Twitter Chat July 9: How Running a Business Has Changed

It’s  that time again … for another chat on Twitter.

The topic is how things have changed over the past decade in running a business   changes both good and not so good — and what they mean to you.  Specifically we will talk about such topics as:

  • how starting a business today is different
  • what you can do to take advantage of the positive changes   and overcome the challenges
  • how social media has evolved, and what are the
    • Read More

From Small Business Trends

Twitter Chat July 9: How Running a Business Has Changed



Bank of America Study Says Word Of Mouth Beats Social Media For Small Biz Marketing

I keep hearing this, over and over and over again â€" that word of mouth is what really brings in the sales for small business owners, not social media or other marketing such as direct mail, advertising or social media.

It's ironic then â€" social media has all the buzz â€" yet good, old fashioned word of mouth is what's driving sales. I think for many smaller businesses, although they “Tweet” and “have a Facebook page” they are not diving more into social media, like many large companies are because they don't have time to develop the online content necessary for success.

They have time to service their customers and get referrals. For the larger, small businesses, they are seeing benefits of social media in a variety of ways and varying degrees of success.

I should also not, that some business owners might not realize that many of their face to face referrals could be the result of social media. Quick tip?

Small business success and challenges goes beyond technology and marketing though, it's also about hiring, financing, our national economy and so much more.

Another challenge we all seem to have is getting paid on time. At Infusionsoft's Infusionscon this year we heard how one creative business owner puts lottery tickets in each of his invoices. Do you think his customers look forward to receiving his invoices?

In a recent study, Bank of America surveyed 1,000 business owners with revenues from $100,000 â€" $5 million and employee from 2 â€" 99 employees and gained insight on how they are doing. Get the full report here.

While the study results are nothing new for many of you,  it's nice to see what your peers are doing and how you measure against them.

Here's a summary video on the findings below and here.



Three Lessons The Travel Industry Can Teach You About Online Marketing: Social, Local & Mobile Experiences

The travel industry is a very big industry, one with lots of competitors, lots of options and filled with a variety of pricing options (and more).

It's an industry wherein those offering travel services have to maximize their use of online media to a higher degree, at times, then even other industries.

Let's say I want to take a trip to Denver, Colorado for a family vacation.

I'm going to do a Google or Bing search and start digging around. Of course Travel Advisor and dozens of other top travel sites are going to factor into my search as well. Overall, however, those sites and travel services providers that offer the best in online content will come out on top as the best winners.

Episerver, which providers software to power social and commerce web sites has a blog post and related white paper which dives deep into how the travel industry can maximize online content and technologies. Their insight is also of relevance for any business who wants to reach consumers.

The blog post reads that, “retailers need to sell an experience that starts from the moment a traveler arrives at their site and extends the experience across all potential channels with which customers may choose to engage”

Mobile is hot, “As mobile becomes a customary part of a traveler's repertoire, travel and leisure companies will have to consider yet another medium with which to engage with customers. “

Bob Egner, VP, Product Management and Global Marketing, EPiServer AB writes the following in his blog post:

I recently read an interesting report by Forrester Research that touches on this topic and discusses why its 3 I's: Inspiration, Individualism, and Immediacy, will allow brands to better empower their travelers and improve the user journey to ultimately win over customers. The report, also cited in our whitepaper says that Inspiration is coming from high-quality pictures, video, and user generated content which provide sources of inspiration for travelers looking for their next vacation. Travel and leisure companies should be sure their mobile sites allow for multimedia and social connections that can make a difference in the traveler's user experience.

The concept of Individualism as defined by Forrester shouldn't come as a surprise. These days, custom curation and personalization are essential to any successful marketing strategy.  Leveraging social and location based smart phone features to create a personalized online experience for a mobile user can make or break a traveler's buying decision.

Today, Immediacy is what customers are really looking for.  In a world where instant gratification is the only kind of gratification, travelers' expectations need to be personalized across all channels.  A personalization strategy can get the right information and offers to your customers at the right time, while recalling their preferences for convenience and a better online experience.

Lessons learned â€" the social, mobile, local revolution is NOT coming â€" it is HERE. You must be a part of the revolution or you will get crushed.



Campaigner Wants You to Share (Emails) With Your Network

These days, websites, blogs and apps have buttons we can click to share them with our social network. Why should email be any different?

campaigner screen shot

Campaigner, an email marketing service and brand of j2 Global, Inc., recently added a  ”share-with-your-network” (SWYN) functionality that allows anyone subscribed to an email list to pass on emails they receive via Facebook, Twitter, LinkedIn and Google+ using sharable permalinks. This new functionality is now available in both Campaigner's Email Editor and Smart Email Builder.

