Microsoft addresses critical Word flaws, new RSA key length

Microsoft will begin requiring digital certificates to support an RSA key length of at least 1024 bits today, in accordance with a security advisory being pushed through Windows Update.

The new requirement, which Microsoft has been preparing customers for since August, was part of the software company's October 2012 Patch Tuesday  security updates. Microsoft also addressed an issue with signature timestamps on valid files and released seven bulletins covering 20 vulnerabilities in Microsoft Windows, SQL Server, and Office.

Users were first notified of the impending change in RSA key lengths in June, as part of Microsoft's response to the Flame malware kit. Security Advisory 2661254, published in August, provided further details of the change and notified users of an update that was made available in Microsoft's download center. Microsoft encouraged customers to apply the change early to work out any kinks before today's mandatory update.

Security update timestamp errors

Microsoft also announced that there was a clerical error in the digital signing of several recently released security updates. According to Security Advisory 2749655, certificates with improper timestamp attributes were used to sign Microsoft core components and software binaries. This error does not present a security issue, however it will cause the certificates to expire prematurely in January 2013.

"Microsoft is providing updates as they become available for products affected by this issue. These updates may be provided as part of rereleased updates, or included in other software updates, depending on customer needs," the security advisory read. The company has already begun rereleasing updates today, including KB723135, KB2705219 and KB2731847.

Wolfgang Kandek, CTO at Redwood City, Calif.-based Qualys Inc., said all of the updates should be rereleased by January.

Critical Microsoft Word security bulletin

Of the seven security bulletins released as part of Patch Tuesday, one was classed as "critical," while the remaining six were assigned a rating of "important." The critical bulletin, MS12-064, addresses vulnerabilities in Microsoft Word that could allow remote code execution.

To exploit the flaws, an attacker could send an email containing a malicious Rich Text Format (RTF) file.

"That's the one to apply as quickly as possible," Kandek said of MS12-064. "Under certain circumstances just looking at the email would get you infected."

Kandek added that it is important to apply this update because almost any system is open to the threat.

MS12-064 is rated critical for the newer versions of Microsoft Word, 2007 and 2010. The rating drops to important for Microsoft Word 2003, Microsoft Word Viewer, Microsoft Office Compatibility Pack, Microsoft Word Automation Services on Microsoft SharePoint Server 2010, and Microsoft Office Web Apps. Applying the update may require a restart.

MS12-065, the first important bulletin, fixes a vulnerability that could allow remote code execution if a user opens a specially crafted Microsoft Word file using Microsoft Works. The issue specifically affects Microsoft Works 9 and may require a restart, Microsoft said.

MS12-066 could allow elevation of privilege if an attacker sends specially crafted content to a user. The vulnerability appears in Microsoft Office, Microsoft Communications Platforms, Microsoft Server software, and Microsoft Office Web Apps, specifically hindering Microsoft Communicator 2007 R2, Microsoft Groove Server 2010, Microsoft Office Web Apps 2010, and multiple versions of Microsoft SharePoint Server, Microsoft InfoPath and Microsoft Lync.

MS12-067 addresses vulnerabilities in FAST Search Server 2010 for SharePoint Parsing and could allow remote code execution. MS12-070 fixes an issue in SQL Server that could allow elevation of privilege.  They both may require a restart.

MS12-068 could lead to elevation of privilege and affects all versions of Microsoft Windows except Windows 8 and Windows Server 2012. It requires a restart. MS12-069 also requires a restart and could lead to a denial of service. It addressed vulnerabilities in Windows 7 and Windows Server 2008 R2.




Twitter Tests Survey Feature for Advertisers

Twitter has just announced a partnership with Nielsen to offer brands the ability to perform studies about brand awareness and the effectiveness of Twitter ads. The partnership will allow advertisers to create brief native surveys to distribute to targeted users in their Twitter network.

Twitter Survey Feature for Advertisers

Brand impact measurement for Twitter is designed to help give brands insights and analytics data about its engagement with users on the site that dive deeper than normal Twitter metrics like number of followers, likes and retweets.

