Information security has become a very lucrative career now a days. Every organisation is trying to build their Information security team because of regulatory compliances, market competition and last but not the least increase of cyber security risk on information systems.
Information security is associated in every field of organisation and at least basic awareness is expected from everybody, however a skillset is required to govern and drive the whole Information Security within an organisation.
One can jump into information security at different levels of his/her career, irrespective of his/her educational background. To make it more clear let’s consider few scenarios here
- Anyone who is planning to get into Information Security can start their planning from higher secondary level. In this case the student needs to opt for subjects like Physics Chemistry, Mathematics and IT/IP. Then he/she needs to opt for BTech in Computer Science of IT or BCA(Bachelors of Computer Applications).You can start preparing during your graduation, start formal trainings like on Networks and Servers, and make your fundamentals strong. Gradually by the end of your graduation you can go for CEH(Certified Ethical Hacker), which is an introductory course in Cyber Security.With all these expertise and certifications one can definitely start their career in InfoSec.
Tip: If you are planning for any certification during your graduation do it in the last year because a certification has an expiry date(mostly 3 years from the date of issue)
- If you are not an IT graduate, say you are pursuing B.Sc. or B.Com or B.A., even then you can work in information security. You need to do go for basic trainings network and server trainings like Scenario One. A lot of hard work, dedication and perseverance can make anything possible. A CCNA, Red Hat Linux, Server Administrations and CEH certification will definitely be helpful.
- If you are a working in IT (Information Technology) and now like to switch to information security first generate skill sets in networks, servers and basic cyber security skillset like network security or application security. Once you have good knowledge of Cyber Security, now you can pursue ISO/IEC 27001 Internal Auditor or ISO/IEC 27001 Lead Auditor or Lead Implementer training. After successful completion of training and certification one can start career as an Internal Auditor, Lead Auditor or Lead implementer respectively. You can also work as an Information Security Risk Assessor or a third party auditor.
- If you are a senior level executive having basic skillsets of cyber security and you want a complete migration to Information Security domain, you can start with ISO 27001 Lead Auditor or ISO 27001 Lead Implementer, then gradually you can obtain CISA (Certified Information System Auditor) and CISSP (Certified Information System Security Professional). Certifications like CISA and CISSP are of very high value and one can be a top level information security executive like CISO(Chief Information Security Officer) of any organisation, however these position also requires managerial skill set along with technical skill sets.
- If you are working at a senior position in any organisation in Sales, procurement or any other non IT department and you are fascinated with Information Security and want to pursue your career in it. Yes, you still have chance. What all you need to do is generate a basic skillset in Network and IT infrastructure and you are good to go.
Later on you can learn basics of Cyber Security like Ethical Hacking and can pursue different Information Security Certifications like ISO 27001, PCI-DSS, GDPR etc.
- If you are an IT graduate then you can also pursue Masters in Information Security, after this you can directly start your career in Information Security as a Consultant. MBA with Information Security is a good way to start your career in Information Security. Organisations hire these candidates because they can work both in technical and not technical domains.
- One with a non-technical background and having interest in Information Security can opt for a career in Cyber Laws. After pursuing this one can work as a Legal Consultant with any organisation. This job is also in demand because organisation faces many legal challenges pertaining to Information Security every other day and they need consultants and experts who can guide them in different scenarios.
- If you are a programmer in your existing job profile, you can learn secure coding techniques and hence you enter in information security domain. Now a days many attacks are happening at application level, because of flaws in existing source code. Knowledge in secure coding will definitely be an extra edge for your career and can give you a smooth entry in information security domain.
- If you have an investigative mind set then Computer forensics is a good option for you. This role comes into picture when any Cyber Security incident happens in any organisation. A Computer Forensics investigator check the systems and finds out the root cause of the problem, and later on organisation can patch or implement another corrective action on the issue and can prevent recurrence. CHFI (Computer Hacking Forensic Investigator) is a popular certification for this career.
- If you have a good knack of teaching, you can start your career as Information Security Trainer after completion of your graduation and basic Information Security training. Training is very lucrative career among many experienced professionals as well. There are many professionals who are involved into part time training and thus can start their career in Information Security.
From all the above scenarios we can clearly see that Information Security is a path, one cannot attain it overnight. Moving ahead step by step will ease your journey. All the steps in this are equally important. One needs a strong dedication and determination. With our changing business scenario, where the aspect of threat and risk is changing every other day one needs to be updates with the current regulator and statutory requirements.
Tags: BTech, BSc, Cyber laws, career, jobs in cyber security
Keywords : Information Security, Cyber Security, Forensics Investigator, ISO 27001, CISA,CISSP, CHFI, CEH, CCNA.
Digital Marketing and Cyber Security Risk?
Digital marketing has now take cover the conventional marketing techniques. A digital marketing campaign involves, content writing, content marketing, and its promotion through social media, email marketing and customer relationship management. To fulfil all these requirements a lot of planning, time, effort and teamwork is required to produce great results.
However, this is essential for digital marketers to include cyber security measures to defend their IT assets, in order to make their digital marketing campaign successful as expected.
In a nutshell, cyber security is a major concern among digital marketers. Neglecting cyber security in digital marketing may result to drastic consequences on everything from a digital marketing firm‘s bottom line, to unsatisfied clientele, to endangering the online public at large.
There are vital points which the digital marketing firms should know in order to overcome cyber security challenges in digital marketing. To help keep digital marketers up-to-date with the latest security concerns online, we have gathered the following list of safety sore spots that they are likely to come across during work.
Common Cyber Security Mistakes done by Digital Marketers
Irrespective of the size of your brand or company, if you’ve presence, there’s a possibility you’ll experience a security breach. Digital marketers are not immune to this. In fact, since digital marketing acquired a broad audience, the risk has become higher. It’s crucial that digital marketers should stay up-to-date with the latest security concerns. Few common mistakes are:
- Not considering importance of cyber security in digital marketing.
- Revealing too much information(sometimes critical data) to the client while sharing the data
- Using weak passwords for digital marketing and social media accounts
- Clicking to malicious links and websites while sharing the data.
- Not updating their Word press or websites for common security threats.
- Not taking data backups on regular basis for the contingencies.
- Copying and sharing malicious links to clients.
- Not taking any formal and informal cyber security training.
- Not considering encryption like techniques while storing and sharing critical data.
