What\'s The Matter With This Picture?

Image Matters.  The look and feel of your website says something about you.  And so do your headshots and company logo - or the lack thereof. I don't think the impact of image is going away any time soon.

Sure you can get around it, but you have to work harder to convince people that you actually know what you're talking about. When you look the part, however, the battle is a little easier. So, make your company image work for and not against you. You can start by using what you have.

Use What You Have

I am a huge advocate of hiring a team and getting some help. But I understand the reality of small businesses - sometimes you just don't have it.

It's a classic situation: You need to purchase three items, you only have the money for one.

Well, instead of the blow to progress the strain a tight budget can toss your way, you can get busy using what's already in your pocket.

In other words, if you have money, then find the right people and pay for their help. But if you have more time than money, then update your skills and do certain things yourself.

Every Small Business Needs 

1. A logo:  a visual representation of the company.
2. Head shots:  so that prospective clients can put at least one human face with your business.
3. A header: to help brand your website with your company look and feel.
4. Product images: to display what you have to offer.

People want to see what you have and who you are.  The pictures and images associated with our personal and professional brand, effects public perception - and often times spending.

If it's that important, then those images need to be crisp and engaging.

Consider paying for a quality logo and product images. And if there's no one with a strong eye for photography in your inner circle, then you may need to pay for a quality headshot as well.

Once these items exist, then you can add them to your business cards, website, brochures, posters, flyers, catalogs - where ever you need them.

It's the digital age and information travels from one side of the planet to the next in seconds. Create the kind of visual message that says what you want it to say.

Blank Photo via Shutterstock

StartUpNation Seeks Entries for Home-Based Business Competition

In today's economy, many are opting to follow their lifelong dreams of owning their own businesses. By basing a new small business in one's home, the owner is able to cut down on costs as the business navigates those early, uncertain months. In fact, the U.S. Bureau of Labor Statistics reports that there are currently more than 18 million home-based businesses in this country.

Recognizing that this is an important segment of the economy, StartUpNation recently kicked off its fifth annual Home-Based 100, requesting entries from now until the end of October. The competition isn't limited to any particular size or level of businessâ€"the entrant must simply be home-based and fit into one of the categories listed on StartUpNation's website. Those categories are:

• Most innovativeâ€"The most innovative products or services that are available on the market.
• Boomers back in businessâ€"Home-based businesses owned by those who are over the age of 50.
• Greenestâ€"Businesses that are making a positive impact on the environment.
• Yummiestâ€"These businesses create tasty food (or beverages).
• Wackiestâ€"This category is for those businesses that stand out for being “way out there” while still doing well.
• Savviest in social mediaâ€"Social media marketing is the new frontier for small businesses. This reward acknowledges those who have conquered the medium.
• Recession bustersâ€"Even in these tough economic times, these businesses are able to continue to grow.
• Most slacker friendlyâ€"These businesses offer solutions to those looking to do things easily, often due to busy schedules.
• Highest vote-gettersâ€"This category houses those businesses that received the most overall votes in the competition.

“We know that awareness and driving traffic to your business is one of the biggest challenges for any business owner,” StartUpNation states on its website. “Winners of the Home-Based 100 find themselves at the center of a media storm that includes recognition on national and local TV, radio, in newspapers and magazines, and on some of the largest, most influential websites on the web, MSN and StartupNation among them.”

Visitors to StartUpNation's website can view the existing entrants. Some categories currently have no entrants and are wide open. Even entering can help your home-based business, since each entrant has a profile on the site that includes that business's logo or a picture of the business owner(s), and a popularity meter beneath the “Vote Now” button.

To enter, businesses only need to complete the registration form at StartUpNation's website. You'll be asked to provide a photo and brief but compelling description of your business. You'll be enrolled to receive a weekly newsletter that will keep you updated on the progress of the competition.

Voting and registration began September 1 and continues through the end of October. A list of winners will be published in early January 2013.

For those who aren't planning on entering, it's important to put in a vote. Voting is already underway and will continue through the end of October. Since winning the competition can bring great publicity for a home-based business, each vote can make a difference.

Microsoft issues emergency security update for Internet Explorer

Microsoft issued a widely expected security update today, addressing a serious zero-day vulnerability in Internet Explorer being actively targeted by cybercriminals.

The out-of-band security update repairs five vulnerabilities, all remotely exploitable. It affects users of Internet Explorer 6, 7, 8 and 9. The update is rated critical for affected versions of the browser running on Windows XP, Vista, Windows 7 and rated moderate for Internet Explorer running on Windows Server 2008.

"The most severe vulnerabilities could allow remote code execution if a user views a specially crafted web page using Internet Explorer," Microsoft said in its advisory. "An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the current user."

It took Microsoft less than a week to address the zero-day flaw, which was detected by a security researcher on Monday. A module was added to the Metasploit penetration platform and proof-of-concept code quickly spread. By Tuesday, Microsoft acknowledged the zero-day flaw and said it detected limited attacks targeting it.

MS12-063 addresses an error in the way Internet Explorer handles objects in memory that have been deleted. The coding error produces memory corruption, which could be used by a cybercriminals to execute malicious code and spread malware. An attack scenario involves luring victims to a malicious website, or a Web page containing malicious code embedded in an advertisement or user generated content, Microsoft said.  

