Archives: Articles

Site articles.

#MillenniumLive Talks Consumer Spending with Dani Cushion from Cardlytics

This week on #MillenniumLive, we’re joined by the Chief Marketing Officer at Cardlytics, Dani Cushion. As a digital ad platform rooted in analytics, Cardlytics offers first-party data insights into $6 milion in consumer spending every minute, that’s $2.4 trillion in spending annually and represents over 20 billion transactions in total. Their platform allows brands to see where their customer is shopping, what they’re buying and how to build campaigns using this data to drive conversions. With Cardlytics’ interesting view of how consumers spend their money, Dani sheds light on the product categories that are seeing a dramatic increase, recovery indicators for how and when overall spending is coming back and emerging consumer trends during COVID-19. She also uses these insights to provide data-driven advice for her network of fellow C-Suite marketers.

Go here to watch the video interview

Go here to listen to the podcast episode

Cardlytics’ State of Spend Report

With insight into 50% of US transactions, Cardlytics is committed to helping marketers understand and respond to current trends that are impacting their industries. They put these purchase insights into action every day through precisely targeted campaigns that drive measurable sales. This report highlights important shifts in consumer spend and tracks early signs of recovery. To isolate the impact of COVID-19, we’re evaluating recent changes in spend compared to the year before.

Go here for free access to the report

Our Thought Leaders Share COVID-19 Recovery Tips for Cyber & Marketing Executives

The narrative is changing day-to-day, but the world is starting to see the light at the end of the tunnel. As the U.S. approaches the beginning stages of COVID-19 recovery, leaders across all industries face nuanced issues brought on by a drastic change in consumer behavior, an influx of digital consumption, a rise in telehealth, and a workforce that shifted to remote seemingly overnight. We reached out to our thought leaders in marketing & cybersecurity to hear their insight on these topics and how C-Suite Executives can prepare themselves for a somewhat uncertain future in a post-COVID world. 

Marketing 

What do you think advertising, media, and consumer behavior will look like post-pandemic, and what can marketers do now to prepare for this shift?   

Daniel McCarthy“The rate with which consumers return to some sense of normalcy will be disrupted not only by lingering concerns about COVID-19, but also by the income shock that the economy as a whole is currently experiencing.  For these reasons, the recovery will likely be slow and most importantly, highly variable from customer to customer.  Now more than ever, companies will need to account for this in their tactical decision making by embracing these differences across customers, identifying who it is who is continuing to buy, what it is that makes them special, and how the firm can reposition itself to better cater to those people.” 

– Daniel McCarthy, Thought Leader, Assistant Professor of Marketing at Emory University – Goizueta Business School

Nicholas Caffentzis

“As we move to the next stage of the pandemic, consumer behavior will appear variable. Consumers are balancing concerns about safety, their natural inclination to “return to the familiar”, and will shed or continue to embrace new virtual and contactless interactions (such as telehealth, online banking, meal ordering apps,  virtual site visits, and customer events, curbside grocery pickup) that have over last 11 weeks simplified their lives. Marketers need to mirror this balancing by engaging closely with their customers to ensure they are meeting their current needs and innovating to support customers’ changing expectations and concerns. This will require agility and faster decision making, increased use of digital (or contactless) tools, and more effective use of analytics. Marketing leaders need to assess their organization’s capabilities to do this and quickly reallocate investment to improve and focus their resources where necessary.”

– Nicholas Caffentzis, Thought Leader, Senior Fellow & Adjunct Professor at Northwestern University – Kellogg School of Management

Cybersecurity

How do you expect COVID-19 to change the risk management landscape in the coming years, and what should CISOs do to pivot their strategy?Fredrick Scholl

“Risks will increase in the face of the global economic recession.  Don’t forget, we’re not in a bubble;  there are 7B+ people connected to the ‘net.  Telehealth has happened, 40 years after it was feasible!  This is a big plus.  Many more people are online in new scenarios.  So the threat surface has gotten much bigger.  I think continued awareness training is critical.  Also, COVID totally breaks the central security perimeter concept (it was already on life support).  Cloud security platforms, and cloud, will continue to grow like crazy.  I’m also excited about new collaboration platforms and how they can improve productivity for security and other teams.  We need to continue to do more, with the same resources.”

– Fredrick Scholl, Cybersecurity Program Director & Associate Teaching Professor at Quinnipiac University School of Engineering

“Some CISOs may wish to lower the risk of sensitive information being leaked by sending out new laptops with strict security settings to some employees with instructions to move all information about their organization to that machine and do all work for their organization (and nothing else) on that machine. They could even take the opportunity to provide with the laptop an easy-to-read handout for family members and other occupants about simple cybersecurity precautions.  They should also be familiar with (or check with counsel or a consultant on) laws like GDPR, CCPA, HIPAA, and FERPA and how they are being interpreted today.”