The World of Sharing

Sorry to break it to you: not everyone knows about your brand…yet. But if you're delivering great content, and even promotions or contests that your subscriber base thinks are share-worthy, the tool is designed to let you seamlessly reach more people when they do click that button and post a link to your email on their Facebook walls.

Let's say Sally is a long-time customer of yours. She sometimes forwards your emails to a friend or two, but you may not know how many times she forwards it.   But if you encourage her to share that same email across her social channels, you can get a better idea of how many pageviews Sally's Tweet or Google + share generated of your email campaign.

You can determine which email campaigns are the most successful, based on the number of social shares and pageviews. Got a low number? Tweak your email with better wording and offers next time. Got tons of clicks? Continue the promotion or offer a similar one next month.

The idea is to take out the middleman of a blog or landing page, according to Paul Turnbull, Product Manager of Campaigner. A subscriber of the email can click the Like button on Facebook directly from the email, with one fewer click, making it easier to share your content:

“It allows your most engaged and passionate subscribers and fans to be more effective promoters of your brand and be part of the related conversations long after the initial email campaign has been sent.”

How Much Difference Does a Tool Like This Make?

So, how big an impact will this feature have (i.e., how many shares can you expect)?  Getting substantial share results through emails is not one size fits all, explains Turnbull. Whether you have a high number of shares or not will depend on several factors:

  • The number of social media savvy recipients you have as subscribers
  • The size and reach of your social media network(s)
  •  The nature of your email campaign's content and its viral nature

The aim of the Campaigner tool, however, it to make it easier for customers and fans to share your email campaign content, through a direct click.




Kiwi firm trims Olympic queues

A New Zealand firm's work should help fans get smoothly in and out of Olympic venues in London.

Consultancy Beca won the contract to provide crowd modelling which will be used to smooth the way for those who have bought nearly nine million tickets to the Olympics, which open on July 27.

Computer modelling developed three years ago can show where crowds will form and how big they will become under different scenarios.

Beca's information has helped engineers to design venues and event planners to reconfigure access so bottlenecks happen at the right places, or they can change schedules to spread the arrival and departure times of crowds.

Project leader for Beca, Alan Kerr, said his firm was selected ahead of other, British, companies.

Assessments of crowd flows and security arrangements have been done for a number of the temporary venues, including Lords cricket ground where archery will take place and the Wimbledon tennis centre.

Spectators would still have to queue for events which Beca had assumed in its modelling would be sold out.

Kerr said the crowd modelling was a niche business for Beca which is a multidisciplinary technical consultancy with 2500 staff based in offices around the Asia-Pacific region.

The company was involved in crowd modelling in Wellington and Dunedin for last year's Rugby World Cup.

Kerr said he was called in as a consultant after the opening night debacle when crowds at Auckland's waterfront overwhelmed transport and public areas.

Other projects in New Zealand have included the Volvo Ocean Race and work modelling crowd behaviour at Auckland Airport and Wellington Zoo.

By Grant Bradley | Email Grant

Chris Wysopal: Web application vulnerabilities an easy target

SQL injection and cross-site scripting (XSS) errors continue to plague Web applications, despite an increased emphasis on code scanning. It's been a common problem plaguing websites for so long that automated tools make it easy for attackers to detect and exploit the flaws.

I think more companies are doing testing now than ever before, but you can't test security into your application, you have to change your development process.

Chris Wysopal, CTO, Veracode Inc.

There needs to be a change before the problem is addressed appropriately at enterprises, said Chris Wysopal, CTO of Burlington, Mass.-based Veracode Inc. The software testing firm conducted its own study of 126 public companies that submitted Web applications to its cloud service over the last 18 months.  The analysis validated anecdotal evidence that developers continue to churn out code riddled with the flaws, as well as other errors that can be used as a staging ground for a broader attack. 

“I think more companies are doing testing now than ever before, but you can't test security into your application, you have to change your development process,” Wysopal said. “We have empirical data that shows SQL injection [vulnerabilities are] being attacked, and the reason why they're being attacked is because we find it in your average piece of software.”

Companies should be training developers about security and pushing testing further back into the software development lifecycle, Wysopal said in an interview with SearchSecurity.com. In part 2 of this three-part interview series, Wysopal explains why companies are getting tripped up and whether a steady decline in vulnerability reporting in commercial software can be attributed to better software security practices.

Editor's note: This is the second installment of a three-part Q&A series exploring application security program fundamentals, threats and solutions. In part 2, application security expert Chris Wysopal of Veracode Inc. discusses technology that can be applied to the testing process and the challenge of developing secure mobile applications.

