BYOD Isn\'t Here To Stay: It Might Get Stabbed By COPE

You've heard it everywhere: Bring Your Own Device (BYOD) is here to stay and there's nothing you can do about it. What if I told you that this is complete nonsense? BYOD isn't here to stay. It's eventually going to be phased out by something else that offers a more convenient modus operandi. This time might come sooner than expected with a new wireless management concept known as “corporate-owned personally-enabled” (COPE).

COPE is basically a plan you make with a wireless management firm to order smartphones for your employees. Some companies already issue mobile devices to their employees, but COPE handles this process differently.

Brandon Hampton, the director of Bluefish Wireless Management and MOBI Wireless Management, tells us more about how COPE operates differently: “Traditional corporate liable programs create support challenges and, without the right technology, billing and cost challenges. The difference lies in the support system that is introduced. By off loading the support burden to a mobility management company, the organization eliminates the cost of providing day-to-day tier one support. It also introduces a partner that is an expert at supporting multiple operating systems and multiple carriers. This expertise allows the organization to offer more flexibility to its users in the form of an increase in the number of devices and carriers they allow into the environment. Finally, by introducing technology designed to manage procurement, reporting, billing and cost allocation the corporation can ensure lower costs with this increased flexibility.”

What he's saying basically means that you can offer employees a wider range of telephones, operating systems, and carrier choices. More choice equals more happy employees! They pick up a piece of the tab, you pay the plan, and you manage the exchange of information as you see fit. You see, letting employees bring their own devices to work gives you only one choice: You have to place proprietary software on their personal devices such as mobile device management (MDM). Employees sometimes feel wary of this, since MDM allows you to track phone location. To avoid all the privacy issues, they can have a separate device for work paid partially by you and managed by you.

“COPE addresses the privacy issues because it is still a corporate liable device,” said Hampton. “Mobility policies address the issues involving personal information by ensuring that the end users are aware that, ultimately, the data on that device is owned by the organization.”

To adopt COPE, your mobility management provider will work with you as a partner to help you acquire and manage any mobile device you want to issue to your employees. Support for the mobile device happens directly through the provider, eliminating the need for frustration with the carrier or phone manufacturer. When an employee leaves the company, all the data remains in your hands, and you can decide what you will do with the device. It's a more feasible solution than scrambling around trying to manage a bunch of personally-owned devices!



10 Twitter Blunders Businesses Should Avoid

New to Twitter? Still learning how to build your following and engage existing followers? Twitter can be an incredibly useful tool, but it can easily become a wasted resource if you're not using it correctly.

Here are 10 common Twitter mistakes your business should avoid:

1. Shameless Self-Promotion

Tweeting about your business is OK, as long as you're doing so in moderation. As with all social media, Twitter is a medium for conversation. It's important to be adding value to the general conversation.

If you're tweeting the latest piece of useful content or pertinent event information, your followers will know how great you are without your having to say it outright.

2. Repeating Tweets

Twitter moves quickly. As of June 2012, Twitter was at 400 million tweets per day. With that many tweets streaming through your followers' Twitter feeds, there is a great chance your tweet will be missed. Many businesses try to combat this by repeating the same tweet 50 times per day. That is just too much repetition and your followers will grow tired of you.

You want to make sure your followers are seeing your tweets, but you want to be cautious of too much repetition. If it's a very important tweet and I want to make sure it is seen, I like to repeat it a couple times a day for a few days, but not much more.

3. ReTweeting Yourself

ReTweeting yourself equates to liking your own Facebook posts. We know you're proud of the content you're tweeting, you don't need to retweet yourself to prove it. When you want to repeat a tweet, don't be lazy. Find a new way to describe the content with each tweet.

As I mentioned above, you can repeat tweets in moderation. Take the time to compose a new tweet when re-sending the same link from an earlier tweet. Don't just retweet yourself over and over again or you will lose followers.

4. ReTweeting Mentions of Your Own Brand

Somebody finally mentioned your brand on Twitter! This can be very exciting. A common response is to just retweet the great thing someone said about you. In the real world, would you go around repeating the compliments you've received? Probably not. Apply this same rule when using Twitter.

I would recommend that you reply to the person with a thank you and move-on. However, if you feel the mention contains content your followers might want to see, just make sure your retweet includes a thank you to the user who mentioned you.

5. Too Many Hashtags

Too many hashtags in a tweet is distracting and ineffective. Your tweet will come off looking spammy and consequently will be ignored. You want people to actually read what you're tweeting, right?

Instead of stuffing your tweet with hashtags, pick one or two keywords that relate to your tweet and place those at the end with hashtags.

What Not to Do

Twitter

 

Recommended

Twitter

 

6. Generic Questions

I see this all the time. Businesses will tweet a question like, “How's your day going?” First of all, Twitter only allows for 140 characters. How are your followers going to respond to such an open-ended question in so few characters? And, what's the point of your question?

You're allowed to be casual and conversational on Twitter, but put some thought into the questions you want to ask and how you want to ask them. First, decide whether you want to keep things professional or be personal. Then, ask the questions that align with your Twitter strategy.

If you're keeping it professional, stick to questions that pertain to industry-related topics:

“Our key takeaway from the #SmallBiz event? Balance professional and personal tweets. What did you learn? #socialmedia”

Leaning toward personal tweets? Ask a question that invites a response:

“We spent the morning @SmallBizTrends eating #bagels! What'd you eat for breakfast? #morningchatter”

7. Irregular Activity

When something big is happening to your business, it's expected that you'll be doing some extra tweeting. You could be ramping up your Twitter activity because you're promoting an upcoming event, running a campaign, or publishing a white paper.

A common mistake, however, is to be absent from Twitter 80% of the year and then only show up when you have something you need to promote. Twitter is active year-round and you should be too. Regardless of whether it's a busy time of year for you or not, you can always maintain a regular stream of activity and engagement.

Monitor feeds daily to participate in relevant conversations and re-share other's useful content. That way, when it comes time to promote your own business, you can increase your activity and your followers will be more likely to help you spread the word.

8. Robot Posts

You're busy. Your business is busy. You want to participate in social media, but you just don't have the time. Enter the tweet scheduler. Numerous services allow you to schedule tweets ahead of time. This is a feature that can be very useful. I like to schedule tweets when I'm going on vacation or when there are a few things I want to make sure I promote in a timely manner.

Using a tweet scheduler too often, however, can start to make you look like a robot. Even when you're using Twitter in a professional capacity, your followers want to know there is a person behind the tweets.

Schedule in moderation and inject some personality. Scheduling the same tweet for 10:01AM, 12:01PM, 2:01PM, and 4:01PM is a dead giveaway that you have relinquished your Twitter participation to a robot, and will hurt engagement.

9. Tweet Length

What could I possibly mean by tweet length? We're already limited enough by the 140 characters, aren't we?

Often, taking up the entire 140 characters limits your followers in their ability to retweet you and add a comment of their own. When possible, leave some characters unused to enable people to add their own commentary, @mentions, and hashtags when retweeting your content.

10. Misleading Link Descriptions

There is nothing more irritating than when you see an interesting tweet, click on the link, and find you've been taken to a completely unrelated page. We all want to see high click-through rates, high engagement, and large followings, but a misleading link description will only hurt your reputation.

You can be engaging without misleading your followers by composing a tweet that both attracts attention and relates to the link you're sending out.

While there is no formula for Twitter success, avoiding some of these mistakes will certainly help you in your Twitter endeavors.

What are some common Twitter mistakes you've seen?




BYOD Isn\'t Here To Stay: It Might Get Stabbed By COPE

You've heard it everywhere: Bring Your Own Device (BYOD) is here to stay and there's nothing you can do about it. What if I told you that this is complete nonsense? BYOD isn't here to stay. It's eventually going to be phased out by something else that offers a more convenient modus operandi. This time might come sooner than expected with a new wireless management concept known as “corporate-owned personally-enabled” (COPE).

COPE is basically a plan you make with a wireless management firm to order smartphones for your employees. Some companies already issue mobile devices to their employees, but COPE handles this process differently.

Brandon Hampton, the director of Bluefish Wireless Management and MOBI Wireless Management, tells us more about how COPE operates differently: “Traditional corporate liable programs create support challenges and, without the right technology, billing and cost challenges. The difference lies in the support system that is introduced. By off loading the support burden to a mobility management company, the organization eliminates the cost of providing day-to-day tier one support. It also introduces a partner that is an expert at supporting multiple operating systems and multiple carriers. This expertise allows the organization to offer more flexibility to its users in the form of an increase in the number of devices and carriers they allow into the environment. Finally, by introducing technology designed to manage procurement, reporting, billing and cost allocation the corporation can ensure lower costs with this increased flexibility.”

What he's saying basically means that you can offer employees a wider range of telephones, operating systems, and carrier choices. More choice equals more happy employees! They pick up a piece of the tab, you pay the plan, and you manage the exchange of information as you see fit. You see, letting employees bring their own devices to work gives you only one choice: You have to place proprietary software on their personal devices such as mobile device management (MDM). Employees sometimes feel wary of this, since MDM allows you to track phone location. To avoid all the privacy issues, they can have a separate device for work paid partially by you and managed by you.

“COPE addresses the privacy issues because it is still a corporate liable device,” said Hampton. “Mobility policies address the issues involving personal information by ensuring that the end users are aware that, ultimately, the data on that device is owned by the organization.”

