Clickatell Resources

Download this two-factor authentication guide to discover: Today’s security challenges Why two-factor authentication via SMS? When should you use two-factor authentication? Checklist for choosing an authentication solution Introducing Clickatell Secure Download this guide now to start protecting your customers against today’s biggest cybersecurity threats.

Download this ebook about 2FA to learn: Why social media authentication isn't enough What two-factor authentication (2FA) is and how it works Why 2FA via SMS? Who's using OTP via SMS and two-factor authentication Risk-based authentication: customer experience vs security Use cases: 2FA in action A cheat sheet to implementing 2FA Download this ebook now to discover whether your system needs 2FA, and how Clickatell can help.

Trust via customer engagement In a world of nonstop data breaches, companies who build trust through technology are achieving new levels of customer engagement and growth. No one is safe: data breaches and hacks plague companies of all sizes. It’s gotten to the point where most consumers don’t think companies protect their data . It doesn’t help business - lack of a feeling of safety is the number one reason customers abandon online transactions, according to an Experian study . Still, many businesses don’t take the threat seriously enough. Speaking to TechRepublic, Svend Wittern, VP and head of industry business innovation at SAP, said that safety and security was one of the most “underestimated” megatrends transforming businesses. Yet, customers are trying to remain optimistic. In finance, more than 70 percent of customers believe new technologies will have a positive impact on their personal security, according to a Mastercard survey . This is why earning customer trust is an opportunity for companies to build a new competitive advantage. Secure customer communication in the digital age SMS has been around for a while, and there are compelling reasons why it continues to be a communication channel of choice for leading enterprises. It’s one of the most affordable, reliable ways to reach global customers, remaining more secure than email. In a post for IT Pro Portal , Ash Rust said carriers had been able to reduce the phishing threat in SMS, setting up hotlines for consumers to report suspicious texts. WhatsApp is another simple and secure communication channel. Better yet, your customers are already familiar with WhatsApp - they’re using the app to communicate with family and friends. All. The. Time. When you use a tool like the WhatsApp Business API , you’re surrounding the data with end-to-end encryption that protects your and your customers' information. Now you may have heard of the recent WhatsApp hack . Attackers exploited a vulnerability breaking into Androids and iPhones. The hackers remotely installed spyware, known as Pegasus, to steal data by placing a WhatsApp call. But here’s the thing, as soon as WhatsApp learned about the security hole, engineers went to work , releasing a patch shortly afterward and calling on users to update their version of the app. This is the kind of response and action you want from a vendor. An organization that takes immediate steps to close the gaps and communicates in an open and transparent manner. It’s the same type of accountability and honesty you need to deliver to your customers. A tool like WhatsApp goes hand in hand with a layered security approach. That’s because in addition to using secure, trusted communications channels, you must reassure your customers that you are taking measures to protect their data. In a piece by the Forbes Technology Council , Michael Goodwin makes the case for security audits. “All companies that have customer data should be good stewards but words are not enough to prove to customers you are being careful with their data. We are investing more in employees with security backgrounds and certifications as well as paying for independent security audits to share with our customers. Security audits by accredited organizations are well received by clients.” Build trust and deepen customer engagement with WhatsApp If you want to improve customer engagement, you have to earn their trust. WhatsApp can help protect your customer data, acting as a powerful defense against sophisticated digital dangers. You can learn more about how industry leaders are using WhatsApp and chat commerce to serve superior customer experiences .