Part 1 | Part 2

Your team conducted a recent study looking at 126 public companies over the last 18 months. What did you find?
Wysopal: We found a lot of things you would think of that have been in the news, like getting attacked with SQL injection; researchers reporting cross-site scripting.  Our research has validated that those risks are true. Those vulnerabilities are found in the majority of Web applications that get sent to us. We have empirical data that shows SQL injection is being attacked and the reason why it's being attacked is because we find it in your average piece of software.

SQL injection and cross-site scripting have been the most prevalent Web application vulnerabilities for some time, right?
Wysopal: Those are the top two that tend to come up over and over again as found in every single application we look at. We're looking at it scientifically while the threat space is attacking what's working. We find those are correlated here with our report.

You and other application security experts have been evangelizing for a long time to address many of these errors. Is that message not getting through? Are companies getting any better at addressing them?
Wysopal: That is something I think about all the time. How much more evidence do you need to say you need to do something about your Web applications? I think more companies are doing testing now than ever before, but you can't test security into your application, you have to change your development process. I think we're starting to see more testing going on. I'm hoping it starts to move more towards using different languages and different frameworks. They should be training the developers to write code securely and doing the testing not when things are starting to go into production --  or are already in production  -- but back in the software development lifecycle. We're starting to see some improvements. In our last study we saw there was actually a downward trend with SQL injection over the last two years. About 4% fewer applications we reviewed had SQL injection vulnerabilities in them. It was enough to be statistically significant. On the other hand, with cross-site scripting, we didn't see any improvements.

What are some other Web application vulnerabilities that don't get the same attention as SQL injection or cross-site scripting?
Wysopal: A big one we find a lot of that doesn't get attacked much is cryptographic issues. We see a lot of companies implementing their crypto poorly. They are not using the right APIs or the right ciphers. They are not using strong random number generation and so I think it might be more difficult for an attacker to target those vulnerabilities. There are not as many tools that are turnkey for those. But I think the more sophisticated attackers could attack those.

We also see a lot of information leakage. It is more of a stepping stone to some of the other attacks. It isn't typically the only vulnerability, but it helps an attacker stage an attack. We see things like directories, the names of internal machines and IP addresses, account names and things like that being leaked in error messages.  That is something fairly easy to fix.

The Veracode team also analyzed non-Web applications. They were tested against the CWE/SANs Top 25 list. How did they fare?
Wysopal: Those turn up a little better. Even though there are 25 things on that list, we found more of those applications passed. I think that goes to show how widespread SQL injection and cross-site scripting are; the Web applications fare poorer. With the non-Web applications, we find some of the applications that are written well and don't have any defects that are in the Top 25 list.

Some of the reports coming out of Microsoft and other software vendors document a steady decline in publicly reported vulnerabilities in some of their products over the years. What are some of the factors contributing to the decline? Is it a focus on better software security?
Wysopal:  I think there are only so many researchers out there that are discovering vulnerabilities. We're seeing the whole world move away from installed software on the desktop and server-based moving toward Web applications; we're seeing mobile applications. If you look at a conference like Black Hat and you look at the submissions, there's a huge amount of submissions for mobile vulnerabilities and Web vulnerabilities. So people have turned away from some of the more traditional places where vulnerability research happens, and I think that has a lot to do with that decline, more so than the fact that software is written that much better.




Citadel malware toolkit going underground, says RSA

A crimeware toolkit believed to be behind some of the most lucrative attacks targeting the financial industry is being taken offline by its authors, who are fearful law enforcement is closing in on their location, according to researchers at RSA's FraudAction Research Labs.

In addition to the ransomware, the Citadel malware continues to operate on the compromised computer and can be used to commit online banking and credit card fraud.

FBI warning 

The Citadel malware toolkit, an advanced attack platform designed to create sophisticated financial malware, was given one last update before its authors declared it would no longer be publicly available for purchase, according to RSA researchers who are monitoring the Russian hacker forum where the toolkit has been sold.

Citadel is believed to be as dangerous as Zeus and SpyEye malware families, which have wreaked havoc on banks and other financial firms in the United States and abroad. The Citadel malware authors created a business model that enabled users to request additional functionality and tweaks. It is sold for up to $2,500 and receives regular automated updates to enable the malware to avoid detection by antivirus software and other signature-based antimalware technologies. Additional toolkit plug-ins, which increase the crimeware's functionality and effectiveness, sold for up to $1,000 each, the RSA team said in a blog entry detailing the malware toolkit.

Israeli security firm Seculert described the functionality of Citadel in a blog post in February, calling it an open source malware project. Like many toolkits, Citadel contained AES encryption, functionality to avoid tracking via command-and-control servers, and blacklist functionality to block victims from accessing security vendor websites. The malware toolkit enabled cybercriminals to redirect users to a spoofed banking website, which would install additional malware on the victim's machine and enable the ability to record videos of activity on the victim's machine.