Methods to overcome Cyber Security Challenges in Digital Marketing
Follow and Work with Cyber Security Firms
Digital Marketers should keep in touch with online Cyber Security firms to know about security-related issues. One can take professional help to find out the existing vulnerabilities in their systems. Digital Marketers can work with security firms on a regular basis to ensure their marketing solutions uphold all current safety standards.
Digital Marketing firms can get acquainted with online security firms by interacting with the right people from the industry. This will without a doubt give savvy marketers an edge over their competitors, by providing better information on potential risks of a given marketing strategy.
Update your Word press Updates
Word Press is the most frequent website used by Digital Marketers, and the most accessible means of attack for a hacker is to exploit outdated software components of such a site. Using out-of-date versions of themes, plugins and core site components is similar to leaving the front door of your house unlocked.
Digital Marketers would have noticed that in last couple of years, applications are downloading software updates all the time. This is generally to patch the unintended security loopholes security teams find in Word Press like applications. Thus, Digital Marketers using such applications should take care to update their software as soon frequently as possible. One can also enable auto updates in order to ensure your Word press remains updated date every time
User Account Management
User account Management is a critical part of digital marketing, since marketers sometimes get special user accounts to manage particular site features. It is very important to this in a responsible manner. Cyber threats often come from compromised user accounts, and since digital marketer accounts often have higher permissions, they pose a higher security risk.
Therefore websites owners should always lookout for suspicious user behaviour, including excessive access requests, changes in account information, daily downloads, etc. A digital marketer working for a website should try to access it from a single IP address, as access attempts from different IPs can be interpreted as a sign of suspicious behaviour
Use encrypted Email Marketing services
If any unauthorized user or hacker, logs in to an email account in a fraudulent way, they can send spam, virus infections and phishing emails to your contacts. And as ISPs and web search engines have highly active spam filters, they can blacklist your email ids which can put a ‘full stop’ on your email marketing future.
So, digital marketing firms should use software that will provide monitoring and security for their email messaging service through encryption. Also, a security audit from time to time should be done to keep your email system safe and secure from unwanted intrusions.
Implementing Password Management Policy
Having a good password policy and adhering its will definitely be helpful in digital marketers. Such polices will compel the digital marketers for using strong passwords and changing it on regular time intervals. Strong passwords are difficult to crack and less susceptible to guessing.
Secure your CRM adequately
A CRM(Customer Relationship Management) helps in building a strong relationship with your customers with an ease. So using a SSL(Secure Sockets Layer) protocol, like HTTPS on the website helps in keeping the data transfer in an encrypted form which makes it hard for unauthorized user and hackers to snoop into the access. Also, ensure that your CRM systems have strict data security policies in place for the staff while accessing sensitive data.
Handling Transaction Data Securely
Customer PII (Personally Identifiable Information), such as payment data is lucrative prospect for hackers, that’s why e-commerce websites are constantly being attacked
Viruses and malware are usually the culprit behind these attacks, so it is essential to have everyone working for the site acquainted with the proper anti- virus and anti-malware measures.
An additional layer of encryption should be used for files, that contains transaction data, ensuring that even in the event of a security breach, the compromised data will not be accessed by hacker or unauthorized person.
Social Media Marketing Security
Sometimes digital marketers share data irresponsibly over social media, which can invite trouble and might also grab the attention of hackers. It may also lead to a situation where the social media accounts are hijacked to spread malicious posts or fraudulent and embarrassing info that can spoil your online reputation.
So, digital marketing firms should establish a security policy for their social media activity like using strong passwords, preventing spams, blocking phishing scams, and avoiding suspicious add-ons or apps that may disburse malware.
Always give social media access to trusted employees and educate them on how to act responsibly and lessen risks. This will help in keeping the social media marketing campaigns safe from cyber threats.
Cyber Security is one of the most neglected thing in any online business and this includes digital marketing. By identifying what the threats are, what kind of damage they can do, and how to mitigate those threats is essential for succeeding in the business, so digital marketers should take special steps to work on the latest cyber security trends.
This era of digitalization and digitization, where every segment of businesses is using technology to provide services to customers, banking and financial industry has transformed their services by financial technology- FinTech.
Fin Tech were providing their services in the form of e-wallets, online and mobile payment systems (Paytm,PayPal, Apple Pay), virtual buying of stocks, etc. But the recent times did bring a bunch of new disruptors that will displace traditional e-commerce providers.Such new FinTechstart-ups are offering more efficient services, seamless customer’s experience, and free person-to-person payments.
FinTechs business can increase profitability and enhance a company’s performance while helping them improve customer service. FinTech also provide an opportunity for companies to expand their portfolio online while solving industry issues such as credit card processing, money transfers, or processing a loan.
But everything is not so smooth with Fintech business. There are few cyber security challenges and risk associated with Fintech business, which every FintechStatups shall be aware of.
What is Fin Tech?
Fin Tech is the abbreviation used for Financial Technology which aims to compete with traditional method of finance. There are many financial institutions consider this term as backend of their business and sometimes regular banking apps are included in this term.
Fintech business includes mobile payments, money transfers, loans, crowd funding, asset management and many other things.
In simple words-FinTechis the implementation of modern technology in traditional financial services and in the management of financial aspects in various companies and business. Anything from the financial mobile apps and new software installed, processing the money transactions and calculating business models.
Risk in Financial Sector:
Even, in general ,every individual and organisation , are worried about information and cyber security , conditions in financial sector is more critical and fin tech business take the issues more seriously. Some of the recent studies shows that banks are investing a large amount of their funds in designing and implementing security to safeguard themselves from cybercriminals
Few more areas of concern includes cloud based technologies, mobile updates and system upgrades. These findings show that cyber security is the most important risk which the Fin Tech companies are facing.
Cybercrime and Cyber security in FinTech Landscape
As FinTech start-ups and companies continue to disrupt the global financial landscape, a peculiar feature and perhaps their biggest advantage is that they are not held back or burdened by law, regulations, or existing systems. Also, they are more aggressive, more agile, and more willing to explore and make risky choices. But this total dependence on technology and adventurous attitude to aid financial services delivery may also be their greatest weaknesses.
Fintech firms are facing Cyber SecurityChallenges in following areas
FinTech firms mainly relies on applications that can access users’ financial profiles to perform a variety of real-time transactions. Applications are used by multiple persons and, are an increasingly common attack vector, and vulnerable code can be exploited as an entryway into financial networks.