Lance Hoffman, Professor at The George Washington State University

Michelle-Moore“In terms of the shift to telehealth and the change for risk management continues to rely heavily on ensuring employee virus software is up-to-date, phishing filters are installed, employees are trained to understand the need to be skeptical and prioritizing your resources. As a CISO, besides these, it is important to understand your threats (usually based on your environment and customer base) and determine the potential damage if there was a loss.  What would your potential impacts be and then quantify the damage in order to develop a model prioritizing your resources. Risk management and security need to come first, not last in order to be ahead of it or prepared for it as much as possible.  It is also important to re-evaluate every 3-6 months depending on the nature of your organization, as technology and cyber threats continue to evolve.”

– Michelle Moore, Professor of Practice at University of San Diego

Supporting Small Businesses with Facebook Shops

Small businesses are the heart and soul of our communities, but with storefronts closed indefinitely and retail shifting almost entirely online, the struggle to stay afloat continues to intensify. Internet usage is at an all-time high, and eCommerce is thriving, but it is difficult for small and medium-sized businesses to compete with retail giants like Amazon and Walmart. In an effort to expand its influence into eCommerce and ease the pandemic-induced stress on small business, Facebook announced the launch of Facebook Shops

Facebook Shops allows businesses to set up a single shop that can be accessed from both the business’ Facebook and Instagram profiles, as well as through stories and ads on both apps. It is free to set up, and allows businesses to choose which products to feature and even customize the theme to match their brand. They also have the option to enable the checkout feature, which customers can use to make purchases directly from the app instead of being redirected to the company website. If a customer needs assistance, they can ask the business directly through one of Facebook’s subsidiaries, WhatsApp, Messenger, or Instagram Direct. The user-friendly platform is meant to streamline the user experience for online businesses, but more importantly, to bring some businesses online for the first time. According to a Facebook survey,

“One-third of U.S. small businesses have stopped operating, while another 11% expect to fail in the next three months,”

and the tech company is hoping to use the new platform to rescue as many of these businesses as possible.

Facebook Shops launched last week and will continue to expand availability throughout the coming months. After the platform’s Facebook debut, Shops will make its way to Instagram, too. Instagram Shops is set to launch this summer, taking inspiration from @Shop, the Instagram-run account that has been promoting small brands since May 2019. Instagram Shops is designed to make online shopping a truly enjoyable experience: users can browse collections from brands and influencers, filter by a category, and make in-app purchases. To make things even easier, the tech giant announced plans to launch a shop tab in the navigation bar. Facebook also has two features currently in the testing phase. Live Shopping, a feature in which creators and brands can tag products in their live streams that can be accessed by clicking the links at the bottom of the video, will be released soon. In addition, Facebook will release a feature that connects loyalty points to your Facebook account, which will hopefully forge a stronger connection between customers and small businesses.

With any new technological innovation, there are always questions regarding privacy and information security, but Facebook was fairly transparent about what information is collected and shared. According to Facebook, your shopping activity will not be shared with your profile or friends, although you have the option to share your purchases through Messenger or even through your Instagram Story if you want to spread the word on a brand or product you love. When using Facebook Pay- which can only be done in the US and if the business enables the feature- Facebook collects payment information, but will “securely store and encrypt your payment card numbers”. The information that is actually shared is comparable to any other online shopping experience. Business insights such as shop performance and traffic are shared with the brand, but this does not include information that personally identifies the customer such as names, email addresses, or any other information that would enable the brand to contact the customer without permission. Shop activity will also be used to personalize app experience, so don’t be surprised if your Instagram feed or Facebook ads show content similar to a recent purchase.

Facebook is certainly not the only platform that small businesses can use to sell their goods online. Small businesses, entrepreneurs, and artists have been using Etsy to sell their goods for years, and Facebook’s own marketplace platform has been around since 2016, so why is Facebook Shops any different? For one, Etsy serves a particular niche market for vintage and handmade products, and Facebook Marketplace is for second-hand products. The real draw to Facebook Shops, however, is the worldwide reach, unlike any other platform. Business owners can build off of the social media following they already have and interact with their followers directly. During this unprecedented time, many Americans want to help small businesses, but don’t know how.

The easily accessible online shops bridge the gap between businesses struggling to sell and customers with pent up demand. 

Of course, while this new platform will certainly help small businesses in a time of need, the venture is not entirely philanthropic. Facebook will take a small portion of all transactions, but the real profit will come from advertising revenue. Facebook has reportedly seen a drop in ad sales as a result of COVID, but also a drop in share value due to several factors involving the vulnerability of its revenue stream. For one, the majority of revenue comes from Facebook itself, and not its subsidiaries. Facebook Shops is not only a ploy to drive more traffic to ads, but also an opportunity to diversify the business by driving users to Instagram, Messenger, and Whatsapp. This is also a strategic move to further infiltrate the tech space into eCommerce, threatening to dethrone Amazon’s reign as an industry leader. Amazon and Facebook both have access to a tremendous amount of data and have the tools to use it to their advantage, but there are key differences in their business models. Amazon has a subscription service in addition to other resources that result in the hard-to-beat prices that have made the company the go-to for all things eCommerce. However, Facebook has the opportunity to bring a sense of community to online shopping in a world where people crave human interaction and personal connection more than anything. Facebook also appeals to the public’s willingness to help the small businesses that are the most vulnerable during this time. 

