August 2012 Patch Tuesday fixes flaw being actively targeted by attackers

Microsoft issued nine security bulletins, addressing 26 vulnerabilities in its August 2012 Patch Tuesday, including a dangerous flaw in Windows Common Controls, which security experts agreed posed the biggest threat because the software giant has detected attacks attempting to exploit the flaw.

We're aware of limited, targeted attacks attempting to exploit this vulnerability, but we haven't seen public proof-of-concept code published.

Yunsun Wee, director, Microsoft  Trustworthy Computing

The 26 vulnerabilities addressed this month affected a wide range of Microsoft products, including Windows, Office, networking components, Internet Explorer, and SQL Server. All of the critical bulletins and all but one of the important bulletins present a possibility of remote code execution.

Patching and vulnerability management experts said that MS12-060 is noteworthy because of the number of programs it affects. The coding error can be triggered in Microsoft Office, SQL Server, Commerce Server, Host Integration Server, Visual FoxPro and Visual Basic 6.0 Runtime.

"We're aware of limited, targeted attacks attempting to exploit this vulnerability, but we haven't seen public proof-of-concept code published," wrote Yunsun Wee, director of Microsoft  Trustworthy Computing in the MSRC blog. "These are important factors to consider when determining deployment priority and Microsoft recommends that customers test and deploy this update as soon as possible."

Microsoft said the remote code execution vulnerability can be exploited if the victim views a malicious Web page or opens a Microsoft Office or WordPad document. A successful exploit gives the attacker the same user rights as the logged-on user.  

Microsoft addressed four vulnerabilities in Internet Explorer. MS12-052 is rated "critical" for all supported versions of Internet Explorer on Windows clients and Moderate for all supported versions of Internet Explorer on Windows servers. "The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer," Microsoft said.

Microsoft addressed three vulnerabilities in its Remote Administration Protocol (RAP), a standard created by Microsoft to enable a computer to change functions on another system. MS12-054 is rated critical on Windows XP and Windows Server 2003; Important for all supported editions of Windows Vista; and Moderate for all supported editions of Windows Server 2008, Windows 7, and Windows 2008 R2. Microsoft said an attacker could use one of the flaws to send a send a specially crafted response to a Windows print spooler request.

MS12-058 addresses publicly disclosed vulnerabilities in Microsoft Exchange Server. "The vulnerabilities could allow remote code execution in the security context of the transcoding service on the Exchange server if a user previews a specially crafted file using Outlook Web App (OWA)," Microsoft said.

Microsoft issued an update to its remote desktop protocol (RDP) addressed in MS12-053. It's the second time in recent months that Microsoft has had to repair the RDP. Users of Windows XP should understand the importance of the security update, warned Paul Henry, forensics and security expert at vulnerability management vendor Lumension. No authentication is need to perform remote code execution with RDP. The upside is that by default, RDP is not enabled on any Windows system, and computers without it enabled do not face a threat, Henry said.

Microsoft advisory on hardening software certificates
In addition to the bulletins, Microsoft issued Security Advisory 2661254. This update, which restricts the use of certificates with RSA keys less than 1024 bits in length, will be available in the Download Center as well as the Microsoft Update Catalog. In October 2012, the update will be released via Windows Update. For now, it is up to individual enterprises whether or not they want to apply the advisory, and experts recommend they do.

“Customers can proactively get that update, apply it to environment, and see if it will break anything,” said Amol Sarwate, director of vulnerability research at Qualys. Sarwate said companies should figure out how to deal with the bit lengthy requirement before it becomes mandatory.

Microsoft added an auto update feature for revoking fraudulent certifications in June, following the discovery of the Flame malware. The company has issued guidance about how it would block the use of cryptographic keys that are less than 1024 bits in its PKI blog.




Mobile Payments Committee Brings Together All U.S. Carriers, Companies Like Google, Intuit

The mobile payments industry has been the subject of a lot of buzz lately, especially after the recent deal between Square and Starbucks. But there's still a lot of uncertainty among consumers and businesses alike because the technology is relatively new and not widely used.

Square

But now a team consisting of representatives from all four of the major U.S. cellular carriers, as well as others working on mobile payments solutions, has formed in order to give the mobile payments industry some guidance.