Brand surveys will appear as tweets from @TwitterSurveys within a user's timeline on both desktop and mobile versions of Twitter, similar to how Promoted Tweets appear. The tweets invite users to take a short survey, which can be filled out within the tweet itself, so users don't have to go to a new page to give answers.

Brands can use this feature to measure things like brand awareness, purchase intent, or the effectiveness of their advertising or marketing campaigns.

In addition, surveys can be targeted to particular types of Twitter users in the same ways that Promoted Tweets are targeted, so that brands can reach out to the customers most likely to give helpful insights about their industry.

This initiative is aimed at helping brands that use Twitter to engage with customers by offering a more substantial method of market research, without making consumers jump through hoops to offer insights. Though brands have always been able to easily ask questions to those in their network, as well as measure impact through Twitter specific metrics like retweets and likes, these quick surveys may make it easier for brands to calculate and quantify results into actual usable data.

Twitter is currently working with a small group of advertisers to test the survey feature, which it plans to make more widely available to advertisers in 2013.




The 24-Hour Small Biz Makeover Contest Worth $30,000 – What Small Business Will Win?

One Deserving Small Business Owner will receive an Extreme Business Transformation Worth $30,000 in the 24Hour Small Biz Makeover Contest!

 

Attention Small Businesses! The Applegate Group, known for providing exclusive, original content for small business owners and the companies that serve them is launching  the 24-Hour Small Biz Makeover Contest, sponsored by Verizon Wireless, Epson America and Microsoft and hosted by the New York Business Expo and Conference (NYXPO), presented by Time Warner Cable Business Class.

One lucky small business owner will win a head-to-toe makeover for themselves and their business with products and services exceeding $30,000 in value. The prize package includes 24, one-hour consultations on a variety of topics from a team of nationally recognized small business experts. The transformation begins with meeting the experts on October 17, at the NY Expo, the largest small business trade show and conference in the Northeast, at the Jacob K. Javits Convention Center, and continues after the winner goes home. A first runner-up will also be chosen to receive a library of books from respected small business experts.

Joining Applegate to facilitate the makeover, is Steve Strauss, the country's leading small business expert and USA Today small business columnist.

“In today's economy, small business owners don't always have access to the right resources to guide them,” said Strauss. “The 24-Hour Small Biz Makeover gives one business owner the opportunity to revive their business and themselves. By offering this opportunity, NY Expo allows business owners to look at this event as both a strategic and tactical experience.”

The winner of the 24-Hour Small Biz Makeover Contest will receive:

  • $1,000 worth of Cojourneo.com courses to help grow your small business
  • EPSON® Small Business Product Suite â€" EPSON WorkForce® Pro C Seriesmultifunction printer | EPSON PowerLite® 1761W multimedia projector | EPSON WorkForce® Pro GT-S55 document scanner
  • Verizon Wi-Fi Jetpackâ„¢ providing global online access (winner must activate and open an account)
  • Your own promotional video produced by The Applegate Group
  • 2 complimentary tickets to the 2012 Small Business Influencer Awards Gala on October 17th, 2012
  • Small library of the top “how-to” small business books in the country
  • 24 hours of  consultations and/or classes with a team of national experts including:
    • Steve Strauss, USA Today Small Business Columnist and Founder of TheSelfEmployed.com
    • Melinda Emerson, Author, Twitter Guru and Social Media Expert
    • Ramon Ray, Technology Evangelist and Editor of smallbiztechnology.com
    • Rieva Lesonsky, President, GrowBiz Media and Former Editorial Director,Entrepreneur magazine
    • Barry Moltz, Author, Blogger and Host of Business Insanity Radio
    • Diane DiResta, Presentation Coach and Author “Knock Out Presentations”
    • Nancy Michaels, Columnist and Affordable Marketing Expert
    • Cliff Ennico, Syndicated Small Business Columnist, Author, Attorney and eBay Coach
    • Dawn Fotopolus, Founder BestSmallBizHelp.com and Finance Professor at Kings College
    • John D'Aquila, CPA, Tax Advisor and Small Business Investment Banker
    • Sarina Jain, Fitness Consultant and Founder of Masala Bhangra Workouts
    • Beth Silver, PR and Marketing Consultant and Managing Director of Doubet Consulting
    • Julia Reich, Branding and Graphics Consultant
    • Robb Patterson, Technology Consultant and Microsoft Partner
  • A new “look” by a Professional Stylist Dorthe Enger
  • Professional portrait shot by NYC Photographer Heather Swanson
  • Exclusive makeup consultation by Arielle Davis

Finalists for the 24-Hour Makeover will be interviewed between October 9th to October 15th, 2012 and the winner will be announced on October 15th, 2012 by email.