The full extent of COVID-19’s impact remains to be seen, but global tech companies and small businesses alike have the power to make the most of unprecedented times. Facebook is just one example of a company that is using the panic of the crisis to not only make a difference for others but to also strengthen and grow its own business. Facebook has big plans for Shops: Zuckerberg intends for this venture to extend well beyond pandemic times and into our “new normal”, but the climate created by the virus might just be the perfect storm to turn this business opportunity into a success. 

Doctor.com on the Future of Healthcare: Patient Perceptions, Preferences, and Adoption of Telemedicine

While the COVID-19 crisis has brought telemedicine into the limelight, 83% of patients expect to use virtual appointments after the pandemic resolves. Learn how patient sentiment toward telemedicine has shifted during this global healthcare emergency and why it will become a critical part of healthcare in a post-COVID world in Doctor.com’s free report on the state of healthcare in the post-COVID world.telemedicine-covid-19

Go here to download the full report!

“I knew telemedicine was ‘having a moment’ but I wasn’t anticipating it would affect patient behavior so quickly. Doctor.com’s study really gives you something to think about, especially as we start to reopen our doors.” 

About Doctor.com

Doctor.com built their telehealth technology from the ground up to function as a holistic and robust customer experience platform- and not another point solution. Today, they have the only offering in the industry that seamlessly integrates web-wide listings management, reputation insights, universal online scheduling, patient communications and provider data warehousing. These services are enhanced by 50+ integrations with the most prominent healthcare directories, search engines, social media platforms, and EHR/PM systems. As a result, thousands of healthcare organizations of all sizes have been empowered by the Doctor.com platform to enhance their digital presence and credibility, increase patient trust, and grow their business.

Cardlytics State of Spend Report

With insight into 50% of US transactions, Cardlytics is committed to helping marketers understand and respond to current trends that are impacting their industries. They put these purchase insights into action every day through precisely targeted campaigns that drive measurable sales. This report highlights important shifts in consumer spend and tracks early signs of recovery. To isolate the impact of COVID-19, we’re evaluating recent changes in spend compared to the year before.

Click here for the full report

High Retail Discounts May Lead to High Returns

The global pandemic, COVID-19, has greatly affected the U.S. economy, as many businesses are trying to stay afloat and find ways to bring in revenue. The retail industry is one major example.

As many retail stores shut their doors in March, and people all over the country stayed home to quarantine, online shopping began to increase. To compensate for an expected decrease in sales, many brands started offering online sales. Discounts for some retailers are so great, many are comparing it to Black Friday or Cyber Monday. Companies such as Adidas began offering 30% off for their entire site, as well as Levi’s at 40% off. Nordstrom had a sale on clearance items with some pieces marked at an additional 60% off. Shoppers are more likely to impulse buy with discounts so high online. 

Another additional perk retailers have added for their customers is extended time to return items. Gap announced any purchase made from January 1 to March 31, 2020 can be returned up until July 1. Sephora extended its typical 30-day return window to 60 days. So while these discounts and larger return windows are great for buyers, they have created a higher risk for loss for the retailers. 

Americans returned about $400 billion in merchandise in 2018, with Optoro estimating $100 billion worth of returned goods in the US during the last holiday season. Online returns are 25% of gross US retail sales, while traditional store returns are 9 percent, according to Forrester.

During normal times, according to Forrester, shoppers return around 40% of what they buy online. Sucharita Kodali, a Forrester retail analyst, says retailers can incur up to $10 per item from online orders

“We are thinking of COVID as another Black Friday for returns — after the market opens,” says Eduardo Vilar, founder and CEO of Returnly.

It is likely that many shoppers will feel a bit hesitant to shop inside stores once restrictions are lifted and retail stores reopen, so there may not be a rush in to return. Although, due to the extended return windows, people may want to go out and get their money back.

Additionally, retail stores may face a larger financial loss from returned merchandise than usual due to the virus and the way it spreads. It’s highly likely that many shoppers will not want to buy items that have been handled and returned by other shoppers because the virus can remain on surfaces. For some retail stores, it may be possible to wipe down and sanitize the returned merchandise, but for items such as clothes, it can be more tricky.  And although stores may promise items have been sanitized, convincing shoppers that is true, may be tough, which would leave numerous items as waste. 

So what’s the solution?

Unfortunately, there is not yet one. Much like how many researchers were unaware of the extent to which this pandemic would affect enterprise before it hit, there is little data to show what will happen when restrictions lessen and the country begins to resume normal activities. Retailers are bracing for the impact of returns, but hoping their sales will even out in the coming months. People may just want any excuse to go out when the restrictions are lifted!