“Comparable Trojans, like Sinowal, are all privately owned, but Citadel is taking the open market by storm and is continuing to evolve in sophistication,” according to RSA researchers. “Citadel developers are making good money with this banking Trojan, and much like others before them, are beginning to feel the ground under their feet getting warmer as law enforcement becomes increasingly interested in their work.”

FBI warns of Citadel ransomeware
The Citadel malware platform is also used to deliver ransomware, according to an FBI warning issued May 30. The attack technique reported to the FBI freezes a victim's screen and displays a warning that the victim has violated United States federal law. The victim is then given instructions in how to pay a $100 fine. 

“The geographic location of the user's IP address determines what payment services are offered,” the FBI said. “In addition to the ransomware, the Citadel malware continues to operate on the compromised computer and can be used to commit online banking and credit card fraud.”

Going underground boosts longevity
The tactic of taking the Citadel toolkit off the market increases its longevity, said the RSA researchers. A toolkit that becomes widely used gains attention of researchers and investigators, making it difficult to create techniques to evade security software. It is likely that existing users of the toolkit will continue to receive updates, the RSA team said.

“Looking to the surrounding cybercrime arena, history proves that malware coders know when to leave the room,” according to RSA. “To date, developers of popular Trojans like Zeus' Slavik, SpyEye's Gribodemon and Ice IX's GSS have never been arrested and we are seeing the Citadel's team already taking measures to go deeper underground for their own safety.”




Conflict Avoidance Strategies That Work

In any business relationship there exists the possibility for conflict. It's like Yin and Yang â€" there's good and there's bad.

office conflict

Many years ago I worked for a company where everyone knew the CEO was non-confrontational. There were people who took advantage of that. They knew he wasn't going to say anything; he was just going to get mad. The interesting thing is that most people are non-confrontational. And those same people end up in conflict.

No matter what position you hold in a company, you run the risk of experiencing conflict. You may have a co-worker who you think isn't carrying their load. You may have an employee who doesn't seem to be working up to par. Maybe you have a vendor who isn't delivering or a client who isn't happy.

See, the potential for conflict is everywhere. I further submit that we set ourselves up for conflict. We believe it's going to happen, so it does!

Let's explore an example of how this happens:  let's say you are working on a project and one member of the team isn't meeting their obligation to the goal. You're annoyed and frustrated. You want to say something but you are sure it'll end up in a confrontation. You are sure the other person won't take it well; they'll get defensive.

So, you don't say anything. Over time it continues and your frustration turns into anger. What happens next? You blow your stack. Voices are raised, tensions are high, and defenses are up. Now you really are in a conflict! You haven't gotten your problem solved, have you? Actually, you now have two problems. Your fear of conflict has resulted in two conflicts when before there wasn't even one.

Part of the reason you didn't say anything at the beginning is that you made some assumptions. You assumed the other person was acting intentionally. You assumed they wouldn't want to hear what you had to say. You assumed they'd get defensive.

So, what can you do to minimize the risk of conflict? Communicate clearly and consistently. When you want people to work with you, your job is to make sure you communicate well. Tell them the goal, your expectations, the consequences of meeting, and not meeting, those expectations, and your reasons for your decisions.

When people understand why a decision has been made they are more likely to follow it. It is those seemingly arbitrary decisions that cause trouble.

When you communicate all of these things upfront you are setting the stage. Follow that initial communication with continued, consistent communication about those things while adding in the progress. Don't assume people know how things are going. Engaging in conversation is the best way to make sure everyone is on board. It's also the best way to find out if someone is unsure of the direction or unwilling to play along.

Assume that the people on your team want to succeed, want to do a good job, and want to help you achieve your goals. Now help them succeed by making sure they not only know the goals but how they can help you meet them. Make sure they understand the expectations and consequences. Not all consequences are bad. When someone meets or exceed the expectation you have of them there should be a positive consequence that results.

If you've done all of these things and a disconnect arises that doesn't mean there has to be a conflict. Quite frankly, the work you do up front creates a situation where no conflict need exists. If someone isn't doing their part, there are steps you can implement to determine why and come to a resolution:

Step 1: Decide Your Desired Outcome
Before you deal with the situation, decide what you want the outcome of the conversation to be. This will help you frame how you are going to approach that conversation.

Step 2: Recap The Goal and Expecctations
It's a good idea to start the conversation with a recap of what the expectations are. You are setting the stage for discussing what is actually happening.

Step 3: Recap What Is Happening
Make sure you explain what is and isn't happening correctly and the impact that is having on meeting the goal. You are helping the other person understand how you see things and where they seem to have gone off track.