Eric Romang, the security researcher that detected the flaw, connected it to the Nitro gang, a cybercriminal group that frequently uses various exploits, including the recent Java zero-day, in targeted attacks.

Internet Explorer zero-day targeting industrial firms

Czech Republic-based antivirus vendor AVAST Software said that it detected the latest Internet Explorer flaw being used in conjunction with a variety of other exploits. Cybercriminal attack campaigns consisted of setting up a malicious website containing the exploits. The attacks used legitimate websites â€"mostly belonging to industrial manufacturers-that contained flaws, enabling attackers to embed malicious code in them.      

The Internet Explorer exploit was accompanied with an exploit exploiting a vulnerability in Adobe Flash carrying a playload consisting of remote access tools, AVAST said.  A Java exploit was also detected in the attack websites. AVAST said the websites may have been infected with Poison Ivy, an effective automated attack toolkit designed to steal credentials and spread malware.

"With the combination of the three exploits, the attackers have covered lots of users, as there is quite high probability that at least one of these will be unpatched on the user's computer," wrote JindÅ™ich Kubec, the director of the AVAST Virus Lab. "We can speculate that there may be a connection to the Nitro gang, which was sending targeted emails to such businesses with hidden RAT tools in order to extract data from the targets â€" so industrial espionage is the suspected motive of the attackers."

Researchers at San Mateo Calif.-based Alienvault said the attacks traced the ip addresses used by the attackers and found them registering fake domains with names associated with U.S. and U.K. defense contractors, aerospace and weapons parts manufacturers and suppliers.

"We also found a fake domain of a company that builds turbines and power sources used in several applications including utilities and power plants," wrote Jamie Blasco, manager of Alienvault's research labs.  

ESET calls Flashback Trojan threat now \'extinct\'

Antivirus vendor ESET has published a technical analysis of the OSX/Flashback threat. Fully operational six months ago, an expert at ESET said the threat is now "extinct."

We have witnessed [Flashback's] operator abandoning control of the botnet by shutting down its latest command-and-control server.

Pierre-Marc Bureau,
security intelligence program manager, ESET

"We have witnessed [Flashback's] operator abandoning control of the botnet by shutting down its latest command-and-control server," wrote Pierre-Marc Bureau, security intelligence program manager at ESET, in a blog post. "It appears that the operators of Flashback did not release any new binary to avoid detection, and continue their operation with a new infrastructure."

Flashback was first detected in the fall of 2011, and gained widespread attention in April when it infected over 500,000 Mac computers. The ESET technical analysis, OSX/Flashback: The first malware to infect hundreds of thousands of Apple Mac, (.pdf) describes how Flashback infected computers with Mac OSX, and analyzes the installation component and the library. The malware infected victims in a number of different ways, the first as a fake update of Adobe Flash player. Flashback also used a Java-signed applet and exploited two different flaws in Java, CVE-2012-0507 or CVE-2011-3544, to infect users.

The Bratislava Slovakia-based antivirus vendor also notes that Mac users often do not take security of their machines seriously, and chronicles the relationship between Apple and Java in the wake of Flashback.

"Some Mac users believe themselves to be immune to malicious software because they are using OS X. Certainly, the malware threats to OS X are less numerous than to Windows, but they are not nonexistent," the report read. Flashback has not been the only issue for Macs either. Lamadai, MacControl and Crisis have also created issues for Mac users this year. Experts attribute the growing threat of malware for Macs to an increasing payout for attacking the machines.

When Flashback first appeared, Apple had to validate and distribute updates via its updating system, which meant Oracle could not update Java for Macs at the same time as PCs. Often, including in the case of Flashback, the updates for Macs occurred much later.

Flashback triggered another change in the Apple-Java relationship.

"[Apple] registered all the names of the available domains connected to Flashback, including those generated dynamically. Shortly after that, Apple created an update to OS X that detected the presence of Flashback and uninstalled it from the system," the ESET report said.

With the debut of Mac OS X Lion (10.7), Apple stopped installing Java interpreters by default on its operating system. The report called this "a move that can be seen as reducing avenues of attack. This might also be interpreted as an attempt to avoid the burden of updating software that is beyond its control."

International scammers hit Trade Me

International cyber scammers are targeting Trade Me accounts in a two-tiered identity fraud to try to fool gullible New Zealanders.

Con artists from Indonesia, Nigeria and eastern Europe are sending "phishing" emails to Trade Me users, pretending they are from the online auction site and asking for personal details.

Clicking the link embedded in the email sends the information to the fraudsters and gives them control of the user's account, a technique commonly used to obtain banking details and drain accounts.

But in this scam, the overseas criminals hijack Trade Me accounts to post fake sales listings on the website using the genuine identity.

Buyers who show interest in the fake sale are asked to contact the "seller" by phone or email.

At that point, the scammers try to con the Trade Me member with an array of confidence tricks such as trying to convince them to be a "money mule" and shift cash for them.

The head of Trade Me's security team, Jon Duffy, said none of the website's members had lost money in scams.

"We're pretty good at stopping this sort of thing. Most of our members are based in New Zealand, so a red flag goes up when a foreign IP address is used.