Sustainability & Public Good Are Key to Your Brand’s Strategy in the Post-COVID World

The pandemic has exposed vulnerabilities across all industries and forced leaders to re-evaluate the systems they’ve long had in place. Some of the most pertinent issues that have been revealed are the inequities in our healthcare system, the problematic nature of the U.S.’s supply chain across all verticals, and the essential shift to an increasingly virtualized workforce and society. At the individual level, it’s shown an esoteric “bigger picture” and revealed to us what a global disaster looks like. 

Back in February, COVID-19 felt like a very distant problem to the U.S. The “new normal” didn’t become a reality until it was too late – national lockdown measures were enforced in late March, but there were already over 189,000 COVID-19 cases in the U.S. as of March 31st. The destructive impact of our delayed response draws an eerie parallel to an issue that’s been left open-ended for decades: climate change. 

Scientists have shown that the carbon emissions released today are programming a 2-5 metre sea level rise in 2300, and humanity will be forced to make an inland retreat for hundreds of years to come. We’re also pacing toward extreme heatwaves and droughts, stronger and more frequent hurricanes, declining water supplies and reduced agricultural yields. Yet despite knowing all this, society hasn’t made leaps and bounds to prepare humanity for this climate change crisis, and regrettably, we’re only accelerating down this path while imminently putting hundreds of millions of lives at risk. Unlike the virus, the climate change crisis is something that can’t be contained, and the onset effects could last hundreds, if not thousands of years. This all sounds so fatalist that it’s difficult to imagine that it could even be a reality.  

Then COVID-19 happened, and we’re now grievously aware of what a global crisis looks like. Overnight, we were forced to substantially alter our lives for the public good. The government-imposed restrictions that we now refer to as the “new normal” mirrors how we may be forced to respond to a worsening climate change crisis in the coming years. Ironically, an inadvertent effect of these restrictions has led to an 8% drop of global greenhouse gas emissions for 2020, which is the largest drop ever recorded, and Los Angeles has seen its longest stretch of “good” air quality since 1995. 

The silver lining we can glean from these times is that we have the unique opportunity to replan and structure for a better future. In a post-COVID world, consumers are going to pay closer attention to what companies are doing for the public good.

Julia Wilson, VP of Global Responsibility & Sustainability at Neilsen tells MarketingDive, “Rarely is there one cause that resonates so deeply with so many people at once […] Brands do have an opportunity here to pivot with purpose and to show how they’re showing up … in their communities and for their consumers.” 

This coincides with Accenture’s study showing that consumers are planning to change their purchase behavior for the long term – their survey found that 45% of consumers said they’re making more sustainable choices when shopping and will likely continue to do so. 

Accenture’s Managing Director and Head of Global Consumer Goods adds to this, “While we have been seeing these trends for some time, what’s surprising is the scale and pace — compressing into a matter of weeks changes that would likely have taken years. The new consumer behavior and consumption is expected to outlast the pandemic, stretching far beyond 18 months and possibly for much of the current decade. […] The pandemic is likely to produce a more sustainable, healthier era of consumption over the next 10 years, making consumers think more about balancing what they buy and how they spend their time with global issues of sustainability — suggesting a healthier human habitation of the planet.” 

You can’t remove COVID-19’s context from our lives, and for that reason, “going back to normal” isn’t a reality. During this crisis, we’ve been a witness to businesses changing their model overnight for the public good. Consumers have seen how vulnerable the world is, and this will dramatically shift their values and behaviors post-pandemic. A value proposition for what a company is doing for this greater good will become a necessity for survival, and many are already taking this in stride.

Unilever’s CEO Alan Jope recently spoke about their Sustainability Living Plan, which is the company’s strategy for minimizing their eco-footprint and reducing their use of virgin plastics by half in 2025. Jope claims, “The pressures on the planet are getting worse, and social inequality has reached a critical point, being made even more severe by the devastating pandemic we’re living through. […] These issues are just as urgent as they were before Covid-19 struck, and—like Covid-19—they will disproportionately affect the most vulnerable. The climate crisis risks adding hundreds of millions more.”

The fashion industry has long been set in their ways, but they’re now forced to restructure their processes. BCG’s research finds that 86% of more than 500 manufacturers surveyed have been severely impacted by canceled or suspended orders and 40% are struggling to pay employees and their suppliers. Now that the fashion industry’s supply chain is brought to a standstill, it’s allowed for industry leaders to re-evaluate their sourcing strategies. Dr. Hakan Karaosman, fashion supply chain and sustainability expert at the United Nations Economic Commission for Europe claims that lean, simple, and transparent supply chains are proving the most resilient during this crisis, and brands are likely to favor this strategy as they emerge from this crisis. 

Even as CPG companies are fighting for survival, sustainability is proving to be all the more relevant today. Just a matter of weeks ago, H&M Group, Microsoft, Lego, Neste, Ikea & Unilever signed the European alliance for a Green Recovery. The appeal is set to “fight against climate change at the heart of the economic strategy to contribute to the rapid recovery of European economies and societies.”  