FinTechfirms and Banking companies need to ensure that a secure application security strategy such as a virtual private network is in place to protect user data. This should include a web application firewall enabled with current threat intelligence to identify and mitigate known and unknown threats, as well as to detect and patch vulnerabilities
Network and Cloud Security
Like other organisations, manyFinTech firmsalso utilize cloud services to provide consistent, scalable performance with lower upfront costs, rather than the traditional network. However the cloud infrastructure shall be secured differently than a data centre or traditional network. Banks and FinTech firms must ensure that the same security standards they apply to their networks are applied in the cloud.
Along with detection and prevention, this security must also be dynamically scalable andadaptable to ensure that is can grow seamlessly alongside cloud use. Additionally, in order to secure financial data, FinTechfirms need to implement aloud access security, along with internal segmentation to improve data visibility while integrating industry security standards.
Inadequate Threat Intelligence
Threat Intelligence is another challenge for FinTechfirms, an integrated defence needs to be enabled with automated threat intelligence to become a holistic system. As FinTechfirms andbanks enter partnerships, it will be impossible for IT teams to gather and assess all of this threat intelligence promptly manually. Automation, artificial intelligence and Machine learning will be integral to this process.
Cybercriminals are already leveraging automation to make attacks more persistent and effective. Likewise, artificial intelligence, machine learning and automation integrated into network security tools enable the detection and prevention of attacks in real-time, allowing organizations to keep pace with cybercriminals.
Lack of Establishment of better Security Protocols
This is one of the most significant issues that FinTechstart-ups firms face is selecting best security mechanism, like securityprotocols to enhance encryption data. Inadequate security protocols, data is easily exposed, leaving companies vulnerable to attacks.
Tunnelling protocols used in VPNs are effective at encrypting FinTech data. Some of the best-known tunnelling protocols include:
- Point-to-Point Tunnelling Protocol.
- Layer Two Tunnelling Protocol.
- Internet Key Exchange version 2.
- Secure Socket Tunnelling Protocol.
These tunnelling protocols provide different levels of protection and provide security in different ways. FinTech should research and become more familiar with the different types of protocols and how to use them within a virtual private network – this is especially true in a financial environment where cyber threats are imminent and ongoing
Addressing Vulnerabilities in Information Technology Systems
Integration of multiple systems and technologies leads to multiple cyber vulnerabilities. When two systems that are not designed at the same time by the same developers often pose compatibility issues and challenges in security, given the limitations in technology. Technology Engineers face issues while integrating two different systems, sometimes engineers working on different systems doesn’t even know how the other system works and vice versa, which makes identification of vulnerabilities more difficult.
Cybercriminals like hackers exploit these vulnerabilities to gain access to the system.
Many cybercriminals gain access to applications and networks because of improper configuration during installation. There are other techniques that are often used like spear-phishing, where humans mistakenly open spam emails and download malicious attachments or enter confidential information into fake websites to which they are redirected. So this is important for all Fintech Statups to raise awareness of cybercriminal risks and educate the newly banked on digital and financial literacy to teach them best practices to ensure security when engaging in financial transactions online.
Lack of Compliance Regulations related to Cyber Security
Rapid growth in happening fast in FinTech firms. FinTechstart-ups are flexible enough to change and adapt to evolve alongside consumer demands, rapidly.They are flexible andquick partly because there are not the same regulatory rules as traditional financial services for them. However, there are no regulations are controlling the way start-ups conduct their business. This is making the FinTech firms vulnerable because, they can sacrifice cyber security in order to capture the market as fast as possible.
FinTech Companies are collecting and storing personal information, so they needs to safeguard customer data. Further the challenge of is the way they protect this data. Many of FinTech firms have adopted bank-level security measures and fine-tuned them for their digital platforms.
Use of secure applications , regular vulnerability assessments on networks and applications , patching the applications on time, using Secure socket Layer(SSL) encryption while transferring the data is the must for enhancing cyber security.Fintech can opt for ISO 27001:2013 (ISMS) for overall cybersecurity.
There is need of some strong regulation, which would inspire start-ups to invest some of that venture capital money into their security. As the FinTechindustry grows, so will their defence against breaches.
What is HIPAA?
HIPAA (Health Insurance Portability and Accountability Act) signed by US President Bill Clinton in 1996, provides data privacy and security provisions for safeguarding medical information.
HIPAA Act does the following:
- HIPAA reduces health care fraud and abuse.
- HIPAA acts mandates the storage, protection and handling of handling of medical data, ensuring healthcare data is kept secure.
- HIPAA Act provides provisions for storing patient’s healthcare information.
- HIPAA act is meant for protection and safeguarding unauthorised handling of PHI(Protected Health Information)
HIPAA compliance is a must for healthcare solution providers. HIPAA compliance guidelines are meant to safeguard patient’s health information, ensuring that it is securely stored and correctly used.
All the sensitive data which can reveal patient identity must be kept as confidential in order to adhere HIPAA. There are set of rules of policies and privacy which the organisation need to adhere to achieve compliance.
What information is protected under HIPAA?
HIPPA Privacy Rule protects a patient’s health information and any identifying information, in any medium or format—files, email, audio, video or verbal communication. Any of the following is considered private health information:
- Name of patient
- Birth date, death date or treatment dates, and any other dates relating to a patient’s illness or care
- Finger and voice prints
- Social Security Number
- Medical records numbers
- Telephone numbers, addresses and other contact information
- Any other unique identifying number or account number
Why HIPAA compliance is Important?
HIPPA compliance is a well thought of guidelines meant for safeguarding patient’s .Failure to this can put patient’s critical information at risk. Cyber Security breaches have catastrophic impacts on organisation’s reputation, also can leads to disciplinary actions and sometimes huge penalties and fines.
In past years ransom ware and malware attacks like WannaCry, Non Petya, have impacted millions of computers across the world, including healthcare organisation.
Hackers exploited vulnerabilities existing in the Network devices like weak passwords, outdated versions of Operating Systems which are commonly used in healthcare sector.
Since there is not adequate awareness and information security support in medical service providers, the attack was very easy to carry out.
Now a day’s everything is technology driven, so HIPAA also regulates some aspects of technology systems used to store, manage, and transfer healthcare information.
The organisations that fail to implement adequate system can suffer significant damage. If any data breach incident take place, the affected organisations has to submit disclosure documents for each and every breach individually.
WHO NEEDS TO BE HIPAA COMPLIANT?
