Bringing the Drupal community to a common podium once again is the annual conference called DrupalCon 2021 which is set to take place in Europe. The 4-day event will take place virtually from 4-7 October. DrupalCon Europe 2021 is presented by The Kuoni Congress team, DrupalCon Europe Advisory Committee, local Drupal camps and volunteers to present the event.

DrupalCon Europe 2021 is expected to be the most comprehensive event with a diverse audience, creating an impressionable impact over entrepreneurs, developers, website owners, content strategists, and digital marketers.

Comprehensive Drupal Event for European community and beyond

DrupalCon is one event that elates the Drupal community. After all, this is a fully dedicated event for the Drupallites! The community has accomplished some of the most amazing things with Drupal 9 release. It’s obvious why there’s so much of hoopla around it. This is the easiest major version upgrade and comes with dramatically easier tools meant for end-users.

So much of it is happening. Aren’t you excited about the DrupalCon Europe 2021? If you’re curious and excited about Drupal 9, and want to learn more, register for the event and be a part of the grand Drupal community.

Come on fellas! Make some noise. It’s a week more.

Register today and enjoy all the frolic with your fellow Drupallites!

DrupalCon Europe 2021 is set to bring together communities from all across the globe to be a part of DrupalCamps through a single DrupalCon ticket.

Camp Experiences are customized where each one will create a different aura by crafting their own content, hosting sessions and conducting interviews and case studies.

The event is aimed at-

• Agency & Business
• Clients & Industries
• Makers & Builders
• Open Web Community
• Users & Editors

DrupalCon Europe 2021 Virtual Event brings in numerous benefits

• Experience local European events and DrupalCon
• Multiple experiences on 1 ticket
• Networking with different communities in camps
• Lesser screen time through a single event, different format and shorter days

The event will discuss about (but is not limited to) -

How Drupal fits all shapes, sizes and industries
The perfect Drupal recipe
Best practices, tools, features and future of creating web applications with Drupal
Using Drupal to reach digital goals of an organization

Important dates to mark on calendar

Call for papers close on June 28, 2021
Speakers notified on July 27, 2021
Draft Program published on August 6, 2021
Full Schedule posted on August 31, 2021

Drupal is an open source content management system which is written in PHP and was established in 2001 by Dries Buytaert. The CMS is known across the globe for its enterprise-level security features, advanced hosting solutions and interesting features which make it apt even for the government bodies to host their web applications on Drupal. Drupal 9 is expected to make it in November 2021.

Based on your persona, you can choose to attend the conference that suits you the best. The last call for papers is on June 28, 2021. Interested attendees must register for enjoying the opportunities where Drupal community meets and learns. 

A positive, collaborative and supportive environment within a firm can foster growth of an individual, I’d heard until I started my internship with Valuebound. When the off campus placement drive started in my college, I learnt about Valuebound, which is accredited as a brand for Drupal development. I searched and visited the website, and applied for the internship.

At the core of Valuebound is its principles - Empathy, Excellence and Continuous Learning, which became evident when I first sat for the interview process. It was smooth, and the entire interview process went on quite impressively.

Interning with Valuebound

I was inducted as a Software Engineer Intern with Valuebound for 3 months and it has been a great learning experience, hands-down. Valuebound has allowed me to develop my learning and coding skills. All the training provided and the assignment given was a super kick-off to any workplace. I feel proud to start my career in Valuebound because there have been lots of changes in my personal and professional life.

My logical thinking, along with coding has developed tremendously at Valuebound. I have started looking forward to taking tasks as opportunities rather than challenges. The projects assigned here need to be done within the given timestamp and that has kept me on my toes, but definitely helped me in picking the skill of time management. I have learnt about some useful features and key things associated with Drupal, development and site building, apart from decoupling and CKEditor. All of it has expanded my skills, for sure.

Valuebound Culture

All the trainers have remained very supportive in terms of coaching or for any assistance. All work and no play makes Jack a dull boy- is true for Valuebound. The interns here do not just learn, but also enjoy working. Being a newcomer to industries all the necessary assistance is provided. I personally never felt the FOMO.