To adopt COPE, your mobility management provider will work with you as a partner to help you acquire and manage any mobile device you want to issue to your employees. Support for the mobile device happens directly through the provider, eliminating the need for frustration with the carrier or phone manufacturer. When an employee leaves the company, all the data remains in your hands, and you can decide what you will do with the device. It's a more feasible solution than scrambling around trying to manage a bunch of personally-owned devices!



Grant Wickes, aka Professor Gadget: Using iPhone Photo and Video for Business

The iPhone is quickly becoming the “go to” gadget for fans of photography and video and many are now using these features for business and marketing purposes. Enter Grant Wicks, a.k.a. “Professor Gadget,” Vice President of Business Development for Wasp Barcode Technologies and a Top 100 SMB Influencer. Grant has sourced many useful gadgets and turned his iPhone into a one man media studio for conducting on-the-go interviews.  Tune in as he joins Brent Leary to share some of these special finds so that you, too, can make the best use of the iPhone for business.

* * * * *

iphone photo and video for businessSmall Business Trends: Can you tell us a little bit about yourself and your background?

Grant Wickes: I've been steeped in the technology world for 25, almost 30 years.  It has always been on the marketing and sales side of things with software companies.

Small Business Trends: What compelled you to get into “interview mode” at conferences?  To find all of these cools tools to turn your iPhone into a full blown production kit?

Grant Wickes: I don't come from T.V.  I don't come from radio.  I am not a big expert on these things.  But I have a passion to interact with folks.  As you said, going around to the various conferences.

I like to take photographs. I have all of the high end equipment, a big Cannon Digital SLR, with all the big lenses, which is fantastic. But I don't want to bring all of that stuff with me on the road. Then the iPhone came out and it really became an interesting platform.

I collapsed it down and found the iPhone really became the platform for me to be able to do photography. I got into it, this thing is a fantastic video machine.  So I did not have to bother with the camcorder any more.

Small Business Trends:  Can you talk about how you make them look good and sound great using the iPhone?

Grant Wickes: Sound is something people will not tolerate if there's crackling. The iPhone has a built in microphone, but honestly, it's just a cheap little mic inside the phone.

With a little research, now you can get adaptable microphones.  There is one by Belkin that's called an iPhone Boom Mic that plugs right into your ear piece for the iPhone and sticks out about 4 or 5 inches and I can go around talking to people.

The second approach is the little lavalier mic that all the T.V. guys put on their collar. There is an adaptable unit from Audio Technica for $20. I can get a lavalier mic with a 20 foot cord, with another little $20 adapter that converts into the iPhone plug in. Now I have studio quality sound for an interview.

The other one, the Boom Mike, was around $40.

Small Business Trends: How do you get great lighting from a picture you take from your iPhone?

Grant Wickes: If you are out at an event or in a spot, you look for natural light. It is always the best approach. If I can get an outdoor setting where the sun is in the back, or if I can get an indoor sitting area that has a glass enclosure where outside light is coming in, that is always superb to do that.

But let's face it, we don't always have that luxury. For $30 for both, I have bought a couple of different LED lights. These things are small little white lights I turn on.

I have a bracket I can fit on the iPhone so that the light now shoots off to the side. It hangs out to the right side of the iPhone.  Because one of the things you try to avoid with light is having it directly in someone's face.

An iPhone with this little case for $23, with a $13 extension heading out there, with a $30 LED light, and $30 microphone, and I've got gadgets on the go.  I have studio quality on a shoe string budget.

I have these little gadgets in my bag. I can immediately have a quick conversation, it leads to an interesting discussion. Within less than five minutes, I am up and running. In less than ten minutes, you and I have finished the conversation. I have content that I can put up and share with my customers, or clients, or business prospects.

Small Business Trends: Did you see any difference, in terms of views or clicks, in the way people perceived the content?

Grant Wickes: There is no doubt. The good old days where you can have your flip cam and all of that noise in the background â€" that's really not acceptable anymore. So I do see it. I see it through Google Analytics the continued use and sharing of these video snippets that I take.

Small Business Trends: Where can people see these tips that you have talked about?

Grant Wickes: I am putting up a robust set on my Pinterest.

Small Business Trends: Where can people find some of these tools and these little gadgets?

Grant Wickes: There are two primary places I go for my gadgets. One is called Photojojo.  They are a fantastic little gadgets spot for iPhones.  Another is B&H Photo Video. It's based in New York and is a store for photography.  They have all of these little gadgets I've picked up.

I didn't even talk to you about the 8x zoom lens I got from Photojojo to do shots. So we have to talk again Brent. There's too much stuff to share with everyone in a short amount of time.

Small Business Trends: Since you mentioned that, what is that called?

Grant Wickes: That one is iPhone Lens by Photojojo. It is an 8x lens.  Now they have one for the iPhone 5 that takes you 12x. So it is like having a 600mm lens on your iPhone. It is $35. It's just fantastic!

Grant Wickes â€" Professor Gadget by smallbiztrends




They\'ve Opted For A Spin Off

business cartoon

I apologize. This is one of those punny captions that get through when I'm feeling silly, tired, or I'm on a really tight deadline. (You should see the cartoons when I'm all three!)

Still, if's goofy and harmless and I have to say it's grown on me over the years. Plus, the holidays are here so it's relevant now, right? Right?

OK, back to the drawing board. (Literally.)




Cyberoam offers next-generation UTM for SMBs

Cyberoam has launched a next-generation series of unified threat management (UTM) solutions.

Called the ‘Cyberoam NG series', the company said that they offer up to five times the industry average throughputs that small-to-medium businesses expect, therefore reducing bottlenecks and they come pre-loaded with the CyberoamOS firmware.

According to the company, the CyberoamOS extracts performance from a multi-core platform, as well as offering minimum latency and improved processing speed with use of optimised interrupt rates and FastPath technology. The NG series appliances' hardware consists of GHz processors for nano second security processing, along with Gigabit Ethernet ports and high port density.

Features include: advanced application controls based on user identity, time, applications and bandwidth; a web application firewall; support for 4G; and Cyberoam's VPN and firewall and advanced threat protection from its intrusion prevention system.

Abhilash Sonwane, senior vice president of product management at Cyberoam, said: “Small-to-medium businesses are unable to fully migrate to gigabit-ready network infrastructure because of lack of security solutions with gigabit performance in this segment. To cope up, they either have to compromise on security or need to expand their security budgets to buy enterprise-level security.

“Cyberoam NG series for SOHO/SMB meets these needs by offering the best-in-class firewall and UTM throughputs along with Gigabit ports. In fact, the entry-level appliance in the NG series comes with gigabit firewall throughput.”



Anti-virus start-up is run by former Chinese hacker

Start-up security firm Anvisoft was founded by a former Chinese hacker.

Security blogger Brian Krebs came across the company when users of a forum were determining whether this was a legitimate anti-virus vendor.

Krebs said: “Anvisoft had already been whitelisted by several other anti-virus and security products, but the discussion thread on Malwarebytes about who was running this company was inconclusive, prompting me to dig deeper.”

According to Krebs, it was difficult to locate where the company was based, with numerous locations suggested, including Toronto and Freemont, California; however eventually he found that Anvisoft was based in Chengdu, a city in the Sichuan Province of China.

After looking up the internet address and reverse DNS look-ups, Krebs found that three other hosted domains at the IP address were originally registered to ‘wth rose' who he linked to the infamous Chinese hacker ‘Wicked Rose' (a.k.a. ‘Withered Rose'), real name Tan Dailin.

“In 2007, VeriSign's iDefense released a report on Rose's hacking exploits, which detailed his alleged role as the leader of a state-sponsored, four-man hacking team called NCPH (short for Network Crack Program Hacker).  According to iDefense, in 2006 the group was responsible for crafting a rootkit that took advantage of a zero-day vulnerability in Microsoft Word, and was used in attacks on ‘a large DoD entity' within the USA,” Krebs said.

He also found that one of Dailin's colleagues in NCPH - a hacker nicknamed ‘Rodag' - had urged readers of his blog to download and install Anvisoft Smart Defender, calling it a "security aid from abroad" that offers "superior performance and is "very simple and beautiful".

Krebs said: “This may all be a strange coincidence or hoax. Anvisoft may in fact be a legitimate company, with a legitimate product; and for all I know, it is. But until it starts to answer some basic questions about who's running the company, this firm is going to have a tough time gaining any kind of credibility or market share.”

In response to requests from the Register, Anvisoft confirmed via a message from its official Facebook account that the report was accurate, simply stating: “Yes, it is true".



IT professionals do not display enough concern for data encryption

Nearly two-thirds of IT professionals have admitted that they do not encrypt data stored on portable storage devices.

According to a survey of 106 delegates at IP Expo 2012 by iStorage, 64 per cent admitted to not encrypting data held on portable storage devices, while fewer (than those surveyed in 2011) believed that data loss was a serious concern.

In its 2011 survey, 99 per cent of respondents said that data loss was a serious or growing concern, but this reduced to 96 per cent this year.

The number of IT professionals who admitted to losing a portable data storage device also decreased slightly from 40 per cent in 2011 to 39 per cent. The same question asked at this year's Infosecurity Europe event found that one-third (34 per cent) admitted to this.

John Michael, managing director at iStorage, said: “The results of this latest iStorage survey to be conducted at a major UK information technology event reinforce the notion that IT professionals are putting company data at risk.

"However, what is more alarming is the reduction in those believing data loss to be a serious or growing concern, suggesting many are becoming increasingly complacent. This comes at a time when IT professionals should act as guardians of digitised corporate data, especially as the Information Commissioner's Office can fine offending organisations up to £500,000.”