"There are proxies that mask [the true IP address] but we've got good technology to detect that too."

Mr Duffy said the "multi-layered" phishing attack showed the lengths to which cyber criminals would go.

Police say criminal groups worldwide are increasingly turning to cyber-crime and identity theft.

Ministerial briefing papers obtained by the Weekend Herald under the Official Information Act show that despite the rigorous Trade Me security, the police were concerned that criminals could hide their identities and trade illegally, including by:

•Advertising goods for sale that do not exist, and taking payments.

•Selling stolen property.

•Running small businesses and avoiding tax.

•Selling chemicals that could be dangerous when mixed.

However, the papers said "on-line trading is most vulnerable to identity-based fraud", as there was no requirement under the Second Hand Dealers and Pawnbrokers Act for internet auction sites to make members provide photo identification.

Common identity scams on Trade Me include the use of multiple identities and false information to create accounts. When one identity is shut down, another is created, using an address taken from a phone book in another town.

Trade Me and the police have a close working relationship and signed a memorandum of understanding in 2005 - the first such police agreement with a commercial enterprise - which allows information to be shared under the Privacy Act.

Nearly half the 2000 police requests for information each year related to stolen goods.

Of those, Mr Duffy estimated, 10 to 15 per cent resulted in "further action".

While members did not need to provide photo ID, Mr Duffy said, Trade Me could restrict accounts if suspicions were raised and those members were asked to provide identification.

Other security techniques enabled his team to detect when multiple accounts were created by one person.

He said "low-end fraudsters" created accounts with false names and sold goods that did not exist but Trade Me worked closely with the police in such cases.

"I can't recall an instance when we haven't been able to identify the person committing the fraud. Typically we follow the money."

Another scam happens when interested buyers leave their cellphone numbers in the Q & A section of a sale listing - in breach of Trade Me rules.

A fraudster can see the number without having to be logged in, and can then call the interested buyer pretending to be the seller.

"If someone wants to take you off our site to conclude a transaction, that should be a warning sign," said Mr Duffy.

Online trickster
An Auckland woman conned $46,000 from online traders for iPads and iPhones that did not exist.

Aaliyah Elmira Rafiee, 25, called prospective buyers on Trade Me and Sella and offered the Apple products at a cheap price.

She targeted those who left contact details in the question section of the auction, then arranged the sale away from the site.

More than 30 Trade Me members were swindled out of nearly $30,000 when the goods did not arrive.

Rafiee pleaded guilty to 59 charges of obtaining by deception and accessing computers for dishonest purposes. She will be sentenced in the Auckland District Court in November.

By Jared Savage | Email Jared

New Privacy Laws to Protect Individuals and Businesses on the Web

In the past ten years, the Internet has grown so fast that it's almost incomprehensible. When something grows this fast-and is at the same time extremely useful to our everyday lives-it's human nature to start taking it for granted. More specifically, we take our rights on the Web for granted.

When is the last time you thought about law enforcement's right to read your data? What about if it's legal or not for an app to pull as much personal information out of your phone or computer as it wants?

With Congress' approval rating barely staying in the double-digits, one often wonders if they are planning on doing anything to improve it. It turns out a few of them actually want to pass laws that a vast majority of people will get behind.

Seeing as the privacy act that governs our electronic communications is over 25 years old (that sure is some old lingo), some representatives decided to update the antique legislation.

Privacy is Currently Lacking, New Laws Aim to Protect Citizens Online

The first bill we should discuss comes from Senator Patrick Leahy. He is proposing an amendment to the Electronic Communications Privacy Act of 1986.

First of all, as the law stands now, our email is almost up for grabs for law enforcement. According to NBCNews, all that is required for law enforcement to read your â€" or your business' â€" emails is to:

“. . .[jump] over an easily cleared standard of proving ‘reasonable grounds' that the information gleaned could be useful.”

That's it. It “could be useful” and they get to read all of it.

The amendment, as NBCNews reports again, will:

“. . . require law enforcement to obtain a probable cause warrant to rifle through archived emails.”

It doesn't matter if the emails are on your own server or stored remotely. Everything will be treated equally and with the strong protection it deserves. Regardless of whether you are doing something wrong or not-and a majority of users on the Internet do nothing illegal-this is good news for privacy. There's no reason why our property in the electronic world shouldn't be just as strongly protected as it is in the material world.

Mobile and Social Apps a Target too

Not to be outdone with legislation that the public will actually embrace, US Representative Ed Markey has introduced a bill called the Mobile Device Privacy Act.

Currently, it's extremely easy, and legal, for an app or social media platform to simply grab whatever personal information they want from your data. Sometimes they let you know, and other times it's completely in secret. This is an assault on personal privacy and possibly a threat to businesses that operate online as well.

So this new bill, as Ed Oswald at ExtremeTech reports:

“. . . makes it illegal for companies to monitor device users without their expressed consent.”

Basically, any sort of data snooping or data collection has to stop.  If it is to be done, the user must be informed beforehand.

Ed Oswald included a wonderful quote from Markey that captures the spirit of this bill:

“Consumers should know and have the choice to say no to software on their mobile devices that is transmitting their personal and sensitive information.”