Step 4: Seek Input
You aren't going to be able to solve it on your own. You need buy in from the other person. They have to participate in the conversation starting with explaining where they are coming from. This may require you to be silent (which can be tough). It makes a big difference so embrace that silence.

Once they have explained their point of view, work with them to come up with a resolution. When they take part in the problem solving you have a higher chance that the resolution will work. At the same time, if they don't participate in this part they are indicating that they are not a viable member of the team.

No voices are raised, no tempers flare, no defenses are up. You are having a logical, structured conversation without emotion. The outcome will be right and best for your company whether it results in the person leaving or staying. The goal is to solve the problem. We'd all like the solution to include all the members of the team staying intact. However, sometimes the solution requires the exit of a team member or two.

The best way to avoid conflict from occurring is to communicate, communicate, communicate. Having a goal, sticking to that goal, communicating that goal, and relating everything to that goal will help you keep the team on course. It will also minimize any issues. And of course, if an issue arises, it is the clear, consistent communication that will prevent that issue from turning into a conflict.


Office Conflict Photo via Shutterstock




Looking To Take Your Invoicing Online? Here Are 3 Great Options To Get You Started!

You've seen a lot of websites that accept payments and probably even have one yourself. But have you explored the possibility of sending invoices yourself when requesting money for particular services? Sometimes, when people don't have the possibility of ordering something online â€" as is the case with services that have variable fees â€" you need to send an invoice with the fee that's tailored to your particular customer.

Online invoicing provides a certain level of transaction security that can mitigate issues often experienced in client-business relationships. There's no reason to take a risk and hope that the money arrives after you've just used emails to talk to a client.

Invoicing becomes easier with online service providers like LessAccounting, which specialize in helping people who don't have a ton of experience using accounting software. Some services also act as fully-streamlined accounting departments that only require a negligible monthly fee from you. Let's have a look at some!

  • PayPal - Yes, PayPal just recently updated its system to include invoicing possibilities for people using PayPal Payments systems. Invoices sent through their system are all free, and you get to send your own personalized invoice with your logo! The branding will build trust between you and your clients and will establish a more serious appearance for your business. Give them a try!
  • FreshBooks - In my opinion, FreshBooks is one of the most wonderful invoicing systems on the planet. It sends reminder emails for you, and helps you keep track of late payments. You can add items however you want, brand your invoices, print them, send hard copies, and even add sales tax. Everything comes in one neat package that works best for you and your client. Best of all, they're starting to integrate with shopping carts. Check this video page out for more details. Moreover, you also get your own subdomain for login access, and can add users for a higher monthly fee. The most recommended plan is their “Evergreen” plan, which costs $29.95 per month and allows you to send invoices to unlimited clients. Their “Mighty Oak” plan ($39.95) also lets you add another member to your personal panel. For every new member you add, the price goes up $10 a month.
  • LessAccounting - LessAccounting is a very comprehensive service that works as well for the beginner just as it does for the expert. If you're not very used to using any accounting software, you can use a beginner platform. Otherwise, you could also choose an “Expert” platform if you'd like to fine-tune the minute details in your reports and invoices. LessAccounting has whatever floats your boat!

Remember that whatever you choose has to match your skill and comfort. Each of these platforms has a demo version you can try, letting you explore each detail so you can see if it's right for you.



SC Total Security Conference: Insider threat issues addressed

The biggest and best way to ensure your users are secure is to 'log, log and log'.

Speaking at the SC Magazine Total Security Conference, EA's Callum Dickinson said that auditing users was one of the key parts of privileged user management, and that some would say that this was a big part of securing the organisation.

He admitted that while logging and appropriate technologies can create a lot of data and do not leave a lot of space on the system, “the benefits they reap are absolutely fantastic".

Richard Bell, corporate security assurance manager at Transport for London, said that the cyber threat had taken management at TfL by surprise and it was forced to react to it in the same way it did with more physical challenges, such as the Olympics.

He said: “The three faces of security are physical, people and cyber, we call it proactive security assurance. It is our job to keep all our units 'honest' by testing our capabilities and we try to do a holistic view on the level of security across the organisation.

“People try to cause us harm, such as on 7/7. Passengers are at the forefront for us, so we had to decide what security meant for us.”

He said that staff were encouraged to report unusual incidents or activity. “If you can influence people it can be a big change,” he said.

“Our job is continuity and making the system secure. Our cyber point of view is robust and trusted and we communicate to all partners and staff.”

Speaking on the Olympics, Bell questioned research about the biggest risk being cyber, saying that the biggest risk was hoping people show up! He said: “My team is fit for purpose to manage the insider threat on the areas that they are working in. We will try and deliver the games as well as possible.”