The Mobile Payments Committee, which was recently announced by the trade group Electronic Transactions Association, will work on developing policies and business strategies related to the mobile payments industry. The Committee, which is chaired by Verizon's executive director of federal relations Jackie Moran, aims to help legislators understand the industry so they can make informed decisions regarding public policy, educate businesses as well as consumers about the benefits of using mobile payment systems, and figure out the best way for companies to work together to better the industry as a whole.

Currently, many of the industry players have deals with wireless carriers so those mobile payment systems are only available on certain devices or with certain carriers. But can they all put their company hats aside while they attempt to work together for the best interests of the industry as a whole?

Though many different mobile payment systems have popped up in recent years, they still have yet to be adopted by many mainstream companies and consumers, this week's deal between Square and Starbucks aside. So the Mobile Payments Committee has the potential to educate a lot of people about the benefits of mobile payments.

Aside from Verizon, AT&T, Sprint, and T-Mobile, the task force reportedly also has representatives from companies like Google, Paypal, ISIS, Verifone, and Intuit, all of which have a hand in the mobile payments market. The committee plans to meet for the first time later this month.




Social CRM Reachable Churns Out Crushing Numbers

Social CRM is pretty awesome, but I've been a fan of social CRM (Customer Relationship Management) for some time. It's tough to dispute the power of social connections to generate business, or at least potential business.

A company by the name of Reachable has taken the Social CRM thing to a whole new level, though. By analyzing one's personal contacts, social and professional contacts (Facebook, Twitter, LinkedIn, Google+, etc.), and e-mail contacts, they offer the ability to ‘overlay' their own database of 100 billion business connections. This probably includes not just your contacts, but the contacts of all of your contacts, giving some unprecedented sales access at your fingertips.

This isn't just limited to your connections and those found with Reachable â€" you can also delve into the business and personal contacts of the individuals that work at your company. Yep: “…customized for a company with the private connections of their employees, customers[,] and partners. Reachable enables organizations to leverage all of their relationships to drive much higher sales productivity.”

Arguably, there's something creepy about using the personal contacts of employees to generate sales leads…at least to me. Even though Reachable states that “connections are kept private and never shared,” well, that's kind of beside the point of having leads in the first place, isn't it? How does one actually get a lead without having it shared with them in the first place?

Maybe it's just me feeling that, but I suppose in this day and age of meta-non-disclosure agreements and some of the things that employees are beholden to in order to secure employment, I wouldn't be surprised if this was included in a contract somewhere. As long as an employee knows about this sharing â€" which I can only assume is indeed the intent, even though it's not made clear in their press release â€" then there's no problem. Well, as long as the contacts getting shared don't mind either…or their contacts…and on and on.

Still, looking beyond the Big Brother-ness of this, I cannot dispute how amazing a tool it could be. The tools that 8thBridge built in Graphite are pretty amazing in how they seamlessly integrate with social media; and do it out there in broad daylight, so to speak. Sharing contacts ‘under the hood' (again, so to speak) is still sharing of possibly powerful connections; as Reachable states on their blog site, personal connections generate more sales and, according to their own data, increases sales productivity by 243%.

It's tough to argue against the weight of numbers. If Reachable can consistently deliver on this promise and indeed give you this kind of access, it's staggering to think of the potential marketing and sales inroads you could make. I think it could turn sales and marketing on its collective ears, in fact.



TeamWox Makes Group Collaboration Less Complicated

No matter the size, every business has a seemingly endless number of daily tasks that have to be managed, planned, organized, and implemented. For those business owners who have employees and different departments to manage, all of these daily tasks can sometimes feel overwhelming. That is why TeamWox, an online management system, aims to make all those daily tasks more attainable through its series of management tools.

TeamWox

TeamWox is, in essence, a complete management suite that can help small business owners manage their team, handle a variety of different tasks, and run a service desk and IP telephony system from anywhere. There are many different features and versions available for businesses with different needs, including the main TeamWox software, corporate instant messenger service TeamWox Communicator, accounting synchronization service TeamWox 1C Sync, software as a service provider TeamWox SaaS, and more.

For small businesses with ten team members or fewer, each TeamWox system is provided free of charge. Users can simply download TeamWox and any relevant services right from the website and get started. Companies with larger teams can pay an annual fee for added employee accounts.