That pretty much sums up the point of the bill. Whether you have a business online or you personally use mobile apps and social platforms like Facebook and Google+, this means you will have the control over your data and personal or commercial information that you should have had all along.

Finally, Legislation We Can Get Behind

After a year of horrible proposed legislation that would have suspended the prosperity and freedom we currently enjoy on the Internet, we have two bills that pretty much everyone can get behind.

Just last year SOPA was introduced and sparked one of the greatest mobilizations of businesses and individuals in opposition.

The opposition was a fine display of e-disobedience. Businesses small and large blacked out their sites to raise awareness. Much more was done on other online communities. Even Google got involved to spread information about how SOPA was not what the Internet needed.

Eventually, the Web denizens and the businesses that supported them won and SOPA was defeated. We still have other challenges to Internet freedom in CISPA and ACTA, but it's unlikely they'll get much traction given the response to SOPA.

Ultimately, these privacy bills are good for businesses as well as individuals. As businesses continue to move into the online world, and individuals put more of their info online, they deserve the privacy and protection that we have in the physical world.

That way, we can all enjoy the Internet for what it's meant to be: a platform to communicate and interact, which allows us to grow commercial ventures and improve individually.

What do you think of these new privacy laws?

Online Privacy Laws Photo via Shutterstock

Groupon Launches Mobile Credit Card Payments – The Field Gets More Competitive

The field of mobile credit card payments is getting crowded with differentiating factors harder and harder to see.

While competing on transaction charges is one way to do it, I think as more and more vendors (Intuit, Square, PayPal and now GroupOn) begin to offer mobile payment solutions and even more offer payment solutions with no swipe, but as an app, small business owner will benefit from even more choice.

However, as you pick your mobile payment service go with the ones who offer the best customer service and experience.

Here's information on GroupOn‘s offering, from their press release:

Groupon announced the launch of a new payments service â€" one that guarantees to be the cheapest and simplest option for local businesses to accept credit cards. Built into the latest version of the Groupon Merchants app for the iPhone and iPod Touch, the payments service will beat any other available rates - offering local businesses significant cost savings on credit card processing fees.

Features and advantages include:

• Swiped transactions - MasterCard, Visa and Discover (1.8% plus $0.15 per transaction) and American Express (3% plus $0.15 per transaction); no hidden costs or monthly fees
• Dependable Service - Backed by a 7-days-a-week Groupon Payments support team reachable by phone and email
• Hassle-Free Enrollment - Up and running within minutes
• Comprehensive Features - Use Groupon Merchants app to enter bill totals, add tips, apply taxes, process refunds and email customer receipts
• Durability - Swipe credit cards via a sturdy, case-based credit card reader suitable for high transaction volume merchants or an audio jack accessory
• Security - Encrypted and secure credit card information
• Analytics - View payments information seamlessly to an online Payments Center where merchants can view a live transaction history, check daily sales reports, track deposits to their account and analyze revenue trends

For cash-only small businesses that may have chosen not to accept credit cards because of the previously-high processing fees, the payments service could be a solution.

 

PetSmart CEO Opens Up His Bag Of Secrets: 3 Important Lessons You Can Learn

I'm sure you've come across a point in time when you've asked yourself this question: How did “x” business become so successful? Perhaps it wasn't phrased in that manner, but you get my point. PetSmart is one of those very successful enterprises and there are a number of reasons why.

Not too long ago, Robert Moran, CEO of PetSmart, spoke to the Wall Street Journal in a video interview where he answered some questions regarding his own business practices that led his enterprise to where it is now. Let's have a look at a few points we can take from that video:

• Keep an eagle's eye on trends with your customers â€" Moran has seen that customers have a tendency to be more concerned about their pets' health. They take decisions for their pets like with any other member of the family. In fact, he noticed a tendency for customers to seek organic non-grain foods. What was the result? These kinds of food arrived on PetSmart's shelves. As important as it is to keep an eye on your margins, business development also involves catering to your customers as much as possible.
• Build your store proportionately to customer behavior in its location - Before opening a new PetSmart, Moran must have a look at how much traffic goes through that area on a daily basis. In low-traffic zones, it's not logical to open up a 4,000 square-foot mega store. One enormous part of business development is attempting to fit the establishment to the people around it. But that's not all. PetSmart also keeps in mind the customer spending habits within an area. If you open a store in an area where customers like to spend less, then you must ensure that the products reflect that kind of spending behavior.
• Cater to the strongest demographic - Over time, PetSmart has attracted a lot of LGBT customers. Their trends are somewhat different than customers of other demographics. I'm not telling you to completely give up catering to all your other customers, but make sure that your “modus operandi” includes having a plan for those who bring their wallets the most. If you have a lot of Hispanic customers, you can't expect proper business development without introducing a significant amount of products that they would enjoy. Your marketing messages should also reflect this. For example, your advertisements should include something that appeals to the demographic without being overly exaggerated.

Everything could be summed up in one simple statement: It's all about the customers. It still isn't too late to take some of this business development advice from Robert Moran. The more you get a feel for what your customers want, the more successful you become.

Chicago Event: 4 Days Until The Small Business Technology Tour Arrives In Chicago!