 



The Deal Maker In Every Business: Are You Ignoring It?

Business is full of edits and adjustments. Sometimes our target market is too large, so we adjust to focus in on the people we understand the best and can help the most. For example, Starbucks' primary audience is coffee drinkers. While Teavana's products are for the serious tea lovers or new converts.

It's Not Just About The Product

Your team also gets edited and adjusted. Every person that looks great on paper isn't always a match for your company. That's what the interview, testing and trial periods are about - finding the best fit given the environment. But what about us?

How Often Do We Edit Ourselves?

There's a difference between protecting our personal style and the type of communication that breaks teams down.  On Top Chef Masters, the reality cooking series on Bravo TV, one of the contestants, Chris Cosentino, said:

“Communication is the backbone of a restaurant.”

The same is true for any business. The ability to educate our team is directly related to how we talk to them. It's a deal maker.

Top Chef Masters

What If You Worked With Children?

And no I don't mean that 45 year old team member that kinda acts like a child - I mean a staff of teenagers. How would that affect your communication style?

In this same episode of Top Chef Masters, each chef had to train a team of high school students. In fact, everything that came out of the kitchen had to be prepared by the students, but it carried the Top Chef's name (talk about putting your reputation - and ego - in the hands of babes).

As Curtis Stone, MC and fellow chef, put it:

“Your job is to show them how to use their limited skills to create a master dish.”

They couldn't rest on their style or technique. All they had in that particular challenge was their ability to teach. Ultimately, the better we communicate, the more our team reflects our values.

The winner of that particular challenge, Kerry Heffernan, did - or stumbled upon, however you want to put it - three things that any small business owner can imitate.

1) Connect

Find out a little bit about your team - why they're here, relevant experiences in their past and what they hope to get out of this opportunity. Tell them a little bit about you - why you're here, what you're passionate about and what you expect from them.

Have a little fun with this part. Keep it natural and easy going.

2) Push

As Heffernan, said:

“I'm going to push them. Hopefully they can handle it.”

Your team has to do the work without you at some point. But first, let them get their hands dirty under your watchful eye.

Don't grab the phone, take over the computer screen or flat out fix the problems that you see them making. Teach. This step will raise your communication skill as well as their level of execution. And it'll prepare them for your absence. You do need a vacation from time to time, don't you?

3) Close

They have to complete the work in order to feel the success. So don't cut the challenge off early. Don't lower the standards for your business and don't give up on your team.

Praise them for their successes. Give your team the chance and the responsibility of correcting their mistakes. You're building something that lasts and that type of success doesn't happen overnight.

But with consistency and effective communication it happens.




Take Your Loyalty Reward Program Social With Perka

By now, we've all heard about the value of social media marketing, but is merely posting the occasional status update enough? A new app says no. Perka aims to join loyalty programs with social media to give customers a reason to keep coming back.

Perka is a loyalty rewards program that seeks to make rewards programs easy and fun. When a Perka user patronizes a participating business, that user is issued a “punch” via a mobile app. These stamps can be saved up like a punch card. Collecting stamps gives customers a reason to visit your location repeatedly, and repeat business is great for your small business's bottom line.

“Giving customers a reason to come back is important,” SmallBizTechnology's Ramon Ray says. “Of course, great content is great, but engaging through incentives is important, as well.”

Now Perka has added an extra incentive. Recently, the service added social media to its loyalty programs, allowing its small business members to offer additional rewards for actions like ‘retweeting and ‘liking'.