Peter Vanacker, President and CEO of Neste speaks to this, “The coronavirus pandemic is causing unforeseen consequences to people’s health and the economy. While it is important to tackle the coronavirus, we also need to look for ways to help rebuild the world after the crisis. When we plan our path to that world, we have an opportunity to build a sustainable and resilient economy and society. Now is the time to design that vision,”

For good and bad, COVID-19 has shown us what’s possible in times of tragedy. Psychology Today brought to light Paul Romer’s points on what happens in a crisis, and it hits the nail on the head during these times:

  • Resources become available
  • Priorities are clear
  • Rigid rules and regulations suddenly become pliable
  • Leaders pay attention and are pliable
  • Change, even far-reaching change, is possible 

“A crisis is a terrible thing to waste. ”

Over the last decade, sustainability has become a high-growth sector, but it will ultimately become a necessity for survival in the economic and environmental climate we’ll find ourselves in over the coming years. As COVID-19 has brought a life-altering global crisis into reality, consumers will start to value public good, preparedness, and sustainability in a more meaningful way. In light of this, we can expect to see efforts for sustainability expedited in the near future. It’s the companies that understand and invest in this shift early-on that will be the ones that thrive not only in the short-term post-COVID world, but in the long-term direction our society is moving towards.

Calculate Your Personal Volume: The Powerful Geometry of Social Distancing

As originally published by David Sable on Linkedin.

Social Distancing is the dichotomy of our times. It comprises two competing and polar opposite concepts—one existential: social, the DNA-driven need we have as human beings to connect, to see each other face to face, to break bread, share a coffee, to hug. The second is a product of our times, and is very physical, immediate, in the moment: distancing. It is the need, in fact, compulsory government mandate, to stay at least six feet apart from each other to limit the spread of the virus.

However, a new dynamic has emerged from this collision of competing needs, which I’ve named the, “Geometry of Social Distancing.” And, like all good geometry, it’s an axiom based on understanding that the insight its driving could be key to successful marketplace recovery.

The Geometry of Social Distancing begins with a point in space: you, for example. We then add another point…say, me. Six feet separates us in a straight line. Simple. Then, we add a friend, and now we have a triangle—6 feet from point to point to point—equidistant ability to communicate and collaborate.

Another person comes along, and we morph into a square. Perfect! Every which way, we are 6 feet apart from person to person. Equidistant. Each able to communicate and collaborate comfortably.

A fifth comes along, and yet another and another, and then? The model falls apart. We are now separated by space that requires yelling across father distances and competing voices for attention, even if point to point, we maintain the same 6 feet. The implications are clear. As long as we are all in a tribal space created by our geometry of sharing, we can continue meaningful social interaction and powerful collaboration. Grow beyond the four, and we start to fail.

Just think about your ZOOM interactions. As much as we love how efficient it is and how well we use it (sort of), when the crowd gets larger than four, and the boxes of participants get smaller and pushed back, the multiple voices become a cacophony, before we are all inevitably muted by the host. And at that point, we all just listen, rather than contribute or speak. It works yes, but it has its limitations.

The Geometry of Social Distancing is a critical lesson and provides meaningful insight as we struggle to imagine what comes next. We will be left with two competing needs, and even as we contemplate an end—or at least a loosening of the restrictions—the impact of the past couple of months will continue to influence our everyday interactions in many profound ways as we consider returning to to local stores, getting a haircut or manicure, eating in a restaurant, attending a concert or seeing a movie or play, or even playing in a park.

Think about your work team size, your meeting size, your physical office layouts. Reimagine your restaurant space and store aisles for shopping and checkout. Public transportation; sports; leagues and on and on.

Contemplate what defines friendship, and who was alone and who was lonely.

In an unattributed quote I read: “Draw a circle around yourself – invite people in or keep them out. We are the creators of our social geometry. Calculate your volume.”

In contemplating traditional geometry, Leonardo da Vinci proffered something rather profound. Listen:

“Learn how to see. Realize that everything connects to everything else”

The Geometry of Social Distancing has created a new axiom of opportunity. My hope is that we leverage it for a new and more meaningful way to make our humanity core to all that we do.

Calculate your volume. We are all connected.

The Advisory Board COVID-19 Virtual Panel Series: Episode 2

The second episode of our Virtual Panel Series is here, and our Advisory Board members have their eyes on the “next normal”. In this week’s episode, our panelists uncover how leaders in healthcare, marketing & cybersecurity will need to pivot their digital transformation strategy in the midst of COVID-19. Our marketing expert Connie Weaver pointed out that understanding your customer has never been so crucial – the ways you targeted audiences may not be relevant anymore, which ultimately means your brand’s messaging will need to fit today’s “next normal” consumer. And with digital media consumption being at an all-time high, it’s all the more imperative that companies have a strong digital presence. Our healthcare expert Samir Batra acknowledged that because of this influx in traffic, there’s so much added pressure on these systems, especially on security.

