10%

Try : Insurtech, Application Development

Edtech(5)

Events(34)

Interviews(10)

Life@mantra(11)

Logistics(1)

Strategy(14)

Testing(8)

Android(46)

Backend(29)

Dev Ops(3)

Enterprise Solution(22)

Frontend(28)

iOS(41)

Javascript(13)

Augmented Reality(17)

Customer Journey(12)

Design(13)

User Experience(34)

AI in Insurance(31)

Insurtech(59)

Product Innovation(37)

Solutions(15)

E-health(3)

HealthTech(8)

mHealth(3)

Telehealth Care(1)

Telemedicine(1)

Artificial Intelligence(109)

Bitcoin(7)

Blockchain(18)

Cognitive Computing(7)

Computer Vision(8)

Data Science(14)

FinTech(44)

Intelligent Automation(26)

Machine Learning(46)

Natural Language Processing(13)

The CIO guide to keeping operations up during pandemics

8 minutes, 50 seconds read

The COVID-19 crisis has put the top-management to a test of their lifetime. Apart from the disruption in supply chains and international trade, the pandemic has created a deep impact on the internal operations of organizations. Amongst the others in the top management, the role of CIOs has come to the spotlight. Their decisions under this highly pressurized environment will determine the future of an organization and also the economy at large. CIOs from different industries will have to adopt different strategies to mitigate risks of the crisis on the daily operations. However, one common thing is that all industries will have to integrate technology into their systems and rapidly set-up their digital business models.  

Current Concerns of CIOs

Due to extended periods of lockdowns and social distancing, maintaining daily business activities has been challenging. Technology will be the key factor in salvaging the immediate losses and finding solutions to keep the businesses functioning. There are a couple of obstacles that CIOs are facing in this adversity. Financial constraint is one of them. Every organization is re-evaluating its plans. Since the revenue is less due to low demand, all the departments are facing budgetary cuts. 

For a CIO, the biggest challenge is to ensure good IT infrastructure with limited resources in hand. It is indeed a humongous task to provide systems and necessary tools in huge corporations consisting of thousands of employees. 

Furthermore, hackers are taking advantage of this chaos which puts the organizations at risk of sensitive data getting exposed. Data protection and privacy would be the top concern for IT management. 

Once the immediate threats are averted, then comes the main challenge of long term sustainability. To sustain in the long run, CIOs will have a tough time managing transition from manual/semi-manual processes to digital ones. Any kind of change brings along some resistance to it. Getting the workforce on-board to new work-systems and adapting to new behavioral patterns of consumer behavior will be a task. CIOs are worried about Operational Continuity not just for survival but to thrive in the New Normal

[Check out – Embrace the New Normal | Business Continuity Solutions]

CIO’s Focus of Attention

Undoubtedly, we are still at a stage where the effects of the pandemic on businesses are still fresh. CIOs still have to navigate through the operational issues and chalk out emergency plans. Apart from the concerns mentioned in the early paragraph, CIOs are facing many ad hoc requirements from various stakeholders. Now is the time when CIOs need to contemplate different scenarios and take their organizations to a better position which can sustain the after-effects of the pandemic.

Here are some areas where an organization’s CIO can look up to help reduce the damage-

Integrating digital tools to enable better customer support

At the initial stage of the lockdown, there was a spike in customer queries. It was difficult to handle such a huge load of queries at a time. However, going forward CIOs can prepare themselves better by integrating technologies like chatbots, IVR systems, mobile apps into their processes. This will relive some of the bandwidth of customer support teams to handle complex issues.

Personalizing customer relationships

Services with a personal touch have a greater impact on customers. Sales in the B2B segment are also affected due to the lack of face-to-face interaction. In time like these, a CIO needs to equip their salesforce so that they can build relationships with their existing clients. Technologies like video conferencing and tools like CRM and ERP can help understand the workflows and identify the potential needs of the customers. 

[Learn more: Visual AI Platform for Insurer Workflows]

Pivoting towards new business opportunities

The current situation has led to increased demand for certain products and services. Hospitals need medical supplies, people need protection gear, remote working needs some hardware and software tools, etc. This is the time when CIOs can direct some resources towards building tools, manufacturing products, and creating applications that can help the society as well as earn revenue. Instead of radically shifting the business model, some parts can be modified to sustain in the short term. 

Market Research to gather real-time data

The high volatility in the market is making it difficult to study consumer behavior patterns. Projections before the outbreak of the pandemic for the next 1-2 years might not work anymore. CIOs need to enable it’s R&D teams by creating AI-driven technologies which can capture real-time data of the consumer behavior. For industries worst hit such as food, lifestyle, travel, and hospitality; data in hand will be beneficial to work towards creating technologies which will help to adapt into the New Normal.