The 3rd Annual Small Business Technology Tour 2012, produced by Smallbiztechnology.com, will be arriving in Chicago on September 25th!  Join our very own Ramon Ray at the Microsoft AON Center, 200 E. Randolph Street, #200, Chicago IL from 8:30am â€" 4:00pm for a day full of learning, networking and FUN!

REGISTER HERE

 

This one day event is filled with TONS of learning from expert speakers on topics geared to helping small businesses grow.  Topics include:

• How Small Companies Can Do Big Things With Technology
• How Your Business Can Thrive In Any Economy
• Are You Leveraging Your Superfans?
• 7 Steps: Dating Your Leads. Marrying Your Customers

Thanks to our great sponsor, Intel, use code RamonVIP50 to get 50% off your Tour ticket! You can use the code and REGISTER HERE.

Visit the tour website to see the full list of speakers and agenda for each city.

We hope to see you on the tour!!

Tu Nguyen of Gongshow Gear: Providing Automated Real-Time Customer Service

Many online small businesses generally do not have the resources to keep their business staffed 24 hours a day, 7 days a week.  However, consumers have come to expect immediate customer service solutions.  So what's a small business to do?  Tune in as Tu Nguyen, VP of Technology for Gongshow Gear, joins Brent Leary to share how he and his team have been able to provide automated real-time customer service and, in doing so, have increased their sales by 7 to 10 percent.

* * * * *

Small Business Trends: Can you give us a little bit of your background?

Tu Nyguen: I was studying at Carleton University, studying science back in 2003, and that is where I met my partners Garrett and Craig while they were playing junior hockey at the time at Ottawa Ontario.

They were selling hats with “Gongshow Hockey” stitched on front of it. They were selling shirts from the dorm room and also in the back of the van. A long story short, given the initial success, we realized this may be a viable business.

Small Business Trends: Can you talk about how the term “Gongshow” is really a part of the hockey culture?

Tu Nyguen: Gongshow is a lifestyle hockey apparel brand.  The word Gongshow, if you can remember, first originated from a hit TV show back in the 70's.

Since then, it has been made popular and adopted by the community of the junior hockey culture and a go-to word to describe the chaotic, crazy situations that can often occur on or off the ice. The word has become, over the years, pretty synonymous with hockey culture.

Small Business Trends: What do you guys sell online at Gongshow Gear?

Tu Nyguen: We sell hats, tee shirts, and a lot of apparels.  We introduced jeans this year and really extended our line and are really growing with the market.  It's typical stuff that hockey guys would wear; hats, tee shirts, jeans, even jackets were introduced this year.

It is a full line of stuff that incorporates hockey culture into the fold.  So it really pulls sales and slogans, and also low key stuff that you can wear from day to day as well.

Small Business Trends: Can we talk a little bit about some numbers?

Tu Nyguen: Right now on Facebook we have over 75,000 members. On Twitter we have around 26,000 followers. A lot of the hockey guys are very close knit and they like to share stories.  It's really a great medium for us to showcase their stuff and get feedback from them directly.

Small Business Trends: How do you transition those conversations into sales on the website?

Tu Nyguen: The thing with this new generation of customers now using social media is that they think differently.  All of a sudden, with this new social platform, they're extremely tech savvy.  They are very informed and they are very engaging.

They like to provide feedback as well.  Most of all, they want answers as quick as possible. We have leveraged social model and are able to adapt to that. They want to hear directly from the brand.

Small Business Trends: How are you able to leverage newer technologies to get the information to them right away?

Tu Nyguen: Back in the day, we'd get a scenario where they were writing in, or phoning in the traditional method and asking something.  Whether it's, “I am 6 ft. 190 lbs.  Which size shirt should I get?”  It's very non-technical questions really.

Or they could be at the last checkout screen and they have a question, “Do you take PayPal?  Why isn't my credit card working?”  So by the time they ask this question, let's say it was Friday night or on a Saturday, for a small business, we may not have the luxury of weekend staff or night staff to take the calls, or to even email these customers instantly.

So it poses a challenge in terms of time to purchase. Because as they are waiting for an answer, they may have lost interest and gone somewhere else to buy something.

Nanorep is a cloud-based customer service app we use that fits right into that social model I was talking about. Customers want things quick, and we have to find some way to answer them quickly.  So the service is really working well for us. It was really set up for a small business and it is easy to use and maintain.

Small Business Trends: How has Nanorep impacted the conversion rate you have on your site?

Tu Nyguen: It takes a little while to build a knowledgebase based on the questions coming in from site visitors.  But we have seen a dramatic drop in emails.  Not only that, the answer rate now is anywhere between 65% to 75%, which is pretty good. So now it is a good day getting, let's say, ten or twenty redundant emails a day.  Like this one, “I'm 6ft 1in, 190 lbs.  So what size do you have?  Or, “Is the credit card working and why not?”

Those questions are now being answered automatically per our programming by Nanorep.  So over the course of eight months, we noticed an average rate of anywhere between seven to ten percent higher sales generated by customers.  Having Nanorep answer questions rather than waiting, and then later returnimg to purchase something.

With Nanorep we have these trace snippets that allows us to do an AB test. That is how we were able to see those rates and we are seeing a ten percent higher rate.