I learnt gradually that personal relationships, and knowing people we’re working with lies at the heart of Valuebound. During my internship, I felt recognized and “valuable,” which formed a great experience to me just when I stepped into the universe of professionalism from the boyhood of college.

Financial companies hold valuable information within their web application; therefore, they are the prime target for cybercrimes. As technological advances, there will be an increase in the number of cyber-threats. When your business is on a legacy website, they no longer resist the sophisticated cyber threats. Enabling cyber hygiene can help you secure digital transformation, and all financial organizations must prioritize this. Reliable cyber hygiene practices can help the organization to detect and remediate vulnerabilities. A financial firm must meet customer demands for innovation without compromising security or compliance.

Let’s discuss the potential cyber threats

1. Ransomware 
Ransomware is one of the most popular attacks for cybercriminals. There are monetary benefits to this form of malware that encrypts files on victim systems. 

2. DDoS attacks
A Distributed Denial-of-Service (DDoS) attack is due to the overloading of traffic that flows into a site affecting its overall operations. When there is a DDoS threat then the website becomes vulnerable to other attacks as the web application will have little to no resistance. 

3. Phishing
Phishing is another malicious activity that cybercriminals are prone to do. They send out emails to trick employees into downloading malware payloads disclosing sensitive information. A phishing kit usually appears to be information sent from a trusted source; therefore, the employee opens the message and follows the instruction. Educate your employees about fraudulent emails. 

4. Web Application Attacks
Just like all businesses, the financial organization also relies on a web application to conduct its business operations. Whether you like it or not, most web applications are subject to malware threats due to the misconfiguration of security applications.  

How to Improve your Web Security?

1. Update your website
Enhance the accuracy and efficiency of your website for threat detection. It is must be your priority to improve your cybersecurity hygiene. Updating your website to an advanced version can help you monitor the performance of your cybersecurity. 

2. Monitor Third-Party Risk
Your business must manage all the third-party vendors for your cybersecurity. Conduct a third-party risk assessment that helps you to identify the potential risks. Generate a tolerance statement to help understand which of the vendors can cause a potential threat to your business. Your web application must classify third-party vendor information and send alerts related to your compliance. 

3. Securing Data
For every financial organization, data security is a critical business. Online banking surging on a day-to-day basis, and therefore you must provide data security. Prioritizing all potential risks is curtailed,  and it is ideal for your business to provide classified information. Your web application must classify information by its type, the sensitivity of the data, etc to help enhance your web security. 

4. Leverage Cyber Security Data
Integrating cybersecurity data tools enables you to understand the past and potentially prevent future attacks. Understanding your website insights prevents you from network vulnerabilities and helps you to stay ahead of other threat factors. With growing technology, cyber threats also are evolving, a business must take proactive steps to secure your data. 

5. Compliance
A financial web application must have total control of data that gets stored on their website. They must also ensure to wipe out data that gets stored, and it is critical for communication and financial regulated industry. MiFID II enables you to manage your security information that gets archived. The emergence of GDPR demonstrates you to secure a compliant web application. 

Encryption is the key to the security of an enterprise. Encryption helps you control system security, enables compliance of employee communication, protects all the data that gets stored in a financial organization. It is critical for businesses to up their cybersecurity to reduce the chances of cyber threats. Every day the cyber incidents in the financial sector, every organization must take steps to enhance their cybersecurity. If you are seeking help to optimize your web applications’ security programs to remain protected moving forward then, do contact us.
 

A Website is one of the most powerful marketing tools and when your website is no longer serving its purpose it is time to consider redesigning the website. After a few years of successfully running your organization’s website, you may be considering a plan to develop a new website. However, you do not need a whole new website as a company we are striving to solve business problems, maintaining, and upgrading a website. Most companies have developed websites with a strong foundation and therefore, reworking your existing website can save cost and be one of the efficient ways to lead your business to success. 

How To Identify If Your Website Needs A Redesign or Revamp?

  1. Branding Disconnect

Organizations need to change their branding over time to evolve with the changing market. As an organization, you must ensure to enhance your website with the same user experience. As a business ensure to create a positive experience for your visitors to convert them into a lead.

2.   Difficult to navigate

Navigation on your website is a critical aspect of web development. Users need to have an easy experience while they are on a website. If your website is creating any kind of disconnect at any level for your users it may create confusion and frustration for your visitors. This will also affect brand credibility. When website navigation is got its basic right a visitor will have a great experience. 

