Several strong passwords. Ask any security expert out there, and they will tell you that if a certain service offers multi-factor authentication, you should most definitely enable it. With multi-factor authentication, your personal data would be protected under several layers of security, thus making it harder for anyone to steal it.

Don’t Over-share on Social Media

Securing personal data is not just about protecting your social media accounts with strong passwords; it’s also about what you SHARE on your accounts. Although we often think more about our credit information and online banking information when we consider the steps we have to take to protect personal data, social media is actually just as risky.

Hackers do not necessarily have to steal everything in one try. It is very common to collect bits of personal data from different accounts and then piece them all together like one puzzle to steal your identity. So if you want to share something private, make sure you don’t broadcast it to the entire world.  Make sure to go through your followers or friends once in a while, to see whether you really know those people.

Don’t Forget to Update Your Software

This might come as a surprise, but your personal data security depends on the software you’re using, too. We do know that sometimes users turn off automatic update features on the apps and programs they use because they find it annoying, but those features are there for a reason. New updates aren’t there to take up your disk space. They are there to fix bugs and vulnerabilities that might be exploited by cyber-criminals. Therefore, to secure your personal data, you have to make sure that all of the software you use is up-to-date as well.

We can only expect to find more solutions to ensure personal information security in the future. However, an individual user will always have to do their part to secure personal data, so it is never too late to educate yourself about the steps you can take to prevent hackers from stealing your information.

Biggest Data Breaches Of 2018

It seemed like data breaches were everywhere in 2018, affecting everyone from a Canadian cannabis store to Chili’s restaurants. Yale even discovered and disclosed a 2008 data breach this year. The amount and types of data accessed varied, but each incident was another reminder of the importance of data security.

We’ve rounded up a few of the biggest data breaches from 2018 below.


One of the biggest data breaches of the year—and potentially of all time—was disclosed earlier this month. Marriott International, the world’s largest hotel chain, announced a breach of its Starwood guest reservation database and said that as many as 500 million guests could be affected. Upon investigation, Marriott found that there had been unauthorized access since 2014 and that an “unauthorized party” had copied and encrypted some information and “took steps toward removing it,” but the company did not specify how much data was removed.

Marriott said that for about 327 million of affected guests, accessed information included some combination of a name, address, phone number, email, passport number, Starwood Preferred Guest account information, date of birth, gender, arrival and departure information, reservation data and communication preferences.

My Fitness Pal

Under Armor said about 150 million users were affected by a data leak in the company’s MyFitnessPal app that occurred in February. Under Armor said notified users via email and in-app messages, and it was “working with leading data security firms to assist in its investigation.”

The company said “an unauthorized party acquired data associated with MyFitnessPal user accounts,” such as usernames, passwords and email addresses.


About 100 million Quora users were affected by authorized access to one of its systems by a “malicious third party,” according to the site. Quora said it was logging out all users who might have been affected in order to prevent further damage and notifying users whose data had been compromised.

Compromised information may include names, emails, encrypted password and data imported from linked networks.


A security vulnerability in the U.S. Postal Service’s “Informed Visibility” mail tracking and reporting service potentially exposed the data of more than 60 million customers. The postal service said it is not aware of anyone’s records being accessed, but the security hole has been fixed.

The service’s API could have allowed almost anyone with a USPS account to view other users’ account details and even access information such as when critical documents and checks were scheduled to be delivered to their mailboxes.


Among the many unfortunate headlines for Facebook this year was a massive data breach that exposed the account details and personal information of almost 50 million users. Facebook said they have fixed the security vulnerability and alerted authorities of the breach.

The hack was possible due to Facebook’s “View As” feature, which lets users view their own account as if they were a stranger in order to check post privacy settings, etc. The feature gives the user an “access token,” which allows them to log back into their account without resubmitting information, and hackers exploited this to harvest other users’ access tokens.

If you use the same login information and password for accounts across many different websites, hackers could potentially find your login in a data breach of a lower-stakes app and use it to access your account on something more important and private, like a bank account.

If you’ve been hacked, here are some steps you can take to protect yourself after the fact.

source:  security today

Charges made in ‘extensive’ global hacking campaign

The Justice Department on Thursday announced charges against two Chinese nationals on charges of participating in a global hacking campaign to steal technology company secrets and intellectual property, as well as the personal data of more than 100,000 members of the U.S. Navy.