Upon signing up for TeamWox, you're directed to a dashboard with a number of options, including team, tasks, telephony, documents, and organizations. Users can create messages for their team members, add contacts and pertinent information, assign tasks to different departments or employees, and more.

With so many different options and abilities, the service might feel a bit overwhelming at first, but everything serves an important function and can be customized to fit different types of businesses.

For entrepreneurs that run online-based businesses, particularly those with team members or assistants working remotely, the cloud-based system could prove to be a vital asset for easily keeping connected and on top of all tasks that need to be accomplished.

For example, if a business owner receives an email about a customer service issue, they can easily create a new task for their customer service representative or assistant. This eliminates the need for lengthy email conversations and worries about which employees can handle which tasks. Managers can simply view all the tasks in the queue, make assignments accordingly, and then track progress from there.

This simplified form of delegation can help companies improve productivity and cut back on communication error.

And speaking of communication, TeamWox offers a secure live chat feature so that team members can directly communicate with customers using a chat box that's integrated right into the company's web page. All of the chats are stored in the TeamWox system so they can be reviewed later if need be. And employees and managers can also chat with each other to get help or clarification with issues.

TeamWox also has a system for handling both internal and external phone calls. It's IP PBX telephony service allows companies to implement intelligent call forwarding, add an interactive voice menu, and even arrange secure audio conferences.

In addition, the phone system works with any phone provider and the cost of external calls is minimal. The telephony module is available free of charge to users of any TeamWox system version.

TeamWox offers a two-month free trial version of Groupware SaaS that includes unlimited access to all of TeamWox's management features, so small businesses can sign up to see for themselves how the program can benefit their company. In addition, TeamWox offers a help section and online assistance for troubleshooting or unanswered questions.

Signing up is quick and easy. And once the free trial period is over, TeamWox has a variety of plans and pricing to fit businesses of different sizes, ranging from the free version for up to ten accounts to one that offers unlimited accounts for an annual subscription fee of $2,000 (in addition to the cost of purchasing the service).

Overall, TeamWox, a current advertiser with Small Business Trends, provides a secure, efficient, and generally easy-to-use collaboration system that can help companies work together more efficiently and manage and organize tasks more easily and transparently all within one simple system.



Mobile device security policies should be revisited and revised often

Technology companies need to address the bring your own device (BYOD) trend with an evolving but clear mobile device security policy, experts say.

According to a mobile security survey of more than 400 IT and security professionals conducted by SearchSecurity.com in the first quarter of the year, 64% of companies have a written mobile device security policy. CISOs at many companies have lagged in developing policies, but those still without a policy need to put one together as soon as possible, experts say.

"BYOD is happening; it just may not be documented or supported," said Chenxi Wang, vice president and principal analyst at Forrester Research Inc.

With the advent of such mobile devices as smartphones, laptop computers and tablets, the popularity of BYOD has risen. Employees became accustomed to having the latest technology in their personal lives and have brought that expectation to work. Younger workers have grown up using the technology and expect to use it at work, said Pete Lindstrom, vice president of research at information security analyst firm Spire Security.

Some firms have chosen to ignore the growing number of employee-owned devices appearing in the workplace, but other companies have responded to the consumerization of IT trend through formal BYOD policies. Whether a company's security team has a policy in place or is thinking about creating one, they should be aware that the policy will need to be reevaluated frequently, said Darrin Reynolds, vice president of information security at Diversified Agency Services, a division of Omnicom Group Inc.

"We're too new at this to fully digest it," Reynolds said, adding that the technology surrounding mobile devices is both changing and still being realized.

BYOD is happening; it just may not be documented or supported.

Chenxi Wang, vice president and principal analyst, Forrester Research Inc.

SearchSecurity.com's survey also found that 36% of companies require users to sign a legal document giving the firm limited control over device data. Forrester Research's Wang doesn't believe this is a growing trend. Companies that have liability concerns might require employees to sign a legal document, but most companies who have employees sign a policy don't need to do both, she said.

The survey found that firms rarely require that device data be backed up. Eighty-nine percent of companies have no backup requirement for personal devices, and 56% have no backup requirement for company-issued devices. Companies often recommend that employees back up personal devices but don't require it, Wang said. She thinks there is another reason why backup is unpopular for mobile devices: "Somehow [they have] a transient nature in people's minds."