IT professionals do not display enough concern for data encryption

Nearly two-thirds of IT professionals have admitted that they do not encrypt data stored on portable storage devices.

According to a survey of 106 delegates at IP Expo 2012 by iStorage, 64 per cent admitted to not encrypting data held on portable storage devices, while fewer (than those surveyed in 2011) believed that data loss was a serious concern.

In its 2011 survey, 99 per cent of respondents said that data loss was a serious or growing concern, but this reduced to 96 per cent this year.

The number of IT professionals who admitted to losing a portable data storage device also decreased slightly from 40 per cent in 2011 to 39 per cent. The same question asked at this year's Infosecurity Europe event found that one-third (34 per cent) admitted to this.

John Michael, managing director at iStorage, said: “The results of this latest iStorage survey to be conducted at a major UK information technology event reinforce the notion that IT professionals are putting company data at risk.

"However, what is more alarming is the reduction in those believing data loss to be a serious or growing concern, suggesting many are becoming increasingly complacent. This comes at a time when IT professionals should act as guardians of digitised corporate data, especially as the Information Commissioner's Office can fine offending organisations up to £500,000.”



Approaching the Cliff: Deficit Talks Raise Concerns for Small Businesses

With deficit talks under way in Washington to avoid a looming shortfall at the end of this year, potentially higher taxes are only one issue small businesses have to worry about. Find out more about how a plethora of policy changes may affect U.S. small businesses in 2013 in our detailed update below.

More Questions Than Answers

Going off the cliff. Even if lawmakers manage to avoid going over the “fiscal cliff” at the end of this year, their solution might still send small businesses over a similar precipice. Among the benefits that may be either lost or not reinstated include special depreciation allowances for capital investments, some work opportunity tax credits, temporary exclusion of 100 percent of gain on certain small business stock, enhanced charitable deduction for donating computers to schools and libraries, and more. The New York Times

A different kind of healthcare crisis. Many small business owners worry that the new Affordable Care Act scheduled to go into effect in 2014 will be too costly for them to bear. The result could be the opposite of what lawmakers have intended, with business owners forced to decide between laying off workers to avoid paying for insurance or paying a penalty per employee for not providing coverage. This could require employees to foot the cost of their entire healthcare insurance. The Washington Post

Will taxes on the rich impact small businesses? Yes, but how much really depends upon who you ask. An estimated 941,000 small businesses in the U.S. make more than $250,000 and could face tax increases of as much as $8,000 more a year. Some business owners say this kind of increase will deprive them of money they could have reinvested in growing their business, meaning ultimately slower economic growth. But other business owners insist the increase will not be sufficient to hamper growth if sales are strong. CBS Evening News

New winners and losers. A peculiar side effect of one of the proposals presently on the table in Washington to fix a looming deficit would actually have corporations paying less, while small businesses pay more, says one report. The report claims that while the proposal supports raising marginal tax rates on those making over $250,000, including some small business owners, to 39.6 percent, it would also support decreasing the corporate tax rate to 28 percent, a step in the wrong direction, say critics. The Weekly Standard

Positives and Negatives

On the positive side. Not everyone is worried about the outlook for small businesses. Guest blogger Penny Munroe points to a number of policies some say will boost small business growth, including eighteen separate small business tax incentives introduced during the administration's first term, efforts to improve access to small business loans, efforts to boost export and trade, and more federal contracting opportunities and infrastructure investment. Small Biz Diamonds

The bitter with the sweet. A majority of small business owners participating in the Hartford 2012 Small Business Success Study felt their taxes would likely increase in the coming year, even though responses were collected before the results of the U.S. Presidential election were known. But on the upside, concern and uncertainty led small business owners and entrepreneurs to do what they do best-start looking for ways to survive and thrive, no matter what the economic climate. For example, the same businesses said they were looking for ways to cut costs, build better relationships with customers, and hunt for new business, good advice in any economy. Open Forum

EU Initiative

EU fights for small business growth. The U.S. is not alone among nations looking to small businesses for revitalization and fretting about how public policy might impact their success. The EU now includes an estimated 23 million small businesses, and public policy is now focusing on how to help them grow and flourish. To that end, the European Commission recently held an inaugural SME Assembly to look for ways to improve policy across the continent to help those businesses succeed. GrowthBusiness.co.uk



Study finds spear phishing at heart of most targeted attacks

Spear phishing attacks that target specific people at enterprises with the aim of gaining a foothold into the corporate network, often contain malicious file attachments and are at the core of most targeted attacks, according to a new report.

In an analysis of targeted attack data collected between February and September, Trend Micro found that 91% of targeted attacks involved spear phishing. Malicious file attachments were contained in 94% of emails, according to the report "Spear Phishing Email: Most Favored APT Attack Bait" (.pdf).  

The custom malware is usually embedded deep within a document, such as a phony business report, spreadsheet or resume, Trend Micro said. "Employees in large companies or government organizations normally share files via email since downloading materials straight off the Internet is regarded as insecure," the security firm said.

Phishing is at the heart of many publicly reported data breaches, according to a variety of industry studies.  A caseload review conducted by Verizon, which served as a preview to the 2012 Verizon Data Breach Investigations Report, noted that social tactics, such as phishing, were tied to over half of all data loss in the 90 breaches investigated by Verizon in 2011.

A computer forensics team also noted recently that a phishing attack sparked the massive South Carolina data security breach, but it is unclear whether it was a spear phishing attack or a run of the mill phishing campaign that gave a lucky attacker account credentials into the state's sensitive databases.  Last year, spear phishing was technique used by the attacker that infiltrated the U.S. Chamber of Commerce breach. China-based hackers are believed to have carried out the attack.

Enterprises most at risk

The Trend Micro report found that .exe files are no longer popular among cybercriminals, since most enterprises filter out the file type with email filtering technology. The most abused file type: .RTF files, according to the report.  Rich Text Format (RTF) is harder for organizations to block, because it is used to exchange text files between Microsoft Word and other programs and operating systems.

Government agencies and activist groups are most at risk of a spear phishing attack, according to the report. The public nature of the employees in the two sectors makes it easy for an attacker to find victim email addresses and target them with a convincing email containing a malicious file attachment. Companies in the heavy equipment, aviation and aerospace and financial industries are also at an elevated risk level.

Experts advocate user education, tighter social media policies, strong antimalware and email filtering technologies to mitigate the risk posed by spear phishing attacks. Employees can also undergo spear phishing drills to test the effectiveness of education.




Mac Planet: Samsung and Apple\'s never-ending battle

After extensive litigation and decisions in different territories going to one company or the other, Samsung remains unbowed by the struggle. Samsung's mobile and IT division head told reporters that the Korean company doesn't intend to negotiate with Apple.

This is despite the recent example of HTC signing a ten-year cross-licensing agreement with Apple that will end all legal battles between the two companies. It will also lead to at least a little HTC money going Apple's way. Terms of the deal were not disclosed, but analysts estimate that HTC will send Apple between $6 and $8 per phone in a deal that'll net Apple over $200 million each year.

OK, well, I guess that's not much of an incentive to deal. But it's not just Samsung being intransigent: Apple has further distanced itself from rival Samsung by switching to different suppliers for iPad and MacBook batteries. Apple has been labouring to avoid Samsung's components since the companies became embroiled in various legal battles all over the world.

Apple is now relying on batteries from Amperex Technology Limited and Tianjin Lishen Battery to power its iPads and MacBooks, according to Chinese Business News. Sterling brands, I'm sure. Just not exactly household names.

Apple had already shunned Samsung's displays and flash memory, which have been integral to millions of previous Apple products over the years.

Apple's decision to give Samsung Display the boot may be "one that comes back to haunt the Cupertino company" (as Cult of Mac puts it).

The smaller Apple tablet was expected to be a smash hit this Christmas, but Apple is said to be up against supply constraints with one of its two display manufacturers.

For the new iPad mini, Apple chose LG Display and AU Optronics. The problem is, the smaller AU Optronics may be struggling to keep up with Apple's orders.

DigiTimes reports that LG Display is supplying the vast majority of panels for the iPad mini since AU Optronics "continues to suffer from poor yields in the production of panels for the devices."

This could become a big issue for Apple as we approach the holiday season. New Zealand retailers have been struggling to get stock of the mini already, with one waiting weeks to finally get a delivery of ... 11! (So it's not their fault, folks, if you can't find what you're wanting.)

In the States, Apple online has reasonable shipping times for the mini, but here our Apple online stores still says "Limited quantities available". Meanwhile, the iPad 4 with the, presumably, harder-to-build Retina display is readily available.

In better news, iPhone 5 seems to be in the channel now, with barely any wait times, and the new razor-thin iMac, which had also been rumoured to be under supply constraint, is now almost with us - Apple has announced it is on sale from today, in the 21-inch version at least, with the 27-inch set to follow in December. I'm very much looking forward to trying one of these out, to benchmark that Fusion drive and just to see the beauteous thing in the flesh. Anyway, the point is, rumours of Apple product doom don't always pan out - at least, not for long.

Apple, by the way, has posted its annual Gift Guide page to help you spend your money on the Inc. How thoughtful.

Of course Apple promotes its own stuff here, but there are some intriguing things from third parties, too, like the Crayola DigiTools Ultra Pack for iPad. Say what? Exactly. This is an Apple Store exclusive. So it might be worth sidelining your cynicism and checking out the Gift Guide, at least for intriguing packs like this.