3.  It's not responsive and It needs new functionality.

In today's time, your website must be responsive for mobile devices. When your website is not mobile responsive it diminishes the value of your website. Your website needs to evolve with multiple tools that can simplify the life of your users. Integration of software and tools allows your business to scale.

4.  It’s a Legacy Website

Every website has a set expiration date and your website must go through an upgrade from time to time. If your website is more than 5 years then it is probably time for you to consider a complete revamp.

5.  Security solicitudes
 ​​​​

If you are on a legacy website it holds a lot of security issues as the existing code may not be of the advanced security standards. If you are on those businesses that value your business security you must consider redesigning your website security. 

6. Your website is slow with Poor User Experience. 

The speed at which your website loads affects your business heavily. This also affects the user experience. A functional website with a good user experience can enhance your business potential 2x. Ensure to test your website's load time quarterly to ensure that there are no issues that can hamper your business. 

If your business is facing any of these challenges, 2 or more then you must consider revamping your website to an advanced version to scale your business and improve your user experience. To upgrade or develop a new website contact us today, and we will be happy to review and share our insights. 

 

If you’re a marketer, chances are that you work in a CMS every day. You publish pages, blog posts, embed images and videos, add categories, connect profiles, and integrate software, but have you ever wondered what the days before CMSs were like?

Back in the 1990s, websites were static pages built on simple HTML text files that existed within a directory under an FTP web server. Years later, after Internet Explorer started supporting CSS in 1996, websites became more interactive and dynamic. 

However, building, uploading, and maintaining websites became increasingly difficult and the time was ripe for the emergence of content management systems for automating and streamlining the process. 

The early to mid-2000s witnessed an increasing professionalization of CMSs and they started to help people handle not only content but also business operations, intranets, and archives. 

From their inception, CMSs have been in the service of marketers, but not every CMS is created equal. 

Enter the headless CMS.

Why headless CMSs are a must for marketers in 2020 

Headless CMS removes the front-end delivery layer from the process altogether leaving only the backend, which works as a content repository. 

A headless CMS separates managing content from presenting formatted content, removing the interdependency of presentation and behavior layers. 

Headless CMSs are also API-first. That means they integrate content management tools via API. The headless architecture separates formatting from content and allows you to publish content to any device or channel. 

These are some of the features of a headless CMS that can help marketers: 

Publish non-web content 

Non-web content is information and sensory experience that’s communicated to the user using the software. It includes code or markup that defines its structure, presentation, and interactions. 

A headless CMS can help you publish non-web content in both documents and software, helping you build SPAs, for example. 

Publishing Content to Multiple Channels

While traditional CMSs can also publish to different channels, headless CMSs create content and push it through multiple channels using the ‘create once, publish everywhere’ strategy.

You can publish content across devices with a coupled CMS, sure, but it might require some tweaking. With a headless CMS, the multichannel approach is not something you have to think of; it’s already built into the design. 

Which means it helps marketers publish content faster and easier. All they have to do is create the content and push it everywhere.

Aggregating Content

In its simplest terms, aggregation means sourcing, normalizing, and making content available for consumers. Content aggregation is one of the things a headless CMS does best, especially when it comes to aggregating content at the point of consumption like in the browser or app.

Headless CMSs are particularly good at aggregating content because they have a better-defined content structure, which helps you map other source content easily.

Secondary Content Management

Since headless CMSs are, in essence, a database of content with an API to deliver that content to whatever channel or platform you aim at using, you can use it as a secondary system to store and access to different assets faster using an API. 

Also, you can use a headless CMS to integrate with other services your coupled CMS can’t, giving you another layer of flexibility to face your user’s needs. 

10 Headless CMSs (That Marketers Won’t Hate)

As Headless architecture represents the advanced development in the industry, we decided to review 10 headless CMS. To maintain credibility and neutrality, we analyzed the reviews from the popular website g2.com about these companies. The objective is to understand how they are perceived and assessed by clients across the globe. 

1. Agility CMS

Agility can help you be faster across all your digital channels. The CMS enables you to manage them all from one central platform and empowers your team with unlimited flexibility and scalability.