Adding social media turbo-charges Perka's ability to engage with customers, including:

  • Increasing social media followings. By encouraging likes and retweets, small businesses can gain exposure to the friends and followers of those people.
  • Sharable coupons. Perka creates web-linked coupons that businesses can share with friends. Coupons and special offers can even be sent directly to customers' phones.
  • One-click sharing. When a customer gets points through Perka, one click can post information about it to Facebook. This helps get the word out about your small business and your participation in the loyalty program.
  • Rewarding loyalty. Your most loyal customers will feel appreciated. Additionally, unlike traditional reward programs, your customers won't have to carry a card around. It can all be stored on a mobile phone.

When a customer visits your business and checks in via the Perka app, you'll merely “punch” their Perka card via a mobile app. Just by checking in, the customer has already begun to spread word-of-mouth about your business.

Businesses can join Perka for $35 per month. Once you've registered, Perka will send you materials to help promote your participation in the program, including signs, table tents, cards, and window clings. The company recommends also providing a device at your cash register that can be used by all employees to reward customers when they enter your location, although you can use a personal mobile device to use the service. Perka can provide an iPod Touch for $100 a year. That device will either need to be able to connect to your wi-fi or have a data plan attached to it to participate.

“Small business owners rarely have enough time or expertise to cultivate a social media presence that benefits the bottom line,” said Alan Chung, CEO of Perka. “Our goal is to make it easy for local merchants to build an online presence that not only engages current customers, but drives new business as well.”

For a video demonstration of Perka, visit the company's website.



Cybergang plans to use Trojan against U.S. banks

A cybergang based in Eastern Europe recently announced plans to launch a Trojan attack on 30 American banks this fall.

If successfully launched, the full force of this mega heist may only be felt by targeted banks in a month or two.

Mor Ahuvia, RSA

The attack is part of a large-scale orchestrated crimeware campaign and will be carried out by approximately 100 botmasters the group will recruit, according to RSA, the security division at EMC Corp.

"If successfully launched, the full force of this mega heist may only be felt by targeted banks in a month or two. The spree's longevity, in turn, will depend on how fast banks and their security teams implement countermeasures against the heretofore-secret banking-Trojan," wrote Mor Ahuvia, cybercrime communications specialist for RSA, in a blog post.

Bedford, Mass.-based RSA believes the gang will use a variant of the Gozi Trojan in the attack. The security firm has named this particular Trojan "Gozi Prinimalka," from the Russian word meaning "to receive" and alluding to a Trojan drop point. The Trojan is rumored to be the final step in completing fraudulent wire transfers via Man-In-The-Middle manual session-hijacking scenarios.

The Gozi Trojan was first detected in 2006. The Trojan is configured to be sold to cybercriminals as a service. It steals SSL data, spreading through browser exploits to hijack financial transactions and steal sensitive account data. 

The Gozi connection suggests that the group behind the scheme may be the Russian-based HangUp Team, or a group closely affiliated with it.

According to RSA, the gang claims Anti-American motives in its choice of targets, but the decision may have also been made based on convenience and prior experience.

"Another attractive element for the attackers appears to be the slim deployment of two-factor authentication (2FA) for private banking consumers in the US, unlike many European banks that generally require all consumers to use 2FA for wire transfers," Ahuvia said.

The gang is looking for partners for the project who will go through what Ahuvia calls a boot-camp style process of selection and training for the attack. Each accomplice will have a claim to a portion of the profits siphoned from victims' accounts.

Features of the campaign include a virtual-machine-synching module installed on the botmaster's machine. The synching device will duplicate settings on the victims' machines, including time zone, screen resolution, cookies, browser type and version, and software product IDs.

"Impersonated victims' accounts will thus be accessed via a SOCKS proxy connection installed on their infected PCs, enabling the cloned virtual system to take on the genuine IP address when accessing the bank's website," Ahuvia said.

Bank notifications seeking to verify new or unusual online account transfers will be blocked using phone-flooding services.

The investigation into this threat is ongoing, and RSA did not name specific banks that might be in danger of an attack.