AI and cybersecurity In an age where cyber hacks are targeting small businesses, AI-enabled cybersecurity solutions will give organizations a significant competitive edge. By 2021, it’s predicted that cybercrime will cost the world $6 trillion, according to new research . New tech powers sophisticated cyber attacks Worse still, is that SMEs - perceived as easier targets - are caught in the crosshairs. 67% of respondents in the 2018 State of Cybersecurity in Small and Medium Size Businesses study were attacked in the past year According to Malwarebytes , ransomware attacks forced 22% of small to medium businesses to stop operating immediately Now hackers are using AI technology to put a new spin on old scams like phishing emails and URLs. Analysis, however, predicts that this is only the beginning. Researchers from Darktrace said that criminals could soon use AI to deploy malware with the capability to exploit every network vulnerability. If certain vulnerabilities are patched, the AI could ‘decide’ to use a different technique which had success in similar target environments in the past. In one example from cloud security firm Cyxtera, it built a machine-learning based phishing attack generator, training the system on 100 million effective historical attacks. An average phishing attack could bypass the AI-detection system 0.3 percent of the time, but the new attacker got around the system more than 15 percent of the time. The rise of AI-powered cybersecurity But, as AI powers new scams, it can help small businesses fight back against cybercriminals. The findings of an IBM and Ponemon Institute study investigating AI and cybersecurity found that about half of the surveyed companies are deploying some kind of security automation; a further 38 percent are set to deploy a system within the next year. An article from the Boston Consulting Group examined the evolution of AI in cybersecurity, suggesting areas where AI can assist with strengthening cybersecurity measures. The development of automated systems can prevent hacks as AI techniques start using machine learning to harden defenses and deploy protection in real-time.  AI-based technologies are also being trained on large datasets, and taught what normal system activity looks like so that it can raise the alarm on suspicious incidents. AI cybersecurity firm, Darktrace, uses technology powered by machine learning and AI algorithms to protect the data of half a million students across Texas. The AI cybersecurity solution works by learning the “pattern of life” for each system user and device, and then detecting known and unknown threats. Ventures like INKY, an email protection startup, are coming to the market with AI cybersecurity solutions that use “anomaly detection algorithms” to identify and block phishing attempts and extortion attacks. That said, solely relying on AI isn’t an effective cybersecurity solution... for now. Companies find the most success in situations where AI work alongside humans. The Danske Bank uses an AI-based system to improve its fraud detection rate by 50%. The solution sees the machines working closely with human investigators. Companies are also encouraged to keep an eye on threats closer to home. Forcepoint uses AI technology to detect tone in employee emails and to flag employees with low-performance scores, suggesting this might alert companies to potential breaches. While this might feel like an intrusive approach for your business, it further demonstrates the types of AI tools which small businesses can use to enhance cybersecurity protection, as well as, ultimately, customer satisfaction. Keeping the focus on internal employees, business owners and security teams should educate themselves and employees on good cybersecurity practices. Stay ahead of cybercriminals to secure your business’s future Companies that invest in AI can protect themselves against sophisticated attacks and reduce operational costs. Many analysts refer to the evolution of AI in cybersecurity and cybercrime as a security arms race. To stay ahead of cybercriminals, you need to stay informed. Our article on the latest cybersecurity threats discusses the threat landscape.

Mock SMS cybercrime Hackers are exploiting human nature and the popularity of SMS to scam smartphone users, and this type of cybercrime poses dire consequences for your business’s brand - and bottom line. In January 2019, the National Student Financial Aid Scheme (NSFAS) revealed criminals were using SMS messages to target students. In a statement, NSFAS said perpetrators were posing as NSFAS representatives, sending emails and SMS messages asking students to update their account information. To combat the crime, the organization would no longer communicate with students via SMS. NSFAS reported a surge in attacks, and this hike mirrors global online security trends. With the rise of smartphones, fraud analysts warn of an increase in SMS phishing - or SMShing. The rate of successful mobile fraud - where the victim has clicked on a phishing link - has grown by 85% between 2011 and 2018. Mobile messaging fraud costs enterprises $2 billion per year, and in some regions about 20% of SMS traffic is fraud-related. So, what is SMS phishing and how can you protect your business and your subscribers against this form of cybercrime? First coined by David Rayhawk in a McAfee Avert Labs blog post in 2006, SMS phishing takes various forms, with one goal: stealing from the recipient. Here are some of the most common attacks: One type of SMS phishing asks a user to click a