Zhu Hua and Zhang Shilong are charged with conspiracy to commit computer intrusions and wire fraud, as well as aggravated identity theft, as part of years-long campaigns to steal from numerous foreign governments and dozens of companies. They remain at large.

Through a hacking group known as “Advanced Persistent Threat 10” or “APT10″ — as well as other names including “Red Apollo” and “Stone Panda” — the defendants stole information from at least 45 U.S. tech companies and government agencies, authorities said.

Prosecutors also accused the two of operating in conjunction with the Chinese government.

“China will find it difficult to pretend that it is not responsible for this action,” Deputy Attorney General Rod Rosenstein said at a press conference.

Read the DOJ’s charging document here.

The indictment says Zhu and Zhang engaged in technology thefts that began in 2006 and a campaign to steal intellectual property and other data from remote-access client-management companies that started in 2014.

Over the course of the latter campaign, the two accessed computers related to victim companies in “at least 12 countries,” the filing alleges.

“China’s goal, simply put, is to replace the U.S. as the world’s largest global superpower,” FBI Director Christopher Wray said at the press conference.

The defendants’ group allegedly stole information from at least 45 U.S. technology companies and government agencies. Most of the companies were not named, though the document says that the agencies targeted included the Department of Energy’s National Laboratory and NASA’s jet propulsion lab.

APT10 allegedly hacked into more than 40 computers connected to the U.S. Navy and stole confidential data, including “the personally identifiable information of more than 100,000 Navy personnel.”

They’re also accused of hacking three communications technology companies, three companies “involved in manufacturing advanced electronic systems,” a maritime technology company, an oil and gas company, and at least 25 other technology-related companies.

In a joint statement, Secretary of State Mike Pompeo and Homeland Security Secretary Kirstjen Nielsen said the alleged hacks “present a very real threat to the economic competitiveness of companies in the United States and around the globe.”

“We strongly urge China to abide by its commitment to act responsibly in cyberspace and reiterate that the United States will take appropriate measures to defend our interests,” Pompeo and Nielsen said.

The action comes as China and the U.S. are embroiled in volatile trade negotiations. The talks have already been complicated by Canadian authorities’ Dec. 1 arrest of Huawei CFO Meng Wanzhou, one of China’s largest companies, at the behest of the Justice Department.

The DOJ has indicted several alleged Chinese hackers in recent years. The actions are part of a “naming and shaming” campaign meant to hold Beijing accountable for alleged state-sponsored intellectual property theft from and espionage on corporations. However, the accused hackers are rarely extradited to the United States to face trial.

Later Thursday, the U.S. and more than a dozen allies are expected to condemn China for its alleged economic and technological malfeasance, The Washington Post reported.

U.S. allies including Britain, Germany, Australia, Canada and Japan will reportedly join that condemnation. Companies or institutions in each of those countries have claimed to be the victims of attempted cyber-security breaches by Chinese hackers.

New sanctions addressing China’s alleged cyber-chicanery are also expected to come Thursday, according to the Post.


source:  CNBC

Cloud – Is vital to business

The time to mull over whether selling cloud is right for your business has long passed; it’s now a requirement. But there are still right and wrong ways to sell cloud.

“The most important thing you can learn is to stop selling and delivering new stuff the old way,” Karl Palachuk, author and consultant for Small Biz Thoughts, told an audience of MSPs at The Channel Company’s NexGen 2018 Conference and Expo Tuesday.

Palachuk speaks from experience, as he has built and sold two cloud-focused managed services firms and sold millions of dollars’ worth of cloud services. There’s plenty of money to be made on cloud services, provided solution providers don’t resort to break/fix selling strategies and include managed services into their bundled offerings, he said.

“Too many people treat cloud like break/fix, which should be illegal because you’re waiting for your customers’ services to break,” Palachuk said. Partners who don’t participate in the maintenance of a cloud solution won’t earn enough recurring revenue on the deal.

Palachuk told MSPs to keep track of “soft” trends in the market, but know “hard’ trends, such as the fact that cloud is happening.

“Someone will sell the last server, don’t let that be you,” he warned partners.