How Can Marketers Benefit From Agility CMS?

According to the reviews, Agility CMS enables teams to streamline communication and solve problems quickly and as they present themselves. Agility CMS is the fastest Headless CMS with Page Management and it allows editors to manage not only the content but also the structure of your website. Agility CMS allows developers to define Page Templates and Modules for the marketing team to use. 

2. Butter CMS

Butter CMS advertises itself as a CMS for marketers and business owners, emphasizing its ease of use and how its features can help you grow organic traffic and conversions in a no-code environment.

How Can Marketers Benefit From Butter CMS?

One of the things reviewers in G2 Crowd highlighted was how Butter CMS was capable of helping them revamp their websites quickly while keeping them relevant and SEO-optimized.

3. Contentstack

Contentstack advertises itself as one of the first headless CMS platforms to take the needs of business owners into account, helping them improve their content management using an intuitive, no-code interface. 

How Can Marketers Benefit From Contentstack?

One of the things reviewers at G2 Crowd emphasize the most is how Contentstack has enabled them to generate and produce content at scale even if they have thousands of suppliers across the world.

4. Crafter CMS

Crafter CMS is an open-source CMS that enables marketers to build all types of digital experience apps and websites. The CMS is backed by Git and enables developers and marketers to work collaboratively.

How Can Marketers Benefit From Crafter CMS?

According to G2 Crowd, Crafter is best used as a multi-purpose CMS for blogs, content sections, and augmenting products with headless delivery, which makes it a great choice if you’re looking for a robust secondary headless CMS to integrate with your existing solution.

5. dotCMS

dotCMS is an open-source CMS built on Java that enables marketers to make their content authoring more efficient, empowering both marketers and developers with the ability to create and reuse content to build connected, engaging, and memorable products.  

How Can Marketers Benefit From dotCMS?

One of the things reviewers emphasized about dotCMS is that the CMS offers strong intranet capabilities that help marketing teams remain connected to the rest of their teams and strengthen team productivity.

6. GraphCMS

GraphCMS focuses on providing content teams flexibility so you can focus on building better websites in less time. 

How Can Marketers Benefit From GraphCMS?

The reviews on G2 Crowd describe Graph as a CMS that enables marketing teams to publish content faster and at scale. Graph’s UI makes it easy for content managers with no coding experience to publish and distribute content.

7. Kentico Kontent

Kentico Kontent advertises itself as a Content-as-a-Service platform that empowers marketers to publish better content, faster. Kontent helps companies whose content is spread across systems keep things consistent. 

How Can Marketers Benefit From Kentico Kontent?

In this case, most reviewers in G2 Crowd see Kontent as a robust tool to create and update content as well as making comments and revisions. The tool lends itself well to the content creation process, even for marketers who hire freelance writers to create content for them. 

8. Magnolia CMS

Magnolia is a java-based, open-source, enterprise-oriented CMS that enables companies to scale by providing them with flexible integrations and great ease of use. 

How Can Marketers Benefit From Magnolia CMS?

According to G2 Crowd reviewers, Magnolia can help marketers by providing them with a centralized platform to deliver digital experiences to their visitors and clients. Magnolia enables marketers to create apps and launch new websites without creating new content, reusing existing assets to create omnichannel experiences. 

9. Netlify CMS

Netlify is a single-page React app that enables developers to create custom-styled templates and previews as well as UI widgets, and editor plugins with ease. Netlify enables you to add backends to support Git platform APIS, which makes it easier to scale and understand.

How Can Marketers Benefit From Netlify CMS?

According to the reviews, Netlify CMS is a great starting point for marketers who look for a lightweight, fast CMS that’s not difficult to understand but not so feature-rich either. At the same time, marketers can provide access to clients so they can manage the content themselves, which is something that small business owners might want.

10. Prismic.io

Prismic.io presents itself as a no-nonsense content creation tool that integrates seamlessly with most of the frameworks developers currently use, enabling developers to use the technology they know best so they can focus on producing better results.

How Can Marketers Benefit From Prismic.io?

The fact that Prismic.io is framework agnostic is one of the things that marketers seem to prize the most, according to the G2 Crowd reviews. Prismic.io can be a good choice for marketers looking to test new frameworks and tech stacks quickly and without hindering the content authoring process. 