On that subject, I started looking at new stuff this month and it totally snowballed on me. I have been posting reviews on mac-nz.com at a furious rate (for me) and now I have seen so many products, and have so many more to look at, I am doing my own gift guide, as it were. So subscribers to my free monthly MagBytes pdf will get another issue before the usual last Thursday of the month packed full of the new stuff I have been looking at, for Macs, iDevices and more. All of this stuff is available in New Zealand, so I hope it will be helpful to you, and thanks to all the vendors who have been lending me things to salivate over, and for bravely ignoring my heartrending (although, obviously not heartrending enough) tears when I give them back.

I do plan to summarise everything on Mac Planet one day soon, so you don't even need to sign up for the free monthly PDF of Apple news, tips and tricks. So I'm not actually 'selling' you anything free and useful after all.

Anyway, back to the corporate stoush. Apple can't divorce itself entirely from Samsung, because despite the increasingly public nastiness between the two Corps, Samsung's processors are still the CPUs in Apple's iOS devices. There's no real choice: Samsung is the only supplier of the A4, A5, and A6 processors Apple needs; it's simply not yet feasible to shift supply elsewhere. With that in mind, Samsung recently announced it will be increasing the price Apple pays for its processors by 20% in 2013. Ouch.

Samsung recently had to pay Apple more than $1 billion in damages in the US when a jury found the Korean electronics giant guilty of patent infringement. However, this is just one of many legal battles involving the two companies; in other places, Samsung has been the winner.

And on the 'protestations of doom' subject: Apple has had some unholy arguments that have got very personal before. Adobe and Apple almost declared war a couple of times, and dare I mention Microsoft vs Apple? However, most of the time, these issues got worked out, and they carried on swapping knowledge and supporting each other in not immediately obvious ways, so all is not lost. Samsung may one day be an Apple partner again.

For there's a magic ingredient in all this, isn't there? It's called 'money'.

By Mark Webster

Nitrogram: Analytics for Instagram Marketing

Businesses that use social media to promote their products and services often rely on analytics services to better understand their target market and the best practices for using these sites. There are many different analytics platforms to choose from when dealing with popular social media sites like Facebook and Twitter.

But now, that more and more businesses are beginning to use photo sharing app Instagram as part of their social media strategy, some of those businesses are looking for ways Read More

The post Nitrogram: Analytics for Instagram Marketing appeared first on Small Business Trends.



AWS IAM tools essential to secure cloud services

LAS VEGAS -- If there was one clear theme from the security-focused technical sessions Wednesday at the inaugural AWS re:Invent conference, it's that the diligent use of IAM tools and best practices is critical in securing AWS cloud environments.



Time to Raise the MBL Cap for Credit Unions?

Fred Becker, President and CEO of the National Association of Federal Credit Unions (NAFCU), is calling upon Senate leaders to pass a bill to raise the credit union member business lending cap (MBL) from 12.25 percent of assets to 27.5 percent. Increasing this cap would allow credit unions to make more capital available for small business loans, which can be a profitable part of a credit union's portfolio.

MBL cap

The bipartisan Credit Union Small Business Jobs Bill, S. 2231, introduced by Senator Mark Udall (D-CO), and retiring Senator Olympia Snowe (R-ME), would increase the MBL cap from 12.25 percent of assets to 27.5 percent for eligible credit unions.

When Congress passed the Credit Union Membership Access Act in 1998, it created restrictions on the ability of credit unions to offer member business loans by a credit union's member business lending to 12.25 percent of total assets. Research has proven that the cap hinders credit union lending to small business and does little, if any, harm to banks and other institutions.

In January 2001, the Treasury Department released a study, “Credit Union Member Business Lending” which found that ‘Business lending is a niche market for credit unions. Overall, credit unions are not a threat to the viability and profitability of other insured depository institutions.'

Last year, the SBA's Office of Advocacy also found that bank lending was largely unaffected by changes in credit union business lending, and that credit unions have the ability to offset declines in bank business lending during a recession (James A. Wilcox, The Increasing Importance of Credit Unions in Small Business Lending, Small Business Research Summary, SBA Office of Advocacy, No. 387. Sept. 2011).

Becker suggests raising the MBL ceiling in combination with legislation to extend full coverage of noninterest-bearing transaction accounts. Banking trades are seeking extension of the “transaction account guarantee” program that was implemented under the Dodd-Frank Act. NAFCU advocated parity for credit unions, which was included in the final Dodd-Frank bill. Currently, $1.4 trillion in noninterest-bearing account balances covered under Dodd-Frank are in line to lose their federal coverage. The 100 percent deposit and share insurance coverage for these accounts is set to expire on Dec. 31 at midnight.

In a letter to Senate Majority Leader Harry Reid (D-NV), and Minority Leader Mitch McConnell (R-KY), Becker wrote:

“This would certainly have unintended consequences on smaller financial institutions and could very well lead to businesses shifting funds away from their community-based financial institutions.”

NAFCU believes that combining the two measures into one:

“. . .would not be a win-win proposition for the American people and our economy.”

I agree.  Credit unions have the capital to help America's small businesses thrive. The outdated MBL cap limits their ability to help stimulate the economy by providing credit to startups and expanding small businesses.

Unlock Money Photo via Shutterstock




Santa or Scrooge: The Pulse of Small Businesses This Holiday Season

Whether a small business is generous or a little penny pinching during the holidays usually depends a lot on how well the company did for the year. If you had a great year, it's easy to get in the holiday spirit and give clients and employees gifts. But if you didn't fare as well as you projected for the year, it might be more difficult to appear generous when everyone else is in the giving mood.

office party

American Express OPEN reports each year on where business owners are in terms of gift giving, employee bonuses and holiday parties. In the 2012 Small Business Holiday Monitor, we see that small businesses want to show their appreciation of employees and clients, even if they don't have large budgets.

Showing Appreciation to Employees

The majority of businesses surveyed plan to acknowledge their employees in some way at the end of the year. The good news for employees is that 35% of small business owners plan to give an end-of-year bonus, up from 29% in 2011. But even if you can't afford to give each of your staff a bonus, there are plenty of other ways to show your appreciation:

  • Employee gifts
  • Holiday party
  • Group activity
  • Time off
  • Gift cards

The purpose in using any of these techniques is to let your staff know that you recognize the hard work they put in for your company. Sure, they would all love to get a $5,000 bonus at year end, but if it's not in the budget, they'll understand.

Budgeting for Client Gifts

Another component of the holiday season is often giving client gifts. Small business owners are spending slightly more this year than in the past: last year 43% of small business owners bought their customers gifts, spending an average of $827, while this year, 51% of small business owners will spend about $958 on gifts for their clients.

Interestingly, the highest budget that the Small Business Holiday Monitor recorded for client gift spending was in 2007, when the average was $1,483. It's clear the recession has had an effect on this budget ever since.

Celebrations and Donations

For small business owners that identified more as a “Santa” rather than a “Scrooge” when it comes to generosity this holiday season, more will be hosting holiday parties, though spending slightly less than in the past. More than half of entrepreneurs will donate to a charity this year, through monetary donations, in-kind contributions or time donations.

Whatever your budget, find ways to show your appreciation of both your staff and your clients. Even something as simple as a holiday card can be enough to show your gratitude, and hosting a staff potluck can be a cost-effective way to add a little festivity to your office.

Office Party Photo via Shutterstock




Citrix Unleashes New Features To Improve Their Virtualization, Networking and Mobile Cloud Applications

If you use cloud applications to manage your business, chances are you've seen at least one of Citrix's cloud applications. They tend to be rather flexible, providing you with several ways of customizing the software to fit your needs. While you might find something else that matches your tastes, there's a chance that at least one of their solutions fits the bill for you. If you haven't heard of Citrix, you should certainly take a gander at what they have to offer.

For those of you who use any of Citrix's apps, there are some important updates you might want to check out! Here's a short list:

  • Citrix XenClient now on ultrabooks. You're no longer limited to hard-wired virtualization. Because of the new trend in mobility, Citrix has decided to bring ultrabooks into the big picture, allowing them to take part in the virtualized desktop experience.
  • Citrix introduces Windows 8 compatibility to everything. Windows 8 came out on October 26th. It was about time that they upgraded everything to make sure that it can catch up to the many small businesses adopting the new operating system.
  • GoToMeeting now runs on the iPad. Your favorite HD video conferencing application is now available on the iPad, allowing you to make presentations and meet people live from across the globe anywhere you are!
  • Podio‘s got a new “card” layout.  Citrix's collaboration, CRM, and custom app sandbox now has a very nice new interface that presents your projects in a way that's much more feasible than older Gantt charts. Read more about it in their blog.
  • GoToAssist now has a service desk.  Citrix adds a service desk to its GoToAssist IT remote assistance solution that allows you to quickly resolve any customer issues through a very simple and straightforward interface. You can now have a look at problems that need to be resolved and see where customers had similar problems that were resolved to come up with a much quicker resolution and a happier customer!
  • Citrix releases CloudGateway 2.  This piece of software is a great way to distribute apps where you need them through your own app store. CloudGateway 2 includes some enhancements that allow you to securely encrypt apps and their data, and wipe out anything remotely when necessary. Not only does it allow you to individually manage mobile devices, but it also gives you a way to distribute the apps you use across your business.
  • Citrix adds @WorkMail and @WorkWeb to Me@Work.  That was quite a mouthful! Me@Work now introduces @WorkMail and @WorkWeb to its business app suite. @WorkMail allows you to manage your email, contacts, and calendars while @WorkWeb is a secure consumer-like browser that delivers secure access to enterprise environments.