trojan link, leading to the installation of mobile malware that infects the user's phone. In another, users are asked to update account information and are taken to a login page that looks like it’s the user’s bank or a government agency . These messages will often be urgent, demanding the victim take action immediately to avoid losing access . When the login details are entered, the scammer has access to the account or the user’s personal details. So, what makes SMS such a popular channel for cybercriminals? There are 2.5 billion smartphone users , and text is the most used feature. Delivery is guaranteed and open rates exceed email by close to 80%. These are just some of the features that make it an ideal channel to engage in meaningful communication with subscribers and staff. But one should not be complacent about the possibility of scammers taking advantage of the same channel. Protecting your business against phishing Make sure you are aware of the latest SMS phishing attempts and share relevant online security updates with customers and staff. Inform subscribers about your SMS policy. For instance, if you’re a financial organization, let your customers know you will never send an SMS requesting their pin codes or sensitive account information. Educate staff about cybercrime and online security. In the BYOD (bring your own device) era, staff members access private organizational data from their smartphones, leaving company systems vulnerable to data theft and malware. Once a hacker has gained access, they can wreak havoc on corporate networks. This can devastate your business. Over 70% of customers would reconsider using a company if they suffered a breach, and 50% would switch companies, according to a Deloitte Consumer Review. All staff should install antivirus software, and there are also programs that will stage mock SMS phishing scams . As part of these simulated attacks, users are called and counseled on their behavior if they click on the “malicious” links in the text. To learn more about how you can combat cybercrime, read our recent article on how to respond to the skills shortages affecting the cybersecurity industry .

The GDPR (General Data Protection Regulation) has become a hot topic among businesses using cloud technology and storing consumer data. Businesses have been buzzing with news of what the GDPR could mean for their finances, information security, and marketing tactics, but few have noted why it’s important for businesses to adopt the standards set out by the GDPR. Below we look at why you need to make this move and what it will mean if you don’t. Reputational image GDPR compliance can work towards building a positive reputational image in the eyes of your clients. If an organization is shown to be aware of privacy and data protection, the chances are better that their partners and customers will continue their relationship. If you are seen to be non-compliant, this will almost certainly drive partners and customers away. Think of not-for-profit organizations and universities which gather data: if they are seen by the general public to be non-compliant, then they will lose credibility and their reputation will be tarnished. Recently, the Facebook fiasco has brought data protection to the forefront of many consumers’ minds and if your company is seen as not taking GDPR compliance seriously, this could have serious ramifications for your image. Data hygiene enables business growth Data hygiene means that you’re holding less data, and is the process of detecting and correcting corrupt, inaccurate, or old records from a database. The data is now more accurate and can be used for the correct purposes. This will save your business money in the long run, since you’ll need a less expensive IT infrastructure, as well as lower overheads and development costs. Due to these lower costs, you’ll be able to grow your business with the money you would’ve been spending on gathering and analyzing data. Putting privacy-by-design practices in place will allow data hygiene to become part and parcel of your business. The rights of consumers must be upheld Data controllers now have to consider consumer rights before undertaking any new projects, which some feel could hinder innovation. However, not embracing this could lead to a complete loss of trust from your consumers. Data controllers now have to consider consumer rights before undertaking any new projects, which some feel could hinder innovation. It’s true that innovation will become slightly more challenging but once data is reorganized and “sanitized”, there’s no reason why businesses cannot keep innovating. In some instances, there may be a slight delay initially in communication projects but marketing teams will adjust to the new guidelines fast and businesses will continue to use data in a responsible manner. The rights of consumers will have to be considered when businesses conduct Privacy Impact Assessments , which will change the way businesses use and store data. The Data Protection Officer could soon become the ‘consumer champion’ within the business, ensuring that the rights of the consumer are always upheld and publicized. Consumers will be able to switch providers because data controllers will need to provide ‘data portability’ when accounts are closed. All bases need to be covered Any new data that is collected must have a record of informed consent from every consumer. You’ll also need to ensure that you are able to justify your need to store the data. Consumers may become suspicious of companies that are