Following is the list of the organisation which needs to be HIPAA compliant
- Healthcare providers, who stores data and process PHI in electronic form.
- Regional health care services,
- Medical practitioners
- Healthcare clearinghouses
- Healthcare billing services
- Community health management information system).
- This also includes any organisation which collects PHI from healthcare organisations and process it into an industry standard format.
- Health plans
- HMO (Health Maintenance Organisation),
- Public health authority,
- Medicare prescription drug card sponsors,
- Universities and schools which collects, store or transmit PHI)
- Business associates of all the above
- Any organisation which handles PHI in electronic format such as vendors, contractors and infrastructure service providers.
- This also includes organisations that store or destroy (shred) documents.
- Transcription services,
- Medical equipment companies,
- Auditors and
HIPAA PRIVACY, SECURITY AND BREACH NOTIFICATION RULES
HIPAA Privacy rules are Standards for privacy of PHI of individuals. The main goal of HIPAA rules is to protect medical reports and other PHI(Personally identifiable health information)
HIPAA privacy rules are applies to these types of organisations;
- Providers, supply chain (vendors, contractors) and service providers (data centre and cloud service providers). All healthcare Clearinghouses and health care providers shall be compliant.
- This rule also applies to healthcare service providers who conducts health related electronic transactions.
Accordingly to HIPAA privacy rule patients have legal rights over their health information.
Below are the fundamental rights of patients:
- To authorise disclosure of their health information and records.
- To request and examine a copy of their health records anytime
- To request correction to for the health records as needed
HIPAA Security Rule are the Security Standards for the protection of ePHI and is a subset of privacy rule only. This rule is applicable to electronic personally identifiable health information (ePHI), which shall be protected if it is created, maintained, and received by any organisation. Covered entities shall maintain confidentiality, integrity and availability of ePHI.
Covered entities shall adhere all safeguards to be compliant:
- Technical Safeguards:
Access Control, Audit control, integrity control, transmission security
- Physical Safeguards
Physical Access control, work station and device security, security of electronic media
- Administrative Safeguards:
Security Management process, Security Manager, Information Access Management System, training and awareness, evaluation system.
HIPAA breach notification rules
Even after having adequate security measures in place, there is a possibility of breach. For such cases Breach notification rules specifies how the organisations should deal with it.
First of all organisations should know how to define a breach. A breach is unauthorised use or disclosure of PHI forbidden by Privacy rule. The unauthorised use or disclosure of PHI is presumed to be a breach unless your organisation demonstrate there is a low probability the PHI has been compromised based on a risk and impact assessment of at least the following criteria:
- The extent and nature of the PHI involved, including the types of identifiers and the probability(likelihood )of re-identification
- The unauthorized individuals to whom the disclosure was made or who used the PHI
- Whether the PHI was actually acquired viewed or acquired
- The extent to which the risk associated with PHI has been mitigated
PHI breach notifications must be provided without unreasonable delay and no later than 60 days following the breach discovery. Notifications of smaller breaches which is affecting fewer than 500 individuals may be submitted to HHS (The United States Department of Health & Human Services) annually. The HIPPA Breach Notification Rule also requires business associates like vendors, suppliers, service providers of covered entities to notify the covered entity of breaches at or by the business associate.
As per HIPAA Privacy Rule, a healthcare data breach as well as failing to give patient’s access to their PHI, could result in a fine from OCR(Office for Civil Rights)
The minimum penalty for:
- Unknowingly violating HIPAA is $100 per violation, with an annual maximum of $25,000 for repeat violations.
- Reasonable cause for violating HIPAA is $1,000 each violation, with an annual maximum of $100,000 for repeat violations.
- Wilful neglect of HIPAA, but when the violation is corrected within a given time period, is $10,000 per violation, with an annual maximum of $250,000 for repeat violations.
- Wilful neglect of HIPAA, and the violation remains uncorrected, is $50,000 per violation, with an annual maximum of $1.5 million for repeat violations.
The maximum penalty for all of these is $50,000 per violation, with an annual maximum of $1.5 million for repeat violations.
Covered entities, organisations and individuals who intentionally disclose or obtain PHI in violation of the HIPAA Privacy Rule can be fined up to $50,000 and receive up to one year in prison. If the HIPAA Privacy Rule is violated under false act, the penalties can be increased to a $100,000 fine and up to 10 years in prison.
Entrepreneur, Filmmaker, Video Marketer
I started working with a Youtube channel called Sarphira this January(2019). Sarphira was creating comedy sketches around our daily life, I felt the content was really good but the traffic they were driving even after uploading some 15 videos back to back consistently was low, like really low.
This is what I was looking at two weeks in January. I was looking at a channel which has good content, which is consistent and is breaking their bone creating every video but barely getting any traction. The only question I had was where f#@k is my traffic?
In my first two weeks I vigorously tested for traffic, for content, for thumbnail, for niche and for relevant tags by making them upload very different videos back to back. The two spikes you see above are those uploads, Then in the third week I had a rough idea of what was going on , what will actually work and get us good traffic. And we uploaded one more video, It blasted, did 100k in a day!
Something worked, but what? so, I went in more deep and ran three more tests, one got me average traffic, one got barely anything and the third did the first million in three weeks of it’s upload date. I am not kidding, I have attached the screen shot below, check it.
I will tell you exactly what I learned working with Sarphira and helping them grow from 20k views to 4m views for next six months. First thing I learned was:
1. Understand Your Traffic
Understand what your traffic is watching, understand the most important difference between Google and Youtube, With Google you’ll grow fast if your content is unique in your niche while for Youtube you grow if you create content on basis of where “Your” traffic is heading, I will elaborate on that using a video we created around “Holi”, Indian festival of colors. Honestly, it was prediction that we were going to get good traffic for the Holi video.
How did we know that? We checked, how? using Google Trends, how? I will show you.
I went on google trends, searched for Holi keyword and checked when does the keyword starts gaining traction and how much traffic does it gain. Holi was on 2nd March in 2018 and Holi keyword started gaining crazy traction from 25th Feb. 2018 to 3rd March 2018 on Youtube, 25th March was 1 week prior Holi in 2018.
So, to gain good traction all I had to do was place my video under Holi keyword atleast 10 days prior, as we used to upload video on every alternate thursday, we had to upload on 14th March 2019 as Holi was on 21st March this year. What was the result? Check it for yourself!