It's time to log in and check out the new goodies you just got! Be sure to check out any other relevant services listed above if you still haven't subscribed to them. You'd be surprised at how much you can discover!



Insurance Policy Forms: Ignorance of The Commodity Perception

The idea that insurance is in anyway a commodity is offensive to me as an insurance agent. The very common misconception that insurance is a commodity stems from general public's gross ignorance that all insurance policies are created the same.

The subsequent inference made by most insurance consumers then becomes that price is all that matters when in comes to purchasing an insurance policy.

If this is your belief, (please understand that I say this with all due respect), your ignorance is a detriment to both you and your family and/or your business and could someday ruin your life.

Harsh… Yes.

But my primary goal in writing this article to bring to your attention the utter FAIL that is â€" believing insurance to be a commodity.

Insurance Policy Form

What the Heck are Insurance Policy Forms?

When you buy an insurance policy, approximately 7-14 days later you receive in the mail a physical copy, correct? (Some carriers send a pdf version now.) I'm going to assume you're nodding.

Have you ever taken to time to look through all those pages of black type legal-looking documentation that follow the page with your premium on it?

Its okay to say no, 999 out of 1,000 people reading this post don't flip past the page with their premium on it.  So you're not alone for skipping the insurance policy forms.

All that legal print that you don't read, that's the Insurance Policy Form.  The insurance policy form, or policy language, outlines who is an insured, the insuring conditions, what type of loss(es) are coveraged, and what type of loss(es) are excluded.

Seems like pretty important stuff doesn't it?

A company called ISO provides the baseline policy language that most insurance carriers in the US use for their insurance policies.  However, many carriers will make changes, tweaks, and adjustments to the standard ISO Policy Form to meet their underwriting appetite (that means what type of losses they want to coverage and what type they don't).

Additionally, individual states will mandate certain changes to the standard ISO Policy Form which all admitted carriers in that particular state must abide by (for purposes of this discussion you do not need to know what an admitted carrier is).

So what does all this mean?

Insurance Carrier A sells a product called “Tech Liability” for X dollars.

Insurance Carrier B sells a product called “Tech Liability” for X â€" $100 dollars.

If insurance were a commodity, then all that would matter is price, and you would have to be remiss to not take the policy from Insurance Carrier B.  Right?  (Its cheaper.)

But Insurance Isn't a Commodity

Wait a minute…

Didn't I just say that many carriers will make changes to the baseline ISO form to match their specific risk tolerance?

Why Yes… Yes I did.

Could that mean that every carrier's policy is different, and may uniquely include or more importantly exclude coverages that you need to protect yourself, your family or your business?

Again Yes…

So it is within the realm of possibilities to assume that insurance policies ARE NOT COMMODITIES and should be examined in a coverage to price - Value Analysis, (I just made that term up. I like it and will start using it), on each insurance policy's unique ability to cover your specific risk needs at the most competitive premium?

Yes!

This post ended up way more snarky than I had originally envisioned it.  However, I'm hoping that you read through the sarcasm to my point.

The insurance policy form matters, the coverage matters, one insurance policy is not going to cover the exact same risks to same extent as a policy from another carrier even if they call the policy the same exact name.

Protect yourself and your business… it's a jungle out there!

Insurance Policy Photo via Shutterstock




Citrix Unleashes New Features To Improve Their Virtualization, Networking and Mobile Cloud Applications

If you use cloud applications to manage your business, chances are you've seen at least one of Citrix's cloud applications. They tend to be rather flexible, providing you with several ways of customizing the software to fit your needs. While you might find something else that matches your tastes, there's a chance that at least one of their solutions fits the bill for you. If you haven't heard of Citrix, you should certainly take a gander at what they have to offer.

For those of you who use any of Citrix's apps, there are some important updates you might want to check out! Here's a short list:

  • Citrix XenClient now on ultrabooks. You're no longer limited to hard-wired virtualization. Because of the new trend in mobility, Citrix has decided to bring ultrabooks into the big picture, allowing them to take part in the virtualized desktop experience.
  • Citrix introduces Windows 8 compatibility to everything. Windows 8 came out on October 26th. It was about time that they upgraded everything to make sure that it can catch up to the many small businesses adopting the new operating system.
  • GoToMeeting now runs on the iPad. Your favorite HD video conferencing application is now available on the iPad, allowing you to make presentations and meet people live from across the globe anywhere you are!
  • Podio‘s got a new “card” layout.  Citrix's collaboration, CRM, and custom app sandbox now has a very nice new interface that presents your projects in a way that's much more feasible than older Gantt charts. Read more about it in their blog.
  • GoToAssist now has a service desk.  Citrix adds a service desk to its GoToAssist IT remote assistance solution that allows you to quickly resolve any customer issues through a very simple and straightforward interface. You can now have a look at problems that need to be resolved and see where customers had similar problems that were resolved to come up with a much quicker resolution and a happier customer!
  • Citrix releases CloudGateway 2.  This piece of software is a great way to distribute apps where you need them through your own app store. CloudGateway 2 includes some enhancements that allow you to securely encrypt apps and their data, and wipe out anything remotely when necessary. Not only does it allow you to individually manage mobile devices, but it also gives you a way to distribute the apps you use across your business.
  • Citrix adds @WorkMail and @WorkWeb to Me@Work.  That was quite a mouthful! Me@Work now introduces @WorkMail and @WorkWeb to its business app suite. @WorkMail allows you to manage your email, contacts, and calendars while @WorkWeb is a secure consumer-like browser that delivers secure access to enterprise environments.

It's time to log in and check out the new goodies you just got! Be sure to check out any other relevant services listed above if you still haven't subscribed to them. You'd be surprised at how much you can discover!



Enisa calls for collaboration, specifically between Certs and LEAs

The European Network and Information Security Agency (Enisa) has launched a Good Practice Guide on cooperation and coordination between Computer Emergency Response Teams (Certs) and Law Enforcement Authorities (LEAs).

Claiming that collaboration between Certs and LEAs is hindered by their inherent cultural differences, the report makes five key recommendations to overcome these barriers: training; improving structures to support information sharing; facilitation of collaboration; good practice development; and harmonisation and clarification of legal and regulatory aspects.

The report establishes that cooperation is essential in the fight against cyber crime despite a number of legal and regulatory barriers.

The announcement came after an Enisa event, where closer cyber cooperation and mutual support were recognised as key factors for boosting cyber security for Europe's citizens, governments and businesses.

Enisa executive director, Professor Udo Helmbrecht, said: “Europe's information society depends on secure technology, well-built laws and policies and security-aware citizens. Our event today underlined that there is a strong need for closer cyber cooperation to build an even stronger level of European cyber security, for our citizens and Europe's digital economy.” 

Neelie Kroes, European Commission vice president, said: “The key to strong cyber security is sharing responsibility. That is the ‘name of the game' for this event and for Enisa, and it's a more important challenge than ever as the role of the internet in our economy and society continues to grow rapidly.”

Speaking about the launch of the report, Helmbrecht said: “Certs and LEAs cover crucial but different aspects of cyber security. Cooperation between them is vital to properly protect our digital citizens and economy. However, until now little research was done on how to connect these two areas. This study contributes to better fighting cyber crime by identifying the collaboration challenges, and ways to overcome them.”



Zig Ziglar, A Great Inspiration to Business Leaders, Dies at 86

Call him a motivational speaker, a thought leader, or an early self-help guru, Zig Ziglar was an inspiration to many, including entrepreneurs. As those in the business community said goodbye to Ziglar, who died at age 86 on Wednesday, we look at how attitude, outlook, and personal brand still affect business and success today, just as Ziglar has told us for 40 years.

The Man and the Message

Determine your altitude. As Ziglar said, “Attitude, not aptitude, determines altitude.” His philosophies on business and personal success put together might be described as Ziglar's “personal brand”, developed way back in the 1950′s before this term was in common use. At that time, Ziglar, a salesman, discovered that selling himself was the key to success and a 40 year career as a speaker and author. Your personal brand is a part of your business too. Think about the brand you project to customers. The New York Times

Words to live by. Before entrepreneurs ever talked about producing content and information products, Ziglar built a global business in which his words and message were his only real products. Those products were repackaged in the form of books, cassettes, and eventually podcasts. Here online marketer Nicole Dean shares some of chunks of Ziglar's wisdom in quotes and video clips of his successful presentations. Think about the information you provide to your customers and what that information is worth. Nicole on the Net

Tips for Achievement

Build your brand. Personal brand is widely recognized today as an important asset for any entrepreneur or business leader. No matter what your product or service, this brand communicates to customers about what you stand for and who you are. Your brand may help others decide whether or not they want to be in business with you. But building that brand may not be as easy as it seems. Here Elaine Rogers examines seven mistakes that can hurt your person brand. Don't let these mistakes happen to you. Tweak Your Biz

Have a plan. Ziglar often talked about the importance of setting goals. Part of the process was to determine what it would take to meet that goal and then establishing the steps necessary to achieve it. All entrepreneurs must have a plan to move their venture forward and understand the steps needed to carry out that plan, leading their companies to success. Yet some of the greatest pitfalls are not unexpected problems, but totally avoidable mistakes made early on in the process, says startup expert Martin Zwilling. Here are some of the worst, so plan ahead! Startup Professionals Musings

Start with a purpose. Taken together, Ziglar's philosophies point to the importance of a purposeful life. To avoid being what he called a “wondering generality,” he advocated defining that purpose and steps needed to fulfill it. Entrepreneur Allen Lau advocates the same philosophy when starting any business and gives this same advice to others interested in founding companies of their own. When he started his business, Lau was focused on solving a problem of his own, access to his collection of books on his mobile device, but ended up creating Wattpad, a service that brings readers and writers together, benefiting a much larger community. Sprouter Blog

The Final Analysis

Keep things simple. Ziglar had a few simple rules for his incredibly popular presentations. He focused on easy to remember sound bites of wisdom, injected humor and optimism into his message, and always made his audience's success at applying his principals a priority. Keeping things simple in your business will pay great dividends too, explains business consultant Susan Oakes. For example, take steps to simplify your marketing message, making it easier to communicate your value to customers and to grow your business. M4B Marketing

Know when to quit. Tom Ewer would add persistence to the principles of optimism and goal setting as imperative in realizing your business ambitions. But don't forget a dose of realism to help you determine when things aren't working. Never give up on your overall vision when trying to create your business, advises Ewer. Instead, use reality checks to determine whether your approach is the right one or whether you will need to modify your plan to reach your objectives. MyWifeQuitHerJob.com



Webscreen Technology and C4L launch DDoS mitigation service

A partnership between Webscreen Technology and C4L has led to the launch of a hosted distributed denial-of-service (DDoS) mitigation service.