Technology users don't think about having to do backups because they can get another device very easily. In fact, many users replace their devices every two years, Wang said. With the emergence of iPads and other tablet devices, however, she anticipates that this attitude will change as users begin to create more content on their mobile devices.

How to clear the BYOD security policy hurdle

Spire Security's Lindstrom believes that companies should treat their policy as a living document that can be changed to address emerging issues and trends. "You need a policy that is live enough so that you're not going to get in the way of innovation."

For now, however, policy implementation should follow certain steps, Diversified Agency's Reynolds said. Before they jump into policy creation, CISOs can oversee an assessment to understand the risk and identify the issues that need to be addressed. From there, policy creators can decide which policies need to be in place and how they can be enforced. The final step before implementation is to communicate the policy effectively and get upper management support, he said, adding that when people know what's coming and the bosses are on board, implementation will be much easier.

While a completed mobile device security policy might be different for each company, they all should address certain issues, Reynolds said. A good policy speaks to issues of theft and loss, safeguards and backup concerning both personal and company-owned mobile devices. Most important, he said, is that the message is memorable. If it is, employees will alter their behavior and embrace safer practices.

A mobile device policy also should address any financial or ownership considerations, particularly any questions of data ownership, Lindstrom said.

Once a policy is in place, companies must decide on what they will do to enforce the rule, or if they will at all, Forrester's Wang said. Because enforcement is part of the still-developing BYOD phenomenon, it can be difficult for companies to decide how to do it and how to pay for it. Enforcement, like the policy itself, must be fluid.

"You need to look for a way to embrace new technology with new controls," said Lindstrom.




6 Ways to Turn Customers Into Brand Ambassadors

Advertising is always tough when you don't have the resources necessary to pull of a big online ad campaign, but you might be forgetting one very important aspect of your advertising: your customers. The customer can act as a free advertising medium for you. People talk, and they like to provide insight into their experiences when they do business with someone else.

That's a good reason to give them the best experience possible, of course. However, there are also a great many things you can do to boost the customer's message, transforming it into advertising for your company:

  • Give your customers rewards. When shipping packages to them or completing a sale, you can always give them a complementary gift. For example, for purchases over $50, you can give them a free mug. Be creative!
  • Make special discounts. Ever had a customer that comes several times a month to make large purchases? I'd bet you can make his or her life easier with a special discount card. For example, you can give customer loyalty cards that will give them a 10% discount on any $150+ purchases. It wouldn't hurt to set up a “customer of the month” program in your store!
  • Show them they're special! Every customer that completes a sale likes to be appreciated for their business. Instruct your employees to give them a sweet smile and say, “Thank you for choosing us and have a wonderful day!” The environment must laud the customer for his or her purchase, not the business for providing the products. Never forget that they are the biggest contributing factor to your business' existence.
  • “Got a problem? We'll help you!” No one generally likes to hear bad things said about them. While customers might be able to relate wonderful experiences at your establishment, be ready for those who really weren't happy or are just too pretentious to be pleased by anyone. Still, you can use this to your advantage! For example, if someone posts on Facebook that the software you develop is riddled with inconvenient features, you can reply with this: “We are very sorry that you aren't enjoying our software as much as we would have hoped. You can request a refund for us, describe the problems you have had, and we'll work on them as soon as we can. Have a great day!” This kind of response turns something negative into something positive. Some people do good reviews on vendors that do this because of the establishment's seriousness in their particular problems.
  • Join Social Networks Where People Are Looking Actively For Businesses. Facebook isn't the ideal social network for businesses to be found, although it is a good way to get in touch with your customer base. Try something like Foursquare or Yelp, where you appear on maps that people use. You can also post great deals for customers that use these services to find you.
  • Allow customers to talk for you in your site. If you really want to get customers to speak out in your favor, encourage them to do so by giving them emails after an online purchase that reminds them to fill out a testimonial or survey. Some of them will speak about your services and what they say will appear on your page. Just make sure that they have something positive to talk about!

It all boils down to this: If you treat your customers well, they'll do some of your work for you without batting an eyelash. The more you focus on your customer service, the more likely your customers are to hop right on Facebook and talk about the awesome time they had at your place.