SC Total Security Conference: Develop key partnerships with MSSPs and vendors for strategic security

Creating key partnerships with external services is a key factor to securing the business.

Speaking at the SC Magazine Total Security Conference in London, John Taylor, global head of IT security and service continuity for British American Tobacco, said that along with patches, malware and users, one of the things that is changing is what the business is expecting security to be.

He said: “We are not just running username and password resets for access, we are now adding multi-domain access to roles and to the environment.

“The organisation is expecting us to know everything, to be the business and to be technical support and 'geeky'. This is why having a team is so important, and partners with the right support, to help you meet your end goals.”

Taylor said that with a network that supplies into 196 countries, having an managed security service provider (MSSP) was very important.

He said that at British American Tobacco an 18-month project on partner relations and demands had revealed that a managed resource was needed, while a managed toolset with the right abilities to manage staff was also key, as was a shared interface.

Taylor said: “The provider does the strategy and innovation so we bring them to the table and on board to come with ideas and to do face-to-face meetings to discuss the threat environment and what is happening in the industry.

“Tools are very nice to help security layer integration over the top, but what we are trying to do is drive a culture where innovation comes too. We are trying to find tools to identify problems and say what we are going to be looking at in the next two years. We find partners to work up the value chain and threat environment.”

Taylor concluded his presentation by saying that strategies need to be "joined up and creative" and security teams need to move to a "truly integrated environment" and for British American Tobacco the MSSP was offering this capability.



Is your intellectual property secure?

In 2011, for the first time, the British government released figures estimating the damage of cyber crimes across the nation. According to that, the cost of cyber crime to the UK is around £27 billion.

Many, however, believe this number is grossly understated, with some companies refusing to admit their systems have been compromised for fear of ‘reputational' damage. Over a third of the estimated cost is a result of intellectual property (IP) theft and another £7.6 billion in industrial espionage.

According to former White House advisor on cyber security Richard Clarke, China and Russia (along with domestic and foreign criminals) continue to pose some of the greatest threats. Often employing what is known as advanced persistent threats, or APTs, cyber criminals are hacking into computer systems with a very specific end result in mind.

In fact, IT security experts, including Dr. Paul Irving, recently warned the nuclear industry that China may be waging a campaign to hack into computers associated with the industry in the hope of stealing information to benefit the expansion of its own nuclear industries.

It has also been speculated that China has targeted the transportation and alternative energy industry. The nation state is now exporting technology it used to buy and in some cases there have been clear links to IP theft and cyber espionage.

These attacks are not the first of its kind. In October 2011, the head of GCHQ Iain Lobban told The Times that IT, technology, defence, energy and engineering sectors have been the target of APTs. It is alleged that the information stolen is being used for commercial gain.

Additionally, Lobban reported that one such attack unsuccessfully attempted to infiltrate the Foreign Office and other various government agencies. Since these attacks are customised and targeted, many go undetected by traditional security measures, which are only able to black list known malware.

Irving also warned that APTs often go undetected for over 400 days, meaning criminals have access to systems and files over a year before being shutdown. Most companies are only made aware of the attack after being alerted by a third-party organisation.

As a result of all this activity, threats to IP security are at critical levels. Why? Put simply, it is because it is easier to steal someone else's intellectual property than it is to devise a proprietary knowledgebase. As it stands many enterprises are vulnerable because they do not have in place policies or systems designed to protect their IP â€" meaning that there are many loopholes hackers can exploit in order to obtain the knowledge that they seek.

A survey we recently undertook found that European IT security professionals considered their corporate IP to be in the top three of their most valuable assets. Aware that traditional cyber crime protection leaves their IP open to attack, many are starting to explore other security parameters. As it stands there is a lot of focus on stopping ‘bad' attacks, rather than seeking to understand what programmes are ‘bad' and which are ‘good' in order to ensure the integrity of laptops, desktops, servers and even mobile devices so that companies are protected against potential risks and major losses of IP.

Devising a list of trusted sources â€" known as white listing â€" that run across all clients and servers is a much more manageable way of understanding and managing the risks to your enterprise security.

Additionally, supplementing advanced threat protection technology with current security information and event management platforms (SIEM) can provide real-time threat detection by filling in blind spots, which are often experienced with event profiling and endpoint executable identification.

In conjunction with endpoint data from firewalls and IDS/IPS, threat detection is not only timely, but also appropriate, eliminating many false positives. In other words, it creates a faster, more accurate insight of system usage and activity needed by today's security professionals.

The evolution of trust policies has changed the way known sources are managed. What used to be a cumbersome process based upon a static list of approved programs now works by allowing predetermined sources such as Adobe or Microsoft WSUS to update as often as necessary.