Created for smaller and more dispersed organisations, the two companies said that this was designed to provide businesses with protection against large-scale DDoS attacks without the need to invest in costly in-house equipment, software or dedicated security staff.

Web traffic is routed through the C4L mitigation service before reaching a user's servers, ensuring that only ‘clean' requests get through. Webscreen Technology said that by analysing all incoming packets and filtering out unwanted and suspicious requests, the solution constantly learns and adapts, ensuring that potentially threatening packets are identified and blocked.

Paul Bristow, COO of Webscreen Technology, said: “We are delighted to have this opportunity to work with C4L on the first proxy service to use our advanced heuristic technology.

“DDoS attacks are growing in volume, size and sophistication and it's vital that customers have the ability to keep their businesses running without the threat of DDoS attacks. By offering this service in partnership with C4L we can ensure that all organisations, no matter what their size, have the opportunity to protect themselves 24/7 from this growing and costly risk.”

Gary Barter, telecom and connectivity product manager at C4L, said: “As organisations increasingly recognise DDoS as a serious and growing threat, they are asking the same question: ‘how can we guarantee effective but economical DDoS protection?'."

“The initial expense of in-house DDoS mitigation can be prohibitive for many organisations in today's tough economic climate and without proven DDoS protection organisations are always susceptible to being taken offline. By providing DDoS mitigation as an affordable, scalable, always-on service, C4L and Webscreen Technology are helping ensure that all organisations can afford fast, effective and economical DDoS protection.”



Targeted attacks start with a spear phish

Targeted attacks nearly always begin life with a spear phishing message, according to research.

Trend Micro claimed that 91 per cent of targeted attacks begin with a spear phishing email, according to data collected between February and September this year. 

The report said that 94 per cent of targeted emails use malicious file attachments as the payload or infection source, with the remaining six per cent using alternative methods such as installing malware through malicious links.

The most highly targeted industries are government and activist groups, with information on government agencies and appointed officials found on the internet and on public government websites.  

Rik Ferguson, director of security research and communications at Trend Micro, said: “We fully expect to see a resurgence of malicious email as targeted attacks expand and evolve.

“Experience has shown us that criminals continue to abuse tried and trusted methods to directly leverage intelligence gathered during the reconnaissance for targeted attacks.

“We have also seen that targeted attacks are evolving and expanding. The abundance of information on individuals and companies makes the job of creating extremely credible emails far too simple. It's a part of a custom defence that should not be ignored."

The research also determined that executable (.EXE) files were not commonly used as spear phishing email attachments, likely due to the fact that emails with .EXE file attachments are usually detected and blocked by any security solution.

Instead they come in the form of .LZH, .RAR and .ZIP files after being compressed and archived before being sent. In some cases, compressed files were password protected to further prevent their malicious content from being detected by security solutions.



AWS security strategy relies on rigorous cloud security processes

LAS VEGAS â€" The top security executive at Amazon Web Services understands that information security is the No. 1 concern voiced by potential customers and worry of existing customers.

It's important that we differentiate what we do from what you can choose to do.

 Stephen Schmidt, CISO, Amazon Web Services 

His response is simple: secure customers' systems and data better than they ever could themselves.

During a session Tuesday at the inaugural AWS re:Invent conference, AWS CISO Stephen Schmidt offered an insider's look at the AWS security strategy, highlighting the painstaking detail that encompasses the cloud computing giant's overall approach to security and its day-to-day practices.

Early on, however, Schmidt was careful to outline that security in the cloud is a shared responsibility. "It's important that we differentiate what we do from what you can choose to do," Schmidt said, noting that customers themselves have to decide how to secure their platforms, applications and ultimately access to their data, but that AWS takes responsibility for securing everything that sits below the operating system.

That way, Schmidt said, "you can spend your time and attention on the pieces of the security puzzle that are important to you, choosing your applications, configuring your systems, and monitoring access your employees have to that data."

That's not to say that role isn't without its challenges. In talking about direct denial-of-service (DDoS) attacks, he said AWS often mitigates hundreds of DDoS attacks against its customers on any given day, typically without customers ever being affected. However, it's not always easy to determine what is or isn't a DDoS attack.

"For example, when Michael Jackson passed away, a record label associated with him put a tribute site up on AWS, and we saw a huge spike in traffic going after those resources," Schmidt said. "To us, it looked like a DDoS attack. The important thing is we didn't shut off that traffic without figuring out what was going on."

AWS offers both stateful and stateless firewalls based on the type of infrastructure being used. As standard operating procedure, Schmidt said AWS requires every virtual machine it hosts to have a firewall installed on it, and it starts off closed. That way, he said, customers have the opportunity to choose good firewall rulesets, which can often close off broad avenues of potential attacks.

One of the most common security questions customers have, Schmidt said, is around packet flow and whether one customer can use promiscuous scanning to see another customer's traffic on the same physical machine. It's not possible, he said, because traffic has to flow through the firewall and hypervisor layers before it can be passed anywhere else, regardless of whether that's off that physical machine or to another virtual machine sharing the same hardware.

With such a large, distributed infrastructure -- five global regions, 15 availability zones and dozens of stand-alone facilities â€" change management is managed carefully. Schmidt said any software or configuration change is deployed first to a test environment, then a beta environment, then a single production machine, and finally across all the machines in a single availability zone, which may span several physical locations in the same geographic area. If all goes well, the change is then deployed to a different availability zone in a different region.

"We don't change two availability zones in the same region at the same time," Schmidt said. "Customers expect to be able to depend on multiple availability zones."

Regarding data integrity specifically of Amazon's S3 Simple Storage Service, Schmidt said every data object that goes into the store gets an MD5 encryption hash, which the company uses to validate that the data remains intact throughout its life in S3.

Schmidt emphasized the transparency of the AWS security program. He said not only can AWS customers run API scans as often as every minute to confirm the status of all their cloud assets, but the company also relies on a number of third-party auditors to validate its security posture.

"It's a series of independent audits by third parties that have a reputation in the industry, and it allows you to depend on their judgment regarding whether we're practicing security efficiently or not," Schmidt said. "It's impossible to have 9,000 customers traipse through the data centers themselves. The auditors do that for you."

The independent auditors certify AWS's adherence to a number of standards, including SOC1 and SOC2, ISO 27001, FISMA and PCI DSS.

"PCI is obviously something that's really important to one of our biggest customers, Amazon.com," Schmidt said. "You can run your business on AWS just as effectively as Amazon.com does."

Regarding physical security, which Schmidt called "fundamentally important to everything else we do," he said not only does AWS not advertise the exact locations of its data centers, but most of its own employees don't know where the locations are.

"Employees can give you a geographic region, and we do expose the cities in our audit process, but they won't tell you the street addresses because they don't know them to do their jobs," Schmidt said. "If our employees don't require access to information to do their jobs, why give it to them? It just exposes you."

Interestingly enough, the same rigor applied to the AWS security program is applied to its security staff. Schmidt said potential employees undergo background checks "to the fullest extent that's permissible" including review of credit history, criminal records, and residence history, and then those who are brought on board are rechecked on a regular basis.

Attendee Joe Stevensen, a security manager with a well-known software company, said he found the session comprehensive, but mostly covered information that existing AWS customers already know.

However, he lauded AWS for its security program, particularly what it's doing in the area of identity and access management, which he called "a really key feature that separates AWS from competitors."




SBA Opens Nominations for 2013 Small Business Week Awards

The U.S. Small Business Administration is now accepting nominations for its 2013 National Small Business Week Awards. In addition, it just announced the launch of a new online portal to accept and track all of the nominations for each award category.

Awards include National Small Business Person of the Year, Small Business Prime Contractor of the Year, Women's Business Center of Excellence Award, Veterans Business Outreach Center Excellence in Service Award, and more.

Winners for each award are chosen based on different sets of criteria. For example, nominees for the Phoenix Award for Disaster Recovery must own small businesses that suffered physical damage due to a disaster during the previous year, and they must have received an SBA disaster loan. Then those businesses nominated are evaluated based on a number of related factors, including extent of the damage, resiliency, and speed of recovery.

The National Small Business Person of the Year award is perhaps the most highly anticipated and coveted award in the community. Winners are selected from those who were named State Small Business Persons of the Year. A panel of judges selects the winners in each district and then each state. State winners will be announced on April 1, 2013.