2. Stop Sharing With Your Friends
But Why? Just imagine if all your traffic is just your friends? Yes, that’s definitely a good thing, you have good friend, now think of it this way, are you actually getting any traffic from youtube organically? Probably yes or probably no, how can you know it for sure? Eliminate all unpredictable factors from the equation. Yes, stop sharing with any unpredictable traffic source (including your friends & family).
3. Always Keep Your Eye On Your Analytics
This is the biggest mistake I made since we started gaining good traction. I did not track analytics for one of our recent video and guess what? I lost on a huge traffic bump, what exactly do I mean by keep a keen eye on your analytics?
Look at the above analytics, I recorded this a week after we uploaded this video. I was not checking it on regular basis, only if I had checked it we would have leverage on that major traffic bump. The conversion was barely 5% when I checked, I figured out what was the problem and the video blasted like crazy. I changed a few tags and changed the thumbnail. Look at it now!
4. Change The Thumbnail If Your Video Is Not Getting Traffic
With the above video the problem was the thumbnail. The Content Manager in Sarphira uploaded the video with a thumbnail which was not clear enough and we lost the game.
When we made the thumbnail change the traffic blasted, it grew five times faster.
5. Don’t Go Overboard With Tags
I have seen many accounts (even Sarphira) using tags which are totally irrelevant to the content they have created. I can understand why you may want to use all of the 500 characters but don’t do that, keep it focused on your content, your channel and your genre.
I will show an example from one good Youtuber called Vanessa Lau who grew really fast in the influencer niche. I haven’t seen any account yet who has more focused tags on their videos than her. Even my tags aren’t that focused majority of times, check out how she uses tags below and try as close as you can to follow what she does.
Look at her tags, she is ranking on every one of them and all of her tags are way focused than the tags you will find on any average video. I believe that is the only reason why she has grown her channel from 30k to 86k in mere 5 months. (the plugin I used to see her tags is called VidIQ, its free)
6. Your Description Matters
You might or might not have noticed this, the description is one of the way Youtube filters you content for the keywords you are trying to rank for. I will show you an example:
If you see the words I have highlighted, all of them are highlighted by Youtube too. Why? Because youtube has used the words in the description and matched it with my search query and then delivered them to me in search result. Use this tip to your advantage but again don’t go overboard with keyword stuffing, keep it subtle but don’t forget to include your keywords in the description.
7. Consistency Don’t Matter
Yes, It doesn’t. It might be hard for you to believe me on this one because majority of the big name on internet go hard on being consistent and uploading on a specified time and repeating it. But consistency drives traffic is the biggest myth for youtube, consistency don’t matter, I have uploaded in morning, at night, in afternoon and even in midnight at times. The traction I got for each video was totally irrespective of time. There was once when we didn’t upload for two weeks still the next video we uploaded got us around 8k subs. So, don’t break your bone and make a hole in your pocket in being consistent, trust me on this one consistency don’t matter. Create good content around where there is more traffic you ll grow leaps and bounds.
I hope this pushes you guys to either start a start Youtube Channel or helps you to scale on Youtube Faster. Let me know if this helps you, cheers!
Entrepreneur, Filmmaker, Video Marketer
Instagram : https://www.instagram.com/naam_production/
Linked In : https://www.linkedin.com/in/nikhjadhav/
Contact : 9833800854
Mail : firstname.lastname@example.org
Website : https://www.naamproduction.com
LIST OF COMMON CYBER SECURITY THREATS WHICH EVERYONE SHOULD BE AWARE OF
In this era where every organisation like healthcare, financial, logistics and transportation, Construction ,government services ,real estate ,retail etc. are moving towards digitization and digitalization, also becoming prone to cyber threats.
While everyone is talking about new regulations and compliances like Data Privacy, Information Security, GDPR etc., organisations are still unable protect their network and data from cyber criminals. Personnel Data theft news is making headlines every other day.
What the Cyber Security threat is?
In a layman term it is a malicious act which can damage data, steal data or disrupt digital life and ultimately impact organisation’s business objectives. These threats Masters of disguise and manipulation, and contently evolve new ways to accomplish their task of stealing, harming and annoying organisations. Organisations shall adequately arm themselves with resources and information to safeguard against complex and growing computer security threats and stay safe online.
These are common cyber security threats
What a virus is? A computer virus is a malicious piece of program that may disturb the normal functioning .Virus are often sent as an attachment with email ,with an intention to infect your computer system as well as all other computers in your network. Sometimes virus are hosted on websites, whosoever visits malicious website gets infected.
Examples of Computer Virus are: Browser Hijacker, File Infector Virus, Boot Sector Virus, Web Scripting Virus, Polymorphic Virus etc
What virus can do? A computer virus can attach itself to email attachment, pdfs, doc files, USB, pen drives and hard drives .Any file which contains a virus is called infected file. If the infected file get copied to computer, virus also get copied
- A virus can damage software and data on a computer
- A virus can slow down the system processes
- A virus can destroy all data by formatting the hard drive
- A virus can steal critical information like password from your system
- It can display unwanted advertisements
- It can disable security setting and close your firewall
- It can hijack your web browser and slow down the speed and can steal critical data
What a malware is:
A malware is a malicious program or software that infects your computer, such as computer viruses, worms, Trojan horses, spyware, and adware.
What malware can do:
- A malware can intimidate you by a pop-up message that tells you your computer has a security problem or other false information.
- A malware can reformat the hard drive of your computer causing you to lose all your information.
- A malware can alter or delete critical files.
- A malware can steal sensitive information like username and passwords.
- A malware can send fake emails on your behalf.
- A malware can take control of your computer and all the software running on it
What a trojan is?
A Trojan is malicious program that is disguised as, or embedded within, legitimate software. It is an executable file wrapped with some genuine program and software that will install itself and run automatically once it’s downloaded.
Example:Trojan- Banker, Trojan-GameThief , Trojan-Dropper, Trojan Ransom, Trojan-SMS, Trojan- Spy etc
What trojan can do?
- A Trojan can delete your files.
- A Trojan is used to create your computer a zombie or a bot.
- A Trojan can watch you through your web cam.
- A Trojan log your keystrokes (such as a credit card number you entered in an online purchase).
- A Trojan record personal information like usernames, passwords
What is a Ransomware ?
Ransomware is a type of malicious software that block the access to your computer system or your files, usually by encrypting it and displays a message that demands payment in order for the restriction to be removed. In many cases it comes with deadlines, if the victim doesn’t pay the ransom, the data is gone forever.