As IT becomes more complicated, partners need to remember that they are consultants to their customers, and are there to make their jobs easier. One way to do that is by filtering down which vendors are good fits and coming to the table with bundled cloud offerings that include managed services, Palachuk said.

C Forward, a Covington, Ky.-based solution provider, is selling cloud services, including Office 365, file storage and off-site backup solutions, in addition to its IT consulting services today. The hardest part about selling cloud is still trust, said Brian Ruschman, president of C Forward.

“Trust is still a big issue, even though the cloud would seem old enough by now, and most customers would actually be much more secure if they made the switch to cloud,” he said.

C Forward’s cloud sales have grown quickly over the last three years, and the firm is bundling its cloud offerings today and earning recurring revenue on the sales. C Forward is also wrapping its managed services around cloud, Ruschman said.

Rejecting the popular idea that cloud technologies bring downward pressure on prices, Palachuk said that “you should charge at least as much as you did before — the cloud might be simpler, but that doesn’t mean it’s less valuable to the client,” he said, encouraging partners to raise rates.

“Your clients probably place a higher value on your services and reliability than you do. … You have to believe in what you’re selling.”

source:  CRN

Android Malware Steals from PayPal Accounts

What happens when you combine a remotely controlled banking Trojan with an abuse of Android Accessibility services? According to new research from ESET, you get an Android Trojan that steals money from PayPal accounts, even with 2FA on.

The malware reportedly disguises itself as a battery optimization tool, and threat actors distribute it via third-party apps. “After being launched, the malicious app terminates without offering any functionality and hides its icon. From then on, its functionality can be broken down into two main parts,” researchers wrote.

In a video recording, researchers demonstrated an attempt to steal money from a PayPal account after the user had logged into the app. While the researchers were analyzing the malware, the PayPal app attempted to send €1,000, which failed when the app requested that the user link a new card due to insufficient funds.

The malware also attempted to steal login credentials and used phishing screens in overlay attacks on Google Play, WhatsApp, Skype, Viber and Gmail. “The malware’s code contains strings claiming the victim’s phone has been locked for displaying child pornography and can be unlocked by sending an email to a specified address. Such claims are reminiscent of early mobile ransomware attacks, where the victims were scared into believing their devices were locked due to reputed police sanctions,” researchers wrote.

The attack against the PayPal app highlights the vulnerabilities of installing apps from unknown sources and demonstrates how easily an overlay attack can hijack a strong application.

“What is concerning is that this malware app can download other applications, so even though today’s attack is against PayPal, this attack could easily be re-purposed to attack any other application on the users mobile device.  What’s new for this malware is that it is not focused on phishing for the users credentials, although it appears to attempt to phish for the user’s credit card information, instead it attempts to directly attack the transaction by creating an instant money transfer to the attacker’s account.”


source:  Info Security

Protect Yourself from the Marriott Hack

Last week the hotel behemoth Marriott announced a massive hack that impacts as many as 500 million customers who made a reservation at a Starwood hotel. Marriott acquired the Starwood hospitality group in September 2016, which operates numerous hotel brands including Sheraton, Westin, Aloft, and W Hotels. But the intrusion that caused the enormous data breach predates Marriott’s acquisition, beginning in 2014.

Marriott says it is cooperating with law enforcement and regulators in investigating the hack, and the company hasn’t finalized the number of people impacted. It currently seems that about 170 million Marriott customers only had their names and basic information like address or email address stolen. But the bulk of the victims—currently thought to be 327 million people—had different combinations of name, address, phone number, email address, date of birth, gender, trip and reservation information, passport number, and Starwood Preferred Guest account information all stolen.

Some credit card numbers were also stolen as part of the breach, Marriott says, but the company did not provide an initial estimate of how many were taken. The credit card numbers were encrypted with the algorithm AES-128—a reasonably robust choice—but Marriott says the attackers may have also compromised the decryption keys needed to unlock the data.

All in all, it’s not a great situation.

“We deeply regret this incident happened,” Arne Sorenson, Marriott’s president and CEO said in a statement on Friday. “We are doing everything we can to support our guests. … We are devoting the resources necessary to phase out Starwood systems and accelerate the ongoing security enhancements to our network.”