One thing to observe is the time of purchase conversion. They were on our site, and they are looking for questions and it can be the difference from them buying that day, or the next day, or never at all.

That definitely helped in the aspect of receiving that ten percent increase. Let's say if one hundred visitors were to come and engage, at least ten of those buying that day or that hour can stem from weekend sales as well as night sales.  So we're definitely seeing some improvement in those areas.

Small Business Trends: Where can people go to learn more about you and your Gongshow Gear, and how they can buy stuff?

Tu Nyguen: They can go to Gong Show Gear.

Tu Nyguen â€" Gongshow Gear by smallbiztrends

\'Dead\' Flashback botnet descibed as the most widespread Mac malware to date

The Flashback botnet, which captured around 400,000 Apple Mac users earlier this year, was a game-changer due to its use of drive-by-download techniques.

According to the IBM X-Force 2012 mid-year trend and risk report, the emergence of Flashback was predicted in its earlier reports and after it was discovered in September 2011, the early tactics relied on social engineering to lure users to install them; the newer variants also employed drive-by-download techniques that are common in the Windows malware world.

The report said: “In the last report, we mentioned that the technical difficulty in exploiting OS X software is a major factor in preventing mass exploitation. Flashback works around this by using multi-platform exploits through Java vulnerabilities. That is, the exploitation technique and most of the code involved is the same, regardless of whether the target is Windows or Mac.”

It also commented that despite Apple issuing a software update for Java in order to remove the most common variants of the Flashback malware, the exploits were patched so the variant never achieved widespread infection.

“Things changed, however, when Flashback started using a CVE-2012-0507 (Java Atomic Reference Array Type Violation Vulnerability) exploit in March. This vulnerability was already patched by Oracle the month before, but the Apple version of Java was not updated yet, leaving a lot of Mac machines vulnerable to this exploit. The resulting mass infection was enormous, and Flashback became the most widespread Mac malware to date,” the report said.

Research released this week by ESET also said that Flashback was the most widespread malware it had seen targeting Mac systems, but the last C&C (command and control) server went offline in May and since then, it could say that the botnet is effectively dead.

Pierre-Marc Bureau, ESET senior malware researcher, said: “A real spike in infection started in March 2012, when this threat started propagating by exploiting vulnerability in the Java interpreter shipped with Apple's OS X. During the first days of April, we deployed monitoring systems to gain a better understanding of the size of the infected population.”

Bureau said that given the scale of Flashback, it wanted to inform users about the malware and it also allowed collaboration with the security industry to register as many of the domain names created by the botnet's domain name generation algorithm as possible, thus preventing the botnet master from sending update commands to already-infected systems.

Clinton McFadden, senior operations manager for IBM X-Force research and development, said: “We've seen an increase in the number of sophisticated and targeted attacks, specifically on Macs and exposed social network passwords. As long as these targets remain lucrative, the attacks will keep coming and in response, organisations should take proactive approaches to better protect their enterprises and data."

It\'s A Dog Eat Dog World

“Dog eat dog” has been used in:

• The title of at least three films.
• The name of at least two television shows.
• The title of at least seven television show episodes.
• The name of a band.
• The title of at least two albums.
• The name of around a half dozen popular songs.
• The title of at least three novels.
• A video game.
• The inspiration for a comic strip (Dog eat Doug).

And now it's a business cartoon to boot.

NYC Event: Grow Your Business With The Essentials of Web Marketing and Lifecycle Marketing

 

Grow Your Business With The Essentials of

Web Marketing and Lifecycle Marketing

 

When: Tuesday, October 2nd - 8:30am â€" 10:30am (we will start at 8:30am sharp)

Where: Emerge 212 â€" 1515 Broadway, 11th floor (near 44th Street), New York, New York 10036

Click here to register for this event or get more information.

 

Event Summary

Ramon Ray will give you a 7 step process, which includes using lead magnets to attract an audience and nurture your leads. Social media is awesome, but we'll show you how to purposefully use social media and other technologies to GROW your business. 

Jasmine will cover the fundamentals of web marketing for growing businesses. She'll reveal the secret sauce for what it takes for small businesses to build a competitive online brand and provide a high-level review of: Effective online market positioning, Online identity development, Web Marketing Channel Planning, Online Communications Management, Web Analytics and Measurement for Success.

Your Hosts

Jasmine Sandler, CEO, Agenty-Cy Online Marketing and Digital Marketing Consultant

Jasmine Sandler is a veteran in online marketing. She has over 15 years client experience in helping companies, both large and small, use the web to develop and grow business. Jasmine is a frequent speaker and writer for organizations including: New York Times Small Business Blog, The New York Enterprise Report, The Association of Strategic Marketing, The Online Marketing Institute and multiples of women business organizations. 

Agent-cy Online Marketing, Inc., is an interactive agency in NYC with a team in Digital Strategy, Web Design & Development, Search Marketing Strategy and Management; Social Media Marketing and Online PR. 

Read more about Jasmine at www.JasmineSandler.com 

 

Ramon Ray is the Regional Development Director, Infusionsoft (and Tech Evangelist, smallbiztechnology.com).

Infusionsoft provides all in one sales and marketing software to small businesses â€" integrating ecommerce, analytics, contact management, CRM, automation (and more) in one software suite with one database for a comprehensive view of the customers. 