The two most common mode of spreading ransom ware are phishing emails that contain malicious attachments and website pop-up advertisements
Examples of ransom ware are: WannaCry, Crypto Locker, NonPetya, Bad Rabbitetc.
What Ransom ware can do?
There are two common types of ransomware:
- Locker Ransom ware: displays an image that prevents you from accessing your computer
- Encryption/Crypto Ransom ware: encrypts files on your system’s hard drive and sometimes on shared network drives, USB drives, external hard drives, and even some cloud storage drives, preventing you from opening them
Ransom ware encrypts the computer or data files and display a ransom/payment notification for regaining access. Once the ransom is paid, victim will receive the decryption key and may attempt to decrypt the files. Sometimes the victims never receives the keys.
What are botnets? Botnets -Botnet is a network of infected computers often known as zombies used for malicious purposes .This Botnet is combination of Robot and Network. So here the network of computer robots is used to perform cyber crime controlled by Cyber criminal known as bot masters.
Botnet is controlled by the originator and the infected computer might unaware of its being a zombie.
Example:IRC (Internet Relay Chat) botnet, P2P (Peer-to-Peer) botnet, HTTP (Hyper Text Transfer Protocol) botnet and the hybrid botnet
What Botnets can do?
- Botnet can be used to spread malicious emails.
- Botnet is used to spread malware.
- Botnet is used to perform Denial of Services attach
What is DDOS?
This is an attack a network of zombie computers us used to sabotage specific website or server. These zombie computer are being controlled for performing specific task such as making the website and server unavailable .In DDOS the attacker use the vulnerability existing in user computer
What DOS/DDOS can do?
The purpose of DOS/ DDOS attack is to make essential services unavailable, which can sometimes leads to server crash.
- Loss of data
- Loss of revenue
- Impact on business reputation
- Disappointment to users, they may never return.
- Compensation of damage occurred by DDOS.
What is Phishing?
Phishing is a social engineering attack used by cyber criminals used for gathering personal information of including login credentials and credit card details using deceptive emails or website.
Attackers create fake emails, text messages and websites which look like they’re from authentic companies. This is also known as “spoofing”
What Phishing can do?
By phishing hackers/cyber criminals trick you into giving them information by asking you to update, validate or confirm your account. It is often presented in a manner than seems official and intimidating, to encourage you to take action.
Phishing provides hackers/cyber criminals with your username and passwords so that they can access your accounts (your online bank account, shopping accounts, etc.) and steal your credit card numbers
What is Hacking? Hacking: Hacking is an attempt of unauthorised access to users computer by exploiting the existing vulnerabilities for performing fraudulent activities like personal data stealing , invasion in privacy, financial fraud etc.
What Hacking can do?
Hackers find out weakness in your system and exploit it for different purpose
- Denial of service Attack
- Electronic Fund Transfer
- ATM Fraud
- Identity Theft
- Stealing intellectual information
Ways to prevent Cyber Security Threats
- Educate employees and individuals about cyber security and its countermeasure
- Use inbound and outbound firewalls on your network. Change the default passwords and customise it according to your business needs.
- Take backup of important business information and data on regular basis, in order to maintain business continuity after crisis.
- Install and regularly patch antivirus and antispyware on every server and computers on your network
- Have a controlled logical and physical access to all your computer and network components.
- Always use licenced software and update the patches for Operating Systems and Applications
- Impose a password policy, use a strong password and change them regularly. Remember, weak passwords are prone to hacking
- If you are using Wi Fi at work, use WPA2 and above security. You can hide the SSID and don’t forget to use strong password.
- Don’t give Admin privileges to every employees. Network and Computers shall be run on Principle of least Privilege.
- Segregate your data according to criticality and appropriate security shall be provided by using DLP, Endpoint protection etc.
- Never click on suspicious mails and, never ever download from P2P and file sharing system
- Regularly scan your application and network for vulnerabilities, also perform penetration testing at least once in every year.
- Regularly monitor your network for suspicious activities
Using common sense is the best protection .One shall never download free videos, files or songs from suspicious websites, never click on suspicious links .Never ever share your personal data online. Be aware of what is happening around.Cyber threats are effective if and only if you have weaknesses in your system. More vulnerabilities will expose the system to threats and hence more risky, however less loopholes means less risk.
Remember Precaution is better than Cure.
CYBER CRISIS MANAGEMENT
A click on a malicious link, any unwanted services open, using any obsolete OS can be much more catastrophic for the organisation beyond one’s imagination and can lead to cyber crisis.
So what exactly Cyber Crisis is?
Cyber crisis is a situation of compromise, disruption or breach for the organisation’s critical information systems and data which is often known as Cyber Security Incident but these are beyond just incidents which can impact the reputation, financial outcomes and sometimes end up facing huge penalties.
Few of the Cyber Crisis situations are
- Breach in networks
- Credit card data or health data stolen
- Personal data compromise
- Denial of services
- Website crash
- Email hacking
- Zero day attack
Few of the very famous Examples of worldwide Cyber Crisis are:
WannaCry: In 2017 this ransom ware infected computers and encrypted content of hard drives and demanded ransom in order to decrypt the same. Many organisations suffered by this attack.
NonPetya:This is again a ransomware started phishing spam in 2016 which affected master boot record. It has also impacted many organisation having the vulnerabilities.
How to Develop Cyber Crisis Response Capabilities
- Identification of the key stakeholders at executive level from legal, finance, IT, Information Security and Physical Security and formulate a Crisis Management Team (CMT).
- Roles and responsibilities of each stakeholder shall be clearly defined, documented and communicated.
- Identify different scenarios of crisis and evaluate all the aspect by performing “What if” analysis and prepare responses accordingly for all the possible scenario. Organisation can take help of internal and external stakeholders as well as some expert consultants for this.
- Procedures for communication during any cyber shall be prepared according to different compliances pertaining to the organisation. These shall be readily available in case of contingency.
- Communication plans for external stakeholders, customers, media and external agencies shall be prepared.
- All the responsible stakeholders shall be trained and evaluated by performing drills or table top exercises on regular intervals.
- Identification of forensics experts within the organisation or some expert external agency like CERT for performing forensics and malware analysis to check the degree of damage done by incident.
- Last but not the least have someone who can handle the media for PR and as well as negotiate in case on ransomware.