"RSA recommends banks review authentication procedures relevant to both online wire transfers and transfers performed over the telephone banking channel,"Ahuvia said.




How To Start A Business and Structure Your Business

Are you the kind of person who has always wanted to start a business, and are ready to take the leap into entrepreneurship for the first time? Or has a tough job market prompted you to re-evaluate your goals and try to create something new?  Wherever you stand on the spectrum of entrepreneurship, congratulations on deciding to start a business and create new opportunities for yourself and others.

If so, you've come to the right place. Over the next several weeks here on Small Business Trends, we're kicking off a series of articles in our guide about starting a business and choosing the right structure.  We will tell you what you need to know about how to incorporate a business, how to form an LLC, and how to navigate the complexities of managing the business filings along the way. But we won't stop there.

We will help you learn more about how to start a business:

  • How and when to use DBAs (“doing business as” names)
  • Who needs a DBA
  • All about S Corporation
  • Everything you need to know about C Corporation
  • Where to incorporate

We will also will also help you:

  • Name your business
  • Create Business and Marketing Plans

Our guide will provide you with tips and advice on hiring and managing your employees, as well as getting to know employment laws and regulations.

In this series, we will lead you through the process of how to start a business as well as incorporating and launching your own business â€" one of the most important endeavors of your life. So let's get started to help make your dreams come true to start a business.

All About Incorporating A Business

When you start a business, many entrepreneurs choose to incorporate as a legal entity. Incorporating a business is a step that goes beyond simply filing a DBA. One of the best ways you can establish your credibility, make your business a legal “entity” beyond your identity as the business owner, and protect your personal assets is to incorporate your business.

Incorporating gives you the ability to protect your personal assets from those of the company, which keeps your personal finances safe from the “worst-case scenarios” of doing business.

There are several options for incorporating your business, including forming an LLC, or incorporating as an S Corporation or C Corporation.  The chart below compares business structures.  It provides a high-level comparison of the most popular business forms across important attributes to consider when forming your business:

start a business

If you want to incorporate your business, the most popular choices are the LLC (limited liability company), S Corporation and C Corporation. Each of these options has its own unique advantages and complications, depending on your type of business and your overall goals.

No matter which type of incorporation option or business structure you choose, incorporating your business will keep your personal assets safe from lawsuits or judgments against your company.

Depending on your tax filing status and which business structure you choose, there can also be significant tax benefits to incorporating your business; instead of paying self-employment taxes as a sole proprietor, incorporating a business can help change the tax treatment of part of your income, leading to more money in your pocket at the end of the year.

In the next article in our series, you'll learn more about the specifics of each option for incorporating a business:  the LLC, the C-Corporation and the S-Corporation. Each of these business structures offers unique advantages depending on your business goals.

 



Green Cleaning The Office Makes Sense

Cleaning practices are an afterthought for many business owners. Sure, you want your offices and facilities to look tidy and presentable. But perhaps you don't pay much attention to the products or procedures that make it that way. Spending money on environmentally friendly cleaning products â€" or a professional “green” cleaning service â€" may not seem worth it.

Green Cleaning

However, consider this: Green cleaning offers many benefits beyond just being environmentally friendly - and it's not as price prohibitive as it used to be.

Not only are eco-friendlier cleaning practices good for the Earth, they are less toxic to the indoor air that you, your employees or clients breathe every day. Standard cleaning products emit gases (called volatile organic compounds, or VOCs) and odors that can aggravate breathing problems, skin allergies and other health concerns.

In fact, the Environmental Protection Agency says that cleaning agents are among the main contributors to poor indoor air quality.

If you haven't already, it's a good time to consider making the switch. Many businesses and consumers have been deterred because of the higher costs of buying green products or services. But those cost premiums have come down significantly in recent years, as green cleaning becomes more commonplace. Many commercial and industrial green cleaning services, as well as residential ones, now claim to charge the same price, or slightly more, for using green cleaning products.

Moreover, some studies find that green cleaning improves indoor air quality and, in turn, improves workplace productivity. The Lawrence Berkeley National Laboratory Indoor Air Quality Scientific Findings Resource Bank found that improving indoor air quality can bolster workplace productivity by up to 10%.