Ramon is a technology evangelist, author (3 books), event producer, national speaker, journalist and freelance writer with over 8,000 articles to his name. As a former technology consultant Ramon has hands on knowledge of technology and as a business owner, knows the challenges and joys of growing a business. 

Read more about Ramon at www.RamonRay.com.

Preparing yourself for a data breach

As you may have come to realise, it's not a matter of if a data breach will occur, but when, and it comes as no surprise that it will probably be at the worst time and become one of the most stressful moments of your career.

Breaches happen through the places you were not looking, so you are going to have your deductive skills tested to the limit. If you are lucky, you will be able to infer what happened through the remaining audit artefacts on your network.

If your experience at the job has been constrained to sitting quietly at your desk doing 'your thing', you are going to have more exposure to the executive leadership of your enterprise than you ever imagined. They are going to require fast and decisive answers and you will be asked to make quick assessments of the information you have available and be held accountable for them afterwards.

Your first responsibility will be to create a complete and detailed timeline. This information is what is required for legal, PR and the board members - it should be the primary deliverable that all other workflow is derived around.

Expect to receive constant requests for updated status, but don't let updating too often get in the way of work. Do not be afraid to push back and give yourself time to report more accurate findings. Make it clear that you can either deliver inaccurate information now, or accurate information in another hour. Your job is to enable informed executive decisions at this point, so set expectations that this is your goal clearly.

No matter what field you work in during times of crisis you will see everyone's true colours brought forth, not least of which will be your own. Things are going to get a little crazy, requests become orders and niceties fall to the wayside. In times of crisis, sanity becomes more important than pleasantries.

If public disclosure of your breach is required, know that it is a double-edged sword. You may well experience great catharsis in knowing that the truth is finally out there, but you must come to terms beforehand that the PR spin engine will be operating at full pace and you will be under a mountain of non-disclosure.

As the long hours and sleepless nights count up, remember that there is an end and life will return to normal once more. Handling a corporate breach is likely to be one of the most intense moments of your security career; you wouldn't be faulted for wondering if it's time for a career change because of it.

Remember however, that in the world of incident response, there are two types of people - those that have been through a major breach, and those that haven't. Your employer will, in all likelihood, continue to remain in business and you will continue to remain employed.

It is an accepted truth that all organisations will be breached at some point - what is important is how you handle it. Manage the stress, try not to say anything you can't take back and realize that you are going to come out of this with experience that you can't learn in any lab, or simulated exercise.

Conrad Constantine is research team engineer at AlienVault

ICO: \'We are pressing for custodial sentences\'

The Information Commissioner's Office (ICO)has admitted that it is ‘pressing for' custodial sentences for malicious data loss.

Speaking at the Gartner Security and Risk Management Summit in London, David Smith, deputy commissioner and director for data protection at the ICO said that it had powers of criminal prosecution, but they were not its ‘primary way of enforcing the law' as its only power was to fine.

However he said that it was pressing for ‘power of custodial sentence', primarily it would be sentences that were 'punishing for not doing things properly'.

Asked if there was a timeline for custodial sentences to be introduced, Smith said there was not but said it was something the ICO had been pressing for a long time.

“The government have resisted for several reasons, such as they do not believe in creating more and more crimes that can carry prison sentences, also Leveson is looking at this following the actions of journalists, so let's wait for his report,” he said.

“So two things that we are waiting for: the Leveson report and we do have a new Secretary of State for Justice who might have a slightly different take on this. So if you ask me to put some money on it I think we will end up with the possibility of custodial sentences but Leveson will have to report and the government will have to introduce legislation, but I don't think it will be less than 18 months.”

He also said that the sentences will be for malicious breaches where someone has set out to break the law, and not jailing for someone failing while doing their best.

Smith later said that it is not the breach itself that is attracting monetary penalties, but the lack of security behind it, what training staff have had and the way systems have been setup.

He concluded his presentation by saying that the biggest risk now is the human factor, as all breaches it sees have a human failing behind it and organisations do not significantly protect themselves.

“We see complacency coming and the drive for cost savings in public sector has driven security away from this area. Have you ever stopped to think about the risk? The way in which technology developing has very little thought on data protection law and outsourcing and cloud. Also data protection is about security of personal information, and also accuracy and keeping data to a minimum.

“I think the biggest driver is trust, confidence and getting this right, not just in your own business, but with people and trust in getting security right.”

Tufin launch application change viewer

Tufin Technologies has launched a solution to allow firewall administrators to manage the network connectivity of enterprise applications.

Named the SecureApp, it said that it provides the ability to manage firewall policies by applications and about giving companies a way to view things from ‘the top down'.

Talking to SC Magazine, Tufin Technologies' chief security architect Michael Hamlin said that it allows security teams to track changes in the application development process.

He said: “I think what we have found is that there is still work to be done as 80 per cent of problems are in the application space as you can scan services in under an hour but it can take over a week to correlate on the firewall changes.

“What we have found is a better way to create apps and requests so that they are tied to each other, so if you build an app you use this to track changes.”

According to Tufin, SecureApp provides a central repository for application connectivity data and presents it in a way that network administrators and application owners can easily and strategically leverage to deploy, modify, de-commission, monitor up-time and troubleshoot application connectivity issues.