not transparent. Once you have collected this data, you’ll need to figure out how you’ll be storing it. The ICO (Information Commissioner’s Office) can request a data audit at any time and if you do not have your data stored correctly or do not have the record of informed consent, you could be fined a significant amount, along the lines of €10 million. Adopting the GDPR means that your business is less likely to incur any fines or experience any data discrepancies. You can embrace technology and digitally transform The compliance benchmarks that the GDPR has set out are seen by executives as ‘goals’ they need to achieve in order to become a data-driven company, meaning that you can digitally transform your business and stay ahead of the curve. The massive growth in the amount of data that consumers are producing, combined with the technology that can extract actionable, predictive insights is allowing businesses to provide a more personalized experience to their customers. Coupling this with the GDPR regulations will allow your company to embrace technology and bring new products and services to the market quicker than ever. Businesses will also be surprised to see the incredible data protection services offered by companies such as Microsoft & Google. Your data will change from being quantity to quality based We mentioned earlier that data hygiene will allow businesses to grow, but what this will also mean is that your data capturing will focus less on quantity and more on quality. Your business will do away with digital waste and will be able to focus on the quality of the data you collect from consumers. With the enforcement of the GDPR, when consumers visit your website the first thing they will be asked is for their consent for their data to be captured. Some users will be unwilling to give you this consent, which means that those who do allow you access will do so willingly and will provide you with more meaningful data. It will ensure that your most valued customers are targeted appropriately when needed, increasing your profits and leads. GDPR is an opportunity, not an obstacle Many companies believe that the GDPR is a strategic opportunity to get ahead of the game and become compliant. Not only will this save time, but you’ll build your reputation in the eyes of your customers. By managing the changes sooner, you’ll be closer to compliance and you’ll be able to ease consumers into the changes you have made without creating confusion. You can build a streamlined user experience, with easy-to-understand consent options from your Information Security team. Your technology platform will be how your users interact with the implementation of GDPR, so it’s important that it helps to build brand trust and makes consumers aware of their new rights. Clickatell is dedicated to implementing GDPR principles and we’re currently working with leading legal experts to ensure compliance for our customers, and theirs. Read on for more information on what the GDPR is, what the guidelines are, and what you need to do next . You can also read more about how Clickatell is going about maintaining GDPR compliance .

The EU GDPR legislation explained Recently, a regulatory act was announced that affects many businesses as well as retailers using cloud technology to store customer data: the GDPR (General Data Protection Regulation). This regulation requires businesses to protect the personal data and privacy of EU consumers for transactions that occur within EU states. Non-compliance could cost businesses significantly, so read on for everything you need to know about the GDPR and how it could affect you. Related: How Clickatell is maintaining GDPR compliance What is the GDPR, exactly? The GDPR was adopted by the EU governing body in 2016 and has been enforceable since 25 May 2018. It is designed to update the existing Data Protection Directive, and businesses will be required to protect the personal data and privacy of EU residents. The act also regulates the exportation of personal data outside of the EU. The aim of the GDPR is to unify approaches to data security and privacy. Because the regulation is standard across all 28 EU states, companies have only one standard to meet, but that standard is quite high and most companies will have to make a large investment to meet this standard. The GDPR exists due to public concern over privacy and security of personal data and for years, Europe has had a much stricter view on how companies can use the data of their residents. In 1995, the EU governing body introduced the Data Protection Directive, which the GDPR will replace. The outdated regulations of the Data Protection Directive needed to be replaced due to the changes over the decades in how data is stored. For businesses, it is important to note that in recent data privacy and security report, 62 percent of consumers said they would blame the business for their lost or compromised data, rather than the hacker. If you deal with EU consumers, this is something to bear in mind. Not only applicable to EU companies The GDPR does not only apply to companies within the European Union, but companies that hold the data of EU residents will need to comply too. Compliance may be tricky, as the GDPR takes a wide view of what it considers to be personal identification information. Even if you are offering a free service, such as a website that EU residents can access, you could be subject to GDPR if you collect IP addresses or use cookies. The GDPR is open to interpretation, meaning that the governing body