Cyber Crisis is just like any other Information Security Incident, which can become a disaster if not addressed properly and diligently at right time. Cyber crisis can lead to huge penalties and business loss.
Cyber Crisis has following impacts:
- Damage to company reputation and brand image
- Loss of sensitive data and intellectual property
- Loss in business opportunities
- Cost of replacing the systems.
- Penalties from regulatory bodies or contractual compensation
List of few known Cyber Threats
- Trojan Horses
In a nutshell Cyber Crisis Management Plan help the organisation to manage post crisis chaos. When everything is defined and everyone is trained to handle the adverse situation like cyber crisis it becomes much easier to resume business operations. Sometimes few situations are unavoidable even after having a robust system in place, CCMP help the organisations to deal in such situations and thus helpful in Business Continuity purpose.
10 Tips For Cheap Travel Around The World
I’m always looking for tips to help travelers save money! Here are some tips to help you travel for cheap. Most of us love to travel and explore new destinations, but a lot of things hold us back. Of these, money is the most frequently cited factor. It’s the only thing that prevents most of us from Going out and exploring exotic lands. This article is for all those who think that you have to be rich to travel. There are many ways to travel cheaply in any country and save money. Here are 10 tips that will help you see the world on a small budget. You can find more travel tips at
- Plan your trip
Before traveling, it is important to research the destination. Knowing a little about the country, its people, its culture, its customs, its food, etc., you will avoid a lot of problems. A little research will let you know the expensive cities that may need to be avoided. Similarly, you must also plan the places you will visit and the time you spend there. Traveling with a plan is especially important in case you are a budget traveler, because planning everything in advance will save you unexpected expenses.
- Choose wisely your airline
Flying can be very expensive if you do not choose the right airline for your trip. A cheap airline can save you money if you are smart enough to avoid extra costs. Additional fees may apply if you are looking for better benefits, such as the seat of your choice, or if you want to settle together if you are traveling in a group. Baggage fees may apply, even if you do not check in your luggage. Cheap airlines can save you money if you are willing to sacrifice some comfort. I invite you to read these few secrets to find cheap airline tickets before you search.
- Travel out of season
Traveling in high season can cost you more money, so it’s wise to avoid trips in high season. Prices of airlines, hotels and food increase during school holidays and at occasions like Christmas, Easter, Eid and Diwali. You can save a lot of money because airlines and hotels reduce their prices to attract customers out of season. In addition, you also avoid crowds of tourists at your destination.
- Eat local food
For travelers on a budget, it is advisable to eat what the locals eat. Overpriced cafes and restaurants can cost you a lot of money that you could otherwise save by going to local places that serve fresh meals. This way you can get a much more authentic experience. In addition, it is best to avoid eating near famous tourist attractions because the food is necessarily expensive. Cooking yourself or preparing a sandwich or hamburger can save you a lot of money.
- Save money on transportation
Transportation is a major factor that consumes a lot of our money on a trip. Becoming familiar with the public transportation system can save you a lot of time and money. Local buses and trains are cheap and offer more opportunities to meet and get to know the locals. Services like Uber can also be used because they are cheaper and more reliable than local taxis. Having a means of transportation is a better option if you plan to stay in one place for a long time. Buy a car or bike to avoid the hassle of public transport, although this can sometimes become more difficult, but that’s why we travel. You will be challenged every day; You will be faced with a breakdown, a puncture, you will lose yourself, but you will learn every day during this kind of trip. In addition, it can be more adventurous because it allows you to occasionally camp, sleep in your vehicle and save money that will otherwise be spent on the hotel. At the end of your trip, you can resell the vehicle and recover much of your money spent on transportation.
- Use community platforms
Using a community platform can save you a lot of money because you can find cheaper accommodation, meals and transportation. Sites such as Airbnb (for accommodation), EatWith (meals), BlaBlaCar (carpooling) have transformed the travel industry by making it much cheaper and more accessible. You also get in touch with the locals and learn a lot about the place.
- Use travel discounts
Never forget to use the travel discounts that exist on the web. If you have a promo code, you can save money on flights, travel, shopping and a host of other things around the world. There are many sites doing some research, you can see all the Go Voyages discounts on this site for example. GO Voyages is one of the largest online sellers of airline tickets in France and offers a wide choice of flight deals, at the best prices and from cities around the world and with this kind of travel discounts you can save up to 40% discount or deduct 100 € on your ticket.
- Walk more
You do not need to take a taxi or public transport to get anywhere, especially when you want to save money. If the place of visit is within a reasonable walking distance for you, go there on foot. As you walk through town, you will experience immersive and culturally enriching experiences.
- Work while traveling
There are countless opportunities to make money nowadays. All you need is a laptop with a stable internet connection. With the increasing penetration of the internet, <a href=”https://www.careermetis.com/actionable-tips-successful-freelance-career-2019/”>freelancers</a> can now earn a lot of money by living anywhere they want in the world while traveling. You can also make money without a long-term job, for example teaching skiing in winter or a language in another country. The opportunities to make money are many if you put in a little time and effort.
- Be flexible with your plans
When traveling on a limited budget, it’s possible that things are not going as planned. Bad things can happen to you from time to time, and you should be ready for that. You could end up in a bad situation and lose money; you might not get a refund for something that would have been insured. When such misfortunes occur, you must accept the changes and adjust your plans accordingly.
When people think of shared coworking spaces, the image that comes to our mind includes freelancers or solo-entrepreneurs, but the fact is startup teams or even big business are also moving towards shared working environments.
Now, the commercial offices are transforming into new and more collaborative workspace design architecture and now many of the businesses and even enterprises are feeding the demand for #coworking trends.
‘Workplace for future’, ‘Alternate office’ or ‘flexible offices’ – these are many synonyms of coworking shared spaces. It started a few decades ago as an innovative solution for freelancers and young startups have now become a #trending thing. According to the latest research, more than 1 million companies have started using coworking spaces for their business operations.
There is a shift towards enterprising moving towards coworking spaces such as tuition centers, research labs, or satellite office, etc
Let’s dash into some of the values that ingenious startups get from working out of shared coworking workspaces.
#1 Shared Offices Encourage More Connections with fellow workers, Which Also Increases Productivity of business:
One of the most fascinating facts of coworking shared space is that you can meet people of different interests, different mindsets, different culture, etc., which can help you grow as you can get new ideas or new thought for any kind of a problem. You can also grow your team by connecting with people around you, there are freelancers who are also using coworking spaces for their work, or you can grow your business by connecting with other business owners who are using that space along with you. You can also call other fellow members of shared space to your product launch which in returns helps to get more productivity to your business.