Memorandum to President Barack Obama

Barack Obama

From: Dr. Dawn R. Rivers, Director, Malone Macroeconomic Policy Institute

Subject: Evaluation of Policy Response to Economic Contraction of 2008-2009

Date: May 18, 2012

Beginning in the fall of 2008, the U.S. economy experienced the worst contraction since 1929. In the six-month period from September 2008 through March 2009, the Bush and Obama Administrations and the Federal Reserve pursued a variety of policy responses, including the Troubled Asset Relief Program (TARP), the American Recovery and Reinvestment Act of 2009 (ARRA), as well as the various actions of the Federal Reserve over that period.

From 2007 to 2008, gross domestic product (GDP) grew at an annual rate of 1.8%, reflecting the slowing that prompted the National Bureau of Economic Research to declare the beginning of the recession as of December 2007. Ultimately, from peak to trough, the economy contracted by 2.8%, from $14.3 trillion to $13.9 trillion. It has since recovered; GDP for 2011 was 15.1 trillion, up by a seemingly robust 3.8% over 2010 growth.

TARP and the activities of the Federal Reserve prevented the international and domestic capital markets from completely collapsing but neither has been able to restore sufficient confidence to secure a reasonable loosening of credit markets, leaving creditworthy consumers and small business owners without access to capital. Large corporations are able to borrow but they are hoarding cash, which does nothing to increase output.

The ARRA was crafted to inject $800 billion into the economy, with $500 in direct government spending and $300 in tax expenditures. Multiplier effects should have transformed those investments into $3.7 trillion in additional output, accompanied by robust and ongoing GDP growth and reductions in the unemployment rate.

Yet, the economic recovery that began in 2010 seems fragile and tentative. The housing market remains weak, the unemployment rate is still well above 5% total employment, and volatile energy costs place upward pressure on prices, sparking worries about inflation. If the policy responses of 2008-2009 had been uniformly effective, obviously these indicators would be much more positive.

Unfortunately, the current recovery is largely built on a house of cards. The resumption of GDP growth is largely driven by surprisingly robust personal consumption expenditures and a consumer spending level of 71% of GDP is neither healthy nor sustainable. The only component of GDP that has not returned to its pre-recession level (or exceeded it) is gross private sector investment.

In fact, annual private sector investment levels began falling from 2006 to 2007, well before the 2008 contraction, suggesting some structural weakness in place long before the events of September 2008. Gross domestic private investment fell by one-third (33.5%) from peak to trough (2006 to 2008) and has only recovered 82.3% of its 2006 levels as of 2011. In raw dollars, that translates into approximately $400 billion in missing investment. Taking multiplier effects into account, the result is roughly $2 trillion in potential output that has been lost to our economy.

To address these issues, it is our recommendation that the Obama Administration and the Federal Reserve take steps to encourage both confidence and optimism, particularly among the business community. A modest increase or two in the discount rate, for example, could persuade corporations to stop sitting on their cash if it conveys the message that the economy may be heating up and that the cost of money is about to increase.

Such an increase in interest rates could also be expected to have a positive impact on lending, since it would improve profit margins for banks. Tax expenditures that reward investment have been of questionable value to date - and should be the subject of much-needed research - but credits such as the Research & Development credit should not be allowed to expire.

Finally, we note that the Obama Administration has made its largest private sector investments in multi-billion dollar corporations, to little effect. In addition, a targeted small business fiscal policy that focuses on lending makes little objective sense in a climate in which 92% of small business owners report that their credit needs are being met or they are not interested in borrowing.

Given the lack of results from these investments, it would behoove the Administration to discuss changing tactics in order to stabilize the recovery and increase GDP growth.

According to the National Federation of Independent Business (NFIB), small business optimism is climbing but remains at recessionary levels. Yet growing numbers of small business owners also report improvements in earning trends and increased plans for making capital expenditures.

Bearing in mind that the data over the last 15 years confirms that companies are trending smaller and that recent research by the Ewing Marion Kauffman Foundation has found that the primary source of job growth is young or new small firms, I recommend the Administration encourage new firm formation by minimizing burdensome regulations, devise ways to assist nonemployer firms in making the transition to employers, encourage investment in small businesses (the crowdfunding provision in the recently enacted JOBS Act was a good start), fully fund all business management training and technical assistance programs currently offered by the U.S. Small Business Administration, and make direct investments in small businesses wherever possible.