has a large amount of leeway when it comes to assessing fines and data breaches, even in non-EU countries. The penalties will be much more severe Data Protection Authorities (DPAs) will have the authority to issue severe penalties for breaches of personal data. One important thing to note is that there is a tiered approach to the fines under the GDPR. The maximum fine is 4 percent of annual global turnover or €20 million, while less serious infringements such as failure to notify a client about a breach are 2 percent of global annual turnover. These fines for security failings are much stricter than those already in place, and for those who use cloud technology, it is important to know how much you could be fined for being hacked with ease. Explicit consent is needed from consumers Companies will need to obtain explicit consent from their consumers to use their data, and will no longer be allowed to use drawn-out and confusing legal terminology to do so. Consumers will now also have the right to data portability, which means they are allowed to transmit their data to another controller. Consumers will also have more control over their personal data, such as being able to exercise their data erasure rights or the ‘ right to be forgotten ’. This means that Google, Facebook, Twitter, and other sites will no longer have the right to index information about you from the past. The GDPR will allow consumers to ask for old, inaccurate, or even just irrelevant data to be removed from search results. Why GDPR compliance is difficult in the cloud Organizations that process data through cloud services face some unique challenges in preparing for the GDPR rollout. This is because the GDP is complex in the cloud. You will have to ensure that the data protection services at all of the platforms you use, such as Dropbox or Salesforce, are compliant, which can be difficult. Some businesses use as many as 608 cloud apps , making compliance a veritable maze of confusion. A recent survey found that only 12 percent of almost 200 IT organizations understood how the GDPR would affect their cloud technology services. In order to ensure that their data storage practices comply with the regulations, these companies will first need to understand the implications of the GDPR on their businesses. Studies have shown that only about one percent of cloud providers give users encryption keys that the customer manages. Only a small amount of these providers have secure password enforcement that complies with the robust standards of the GDPR. Data controllers, also known as data owners, are banks, credit card services, retail stores, health providers, charities, membership organizations, and every other business that collects data from consumers. Data processors are cloud technology service providers. When the GDPR comes into force, both of these parties are responsible for protecting data and bear equal liability. Impact on the Information Security industry Much of what is included in the GDPR is what information security professionals have been touting for years. Two-factor authentication and encryption are security protocols that have been a part of many information security companies for years, but with the introduction of the GDPR, these will have to be improved and enhanced to meet the standards. While the legislation should not be anything new to those in the industry, the GDPR does change what products can be offered to clients, as well as what services they can make use of. Globally, information security products have been designed with ‘security first’ in mind, but this does not always mean that privacy is also first. The GDPR standards will now have to be built into any products developed by cybersecurity vendors, otherwise, they will be removed from the market. Information security professionals are, by nature, one step ahead of their customers when it comes to regulations and directives. This means that these experts will need to have a keen understanding of the new standards being released in order to help their clients comply with the new regulations. As an information security professional, you may have to undertake a few months of training to prepare for the new regulations that are being rolled out. The GDPR will require at least 75 000 data protection officer positions to be filled worldwide and filling the DPO position in a non-EU country could prove difficult. Clients may also ask to see if your DPOs and other professionals have the relevant qualifications in line with the GDPR. Where do we go from here? For many companies who use and store consumer data, the GDPR is a wakeup call to practice stricter data security measures, and for some, it has become a scrabbling race to put these into place. The deadline is looming, and with severe penalties, nobody can afford to miss it. The future of personal data privacy and security is positive thanks to the regulations of the GDPR, as it is geared towards consumer protection in a world where cybersecurity threats are rife and very real. Clickatell is working with leading legal experts to ensure that we maintain compliance with all GDPR requirements. You can read our updated privacy policy here , or read more about how Clickatell is maintaining GDPR compliance . If you’re interested in the ramifications that the GDPR could have for your business, read more about what the legislation and the ‘right to be forgotten’ could mean for data-driven marketing and customer analytics , or have a look at these 6 tips to ensure that your chatbots are GDPR compliant .