One of the most pertinent shifts to digital we’re seeing is that of healthcare, Vince Campitelli adds, “Necessity is the motherhood to invention. There’s going to be a boom in telehealth. When objectives were 5 years out, they are now 6 months to a year.”

Listen to our podcast episode here, or check out the video below. 

The panel then delves into how sales and security are going to change across industries, and what this means for the “next normal”. In the midst of this disruption, it’s so important for sales and marketing teams to work in synergy. Our marketing expert Cynthia Johnson speaks to this, “Marketing needs to support the sales team. They need to use them as a branding strategy. Salespeople also need to push marketing in certain directions as well.” As for the security side of things, Vince claims, “The people who were in the background have now become the leaders and they have been asked to do something they haven’t ever done. It’s always been there, now it’s just in the spotlight.”

The “Next Normal” Panel

Moderator Samir Batra: Healthcare expert. Founder & CEO of BAHA Enterprises, and healthcare leader with over 17 years of experience with 500+ Providers and Healthcare Organizations and 40+ Health Systems. Mobile healthcare solution innovator revolutionizing communication and collaboration between providers on iOS and Android application platforms.

Panelist Connie Weaver: Marketing expert. Co-Founder & CEO of Tracker Group, and currently holds over 35 years of executive experience in iconic, cross-industry organizations. Prior to her role as an independent advisor, she served as CMO of TIAA, The Hartford Financial Services, BearingPoint, and AT&T—transfqorming brands and customer engagement strategies, advancing digital and data-driven capabilities, and building world-class marketing teams.

Panelist Cynthia Johnson: Marketing expert. Cynthia is an entrepreneur, marketing professional, author and keynote speaker. She is Co-Founder and CEO at Bell + Ivy, a digital marketing and personal branding agency in Santa Monica, CA. She is Founder at CynthiaLIVE, and Co-Founder at PINCH, Sea Salt. Previously, she was Partner & Director of Marketing for RankLab, a digital marketing agency listed in Inc. Magazine’s Fastest-Growing Private Companies in 2015.

Panelist Vince Campitelli: Cybersecurity expert. Enterprise Security Specialist at Cloud Security Alliance, and leader with over 30 years experience in the evolving business areas of Information Technology Risk, Cybersecurity and Third-Party Risk Management. Created, built and operated Professional Service organizational practices with a focus on information security and IT risk management.

What challenges are you facing as a leader? Comment below any questions or topics you would like to hear our panelists discuss in our next episode!

 

What is Digital Contact Tracing, and is it Secure? Featuring HackerOne

It’s been estimated that 90% of COVID-related deaths could have been prevented if social distancing efforts were put in place just two-weeks earlier. The statistic is painful to hear, but it reinforces the public’s commitment to getting us on the road to recovery. As we’re starting to see the curve flatten, current modeling has shown that social distancing has significantly curbed the spread of COVID-19. Granted, the battle is long from being over. State lockdowns have been enforced for well over 2 months, and L.A.’s stay-at-home orders have just been extended to July. But digital contact tracing could play a major role in speeding up re-openings and getting us out of the virus’ trenches.

Let’s start with the basics. Contact tracing’s purpose is to identify and isolate potential risks of spreading infectious diseases, and it’s been used in past outbreaks like Ebola, SARS, and various STDs. Contact tracings’ MO is much like detective work –  tracers work with patients to piece together a list of all the people they’ve been in contact with during the virus’ incubation period (in this case, it’s 2 weeks). Then, contact tracers notify those individuals of the potential risk and advise that they self-isolate and seek-out testing.

As crucial as this system is, it’s nearly impossible to conduct contact tracing at the mass scale that COVID-19 commands. Each infected person can yield around 40 possible transmissions – that’s 40 calls for every single person infected, and in cities like NYC with over 187k known COVID cases, contact tracing can easily exhaust the states’ resources. Dr. Frank Esper from Cleveland Clinic Children’s Hospital tells Time, “When you get to a point where there are a lot of people who are sickened with a particular disease, it quickly overwhelms the health departments’ response to be able to contact trace all those individuals.” 

As healthcare leaders have pointed out, the traditional method for contact tracing isn’t a perfect solution, especially when it comes to tracking transmissions that can spread as rapidly as COVID-19. It goes without saying, a patient’s recollection doesn’t account for all consequential contacts – a fair amount of interactions can be missed, just think of all the people you have airborne contact with on a daily basis, much less over the span of two weeks. There’s also the possibility of spreading the virus from high-touch surfaces like door handles, ATMs or elevators buttons, and at that point, it’s impossible to contact trace everyone. That’s where the digital side comes into play. Apple and Google control nearly 100% of the worldwide mobile market, which is why they’ve come together in partnership to help provide the tools necessary to develop a digital contact tracing app for the masses. This relies on bluetooth technology to track cellphones, with each individual receiving a unique identifier code tied to their device. Using a bluetooth signal, devices will pick up all the unique identifier codes you’ve been in contact with, and keep a rolling 14-day record of those interactions. If someone has tested positive for the virus, testing centers will import this data on the app’s backend. This will set-off a notification to everyone that has a record of being in contact with that individual, and will provide further details on nearby testing and recommendations for self-isolating during the incubation period. Remember when I mentioned earlier that each virus transmission requires tracers to make around 40 calls to notify those at risk? Think of how much more efficiently and effectively we can combat the problem if this process is condensed to an instant push notification.