Additionally, I recommend that the Administration convene another White House Conference on Small Business and that the suggestions and recommendations of real small business owners be implemented wherever politically feasible.

Thank you for the opportunity to offer this analysis, Mr. President. If you have further questions or require clarification of any of the points herein, please do not hesitate to contact me.

DISCLOSURE: Of course, I don't have a doctorate yet and I don't work for a non-existent think tank named after my macroeconomics professor. This exercise was an assignment from a course I took last semester, but I thought the ideas were worth sharing here.

President Barack Obama Photo via Shutterstock




Your Hotmail.com Account Will Soon Become an Outlook.com Account

Like much of the world, my first personal e-mail account was through America Online (AOL). Once I figured out I didn't need a portal to get to the internet, I turned to the most visible free e-mail service at the time: Hotmail. It was easy to use, free, and it would follow me no matter how many times I changed dial-up providers. I left for the same reason many people did. The ads and spam became too much to bear.

Soon after Hotmail debuted, Microsoft bought the service and held onto it for more than a decade. Times have changed, however, and Microsoft knows it. The company is rebranding Hotmail under the name of its main e-mail software, Outlook, and rolling subtle changes out to customers that will improve the service.

“Hotmail is still the world's largest e-mail service, with 324 million members,” David Pogue wrote in the New York Times. “But Gmail, only six years old, already has 278 million, and Microsoft was getting nervous.”

We're still in the transitional period, but Hotmail will be accessible through the domain name Outlook.com. Microsoft is already offering a preview of the new e-mail service at that location. The site has a clean designâ€"white background with red trimâ€"and, of course, includes ads, but they aren't quite as obnoxious as Hotmail's ads were in its early days.
There are many great features being carried over from Hotmail including a feature that allows a user to easily move all e-mail from one user to the trash with very little effort. This can come in handy for those pesky e-mails you keep unsubscribing from that still won't go away. One thing that is new, at least from my early days of using Hotmail, is its adaptability to the social media nature of today's electronic age. As you communicate with friends, Outlook.com will display that person's recent tweets and Facebook posts. You can share or re-tweet those posts directly from your inbox.

While some users may find this distracting, imagine the ramifications for your business's social media marketing. You work hard to promote your business, and now you'll be able to find new people to connect with during the course of doing business. As you converse with a client or colleague, you'll have a constant reminder of that person's social media presence, allowing you to immediately join in on the conversation.

If you use Hotmail to access your business e-mail, you'll only need to login to Outlook.com using your Hotmail authentication information. You likely have your domain name linked to your Hotmail account, so you'll need to change that information with your hosting provider, but that should be fairly easy.

One of the biggest complications of all of this is the fact that your e-mail address will change. If you've been using @hotmail.com as your e-mail address for years, you'll need to begin the grueling process of changing it as your user name on various accounts. If, however, you've been using your domain name as your e-mail address, the transition will be simpleâ€"yet another reason to link your domain name to your freemail account rather than using the freemail account address as your point of contact. Your domain name is likely something that will always stay static, no matter what corporate mergers are going on around you.



ForeScout technology certified by RSA

ForeScout has announced that its CounterACT solutions have been certified as being interoperable with the RSA enVision platform.

ForeScout has joined the Secured by RSA Certified Partner Program, and said that the interoperability between the solutions provides enterprises with dynamic situational awareness of network access and endpoint compliance issues, while reducing log management and threat management complexity. It also allows security professionals to capture, retain and analyse events generated from ForeScout CounterACT.

Sam Davis, vice president of business development at ForeScout, said: “ForeScout and RSA's interoperability allows customers to fully realise CounterACT's dynamic security capabilities with the assurance that audit logs are retained, efficiently analysed and integrated into an organisation's GRC fabric.”

“This interoperability between the RSA enVision solution and the ForeScout CounterACT solution is designed to help customers better effectuate identity, access and endpoint compliance controls for all users and devices, including managed and personal mobile devices, accessing network resources and sensitive data,” said David Low, director of strategic technology alliances at RSA.



ICO data security warning notices increase year on year

The Information Commissioner's Office (ICO) has issued 68 warning notices for data security lapses in the first half of this year, up by 22 from this point last year.