Conclusion

Content marketing is evolving in its scope, features, and capabilities and it has become a crucial aspect of today’s business models to maintain a competitive edge. An advanced CMS can make your business model more agile and innovative. Choosing the most suitable CMS for your business is a vital decision and headless architecture can help marketers to connect with customers through multiple channels and to streamline their efforts.
 

In traditional web hosting, the hosting charge increases as the site or application traffic increases. Hosting companies take two variables into account - page traffic & the computing power needed. Most of the time when the site is content-driven, users are just reading the content. Only a small portion of users provide feedback by comments or in other forms that consume bandwidth of the server. So, we might not need the same level of increase in computing power compared to the increase in traffic.

But if we are using an enterprise application like Drupal, where traditional deployment architecture is used, we might require additional computing power as the traffic increases. Since hosting companies keep their pricing based on the number of page views or number of hits received by server or computing power (CPU+RAM) required to serve the traffic, hosting cost increases proportionally. In the case of one of our clients, the charges increased from $100 to $1,000 per month within a year, and it could again go up further. This puts a substantial financial burden on firms where revenue is not a direct function of page traffic.

Where to use AWS Lambda in Serverless Architecture

Consider the example where the users upload a video file into your Drupal site and the system creates a thumbnail for preview purpose. But many times, users log in to the site just to browse. So, it is a wastage of resources to keep your web server like apache waiting for the trigger event to happen so that it can execute the response action.

AWS Lambda is a solution to overcome this challenge. In this method, the code for executing the action, like creating the preview, is kept in a file. It is executed only when a trigger event happens, like the uploading of the video. Billing is only for the resources the program uses and the time taken. In effect, the server is nonexistent until the user needs it and hence it is called serverless computing or FaaS, function as a service.

Server tasks can be divided into smaller functions. Only a few of these functions need to execute code blocks. Lambda is a service that allows you to execute code without the need to manage servers. Lambda takes care of running code as a response to triggers like events, Http requests, or API calls. 

It manages the varying computing capabilities needed for different functions, and the number of users using the function resulting in smooth scalability. When we implement lambda in a Drupal site, it helps us in faster and efficient execution of functionalities like localization, personalization and content processing, etc.

Using AWS Lambda functions, we have seen a reduction in server cost by up to 70% without any compromise on performance.   

Basic implementation process to deploy Drupal with AWS Lambda

• We hosted the client’s Drupal website on an Elastic Load Balancer(ELB) 
• All the static assets were uploaded into a S3 bucket, instead of serving from drupal origin itself. S3 is the low-cost file storage service which can significantly reduce the EC2 storage size.
• Implemented a CloudFront distribution along with multiple lambda functions to distribute our dynamic and static content.
• Then the CloudFront interacts with the end-users for data exchange. 

From Monolith to Serverless microservices

Benefits of Serverless architecture

• Lower costs - Compared to traditional hosting, serverless saves the cost for the user as he doesn't have to pay for unused CPU time
• Simplified scalability - There is no need to set elaborate policies for scaling in serverless, as scaling can be handled on-demand.  
• Simplified backend code - In FaaS, we can create separate functions for specific tasks like making an API call. 
• Quicker turnaround - The time to market is much lower for serverless architecture due to the simpler deployment process to introduce new features and bug fixes.

The Challenges

We learned that serverless architecture can help us scaling without increasing the cost proportionately. But we should be aware of certain challenges in comparison to other Pass platforms we have been using, where the only thing we have to worry about is building our applications. A few points we need to keep in mind are -

• The technical team should be self-sufficient to handle the troubleshooting and security aspects of the application
•  We need to build our own deployment system, along with CI-CD tool to track and update multiple functions

Going Forward

Serverless architecture helps in increasing efficiency by using the principles of lean management and modularity. It is not a magic wand that will solve all your issues, but it puts your business in a better position to take advantage of technology. In the coming years, we can expect a lot of advancements in this field. The serverless architecture will witness wider adoption, due to the benefits of cost savings and scalability. 

Get in touch with us if you would like to know more about how your business can implement and benefit from Serverless & Cloud technology.