#2 Look the Part with a well Equipped Space that Impresses Clients, Job Candidates, and Investors:
when you are in the first few years of major growth activities of your business, then having a professional meeting/conference space is required. Coworking spaces raised popularity because they understood how much it is important to have a well-structured office for meeting up your clients or investors.
Having the right ambiance and the right environment is the key to business success. As bringing investors or clients to clean, fully-equipped with modern technology, a conference room with a whiteboard and round table and stylish office with good interior can build trust and confidence.
This Might help you get a handsome amount of funding for your startup or your business. Moreover, this attracts the youth to join your company as you have such a healthy environment around you.
#3 Take Advantage of Low-Commitment with High Convenience:
Most of the coworking shared spaces offer monthly, daily or hourly memberships with amenities such as high-speed wi-fi facility, free tea/coffee, meeting rooms, conference rooms, cafeterias, printer facilities, etc, hence helps you in keeping your business overhead costs to a minimum. You can even customize your package as per your requirements like you know you do not need a conference room or tea/coffee services then you can go for customized services as well.
Big Businesses are also using coworking spaces as they don’t have to manage anything of their own such as a power cut off, wifi bills, Tea/coffee bills, fixed tenure agreement, etc. They can completely focus on their business and can make it a huge success.
#4 Innovation options for your Business:
Coworking shared spaces also provide an exhilarating environment to innovate and harness their creativity. Tech & IT companies are always in an infinite “war for talent” situation. Finding the right and topmost talent is an extremely difficult part. Individual factors such as the working place and other benefits can make a huge difference.
By providing the coworking shared space for their employee, staff can decide exactly how, where and when they choose to work, ultimately helping in increasing the productivity, morale and also encourage the innovation out of the box from the team.
Coworking work culture represents a modern lifestyle, which attracts the young and energetic generation. Nowadays companies want energetic and innovate people who can think beyond the way normal people think. When you do not have to worry about anything around you can focus on your work in a more efficient way.
Category: Patient Rights
“Clinical Diagnosis, The contemporary, hands-on and real-time analysis”
Medicine is an inexact science. We are accustomed to this concept in its various dimensions & coloration. The articulate doctor would say that he will apply all his professional expertise for the therapeutic relief and management of his patients follow the universal protocols and practices but nevertheless, the outcome and results may still be eventful! The nature of the anatomical anomalies, physiological changes, aggravated pathology, terminal or palliative stage of the disease and curable or treatable form of its manifestation may ultimately bring in to picture the real-time patient care or lack of it. (The Present Article is a humble attempt to illuminate the interpersonal relationship between the doctor & the patient)
The first and foremost tool at the command of a physician is the pair of hands and the pair of eyes which the Mother Nature has bestowed upon him. The undergraduate course in its curriculum carries the sharpening of visible perception of the subject (patient), the physical appearance, the tell-tale signs and presentations escalated by the symptomatic jugglery of the disease process magnified into a provisional or conformed positioning or likelihood of the issues which the patient is suffering from, in other words, known as ‘diagnosis’. The course of treatment may start with, the accurate diagnosis of the patient. The timely ‘diagnosis’ of the patient and the skillful picking up of other alerts like the co-morbid conditions. (Mis-diagnosis, error in diagnosis and sometimes missed diagnosis derails a course of treatment without any intentional lapse on the part of the caregiver)
It’s not out of context to state that the trajectory of alleged medical negligence steeply goes down where the per capita time spent by the clinician with patient is comparatively more during which there is a random exchange of complaints, conditions, difficulties and problem areas vocally and expressly shared by the patients himself and the rapt attention paid by the clinician to hear and listen, see and watch, capture and observe, pickup and apply and make up a firm mind to give the best treatment of choice.
HOW TO STRENGTHEN CLINICAL SKILLS
1. Protocol – There is no rule of thumb or any judicial prerogative that can be used as a benchmark for preventive measures that may be observed by all the doctors during their first encounter with the patients. The academic, practical, on the job training and experience hours determines the acumen of the intuitive clinical skills.
2. Watch-the-watch – It is immaterial whether by the watch a physician makes up his mind to spend few minutes to an hour or more to understand the problems of his patient. But more than the quantitative aspect it is the qualitative filter that comes into play, the former leading to the latter and not otherwise.
3. Communication Skills – Other than the formal training of physical examination of the patients, the language should never become the barrier between the patients and the doctor. It is all the more important that the simplest form of language, even vernacular may be used for communication between the two. The person In pain can explain better the points of its generation or referral, whereas the physician is trained to use the touch and pressure to determine the nature and extent of the same in order to reach the most immediate and probable cause behind the same.
4. Why ‘co-relate’ clinically – In the world of radiodiagnosis, laboratory analysis and other digital examinations of the human anatomy required collectively or in isolated branches or vital organs, the courts have consistently held that the examiner shall highlight the observations on an objective basis by laying out the parameters and the acceptable standards. However, with the basic qualification as a pathologist or a radiologist or a laboratory technician, the professional shall not give his mind on the diagnosis unless the referring consultant has requested or directed for a specific probe or the professional holds a higher qualification to state so. However, in both the conditions the opinion of the primary consultant shall prevail.
RECENT JUDICIAL REVIEW
“All the clinical establishments throughout the State of Uttrakhand are directed that the patients are not unnecessarily put to diagnostic tests. Only necessary diagnostics tests are ordered to be undertaken to access the clinical condition of the patient. The State Government is directed to prescribe the rates for various diagnostic tests or procedures or surgeries or treatments extended by clinical establishments …” (Ref : WPPIL – 120/16 AHMAD NABI VS STATE OF UTTRAKHAND, Dated 14th Aug 2018)
Read from the physician’s perspective, the aforesaid judicial observations recognized the strength of the clinical diagnosis and the sanctity of the reasoned opinion of the physician after clinical examination of the patient. It also rests at bay the apprehensions in the minds of the cautious and preventive practitioners who are into passive medication after the advent of high compensation awards given by courts in malpractice litigation.
Blog by: Lawcare Litmus
Mobile: +91 98115 72160, +91 9811073252
Authors: Anoop K. Kaushal & S. K. Gulati Advocates