Strengthen Remote-working capabilities

Earlier, much of the IT workforce used to work remotely but the pandemic brought this concept to other sectors as well. This brings its own set of perks and challenges. The CIO needs to check whether all its employees have the necessary equipment such as internet connectivity, laptops, videoconferencing, software etc. to carry out their work. Many do not have experience working-from-home. According to a study by SCIKEY, around 99.8% of the workforce is not capable of working remotely. CIOs need to create a robust internal communication framework where managers help their subordinates whenever they need it. 

Training needs to be provided to the employees on best work-from-home practices, skill-enhancement and new technologies that are being integrated into the processes. Personalization not just for customers but also for the workforce is critical for better functioning of the organization under remote working models. 

[Also read: Enterprises investing in Workplace Mobility Can Survive Pandemics]

Check out the latest interview with Dr. Robin Kiera as he shares tips on how to empower the workforce under these circumstances.

Company-Service Provider relationships

Many organizations outsource certain processes to service providers. This crisis has created a domino effect wherein when one company faces losses subsequently the service providers companies also get affected. CIOs need to show the utmost transparency to their providers about the level of damage. Crisis monitoring dashboards need to be created for every project to identify the gaps and find possible solutions. The CIO can plan out the project workflow with the outsourcing providers to track the progress regularly. CIOs should treat the outsourced workforce as their own to reduce the impact of the on-going crisis. Indeed, due to less revenue generation, CIOs would look towards cutting down costs but that might lead to issues in the future. Now is the time to work together with the vendors to build long-lasting relationships 

Contingency Planning to build resilience

The economy currently is highly volatile and consumer behavior is unpredictable. Things may go either way in the coming months. The situation might get better but some sectors might not recover so soon. Small start-ups are already facing the brunt of it. Some medium-sized companies will face adversities soon. 

The CIO needs to come up with back-up plans to mitigate potential risks. Innovation that will help people adapt to the New Normal will take the front seat. CIOs can focus their energies on product and service innovation based on the market research. The first wave of the crisis has come under control in some countries but there is no guarantee that a second wave might not come. CIOs need to build a technology infrastructure that will stand any future crisis and stay operational. 

Cybersecurity

Remote working puts a whole lot of data vulnerable for the hackers. CIOs need to build multi-layer security systems so that data is secure even when accessed remotely. Rules for remote employees need to be laid down. Some significant changes to the privacy policies need to be made. Timesheet compliances, multi-level authentication, remote VPN access, and secure collaboration tools should be made compulsory for the entire workforce. The security plans should include data centers, network support, and critical servers. CIOs should build a virtual command center to overlook the operations.

The role of CIO in the Insurance Industry

The current pandemic crisis has forced even the Insurance industry to adapt to digital distribution models. Some insurance lines such as motor, travel, home, etc. have been worst hit due to lesser demand during the lockdown periods. Selling agents are facing hurdles in getting leads and converting them. On the other hand, health and life insurance will see an upsurge in the demand but will face issues in operations. The pandemic put a huge strain on claims processing for health insurance. 

[Also read: The Impact of Covid-19 on the Global Economy and Insurance]

The role of CIO is very crucial in automating processes such as claims, underwriting, customer support to serve its customers better. The other aspect where CIOs in insurance companies need to focus is equipping their sales force with training, tools, and products that might help them make the sales even in this crisis. 

Many industry experts believe that this crisis will give the much-needed boost for technology to the Insurance sector. With limited physical interaction, Insurers have to automate their processes and take distribution channels online. 

[Also read: How Technology is Transforming Insurance Distribution Channels]

Another aspect where the CIO needs to focus on is the investment in AI. This crisis would be a huge opportunity to think ahead and collaborate with InsurTech for creating better customer experiences and optimizing company resources. 

Wrapping-up

All this while, organizations have been focusing on operational activities at the cost of investing in digital business and long-term sustainability. No one could have predicted the scale of impact due to this pandemic but, a positive attitude towards continuous innovation could have reduced the impact by some margin. 

At the very initial stage of the outbreak, some CIOs got into action mode and started making Operational Continuity plans in anticipation of the worst-case scenario. Technology is going to be the most important part of Business Continuity planning. There will be budgetary constraints, but industry experts foresee huge shifts in investment towards new-age technologies such as AI across industries. The crisis is a problem for now, but it will be a huge opportunity especially for CIOs to accelerate technological innovation into manual processes. Businesses that can tap into this opportunity by shifting investments to digital platforms will have an upper hand in mitigating future risks and enabling smooth functioning of operations.