Winners of the awards will be invited to Washington D.C. to attend the 2013 Small Business Week events and compete for national titles in their respective categories.

The online portal is now accepting and tracking nominations in all categories. In addition, nominations can be sent to SBA District Offices. All nominations need to be submitted or postmarked by January 3, 2013 in order to be counted.

Nominations can be made by any person or organization dedicated to the support of the small business community in the U.S. These can include professional trade organizations or associations. Upon submitting a nomination, users are asked to either sign in or create an account on the National Small Business Week site.

Small Business Week began in 1963 as a way to recognize the achievements and contributions of America's small business community. The events also offer networking and educational resources and opportunities for small business owners and professionals.

The 2013 Small Business Week will be the 50th anniversary of National Small Business Week, and will take place May 19 â€" 24, 2013.




Small Business Owners Think Local For 2013

As the year draws to a close, it's time for small business owners to take stock of what they can expect in 2013 â€" and most of them are expecting something good, according to the Fall 2012 Bank of America Small Business Owner Report.

The semi-annual survey found more than half of small business owners expect their revenues to grow in the next year, with just 7 percent expecting sales to drop. Nearly one-third plan to hire employees in 2013, while 56 percent will maintain the status quo, and just 3 percent foresee having to downsize.

shop local

Despite these optimistic projections, small business owners do have some major concerns heading into the new year.  Not surprisingly, the top five concerns (all cited by between 63 and 68 percent of respondents) were:

  • the effectiveness of government leaders
  • rising commodities prices
  • healthcare costs
  • the recovery of consumer spending
  • the strength of the dollar

One reason small business owners may be so optimistic despite these concerns is their local focus. Nearly two-thirds (63 percent) say their customers primarily come from the local community. Just 27 percent say that most of their customers come from outside the community (but still in the U.S.), and only 3 percent primarily focus on customers outside the U.S.

As a result, 75 percent report the local economy plays a significant role in their businesses; for 59 percent the national economy does holds the most sway, and 28 percent say the global economy is the most important. Small business owners were also more optimistic about their local economies improving in the coming year than about the national economy doing so.

Small business owners' local focus also came through loud and clear when asked about marketing. For 87 percent, “word of mouth” is the most effective marketing tactic; just 32 percent cite social media.

In general, traditional marketing was more effective for the small business owners than digital marketing. Networking with other business owners (49 percent), advertising (41 percent) and direct mail (37 percent) were their other top tactics. (I wonder, though, if this is because they aren't sure how to use digital marketing effectively, and whether â€" if they truly tried it â€" it would end up surpassing those more traditional methods.)

You might be surprised by the positive view small businesses in the study took regarding big business. Fewer than one in five (17 percent) thought of big businesses as their competition. In contrast, nearly four out of five (79 percent) have big businesses as customers.

Finally, despite the popular belief, small business owners aren't going begging for capital. Au contraire, 70 percent have access to all the capital they need to run their businesses, and just 16 percent plan to apply for a loan next year.

How does your business compare to what these small business owners are feeling? Are you equally optimistic? Why or why not?

For more details, download the Fall 2012 Bank of America Small Business Owner Report.

Local Shopping Photo via Shutterstock




Inaugural AWS re:Invent show to highlight AWS security issues

LAS VEGAS â€" It's good to be Amazon.com Inc. CEO Jeff Bezos.

Not only did the retail arm of Bezos's online conglomerate report record sales for its line of Kindle tablets on Cyber Monday, but Bezos also graces the cover of the Dec. 3 edition of Fortune magazine as its 2012 businessperson of the year.

With the wind seemingly at his back, Bezos will be the biggest name to take the stage this week at Amazon Web Services (AWS) re: Invent, the Seattle-based company's inaugural cloud computing conference.

The event, geared toward customers and partners of its burgeoning cloud computing service, promises to deliver "everything needed to thrive in the AWS Cloud," according to event organizers.

While Amazon doesn't release financial figures for AWS, the business unit by all accounts has enjoyed impressive growth. In an

Investor's Business Daily report this week, financial analyst firm R.W. Baird called AWS a "potentially under-appreciated asset" that will likely generate $1.5 billion in revenue in 2012.

Opening Wednesday with a keynote address by AWS Senior Vice President Andy Jassy, the conference will feature sessions led by Amazon technical experts on a variety of cloud computing topics, as well as partners and industry experts.

Bezos himself will take the stage Wednesday in what's being billed as a "fireside chat" alongside Amazon CTO Werner Vogels. Other notables slated to speak this week include Netflix CEO Reed Hastings, whose company is the industry's most well-known AWS customer, SAP AG President Sanjay Poonen and NASA/Jet Propulsion Laboratory CTO Tom Soderstrom.

To its credit, AWS re: Invent is by no means glossing over AWS security issues, as nearly a dozen sessions are slated to cover cloud computing security.

AWS has unveiled a variety of security initiatives this year. On the product front, April saw the introduction of the AWS Marketplace, which allows customers to launch any of a number of software products and SaaS services in their EC2 environments with a single click. The offering launched with several security applications as options, including a virtual appliance from Check Point Software Technologies, SaaS endpoint protection from McAfee Inc., and SaaS network IDS and vulnerability assessment from Alert Logic Inc.

In July, AWS joined the CSA STAR program, an online registry where cloud providers voluntarily submit documentation of their security controls. Industry observers lauded Amazon for joining, calling it a significant step forward in regard to the transparency of the cloud giant's risk and compliance practices.

However, AWS has faced some recent scrutiny. According to published reports, an online dating company abandoned AWS in June after major storms caused power outages and knocked out service in one of Amazon's U.S. East-1 Availability Zones. Netflix and other major customers, despite disruptions to their businesses, continue to remain "bullish on the cloud."

Late last year, researchers discovered flaws in AWS that they claimed could enable an attacker to access users' accounts and data. Amazon said the vulnerabilities were quickly repaired and no customers were affected.




5 Appliances For The Ultimate Small Business Network – No Cloud. On Premise.

Special Report from Tech Guru and Business Strategist Asish George who dispenses money tips for life at Money Tips For Life

You've heard that cloud computing is great and it is.

But it's also important to look at your computer network and ensure it's able to grow with your business, is secure and optimized to handle the growing traffic (videos, telephone traffic, images and more) that it needs to carry.

In this article I want to give you the foundation for a solid small business network and share with you four network devices we used to build a test network.

Thanks to Buffallo, ZyXel and Netgear for proving network equipment for the network. See full details below.

Most of you know this, but in case you don't, a network connects multiple electronic devices (such as a computer, printer, scanner, etc) so that they can all “talk” to each other or be accessible by anyone on the network.

This network is called a LAN (Local Area Network).

Why is a LAN important?

A LAN is designed to not only allow communication between devices but also to make the sharing of resources between users easier.

This sharing results in your investment in computing and technological resources being shared by multiple users resulting in a better return on your investment.  A LAN will allow for organization wide localized data storage and backup, printer sharing, and deployment of security resources.  Regardless of whether you invest in cloud based solutions or not, you should also invest in the basic building blocks of a LAN.

What are the key components of a good small business LAN?

  • Router â€" Many small businesses are content with using the router supplied by their ISP not realizing that these “default” routers tend to be very limited in capacity.  Purchasing a good full featured router will not only give you a more reliable connection to the Internet but will offer you a whole slew of added features that will make running your business easier.
  • Switch â€" Most routers contain only  4 â€" 6 Ethernet ports for you to attach network devices to.  If you have more than that many devices, you can purchase a switch to add more devices to the network.  Switches come in two flavors â€" managed and unmanaged.  A managed switch has a web interface that will allow you to customize and control the traffic passing through the switch.  An unmanaged switch has a default set of configurations and can not be modified.  For most small businesses, the low cost option (unmanaged switch) is more than adequate.
  • Firewall â€" Most routers have some level of pre-built security features that may be sufficient for home owners and even small businesses.  However, businesses with more complex IT infrastructure should consider adding a Firewall to their infrastructure.  The firewall will keep your internal network safe by not allowing dangerous data packets from the Internet (spam, viruses, etc.) through.  When purchasing a firewall, note that some features â€" virus detection for example â€" are sold as subscription services.
  • VPN Gateway â€" Some full featured routers also have VPN capability pre-built however, for a more comprehensive solution that will allow multiple users to securely access your network remotely, a physical VPN appliance should be purchase.  I recommend a physical appliance over software based solutions for SMBs.
  • NAS â€" Network Attached Storage devices are a great way to securely backup your data.  Since these devices can be connected to your LAN, it can also be used to backup multiple computers.  A good NAS also comes with software that will automate the data backup by allowing you to set the backup methods and schedules.

With these devices, your business can have a secure, reliable local network.  

We wanted to build a small business network for a Smallbiztechnology.com and for this project reached out to vendors asking them to provide the products for us to evaluate and implement in our network.

We've successfully tested these products in our network for 2-3 months and feel that they are great solutions for the needs of small businesses.