Chatbot GDPR With the GDPR (General Data Protection Regulation) looming over companies that deal with customer data, there are frantic questions being asked about how to make the technological aspects of businesses more GDPR compliant. One aspect that will need to change is the online chatbot, a tool which burst onto the AI scene and is not going anywhere soon. If you use chatbots as part of your sales and marketing strategies, you’ll need to address the processes you use to collect consumers’ personal data, as well as what you do with this data. Read on for a few tips on how to ensure that your chatbots are GDPR compliant. Use personal data for the stated purposes only This is vital for becoming GDPR compliant. Your online chatbot may be an informal way of collecting personal data, but it is still considered to be a data collecting and processing tool and so will fall under the GDPR legislation. This means that you are only able to use the data for the stated purposes, such as sending newsletters, emails, SMS marketing messages or contacting users on Facebook Messenger. Using this data for anything else runs counter to the GDPR guidelines, which could mean that you incur a large fine of up to €20 million or four percent of your global turnover . If you tell your customers that you will be using their email address and cell phone number to send them information about your services and products, you should do that and nothing more. Consent is key Chatbots and humans are better together , there’s no doubt about that. Your online chatbot most likely needs personal data from consumers in order to provide a personalized experience, but the most important aspect of the new GDPR regulations is that you need explicit consent from consumers to use their personal data. At the start of a conversation, your chatbot should provide users with a clear and easy-to-understand consent form to fill in. Gone are the days of lengthy and indefinable consent forms. Now, you need to make it clear to users how and why you’ll be using their data in order to get consent from them while using your chatbot. It doesn't have to sound ‘robotic’ but should be informational and easily understandable. Give users access to their information One of the points on the GDPR checklist for online chatbots is that you need to provide users with access to their information once you’ve collected it. Users need to be able to download all of their data in digital form by using a query and response format in your chatbot. They also need to be able to delete certain data if they wish. As well as being allowed access to their own information, users have the right to ask whether their details are being used for purposes other than what you have stated, such as for advertising purposes or campaigns. You should include this information in the chatbot’s conversation flow, remembering that chatbots are all about user trust. Hiding information not only tarnishes your reputation but can have serious legal consequences. Look back at your logs Reviewing your chatbot logs is important in making them fully GDPR compliant . It’s common for many web and messenger servers to keep different types of logs, such as access, error or security audit logs. These logs might hold personal data such as IDs, IPs, and even names. You are prohibited to store this data without explicit consent from users or if there is no legitimate reason to store this data. If you do have a need to store this data to improve your chatbot’s interaction with consumers, you may not do so unless you have explicit consent. Reviewing your logs will allow you to find any and all personal data and deal with it accordingly, which could mean fully deleting it from your system after the consumer has requested you to do so. AI cannot make important decisions alone Online chatbots use AI (artificial intelligence) to function and to provide a customized experience for each user. However, it is vital to remember that AI cannot make decisions alone, especially when it comes to legal queries or other significant decisions that could affect users. Your AI might be on par with HAL 9000’s intelligence (well, let’s hope not) but AI in chatbots is not able to make decisions such as whether or not a person is entitled to compensation for a legal dispute. If you want to make your online chatbot GDPR compliant, you’ll need to show users that a human had a hand in the making of these decisions. This is vital if your chatbot deals with claims that can significantly affect users, such as would be the case for insurance companies or legal professionals. Don’t forget to update your privacy policy One of the rules of the GDPR is that all companies utilizing consumer data need to have a clearly stated privacy policy which contains the following pertinent information: What information is collected? Who is collecting it? Why is it being collected? How long will it be used for? Who will it be shared with? How can consumers withdraw from the agreement to give their data? This privacy policy needs to be shown to users before their data is collected, so you can use a link in your chatbot’s conversational flow to share it with consumers or have a summarized version as part of your chatbot’s introductory greetings and conversation. The GDPR requires strict and secure data processing practices Once you receive that data from consumers using the chatbot, you’ll need to adhere to strict, secure data processing practices as set out by the GDPR regulations . You may even have to encrypt this data in such a way that if someone does manage to get their hands on it, it’s not available in plain text format. Your data processing practices need to be changed in order to have a compliant online chatbot, but if you already have strict practices in place then these changes may not be so drastic. Showing users that you’ll be using their data only in the way that you’ve said will build their trust in your business and in using your chatbots which can increase profits and success. It’s vital to ensure that you have explicit consent from users and that you provide users access to their data as well as the ability to delete this information if they feel the need to do so. Avoid using AI in your chatbots to make decisions alone, rather use humans for decisions that pertain to client information. Having a privacy policy is vital, so be sure to have this clearly stated before you collect any data from consumers. If you’re interested in more information, read our recent article detailing what the GDPR and the ‘right to be forgotten’ could mean for data-driven marketing and customer analytics.