A Historic Breach

Breach response experts told WIRED on Friday that the sheer amount of time the attackers had inside the system—four years in all—likely made the breach much worse than it otherwise might have been. Time gives attackers the ability to chip away at defenses, or simply learn more about a system to understand where the valuable data is. Even with encrypted data, like the credit card numbers in this case, an attacker with enough access could steal the decryption keys, or swipe sensitive data before it ever has a chance to be encrypted in the first place. Either scenario seems possible, given the details Marriott has released so far.

Marriott says a digital security tool flagged suspicious attempted access to its United States Starwood guest reservation database on September 8 of this year. The company investigated, and seems to have blocked attacker access by September 10, because it says that no customer data was stolen after that date. But Marriott also says its initial investigation didn’t definitively identify the scope of the problem until more than two months later, on November 19.

marriot hack biggest in history

Marriott says its own digital systems were not affected, only the Starwood side. Some penetration testers and network breach responders speculated to WIRED that Marriott’s acquisition of Starwood may have played a role in delaying detection if the companies were distracted by the larger topic of brokering the deal.

What You Can Do

Marriott is rolling out batches of notification emails to impacted customers. It has also established a call center and breach notification website, you can’t use it to look up whether your information was stolen, or how much of it. Marriott seems to be erring on the side of assuming that every Starwoods customer has been impacted. “If you made a reservation on or before September 10, 2018 at a Starwood property, information you provided may have been involved,” the company’s breach response page reads.

The company is also offering enrollment in the identity monitoring service WebWatcher for one year to anyone who thinks they were impacted by the four-year network intrusion. You can sign up now. The service alerts you if your information crops up online, including on the dark web. Enrollment also includes a reimbursement benefit for expenses related to fraud and identify theft, and unlimited consultation with identity theft specialists at the corporate incident response firm Kroll. The services are available to people in the US, Canada, and United Kingdom.

If you’ve stayed at an SPG hotel in the last few years, the standard advice applies: Enroll in the free monitoring, change your SPG password—and on any other account where you might have reused it—and watch your finances for suspicious activity.

The Marriott breach does have a slightly less common, though not unheard of, component of exposing hundreds of millions of passport numbers. These can be used to make counterfeit passports, a classic black market industry. But they can also be combined with other personal details about someone, like the data points stolen in the Marriott breach, to bolster traditional online fraud and abuse. And passport numbers lend an air of legitimacy to other information like name, address, date of birth, and email, potentially allowing scammers to open bank or credit card accounts in victims’ names.

Crane Hassold, senior director of threat research at the phishing defense firm Agari, points out that passport numbers can also be used to track someone’s movements. For example, US Customs and Border Protection offers a public database for tracking your travel history. Someone with your information, particularly your passport number, can run the queries, too. US citizens can renew their passports at any time to receive a new passport number, applying by mail or in person at an approved State Department facility. If you are years away from a passport’s expiration, you may need to include a letter with the application about your reason for renewing early.


source:  Wired

Make Mobile Security a Priority

Businesses with mobile device programs, whether BYOD or employer-owned, can definitely increase productivity, efficiency, employee satisfaction, and revenue. The key is to develop a mobile security plan to ensure your company and client data remains secure.

Here are a few ways to make mobile security a priority:

  • Hold mobile security training sessions: By training employees and managers on the importance of mobile security and how to prevent cyber-attacks, businesses can mitigate risk.
  • Have mobile policies in place: A mobile usage policy will ensure that employees know what they can and can’t access. This can bring security to the forefront when it comes to company mobile devices.
  • Require device best practices: Whether it is employer owned mobile devices or BYOD smartphones, having security best practices is paramount. Install anti-virus, and malware software, endpoint management software, and two-factor authentication.
  • Use encryption: Encryption can support your mobile security efforts, such as a Virtual Private Network (VPN). This is an additional layer of protection that makes it more challenging for hackers to access company and client data.
  • Schedule security audits: Security audits that are scheduled regularly is an important part of any business security plan. Ensure mobile is incorporated in that plan. This can help companies identify potential threats or breaches before they become serious.

Mobile security is essential to any business, especially since mobile device use in the workplace has become the norm. You may not be able to ignore the need for a mobile workforce forever and having mobile device best practices in place can help keep your company safe from cyber-attacks, malware, and other malicious attacks.

Give your employees the tools to be more productive, helping you meet your business goals. But also educate them on the risks of using those valuable tools.