According to a study by Syscap, the ICO has issued 15 fines worth £1.8 million in the last 12 months, compared with just six fines worth £431,000 at this point last year. It also found that while the majority of fines have been against public bodies, the ICO is also increasingly taking action against private organisations that lose data.

Syscap chief executive Philip White said: “Small businesses are increasingly falling foul of the ICO. It's clear that the ICO is starting to take a much more proactive stance in penalising data lapses, so this is something that business owners need to take very seriously.

“Businesses need to make sure that the correct safeguards are in place in order to secure their data, or they could be at risk of hefty fines in the near future.”

Jonathan Armstrong, lawyer at Duane Morris LLP, told SC Magazine that changes in the enforcement team at the ICO could have been a cause of this rise, but there has also been an increased level of activity.

He said: “The ICO does a great job and where it is doing very well is on the data losses that we care more about. It is right that they up their game and the real enforcement is where the pattern has been sloppy.

“The legislation has been the same since 1984 in terms of the management of data, this should be no surprise to any information governance manager. This is about waking up and smelling the coffee.”

John Thielens, chief security officer at Axway, said: “The ICO has finally started to step up to the mark and shown its teeth. After all, what's the point of being given the power to make a difference for the better if you're not going to use it?

“More than ever, organisations need to keep their data protection policies in check in order to avoid fines and the associated negative publicity. There's no reason why this can't be done in a way that minimises the risks of data loss or theft. Organisations must ensure they have complete visibility over their data and make certain that it is protected, wherever it is.”

Chas Moloney, director of Ricoh UK, said: “These figures underline the huge challenges facing UK businesses when it comes to managing confidential information securely. Already this year we have seen numerous examples of high profile document leakage in both physical and digital formats, causing huge security headaches for individuals and businesses.”

Mark Dunleavy, managing director at Informatica, said: “With more warnings and fines issued for data security lapses than ever before, the writing is on the wall for businesses that are failing to keep their data under lock and key.

“By getting to the root of the problem, organisations can maintain rich views of their customers, while armouring themselves against unauthorised individuals looking to profit illicitly from their customer's valuable data."



WikiLeaks returns after 10GBps DDoS attack

Whistleblowing website WikiLeaks is back online after a lengthy distributed denial-of-service (DDoS) attack kept it offline for almost two weeks.

The attack was launched after WikiLeaks published the latest of its Global Intelligence Files (GIF), which discussed the implementation of surveillance software TrapWire in public spaces in the US. WikiLeaks appeared to immediately return after it signed up for CloudFlare services.

Communicating via its Twitter feed, WikiLeaks said that the attack was well over 10GBps against its main domains and the bandwidth it was using was so huge, it was impossible to filter without specialised hardware. It also said that the range of IP addresses being used was "huge", and said: “Whoever is running it controls thousands of machines or is able to simulate them.”

Also hit were WikiLeaks mirror websites and the Fund for Network Neutrality, its donations infrastructure.

A group calling itself AntiLeaks took credit for the DDoS attacks, saying they were launched out of opposition for WikiLeaks leader Julian Assange seeking political asylum in Ecuador.



5 Ways Analytics Can Help Grow Your Business

Small business owners know that their customers are headed online. That's why you're working hard to create a Web site that attracts customers, understands their problems, and sets your business up as the answer to that problem. But how do you know if your site is working? If it's meeting the objectives you originally set out and if you're connecting with your customers?

analytics

You could guess or you use Web Analytics to help you understand exactly what is happening on your Web site.

If you're a site owner and you don't have an analytics platform running (Google Analytics is powerful and free), you're missing out on all the ways analytics can help grow your business. How can it do that?

Below are just a few examples.