 

In the business world, mistakes are costly whether they happen in accounting, customer service, or advertising. But, when it comes to cybersecurity, even small mistakes or instances of overlooking have the potential to cause enormous damage to your business. Here is a list of mistakes committed by businesses in the past that were exploited by cybercriminals.

1. Forgetting the basics.

Citrix is a firm working in the security industry known for building VPNs for clients. It recently had a major security breach that was undetected for 5 months. The hackers had used the Password spraying method where a few common passwords are randomly tried at scale. This mode of attack works because many users have weak passwords that are easier to guess. 

Companies often invest in the latest technology but forget to ensure that basic safety practices are followed. Cyber hygiene practices like strong passwords and multifactor authentication provide the first line of defense against hackers. All the important data should be encrypted and the encryption keys should be kept separately. Employees should be made aware of the phishing attempts to gain user credentials.
             
2. Neglecting the vendor security systems

A recent study found that almost half of the data breaches are indirect, through channel partners and third-party vendors. A classic example is the Target breach in 2013 where personal and financial details of 110 million users were stolen. The hackers entered the system using the user credentials stolen from Fazio mechanical services which were providing HVAC services to Target. A company has limited control over the vendors and service providers. Hence, the supply chain is the weak link that becomes the preferred target of cybercriminals. 

While selecting partners and vendors, check whether there is any security-related incident in the past. Clearly convey your security requirements to the prospective partners and check their incidence-response abilities. To ensure secure cooperation with partners, a firm needs to segment its network and place strong access controls. Third parties need to access relevant data and processes, but they should be kept away from other core domains like payments. Sharing security-related Information and providing training to the staff of partner firms will help minimize the risk.

3. Not paying enough attention to securing Smart Devices 
                     
Users of Amazon Ring Home security camera systems raised several complaints about hackers accessing their devices. Security experts have demonstrated that smart devices like a TV or an air conditioner can be an easy target for hackers to get access. A recent study found that attacks on IoT devices have tripled in the last year and 99.9% of these were automated - using a bot, script, or malware. One major reason behind the breaches is the weak authentication of users.

It is important to remove unnecessary devices from the network and delete the old and unused apps. Change the default usernames, passwords, and settings. Use strong passwords and change them regularly. Do the research and check the reviews before purchasing devices. When you are selecting apps, read the privacy policy, and understand how they are going to use information gathered from users. 

4. Leaving the default credentials in applications
 
In the year 2017, the personal data of 14million Verizon users were compromised, including their contact information and account PIN numbers. The massive data leak happened due to the misconfiguration of an AWS server and the basic setting of access control was missing. These types of issues can happen because of a configuration that is the default, incomplete or temporary. Applications that were used in the initial production stages also might be present as a vulnerability.

Information systems have become complex with modern frameworks, hybrid data centers, Cloud storage, emerging technologies, and applications. Detailed mapping of the system is needed to track the processes and information flow. Better visibility will help to identify the unexpected behaviors of applications and to remove the ones which are no longer needed. A periodic audit by an expert team is crucial to minimize the risk because the systems are evolving continuously.

5. Missing patches and updates

Equifax is one of the largest credit reporting agencies in the world and it reported a massive breach in 2017 in which the private data of around 145 million users were compromised. Now, Equifax is set to pay consumers up to $700mn for damages. Later investigations found out that the data leak could have been prevented if they used a patch that was available for months. 

A Patch or a fix is a minor change made to the code to prevent a bug or vulnerability. The development team won't be able to foresee all the possible threats in the initial phase, and they release patches and other updates as vulnerabilities or bugs show up. It is the duty of the cybersecurity team to make sure that all the applications and software are updated to the latest versions.  

Conclusion

Avoiding these common pitfalls will reduce the risk of cyber threats and will keep your organization in a good position to counter the evolving tactics of cybercriminals. At Valuebound, we work with organizations to help them in securing their digital platforms, with a holistic approach. Do connect with us if you would like to know more about how we are helping our clients.
 

The world is facing a rising tide of cyber-attacks and one of the recent victims is San Francisco Airport. Small and medium-sized organizations often feel safe due to the wrong notion that hackers target mainly big businesses. What is the cost of being the victim of an attack? It results in the loss of Data, Money, Time, Clients, Reputation, etc. According to the National Cyber Security Alliance, around 60% of small businesses close operations within 6 months of being the target of cyberattack or data breach.