Digital contact tracing is entirely anonymous, and if you receive a notification, you won’t know the details of where the possible transmission occurred or who it came from. Having a reliable source for this information would give people the confidence to (safely and responsibly) leave their house again. When you’re living with someone that’s at-risk, being a silent carrier is a constant anxiety, and digital contact tracing could ultimately make these people feel safer.

This could be a turning point in re-opening the country, as research shows that nearly 80% of carriers are asymptotic and are unknowingly spreading the virus to others.

Despite the app being opt-in only, modeling shows that at least 60% of the population will need to participate in order to have a significant impact on flattening the curve. But of course, digital contact tracing comes along with its own troubles, with many raising questions over the privacy and security of this data. Especially when it comes to information related to sensitive and private health records, Americans are rightfully wary of opting-into a system that they don’t entirely trust. 

And surveys confirm that Americans are split on the matter. When Kaiser Family Foundation conducted a survey on whether they would download an app for contact tracing, 47% of respondents answered that they would not. Knowing who is in control of the data had a massive impact on survey results, with individuals being twice as likely to download a contact tracing app if it was being managed by a local or state department rather than a private technology company. 

We reached out to our partner HackerOne to gain insight into the security of this technology. They’re at the forefront of using ethical hacking in tracing vulnerabilities before they become a problem with their bug bounty program, and they’ve recently made waves with their Hack For Good initiative, giving hackers the ability to donate their bounties to WHO’s COVID-19 relief fund.

EF:

Digital Contact Tracing is said to be ready in the coming weeks. We’ve heard a bit about the uncertainty surrounding the security of this technology, especially as it’s being adopted on such a massive scale. Do you think there’s reason for concern here? Do you expect digital contact tracing apps to prompt a rise in attacks using this technology?

HackerOne:

Data that will be used in contact tracing apps is immensely valuable for threat actors; having PII, location data, and medical data belonging to an individual allows cybercriminals to set up elaborate spear-phishing attacks that will be difficult to distinguish from legitimate medical information. 

Now is even more so the time to treat your mobile phone as you would treat a laptop or desktop PC. Always install the latest security patches, use secure passcodes to lock your device, and use a device finder tool to locate and/or wipe your phone after losing it. Also, be careful which apps you install and what permissions you give those apps.

Response from Niels Schweisshelm, Technical Program Manager

EF:

Is bluetooth technology particularly susceptible to vulnerabilities? Walk us through how hackers can leverage this technology for an opportunity to attack.

HackerOne:

All of a sudden, bluetooth might be enabled in every mobile device and the increased usage of the bluetooth protocol will result in more attention from threat actors. This is further exacerbated by the increasing price for bluetooth related exploits on the black market due to the heightened demand. 

The bluetooth protocol and its implementations have suffered from critical vulnerabilities in the past (see Blueborne, CVE-2017-0781). These vulnerabilities were exploitable by remote attackers and allowed for arbitrary code execution on the affected Android device. These vulnerabilities have now been fixed, but this does not guarantee that bluetooth and its implementations will be free from future vulnerabilities. One should expect a heavy focus on bluetooth security research in the near future, which will result in the disclosure of similar vulnerabilities. Time will tell if these vulnerabilities are responsibly disclosed to the vendors allowing for a timely fix or end up being used for malicious purposes. 

Response from Niels Schweisshelm, Technical Program Manager

EF:

There’s also the issue of trust. Of course, there’s room for the possibility that these systems can abuse the data they collect on Americans. What measures do you think need to be made in order to secure the trust of the public? 

HackerOne:

The entire attack surface of these contact tracing applications has to be properly investigated. This should include static source code reviews as well as dynamic application testing to discover any vulnerabilities in e.g. the Web API’s. Ideally, this would be done by multiple parties to ensure a baseline level of security using a crowd-sourced approach.

The potential privacy concerns surrounding these contact tracing solutions should remind governments developing them that the security community will scrutinize these apps more than any app in recent years.

Response from Niels Schweisshelm, Technical Program Manager

EF:

Has HackerOne encountered a rise in cybercrime related to COVID-19 scams?

HackerOne:

Yes, absolutely. However, the vulnerabilities remain the same; it’s the volume and packaging that’s evolving. 

Email phishing scams using COVID-19 are on the rise. KnowBe4 recently published its Q1 2020 Top-Clicked Phishing Report, confirming that phishing email attacks related to COVID-19 increased by 600% in the first quarter of the year. In the UK, the National Cyber Security Centre asked for the public to report suspicious emails via a newly launched phishing hotline, and a total of 83 coronavirus related phishing and scam websites were taken down in just a single day. Google reports that it is blocking over 280 million daily COVID-19 spam messages and that it has identified more than 18 million Covid-19 daily malware and phishing emails just in one week alone. 