Want to implement green cleaning practices effectively in your business?

Here are a couple key steps:

Find The Right Green Products

Today, even major cleaning brands are rolling out eco-friendlier cleaning products, such as Clorox Green Works. Cleaning product aisles are awash in green as established brands compete with companies like Seventh Generation and Method, which have been selling eco-friendly cleaning products for years.

Even though they all claim to be “green,” you must dig deeper to find out how truly environmentally safe and effective they are. The Environmental Working Group recently put out its Guide to Healthy Cleaning, which scores various household cleaning products on their ingredient safety and disclosure.

GreenSeal.org, a certification organization, also provides lists of commercial and industrial cleaning products that have been certified.  (Keep in mind that household standbys like vinegar and baking soda can be just as effective cleaners in some environments.)

Ask Questions

Before hiring a professional cleaning service â€" if you do - ask some questions. Which brands and types of cleaning products does it use? Does it take steps to reduce its water and paper towel usage? You don't want to discover too late that the cleaning service was “greenwashing” (no pun intended).

Consider Your Methods

Green cleaning isn't just about cleaning agents. It's about the entire process, from the type of cloths used to water usage to the packaging. (Aerosol cans, for instance, aren't very “green.”) Take a holistic approach to your business's cleaning, open the windows and try to reduce the use of hazardous chemicals.

At the end of the day, you and your employees may feel healthier for it.

Eco-Friendly Cleaning Photo via Shutterstock




RSA Conference: Security firms need to \'shine a flashlight on risk\'

RSA Conference Europe saw programme chair Herbert ‘Hugh' Thompson challenge the IT industry to face fundamental changes, and respect the differences in the way individual people used computers.

The internet guru and bestselling author said that companies need to build tools and technology that took into account different user risk profiles and the choices they made, what he called the 'human aspect' of IT security. He said: “We need to build tools and technology which respects those differences.”

“We need to be the people who show a flashlight on risk to the business, and enable them to do stuff, not hold them back from doing things, actually allow them to embrace certain technologies quickly and easily, once we've properly assessed the risk," he said.

Thompson said that ‘risk assessment' would have to come down to individuals. He said that changes in the last 18 months and the tendency of employees to bring their own devices had resulted in a challenging problem/ opportunity. He said that people were not outside the normal control structure of the enterprise.

He continued: “I challenge you because we have to do this. It's not an option that we need to personalise security - we have to. The cost to send one personalised email attack is beginning to approach zero dollars, because tools are getting so good.”

“Once that starts to happen it's going to be incredibly difficult for people to make fine-grain security choices, and make the distinction between a good and bad email.”

He said that it was becoming ‘Russian Roulette' for some people when opening emails, as it was so easy for criminals to find out information about people they are looking to target, simply with a Google search.

He added: “It's the death of first impressions. It's no longer under your control. It's interesting from a societal point of view, but think about what attackers can do.”



RSA Conference: Monitoring is the key to awareness

A lack of monitoring and analytics has been a systematic failure in security for too long.

Speaking at a press Q&A at the RSA Conference Europe in London, executive chairman Art Coviello said that in the mid-2000s, security professionals said that they were not getting any leverage, so they analysed log data to get some leverage and as a result, SIEM (security intelligence and event management) was born.

However he said that as this was the top layer of the security operations centre, inexplicably a lot of companies were not adopting the SIEM product and it is now at a point where it is not scaling to the business need.

Speaking about 'budget inertia', which he had raised in his opening keynote, he referenced research that RSA had commissioned that showed that 70 to 80 per cent of budget is spent on prevention, but only five to ten per cent on response.

He said: “We do have a clear vision but it is not about one company, it is on where the industry needs to go. Look at the security infrastructure, it didn't start with risk, it was with a reaction to a problem, so if you saw a virus you bought anti-virus. If you saw a connection you didn't like, you bought a firewall.

“It is about layers of control and companies are focused on the perimeter. Years ago there were one or two points of connection. To manage controls there is an individual management console and the job of that layer is to provision controls one at a time, and manage controls.”