Chief Information Security officers (CISO) and the cybersecurity teams are fighting a tough battle during the corona crisis. Their situation is similar to those army leaders in the medieval times, trying to protect their forts from the attacking bandits, knowing that a small mistake or loophole can ruin the entire effort.

The defense strategy against cyber-attacks needs to be similar to the one we are using against coronavirus. We need a two-tier approach where institutions and experts lay out the strategic plans and enforce the procedures, while individuals need to strictly follow the security practices in their daily activities.

Individual Digital Hygiene 

• Use strong passwords and avoid the use of the same password for multiple accounts.
• Beware of emails from unknown ids and avoid clicking on links. To visit the website in the link, type the website name in the address bar. 
• Phishing emails and Social engineering ploys can be normally identified by poor grammar, emotive language, attempt to create urgency, requesting personal information, etc.
• To avoid the risk in Unsecured Data Transmissions, Use encrypted mediums like Signal or Wire to share critical information like passwords.
• Use only trusted sources like the World Health Organization, websites of TV channels or Newspapers to get information or updates on Covid19. New websites providing Corona information often have very weak security measures.
• Separate work and entertainment. Minimize the usage of personal devices for work purposes and avoid using work laptops for leisure. 
• Look out for early signs of a breach - a slowdown, appearance of new pop-ups or programs, some functions not working properly, etc.
• Report issues to the IT team or the concerned person at the earliest. A stitch in time saves a lot.

Organizational Strategies

• Educate all the verticals like finance and HR about the importance of allocating resources for Cybersecurity.
• If your organization lacks a dedicated security team, bring in external experts to review your system and to identify vulnerabilities.
• Update the security software and back up all the valuable data. Shift to better technologies and platforms which are secure by design
• Create a security strategy, and procedures and provide virtual training to all the team members. Discuss case studies of security breaches in the past to identify common pitfalls.
• Develop a graded approach where critical resources and processes are protected as the highest priority.
• Have predetermined alternate channels of communications among leaders and departments in case of an attack.
• Conduct Drills and simulations of emergency situations to test your contingency plans and resilience.
• Be careful in granting access rights to remote users and use multifactor authentication 
• Select your partners carefully because many attacks are indirect in nature, through a weak link in the supply chain like a vendor.
• Avoid a culture of blame, so that employees feel comfortable to report any issue or mistake as and when it happens.
• If the assets are of high value, consider cyber insurance which can cover the cost for the direct damages and the indirect losses.

Foolproof cybersecurity and regular monitoring is the need of the hour for any organization. As hackers are continuously changing their tactics, we also need to continuously improve our security systems to match the challenge. And what they say about health is true for security too. Prevention is better than cure.

At Valuebound, we work with organizations to help them in securing their digital platforms holistically, starting from taking care of best security practices during initial development to taking security measures after the platform is hosted on the webserver. Do connect with us if you would like to have a conversation about how we are helping our clients.

While Covid-19 is creating havoc across the globe, there is another lesser-known danger present in the scenario - cybercrimes. There has been an increase in the number of cyberattacks recently. Individuals, hospitals, labs, companies, governmental and non-governmental organizations are all targeted in this rising wave of attacks. 

Brno University hospital, the second-largest in the Czech Republic suffered a major cyberattack in March, and critical procedures including surgeries had to be canceled. Even the World Health Organization, which is at the center of Corona response, was the target of multiple unsuccessful attacks. Google has asked its employees not to use the Zoom app on their laptops due to security concerns.

The social situation created by Covid-19 is proving to be conducive for cyberattacks, resulting in one of the largest ever security challenges in history. What are the factors that make the current situation more vulnerable?

a) Work from Home - The major reason for the scale of this challenge is the millions of employees who have shifted to remote working environments. The firewall protection offered by the security network in the offices is missing, and on many occasions, personal devices are also used. Companies didn't have the time to plan remote working strategies on such a large scale.

b) Online Time - Under lockdown situations, people are spending much more time on the internet and devices for working, learning, entertainment, interactions, etc and it creates a higher chance to make mistakes. 

c) System burnout -- Our health and other public systems are working on a war footing and completely caught up with handling the Corona situation. It reduces their ability to defend or respond to security threats.

d) Stress and Anxiety -  The danger present in the situation and the uncertainty about the future makes people prone to making mistakes and irrational decisions.

e) First time Users - In the absence of regular shopping and entertainment options, many are trying online commerce, payments, and classes for the first time. These individuals, who are not familiar with the processes, are soft targets for hackers.
 