IT professionals can filter updates and downloads based upon publisher, distribution method or trusted source. When an unknown source attempts to download or access files, it is stopped before it can breach the system's firewall, thus protecting the system, the company's intellectual property and any other sensitive data from potential harm.

In the face of smarter criminals, IP protection is not only necessary; it is critical. Sensitive information and data are targeted through APTs and unfortunately, many organisations are left believing their data is secure until it is too late. White listing is one of the most effective ways to maximise IP protection.

Tony Shadrake is director of EMEA at Bit9



Lack of virtual knowledge displayed by business

Just under half of UK businesses believe their virtual servers are more secure than physical ones.

Research from Kaspersky Lab found that 42 per cent of businesses view their virtual servers as more secure than the physical counterparts. The survey of 100 businesses also found that a third of companies only invest in security for physical environments, and that their knowledge of virtualisation was ‘basic'.

Peter Beardmore, senior director of products and services at Kaspersky Lab, said: “There is no doubt that the business benefits of virtualisation are huge â€" both in terms of cost and accessibility. But underestimating the security risks puts businesses of all sizes in a perilous position.

“The lack of knowledge shown by IT professionals is the main culprit, so businesses really need to invest in understanding the concept of virtualisation. Basic knowledge is simply not sufficient when the security of your business is at stake. The industry needs to wake up to this situation and invest in adequate security solutions alongside a comprehensive education programme.”

Kaspersky Lab has developed Kaspersky Security for Virtualisation for companies that want to utilise the productivity and efficiency benefits of virtual IT.

It said that the new solution integrates with the rest of Kaspersky Lab's corporate security suite so users have a single, unified management and security platform across their entire virtual, physical and mobile environments. This can also be managed centrally from Kaspersky Security Centre 9, according to the company.



Keep your Gadgets Cool: 5 Tips to Help your Devices Beat the Heat

As temperatures soar into the 100′s across the U.S., many small business owners are learning the hazards of exposing an electronic device to extreme heat. In fact, many of today's more sophisticated smartphones and tablets have built-in sensors that shut the device down once it gets too hot.

Before you head out to the beach with your trusty phone by your side, here are five ways to make sure your device stays cool and safe during typical summer activities.

  1. Seek shade. Just as you need shade to stay cool, so does your device. Avoid leaving your device in direct sunlight at all costs. “If an expensive cover is not in your budget, make sure that you use a bag that can be placed in a shady area when your device is not being used, as to avoid the heat,” data recovery provider DriveSavers advises.
  2. Keep it cool. Put your smartphone, tablet, or laptop in its case, pack the bottom of a bag with Ziploc-covered ice packs, and store your electronic devices in the bag. The important thing here is to make sure your devices are safe from moisture, which can build up if you allow your ice packs to make direct contact with your device.
  3. Avoid water. “As a data recovery service provider, we see every day how badly water can damage electronic devices,” DriveSavers advises. “Because of a tablets large screen and thin frame, like the iPad, it is more susceptible to water damage.” Use a case designed for water or keep your device zipped tightly in a bag and tucked beneath dry clothes and other items, far away from the water.
  4. Buy a protective case. Several cases are available that protect your device from sand and water. While this won't be of much help with the heat, it will at least protect your phone if you're taking it to the pool or beach. The Lifeproof case is pricey at $79.99, but it claims to keep your phone safe in the shower, while surfing, or even working at a construction site. Lifeproof makes cases for the iPhone and iPad.
  5. Leave your devices in the room. If you're at the beach, the safest place is in your hotel room safe. If you can live without your electronic device for a few hours, you'll prevent permanent damage due to contact with sand, water, or extreme temperatures.

Remember, heat and water isn't the only concern. Be sure to keep your phone safely hidden from those who might not have the best intentions. Whether you're at the beach, or hanging out with family at the park, it's all too easy to leave your smartphone, tablet, or laptop out in the open while you're distracted with exciting activities. A little caution and you'll be able to survive the hot months of summer with your electronic devices intact.



Become a DFP Small Business Expert With Google

In May we let you know about the Webmaster Academy, designed by Google to walk business owners through the process of getting their Web sites up, running and with prime visibility. Well, Google's mission to educate and empower small business owners hasn't stopped there. Meet the DFP Academy, a new resource from Google to walk small business owners through the process of using Google's ad server.

First off, what's DFP? If you're not familiar, DoubleClick for Publishers (DFP) Small Business is a free, Google-hosted solution designed to help small business owners manage the ads they place on their site when working with AdSense and other partners. DFP lets you control when, where and how your ads are served up. Its Google's attempt to do what it does best â€" streamline the ad process to make it easier to manage.

And the DFP Academy is a new way to make it easier than ever.