Corporate information security skills shortage Information Security is experiencing a worker shortage which could result in extreme challenges in the protection of data across platforms such as cloud-based services, mobile devices, big data, and the internet of things. Cybersecurity threats will increase due to this worker shortage, which could be disastrous for any companies that deal with sensitive information. How to overcome these shortages Overcoming the information security skills shortage requires a strategic mind and an innovative way of thinking. Below are some of the ways you can combat this threat to the security of your data. Know your risk You should hopefully be at the level where you know that cybercrime and cybersecurity threats are a real danger to both businesses and clients alike. In order to make an informed decision on where resources are most needed, you must define which areas of your business are at risk and prioritize these areas. You can enlist the help of an external expert to ascertain these risks. Risk and security management needs to be high priorities for any business, especially in such uncertain times. You will need to consider your current risk exposure in order to be prepared to act when a security breach occurs. Develop a strategy If you have an IT department in your company, they will most likely be well-versed in at least the basics of information technology and information security. Your strategy should include extra training for this department in information security, as well as in communication, compliance, analytics, and business practices. An effective technological element you could introduce as part of your data protection strategy is SMS for two-factor authentication . This method works with a user’s mobile phone, wherein a user receives a randomly generated four or six-digit one-time-PIN (OTP), which they then enter onto the webpage they are trying to access. SMS for two-factor authentication is one of the most popular ways that financial institutions and online retail stores use to ensure data security for their clients. Delegate IT tasks The IT department is more often than not, one of the busiest and most overworked departments in many companies . Too many IT professionals are overloaded with unimportant work during the day, which can take their time away from trying to decrease the company's risk of cybersecurity threats. If you have enough IT staff, you should delegate the work between them, possibly on a skills-level basis where the most skilled are given important tasks and work down from there. There is also the possibility of outsourcing information security work to an outside security company or even simple task automation. Once you have lessened the load on your IT department, you will be able to offer training to those who need it. Educate other employees on risks Your IT staff are already well-versed in the risks that come with working and playing on the internet. But your other employees may not be so aware. Educate your other employees on how to operate securely on the internet by not opening phishing emails , to not download software without permission, and to create strong passwords and change them regularly. Due to the skills shortage, your employees need to be even more alert and aware online. Be sure to ask them not to perform online banking on a work computer and insist that ad blocking extensions and anti-virus software are installed on their work computers. If you are working in the Cloud, be sure that no harmful links or software is shared. Look for technology with advanced analytics Including advanced analytics in your security strategy will allow you to be forewarned of any possible threats. Think of artificial intelligence and machine learning as added extras to whatever processes you may already have in place. AI technology is used to look for indicators of compromise across your business network, both on the premises and in the Cloud. AI and machine learning will also allow your IT staff to work more productively and perform the important human-led tasks that go alongside information security. Technology is always evolving and including this in your cybersecurity measures will improve your chance of avoiding cybersecurity threats. Be prepared for cybersecurity threats Information security skills may be lacking at the moment but if you employ the correct strategies and prepare your company for any risks, you will be able to overcome any serious issues. If you are interested in improving your chances against cybersecurity threats, read on for further information .