Cancel

Knowledge thats worth delivered in your inbox

12 Tips To Secure Your Mobile Application

Cyber attacks and data theft have become so common these days especially when it comes to mobile applications. As a result, mobile apps that experience security breaches may suffer financial losses. With many hackers eyeing to steal customer data, securing these applications has become the number one priority for organizations and a serious challenge for developers. According to Gartner’s recent research, Hype Cycle for Application Security, investment in application security will increase by more than two-fold over the next few years, from $6 billion this year to $13.7 billion by 2026. Further, the report stated, “Application security is now top-of-mind for developers and security professionals, and the emphasis is now turning to apps hosted in public clouds,” It is crucial to get the fundamental components of DevOps security correct. Here are the 12 tips to secure your mobile application: 

1. Install apps from trusted sources:

It’s common to have Android applications republished on alternate markets or their APKs & IPAs made available for download. Both APK and IPA may be downloaded and installed from a variety of places, including websites, cloud services, drives, social media, and social networking. Only the Play Store and the App Store should be allowed to install trustworthy APK and IPA files. To prevent utilizing these apps, we should have a source check detection (Play Store or App Store) upon app start.

Also read, https://andresand.medium.com/add-method-to-check-which-app-store-the-android-app-is-installed-from-or-if-its-sideloaded-c9f450a3d069

2. Root Detection:

Android: An attacker could launch a mobile application on a rooted device and access the local memory or call specific activities or intents to perform malicious activities in the application. 

iOS: Applications on a jailbroken device run as root outside of the iOS sandbox. This can allow applications to access sensitive data stored in other apps or install malicious software negating sandboxing functionality. 

More on Root Detection- https://owasp.org/www-project-mobile-top-10/2016-risks/m8-code-tampering

3. Data Storing:

Developers use Shared Preferences & User Defaults to store key-value pairs like tokens, mobile numbers, email, boolean values, etc. Additionally, while creating apps, developers prefer SQLite databases for structured data. It is recommended to store any data in the format of encryption so that it is difficult to extract the information by hackers.

4. Secure Secret Keys:

API keys, passwords, and tokens shouldn’t be hardcoded in the code. It is recommended to use different techniques to store these values so that hackers cannot get away quickly by tampering with the application. 

Here’s a reference link: https://guides.codepath.com/android/Storing-Secret-Keys-in-Android

5. Code Obfuscation

An attacker may decompile the APK file and extract the source code of the application. This may expose sensitive information stored in the source code of the application to the attacker which may be used to perform tailored attacks. 

It is better to obfuscate the source code to prevent all the sensitive information contained in the source code.

6. Secure Communication:

An attacker may perform malicious activities to leverage the level of attacks since all communication is happening over unencrypted channels. So always use HTTPS URLs over HTTP URLs.

7. SSL Pinning:

Certificate pinning allows mobile applications to restrict communication only to servers with a valid certificate matching the expected value (pin). Pinning ensures that no network data is compromised even if a user is tricked into installing a malicious root certificate on their mobile device. Any app that pins its certificates would thwart such phishing attempts by refusing to transmit data over a compromised connection

Please refer: 

https://owasp.org/www-community/controls/Certificate_and_Public_Key_Pinning

8. Secure API request & response data

The standard practice is to use HTTPS for the baseline protection of REST API calls. The information sent to the server or received from the server may be further encrypted with AES, etc. For example, if there are sensitive contents, you might choose to select those to encrypt so that even if the HTTPS is somehow broken or misconfigured, you have another layer of protection from your encryption.

9. Secure Mobile App Authentication:

In case an application does not assign distinct and complex session tokens after login to a user, an attacker can conduct phishing in order to lure the victim to use a custom-generated token provided by the attacker and easily bypass the login page with the captured session by using a MiTM attack.

i) Assign a distinct and complex session token to a user each time he/she logs on successfully to the application. 

ii) Terminate the session lifetime immediately after logging out. 

iii) Do not use the same session token for two or more IP addresses. 

iv) Limit the expiry time for every session token.

10.  Allow Backup 

Disallow users to back up an app if it contains sensitive data. Having access to backup files (i.e. when android:allowBackup=”true”), it is possible to modify/read the content of an app even on a non-rooted device. So it is recommended to make allow backup false. 

11. Restrict accessing android application screens from other apps

Ideally, your activities should not give any provision to the opening from other services or applications. Make it true only when you have a specific requirement to access your flutter screens from other apps otherwise change to android:exported= ”false”

12. Restrict installing packages from the android application

REQUEST_INSTALL_PACKAGES permission allows apps to install new packages on a user’s device. We are committed to preventing abuse on the Android platform and protecting users from apps that self-update using any method other than Google Play’s update mechanism or download harmful APKs.

Conclusion: 

Mobile Apps have become more personalized than ever before with heaps of customers’ personal data stored in them every day. In order to build trust and loyalty among users and prevent significant financial and credential losses for the companies, it is now crucial to make sure the application is secure for the user. Following the above-mentioned mobile app security checklists will definitely help to prevent hackers from hacking the app.

About the Author:

Raviteja Aketi is a Senior Software Engineer at Mantra Labs. He has extensive experience with B2B projects. Raviteja loves exploring new technologies, watching movies, and spending time with family and friends.

Read our latest blog: Implementing a Clean Architecture with Nest.JS

Cancel

Knowledge thats worth delivered in your inbox

Loading More Posts ...