The newly launched DFP Academy explains how to organize the ad space available on your site, input the information about your advertisers into DFP Small Business, traffic ads from ad networks and direct advertisers, and leverage AdSense to maximize your overall revenue. If you've ever receive a request from someone looking to advertise on your Web site or you've ever thought about using ads to increase revenue, than DFP Small Business is something worth taking a look at.

As the world of paid ads has notoriously been intimidating for many small business owners, the DFP Academy should become a great resource to ease those fears and turn all SMBs into DFP experts.

Whether you're somewhat knowledgeable on the subject of ads or if you wouldn't even know where to begin, Google's new DFP Academy is perfectly suited to help you comfortable and competent in the ad world.

Just like in the Webmaster Academy we mentioned back in May, the DFP Academy again takes a syllabus-like format. Concepts are broken down by:

  • First Steps
  • Create Your Inventory
  • Create Your Campaigns
  • Report and optimize
  • Toolshed
  • More, more, more [information on placements, custom targeting, macros, and passbacks]

Again, clicking into any of the subject areas will provide a quick tutorial on the topic, links to additional resources, and video guides (where applicable). You can find additional training videos on the DFP Small Business YouTube channel. Once you complete all 26 items, you will be deemed a DFP Small Business Expert.

If you already have an active AdSense account, you can sign up for your DFP Small Business account today [be sure to use the same login information as you for do for AdSense]. If you don't have an active AdSense account, why not create one and let the DFP Academy show you how to take advantage of the ad space you available on your Web site?




Cory Booker Launches #waywire and Teaches You How to Target An Audience

There's a lot of question whether Newark, NJ, mayor Cory Booker's recently announced startup #waywire is one loaded with potential or just an expensive pipe dream unlikely to get the user support it needs to become the next Facebook or Twitter. Still there's much to be learned from Booker's announcement and tips you may want to consider for your next startup.

Lessons in Startup

The kids are allright. First, when you create a new startup, target a specific audience. Sure you want everyone on the planet to eventually buy from you or use your product or service, but in the beginning, pick a group you think has a unique need. Booker maintains the millennials don't have a voice and says he aims to give them one. TechCrunch

The smartest guy in the room. Booker is a smart politician and a tech savvy thought leader, but he tapped some of Silicon Valley's best and brightest when it came to setting up his news startup for twenty somethings. You can use a similar approach. Be smart enough to put together a team that complements your strengths and makes up for any deficiencies. Fast Company

Who's got your back? It's not just the initial team you build, but the partnerships you forge early on to create your new business. In the case of Booker's #waywire, he's sought out some of the most influential investors and tech executives around to partner with him. The partners you choose are also important. CNET

Other Audiences

Stuck in a rut. While niche audiences can be a good place to begin, it's important to make sure the group isn't already being served and that there's enough room to grow. On one hand, Jammit, a startup creating aids for aspiring musicians, may have little room for growth beyond its targeted community. On the other, it competes against many free resources already available online. The Wall Street Journal

Biting the hand that feeds. Once you've identified your customer or user base and have connected with it effectively, it's a bad idea to change direction too radically and engage in a course of action sure to antagonize that base. This is exactly what some critics argue Twitter has done, with moves reminiscent of MySpace and Digg missteps. Gigaom

Thinking big. Looking for that next billion-dollar business idea can be problematic. Cincinnati business leaders believe picking the next tech startup superstar will revitalize their community overnight, but many startups begin with a small, devoted following that grows slowly over time. Be ware of the next big thing. It may turn out to be a flash in the pan. Cincinnati.com

Startup Styles

Irreconcilable differences. When partnering on a startup, it's important to have documentation outlining rights and responsibilities, says Small Business Trends founder Anita Campbell. But it's also important to see that you and your partner are compatible and have complementary strengths. Incompatibility among partners can spell big trouble for your venture. CorpNet

Acts of desperation. Desperate times call for desperate measures, and successful entrepreneurs have never shied away from taking those steps when necessary. Here are some examples of startup entrepreneurs who weren't afraid to go to extremes when it came to insuring their company's survival. Be sure you're willing to do what's necessary to help your business succeed. Forbes

Final Thoughts

Preparing for the worst. Earlier, we heard about the importance of picking the right partners for your startup. But legal considerations are also important to avoid litigation that may occur between co-founders as the business moves forward. It's vital to look at some of the reasons founders might sue each other, and talk about some of the more critical issues of partnership up front. Smart Business

Ingredients for success. When planning your startup, don't worry that you might not be the savviest tech entrepreneur, the shrewdest business person, or the most talented leader the world has ever seen. Other elements like hard work also factor into success. Just look at the examples Silicon Valley has to offer. Slate



Subscribe to: Posts (Atom)