  1. Understand Your Keywords BetterWe all thinkwe understand the words and phrases that are driving people to our site. However, your analytics will actually tell you. You'll be able to dig into your organic search traffic to see which phrases are most powerful in helping people to find your Web site. You'll also be able to take a big step forward to see not only the rate at which people search a term, but how searchers looking for [keyword x] perform on your site.For example, how many pages do users looking for [custom cowboy boots] look at per visit? How long do they stay? Are they new or returning visitors? Does that search term lead to a visit or a conversion? Once you understand this information you can cross-reference it with other data to help make important site tweaks and segment keywords.
  2. Understand CustomersOf course, by understanding your keywords better, you're also working to understand your customers better, as well. You start to see patterns in their behavior and can segment them the same way you're segmenting your keywords. You may find that users who come to your site after reading reviews about you on Yelp are more likely to convert, even though they view fewer pages. Or you may find that users are taking a different funnel through your site than you had anticipated. Maybe you're finding they need more information-heavy pages before they're ready to make a purchase or they need more trust factors. By looking at your analytics and becoming familiar with the path and the activities your visitors take, you set yourself up better to target them and improve their experience on your site.
  3. Understand Social ActivityBack in May I outlined the new Google Social reports designed to help business owners better understand the social activity on their website. If you missed that post, give it a read now. I truly believe these social reports offer SMBs some of the biggest bang for their buck. They allow SMBs to tie social engagement to real dollar conversions, find conversations on the Web to participate in, show how users from certain social networks behave on their site, and more. If you've stayed away from social media because you weren't sure how to track social ROI, these reports help you to accomplish that.
  4. Understand Page QualityBy tapping into your analytics you'll also be able to find which pages are helping users complete their goals…and which are maybe sending them off track. The Visitor Flow visualizations in Google Analytics are really helpful in showing you how your pages are performing and where they're sending (or not sending) users. Pages that are found to NOT be sending users deeper into the conversion path should be rewritten to better address goals. By highlighting problem areas on your site, it allows you to fix and handle them.
  5. Understand Offline SuccessesSo not everything related to your business is happening online. You're participating in events in your community, you're speaking at local workshops, and you're constantly creating new brochures or commercials for local television. Your Web analytics can help you measure these successes as well, and it can help you do it in a number of ways.For example, maybe you decide to set up different URLs for radio and print ads to allow you to track which advertising method was more successful. Or you can use radio advertising to encourage people to search for specific search term and monitor that activity. Or you can skulk which terms visitors are using to find you and match them to offline actions. Just because something originates offline, doesn't mean it won't end up back on your Web site. Your analytics can help you track it.

Studying your Web analytics allows you to see exactly what is happening on your site, allowing you to respond to it and your customers. Over time, these insights can help SMBs create stronger businesses that are more focused on the needs and wants of their customers.

Analytics Photo via Shutterstock




Google+ Introduces Custom URLs

The rapidly growing social media site Google+, built to compete with rival Facebook, is introducing a feature guaranteed to get business users excited. The social community will be offering custom URLs to business pages and profiles, giving them greater visibility with a shorter and hopefully more memorable Web address for their sites. And there are other surprises in store:

Rolling Out

Write down that address! If you've ever tried to give someone your Google+ URL, you know it is a long and ponderous exercise in futility. But Google's new plan has already made more intelligible URLs available to a select number of big brands and celebrities, with more users worldwide hopefully able to take advantage of them soon. TechCrunch

Standby for re-branding. The new move by Google allowing verified business and profile accounts on Google+ to re-brand with custom Web addresses, or “vanity” URLs as they are sometimes called, will benefit more than just the businesses already flocking to the social site. It may also be the sign of something more significant in the wind. The Next Web

Getting Social

HootSuite hookup. If the new URL change wasn't enough, there's more news from social media management platform HootSuite on a feature that will make Google+ an even bigger benefit for your business branding. HootSuite has now added Google+ to the list of social sites you can manage here. Watch this simple setup guide. Ileane Smith

A pressing engagement. Google+ may be helping companies now flocking to the social site to increase brand awareness, but the same old question remains. Where's the engagement? Without the social give and take found on sites like Facebook and Twitter, business owners must question the time they invest. Technorati

Business Shifts

Searching for relevance. A look at recent news from Google reveals many changes to the company's services and products, including innovations to tools relied upon by small businesses like yours. Here we  take a comprehensive look at how these shifts in direction may impact business, now and long term. Small Business Trends

Better than cable. Google introduces Fiber as a challenge to the cable industry, offering high-speed Internet to residents and businesses in selected test communities. But small businesses must also consider how the new offering may eventually change the landscape for marketing products in new and unexpected ways. Gigaom

Google packs its bags. The tech giant makes its third venture into the travel sector with the purchase of Frommer's print and digital products for around $23 million. The move should be a lesson to businesses of all sizes. If successful, the purchase shows how entering industries not originally considered as part of a company's market can bring unexpected opportunities. Skift