The future of work is changing. As the work-from-home model becomes the norm and work becomes more broadly distributed, more applications, systems, and infrastructures are more vulnerable than ever. With employees working from their own home amidst social distancing orders, device sprawl and phishing attempts have become hot topics of discussion for IT and security teams. It’s easy to become too focused on only what is new with these problems, but really what we need to do is focus on the individual issues (i.e. ransomware, phishing). It’s the same threats with new packaging. 

Response from Jon Bottarini, Senior Security Solutions Engineer

EF:

In light of all this, what can individuals do to curb the risk of cyber-attacks?

HackerOne:

Aaron Zander, Head of IT, has the following security tips for all employees working remote right now, emphasizing that basic cyber hygiene practices can go a long way in protecting both employees as well as the corporate network.

Invest in a good password manager. Don’t share logins and passwords unless you absolutely have to. If you have to, then it’s time to invest in a password manager for your team or company. Tools like 1Password make sharing large amounts of secure data easy and help secure your teams even more. 

Use Multi-Factor Authentication (MFA).  Authentication is the process by which a computer validates the identity of a user (i.e. username and password).  Two-factor authentication (2FA) commonly combines a password with a phone-based authentication factor. However, there are shortcomings with 2FA, as hackers can bypass wireless carriers, intercept or redirect SMS codes, and easily compromise credentials. Multi-factor authentication is more secure as it adds an additional layer of protection. Instead of just asking for a username and password, MFA requires additional credentials, such as a code from the user’s smartphone, the answer to a security question, a fingerprint, or facial recognition.

Expect criminals to try and take advantage of the increased distances in our workplaces. Often a lot of the checks and balances around things like financial requests and last minute invites to meetings or other services are done in person. Now that they might happen via email be extra diligent about checking who is sending them. Phishers are going to take advantage of the lack of processes that are in place. If you get a request via email or messaging services, always try and verify outside of the initiated chain of request. For example, if you get a request from your CEO to refund a customer to a new bank account, instead of replying to that thread to confirm, message them in a new email, or via a different medium (call/instant messaging, etc) to verify the request. For large transactions, always have another person on your team double-check the request and your work as well for safety. It’s rare that an extra hour will make a difference in the case of a WeTransfer, but the consequences of moving too quickly can be felt for a long time.

Be even more paranoid of phishing and other scams. If something looks suspicious, don’t click or act on it. Email scams related to COVID-19 are already on the rise, and the U.S. The Department of Health and Human Services recently announced that they have fallen victim to a cyber-attack that involved a COVID-19 misinformation campaign that quickly spread via text, email, and social media. In general, never share personal or financial information via email if you weren’t expecting it. If you get such a request, it’s best to call or video conference the individual directly to confirm.

Stay at home. If you can, work from home, not from a coffee shop, to reduce the chances of (corporate) espionage. It’s preferable to leave the laptop at home (locked) and go out for a break and then return. If you really need to go to the coffee shop, then use a private VPN for any untrusted network or location, like encrypt.me. VPNs aren’t the end-all-be-all for security though.

Disconnect from the company’s VPN when not in use.  Leaving your connections open can increase the likelihood that if you’re breached, that extends past your machine and into your corporate network. Also in a time where many more people are connecting via these services, it’ll give your infrastructure team a little more room to breathe.

Secure your home router. It is essential to ensure your home wifi router has a strong password and is up to date. Search the name of your router, and the words “breach” or “security issue” and see if yours is on the list. Most of these can be fixed by doing a simple software update.  If your network equipment is no longer being updated by the manufacturer, chances of vulnerabilities increase over time. It is also important to use a strong password. Make sure you’ve modified the default administrator password on your router and other network equipment. Ensure your wireless networks are using WPA2 security or higher. And, separate guest devices onto a separate wireless network isolated from your personal devices if you can.

Don’t use your personal laptop or desktop. Don’t fall prey to the habit of using your personal machine for work. It’s inherently less secure than your work machine. Also, if you install extra tools for work to your home laptop, who knows what access you’re giving to your company. It’s safer to keep them separate. 

Avoid installing new apps without permission from IT. Some apps may be harmless, but inviting more apps to your device can raise cause for concern. Employees working from home may create or take into use new software tools and services that won’t be as thoroughly tested and protected as the tools they normally use, posing a great risk for the corporate network. 

Don’t mix personal and work-related internet browsing. If you use Chrome, use a personal profile for personal browsing, and a work profile for work browsing. At home, it’s a lot easier to sink into mixing work and personal browning. 

Stay connected online. Connect with your co-workers often to help feel like you’re still connected to each other. Security is often tied to visibility, staying connected helps keep you and them visible.

HACK FOR GOOD

Hacking is here for good, for the good of all of us. More Fortune 500 and Forbes Global 1,000 companies trust HackerOne to test and secure the applications they depend on to run their business.

Go here to learn more >>