It also enables application teams and network teams to communicate accurately, eliminating the misunderstandings that lead to errors, wasted time and unnecessary security and compliance exposure.

Ruvi Kitov, CEO of Tufin Technologies, said: “Since application owners don't speak ‘firewall', there were often miscommunications between the application teams and the network teams, resulting in a wide range of compliance, business continuity and other process problems.

“We decided that a new, application-oriented paradigm would solve those problems and if the feedback we have received is any indicator, we are confident SecureApp will revolutionize firewall policy management.”

\'Dead\' Flashback botnet descibed as widespread Mac malware to date

The Flashback botnet, which captured around 400,000 Apple Mac users earlier this year, was a game-changer due to its use of drive-by-download techniques.

According to the IBM X-Force 2012 mid-year trend and risk report, the emergence of Flashback was predicted in its earlier reports and after it was discovered in September 2011, the early tactics relied on social engineering to lure users to install them; the newer variants also employed drive-by-download techniques that are common in the Windows malware world.

The report said: “In the last report, we mentioned that the technical difficulty in exploiting OS X software is a major factor in preventing mass exploitation. Flashback works around this by using multi-platform exploits through Java vulnerabilities. That is, the exploitation technique and most of the code involved is the same, regardless of whether the target is Windows or Mac.”

It also commented that despite Apple issuing a software update for Java in order to remove the most common variants of the Flashback malware, the exploits were patched so the variant never achieved widespread infection.

“Things changed, however, when Flashback started using a CVE-2012-0507 (Java Atomic Reference Array Type Violation Vulnerability) exploit in March. This vulnerability was already patched by Oracle the month before, but the Apple version of Java was not updated yet, leaving a lot of Mac machines vulnerable to this exploit. The resulting mass infection was enormous, and Flashback became the most widespread Mac malware to date,” the report said.

Research released this week by ESET also said that Flashback was the most widespread malware it had seen targeting Mac systems, but the last C&C (command and control) server went offline in May and since then, it could say that the botnet is effectively dead.

Pierre-Marc Bureau, ESET senior malware researcher, said: “A real spike in infection started in March 2012, when this threat started propagating by exploiting vulnerability in the Java interpreter shipped with Apple's OS X. During the first days of April, we deployed monitoring systems to gain a better understanding of the size of the infected population.”

Bureau said that given the scale of Flashback, it wanted to inform users about the malware and it also allowed collaboration with the security industry to register as many of the domain names created by the botnet's domain name generation algorithm as possible, thus preventing the botnet master from sending update commands to already-infected systems.

Clinton McFadden, senior operations manager for IBM X-Force research and development, said: “We've seen an increase in the number of sophisticated and targeted attacks, specifically on Macs and exposed social network passwords. As long as these targets remain lucrative, the attacks will keep coming and in response, organisations should take proactive approaches to better protect their enterprises and data."

Heineken Changes Its Iconic Bottle

When sales begin to fall, business owners start looking for solutions. It doesn't matter whether the business is large or small, dropping sales means something is wrong. Perhaps your business model no longer works, perhaps your product is no longer needed, or maybe the way you market your product is the problem. A decision by an iconic beer maker shows one way to deal with the situation, but below you'll also find others.

Customer Disloyalty

Bottled up inside. Heineken dominated the higher-end beer market for decades, but now the brand is in trouble. A perfect storm includes the success of competitor Corona, a decline in beer drinking, and the growth of smaller craft beers. The company's solution is a new bottle with a different shape, even though the beer inside won't change. The Wall Street Journal

Some experience required. Customer perception of a brand is complex and has as much or more to do with actual experience than superficial perception. For example, 89 percent of customers began doing business with a competitor after a poor experience, and 86 percent will pay for a better experience. Eleventy

Changing with the times. You're not the same person now as you were a few years ago, and neither are your customers. So if your marketing message, branding, and product haven't changed in all that time, there may be a problem. Marsha Friedman suggests some tips for getting up to speed. EMSI

Doors of Perception

Causing the effect. Of course, when considering why sales are slipping or leads may not be coming in as easily as they once did, it's helpful to take a thoughtful approach to identify the cause of the problem, says marketing expert Susan Oakes. Avoid reacting prematurely by cutting prices or making other immediate responses which may hurt your business instead of helping. M4B Marketing

Riding the bull. You should also examine the way customers interact with your brand. Rachel Parker tells the story of how one particularly skillful marketer for Red Bull got her attention simply by handing her a refreshing can of the beverage in the middle of a thirsty workout. Resonance

Persistence of Vision

A change in focus. Look for the reasons your sales may not be all you would like them to be by asking yourself some important questions, says blogger Harry Vaishnav. Find out whether you are selling to the right customer, and if you are focusing too much on marketing and not enough on your product. There are some other issues business owners should also consider. Small Biz Viewpoints

The secret of staying power. Amazingly, some brands, no matter how long they have been around, demonstrate incredible staying power. Entrepreneurs can learn from businesses like The Becky Thatcher Restaurant in downtown Hannibal, Mo., a business that has had customers coming back for 43 years, says marketer Diana Pohly. Here are some lessons for longevity. Step By Step Marketing