We evaluated and implemented the following products:

  • Netgear N900 dual band router â€" With features such as simultaneous dual band offering up to 900 Mbps throughout, gigabit LAN ports, advanced QoS, and guest network access, this router is a steal at around $150.  We are especially impressed with the signal quality and strength as well as the ability to set up a separate secure guest network (easy to do via the web management interface).  This router is a beast and can easily support all your wireless devices.
  • Netgear JGS516 gigabit switch â€" Our test LAN consists of multiple PCs, an Ubuntu server, and a NAS.  To support all our devices, we chose the Netgear JGS516 16-port Gigabit Switch.  This unmanaged switch offers 16 gigabit ports with each port delivering up to 2000 Mbps throughput.  It also has other standard features for this price point (about $160) such as auto uplink technology to adjust for straight-through or crossover cables.  This is a simple business class plug and play device and plays nicely with the Netgear N900 router's gigabit ports.
  • Netgear ProSecure UTM25 VPN and firewall - Rather than buy a separate firewall and vpn gateway, we chose this combination device from Netgear's Unified Threat Management suit of appliances.  This device is price at around $415 and has features that you would expect in a comprehensive security appliance.  The beauty of this device is that it protects your network from web, network, and email vulnerabilities using multiple state of the art technologies and partnerships with leading security firms.  Being a VPN appliance, it also allows remote users to securely connect to your organization's network.  Many VPN appliances geared towards small businesses require remote users to download and configure the VPN software but that's not the case with the UTM25.  Configuring the appli ance does require some know-how (even though the user interface is intuitive and setup is wizard based) but I've always found Netgear's phone support to be helpful.  Lastly, the ProSecure UTM offers Web and email protection subscriptions with no “per-user ” licensing and come with 30 day trials of their subscription services.  This appliance is a great solution for growing SMBs with a significant IT infrastructure and multiple remote users.
  • ZyXEL ZyWALL USG20 Internet Security Firewall â€" For our satellite office, we deployed the ZyWall USG20 by ZyXEL.  This security appliance also serves the dual purpose of firewall and VPN gateway and is a great solution for SOHOs and small businesses up to 5 PC users and is a value at around $145.  For this price point, it offers a ton of features including packet inspection to protect your network from security vulnerabilities.  Some features are subscription based but what you get out of the box is pretty impressive.  We were particularly impressed with the ability to create VLANs and the ability to control bandwidth and network access based on user login.  In addition, as part of advanced QoS, we can prioritize traffic for mission critical applications and VoIP.  The VPN f eatures are also relatively easy to configure and remote users can connect to the network through a web browser.
  • Buffalo LinkStation Pro Duo 2-Bay 2 TB NAS â€" Every business needs a good local backup solution and the LinkStation Pro Duo is simply great.  Priced at $240, this NAS is a bargain considering that it offers 1 TB of storage with RAID configuration (2 X 1 TB hard drives) to provide data redundancy and protection as well as many advanced features.  I want to note that the NAS arrives with RAID 0 configuration instead of RAID 1 but you can (and should) easily change it in the web management tool.  This NAS is also blazing fast making backup and restore a simple process.  There are 3 features of this NAS that make this an excellent buy.  First, you can remotely access your files on the the NAS via the Web and Web Apps.  Second, it comes with data backup software for both PC s and MACs to ensure that all your devices can be backed up properly.  Third, it has a USB port on the back that you can use to attach a hard drive or camera to easily transfer files or you can even connect a USB printer and turn it into a network printer.  With a simple intuitive user interface, a small form factor, and lots of great features, this is a great investment.


5 Appliances For The Ultimate Small Business Network – No Cloud. On Premise.

Special Report from Tech Guru and Business Strategist Asish George who dispenses money tips for life at Money Tips For Life

You've heard that cloud computing is great and it is.

But it's also important to look at your computer network and ensure it's able to grow with your business, is secure and optimized to handle the growing traffic (videos, telephone traffic, images and more) that it needs to carry.

In this article I want to give you the foundation for a solid small business network and share with you four network devices we used to build a test network.

Thanks to Buffallo, ZyXel and Netgear for proving network equipment for the network. See full details below.

Most of you know this, but in case you don't, a network connects multiple electronic devices (such as a computer, printer, scanner, etc) so that they can all “talk” to each other or be accessible by anyone on the network.

This network is called a LAN (Local Area Network).

Why is a LAN important?

A LAN is designed to not only allow communication between devices but also to make the sharing of resources between users easier.

This sharing results in your investment in computing and technological resources being shared by multiple users resulting in a better return on your investment.  A LAN will allow for organization wide localized data storage and backup, printer sharing, and deployment of security resources.  Regardless of whether you invest in cloud based solutions or not, you should also invest in the basic building blocks of a LAN.

What are the key components of a good small business LAN?

  • Router â€" Many small businesses are content with using the router supplied by their ISP not realizing that these “default” routers tend to be very limited in capacity.  Purchasing a good full featured router will not only give you a more reliable connection to the Internet but will offer you a whole slew of added features that will make running your business easier.
  • Switch â€" Most routers contain only  4 â€" 6 Ethernet ports for you to attach network devices to.  If you have more than that many devices, you can purchase a switch to add more devices to the network.  Switches come in two flavors â€" managed and unmanaged.  A managed switch has a web interface that will allow you to customize and control the traffic passing through the switch.  An unmanaged switch has a default set of configurations and can not be modified.  For most small businesses, the low cost option (unmanaged switch) is more than adequate.
  • Firewall â€" Most routers have some level of pre-built security features that may be sufficient for home owners and even small businesses.  However, businesses with more complex IT infrastructure should consider adding a Firewall to their infrastructure.  The firewall will keep your internal network safe by not allowing dangerous data packets from the Internet (spam, viruses, etc.) through.  When purchasing a firewall, note that some features â€" virus detection for example â€" are sold as subscription services.
  • VPN Gateway â€" Some full featured routers also have VPN capability pre-built however, for a more comprehensive solution that will allow multiple users to securely access your network remotely, a physical VPN appliance should be purchase.  I recommend a physical appliance over software based solutions for SMBs.
  • NAS â€" Network Attached Storage devices are a great way to securely backup your data.  Since these devices can be connected to your LAN, it can also be used to backup multiple computers.  A good NAS also comes with software that will automate the data backup by allowing you to set the backup methods and schedules.

With these devices, your business can have a secure, reliable local network.  

We wanted to build a small business network for a Smallbiztechnology.com and for this project reached out to vendors asking them to provide the products for us to evaluate and implement in our network.

We've successfully tested these products in our network for 2-3 months and feel that they are great solutions for the needs of small businesses.

We evaluated and implemented the following products:

  • Netgear N900 dual band router â€" With features such as simultaneous dual band offering up to 900 Mbps throughout, gigabit LAN ports, advanced QoS, and guest network access, this router is a steal at around $150.  We are especially impressed with the signal quality and strength as well as the ability to set up a separate secure guest network (easy to do via the web management interface).  This router is a beast and can easily support all your wireless devices.
  • Netgear JGS516 gigabit switch â€" Our test LAN consists of multiple PCs, an Ubuntu server, and a NAS.  To support all our devices, we chose the Netgear JGS516 16-port Gigabit Switch.  This unmanaged switch offers 16 gigabit ports with each port delivering up to 2000 Mbps throughput.  It also has other standard features for this price point (about $160) such as auto uplink technology to adjust for straight-through or crossover cables.  This is a simple business class plug and play device and plays nicely with the Netgear N900 router's gigabit ports.
  • Netgear ProSecure UTM25 VPN and firewall - Rather than buy a separate firewall and vpn gateway, we chose this combination device from Netgear's Unified Threat Management suit of appliances.  This device is price at around $415 and has features that you would expect in a comprehensive security appliance.  The beauty of this device is that it protects your network from web, network, and email vulnerabilities using multiple state of the art technologies and partnerships with leading security firms.  Being a VPN appliance, it also allows remote users to securely connect to your organization's network.  Many VPN appliances geared towards small businesses require remote users to download and configure the VPN software but that's not the case with the UTM25.  Configuring the appli ance does require some know-how (even though the user interface is intuitive and setup is wizard based) but I've always found Netgear's phone support to be helpful.  Lastly, the ProSecure UTM offers Web and email protection subscriptions with no “per-user ” licensing and come with 30 day trials of their subscription services.  This appliance is a great solution for growing SMBs with a significant IT infrastructure and multiple remote users.
  • ZyXEL ZyWALL USG20 Internet Security Firewall â€" For our satellite office, we deployed the ZyWall USG20 by ZyXEL.  This security appliance also serves the dual purpose of firewall and VPN gateway and is a great solution for SOHOs and small businesses up to 5 PC users and is a value at around $145.  For this price point, it offers a ton of features including packet inspection to protect your network from security vulnerabilities.  Some features are subscription based but what you get out of the box is pretty impressive.  We were particularly impressed with the ability to create VLANs and the ability to control bandwidth and network access based on user login.  In addition, as part of advanced QoS, we can prioritize traffic for mission critical applications and VoIP.  The VPN f eatures are also relatively easy to configure and remote users can connect to the network through a web browser.
  • Buffalo LinkStation Pro Duo 2-Bay 2 TB NAS â€" Every business needs a good local backup solution and the LinkStation Pro Duo is simply great.  Priced at $240, this NAS is a bargain considering that it offers 1 TB of storage with RAID configuration (2 X 1 TB hard drives) to provide data redundancy and protection as well as many advanced features.  I want to note that the NAS arrives with RAID 0 configuration instead of RAID 1 but you can (and should) easily change it in the web management tool.  This NAS is also blazing fast making backup and restore a simple process.  There are 3 features of this NAS that make this an excellent buy.  First, you can remotely access your files on the the NAS via the Web and Web Apps.  Second, it comes with data backup software for both PC s and MACs to ensure that all your devices can be backed up properly.  Third, it has a USB port on the back that you can use to attach a hard drive or camera to easily transfer files or you can even connect a USB printer and turn it into a network printer.  With a simple intuitive user interface, a small form factor, and lots of great features, this is a great investment.