Hackers are using every trick in the book to obtain private data and to intrude into systems. Other than the normal phishing attempts, hidden malware is spread through Documents and messages with Corona information and updates.

Social engineering ploys are used where the hackers pose like the authorities or institutions for manipulation. Ransomware was used several times against healthcare institutions across Europe. In a ransomware attack, the hacker gets into the system, encrypts the data making it inaccessible, and asks for a ransom payment for the decryption

In our personal lives, we know how to safeguard our private data and financial transactions. But, in the new world where Remote working is widely adopted, we need to be much more careful about protecting all the work-related networks and systems including web platforms, intranet, extranet, and client portals. The security teams also need to take a proactive approach by testing their existing protocols and making contingency plans. 
 

World war 3 is happening. For a change, humans are not fighting against each other.  The entire human race is fighting against the novel coronavirus that has spread to more than 175 countries. The world is in a standstill and there is nothing in modern history to compare the situation with. Even though this is an evolving black-swan event, let us have a look at how COVID 19 is changing our lives, and what businesses can do to deal with the situation.

People 

In many countries, people are going through a lockdown period and getting adjusted to a new way of life. Healthcare professionals are risking their lives for the rest of us while a few others are sabotaging the fight by spreading fake news on social media. The initial anxiety was displayed in the empty racks in supermarkets and social media posts.

As the days went by, many started using the unexpected sabbatical to follow some creative pursuits and connecting through video calls. The quiet atmosphere and free time, along with the danger present in the situation is making many contemplate and reassess their lives and priorities.

Business 

From an industry perspective, parallels are already drawn with the great depression of the 1930s and the lockdown situation during the second world war. Stock markets have plummeted, businesses are shuttered, millions of job losses are expected. In industries like Aviation, tourism, hospitality, transportation, retail, etc, the revenues have dried up almost completely, compared to the partial declines in the past recessions. The global supply chain is broken at multiple points and the time difference among different countries in the spread of the disease makes it more complex. 

Online streaming and educational firms are seeing a boost in their usage. Companies working in healthcare and medical equipment are also seeing a rapid increase in demand for their products. Sectors like IT are holding up with remote working options while some players in the restaurant industry are trying to survive on takeaway business. 

Going Forward

If your business is struggling for survival, perform multiple forecasts and have different cost-cutting measures to match the various probable scenarios. It will help you to avoid panic and make data-driven decisions. You can use industry forums to collectively negotiate with the government or vendors for aid, extended payment dates, etc. Even though your business processes are not functioning normally, use social media accounts to be in constant touch with your customers.

If immediate survival is not your concern, this is the time to lay the foundation for the long term strategy and competitiveness of your business. If you are having downtime, focus on skill-building of your team and finishing of the pending tasks. Assign a dedicated team to drive these new projects. Be supportive to your customers in all possible ways and take part in the community efforts to fight the issues that the disease has brought. Develop a consistent and transparent communication strategy with periodic updates for all the stakeholders.

In the future, there can be pent up need for products, although discretionary and luxury spending might take time to rise. The corporate world would give preference to virtual meetings to save time and travel costs. The decision by the learning firm O’Reilly to close its business unit for in-person live conferences can be seen as an indication for the future. Tools and Technologies facilitating remote working will see higher demand in the industry. We can expect emerging technologies to play a major role in the healthcare industry in identifying potential risks and in formulating solutions.

The post corona world will see new customer requirements and expectations. It is an opportunity to be innovative and implement a Blue ocean strategy to gain the first-mover advantage in a new segment.

China is showing signs of recovery, giving hope to the rest of the world that normalcy can be restored in a few months. As we go through these testing times, let us keep a quote in mind from American author David J.Schwartz -  "Action cures fear".