He went on to say that the issue with logs, or the analysis of log data, is that sometimes the lack of a perimeter causes a problem with so many external connections, especially with cloud-based applications.

“So there is more requirement for visibility to find what is going on. Things are easier and easier to penetrate, so continuous monitoring goes on to spot the anomalies and combine packet data and contextual elements for a system of controls to do big data analytics,” he said.

“When you get an analytical capability so an advanced security centre can respond in real-time, it shrinks the 'dwell time' window. If you do it from the outside-in, you can focus on risk and high end analytics and on where the compromises exist in your infrastructure.”



RSA Conference: Coviello talks about shrinking budgets and skills shortage

There is a continuing need for effective controls that cost too much for some security budgets.

Speaking at the opening keynote of RSA Conference Europe, executive chairman Art Coviello said that there is an "inertia around security budgets" that is preventing effective controls from being deployed and from information from being shared securely.

Coviello said: “Security models are not moving fast enough to make the transition from perimeter-based to intelligence-based security.”

He later said that the industry is not moving quickly enough between perimeter-based protection and flexible protection, blaming "the difference between perception and reality â€" the PR gap", and because of, budgets are not as evenly spread across the business.

Coviello also said that there is "too much awareness" around information security, but not enough understanding or context. While controls and analytics provide timely and actionable information, dynamic synergies will give true defence in-depth but personnel with the right skill set are also needed.

He said: “There is inertia around security budgets: 70 to 80 per cent is spent on prevention; 15 per cent on monitoring but only five per cent on response. The vast majority is spent on preventative perimeter-based security. It is static and inflexible.

Coviello addressed the skills gap in information security, quoting Frost & Sullivan estimates that there are currently 2.25 million security professionals but there will be a need for more than four million by 2015.

“There is a severe skills shortage, we have a need for the right level of people with the right level of expertise. Where will they come from? There is a need for more understanding. We need more, we need context and understanding and better collaborative understanding of the problems we are facing and the enemies we are fighting,” he said.



Mobile Presence Deemed “Critical” By Users

It doesn't take much to notice that consumer reliance on mobile and mobile search is growing at an enormous speed. But just how important is it for businesses, even small business, to create a powerful mobile experience for their users? Well, according to a new Google-sponsored study, that need is being called “critical.”

using mobile phone

To get a better understanding of what users want from mobile, Google hired third-party research firms Sterling Research and SmithGeiger to conduct a survey that polled 1,088 adults on their feelings about the mobile Web. The results may confirm what we already suspected, but still provide an interesting read.

Not surprisingly, the survey showed that the opportunity that exists in mobile is considerable. Seventy-five percent of respondents say that they prefer a mobile-friendly site and 67 percent said they are more likely to buy a site's product or service when they visit a mobile-friendly website. Add that to the fact 96 percent of users said they had stumbled across sites not designed for mobile, and the opportunity available for savvy businesses is clear.

And it's not just considered a “positive” to have a mobile site, it is looked at as a serious negative if you do not. Why? Because according to the survey, if consumers aren't happy with your mobile experience, they won't just end their search there. They'll keep trying competitor sites until they find an experience that works for them.

  • 61% of users said that if they didn't find what they were looking for right away on a mobile site, they'd quickly move on to another site
  • 79% of people who don't like what they find on one site will go back and search for another site
  • 50% of people said that even if they like a business, they will use them less often if the website isn't mobile-friendly

By not focusing on mobile, you not only lose that conversion, you hand-deliver it to a competitor website. You can't afford to do that.
The survey also found that having a non-mobile site can negatively affect your reputation in the eyes of your customers. Sites that are not designed for mobile leave customers feeling frustrated, which then impacts their overall impression of the brand.

  • 48% of users say they feel frustrated and annoyed when they get to a site that's not mobile-friendly
  • 36% said they felt like they've wasted their time by visiting those sites
  • 52% of users said that a bad mobile experience made them less likely to engage with a company
  • 48% said that if a site didn't work well on their smartphones, it made them feel like the company didn't care about their business!

Ouch! Do you really want to tell nearly 50 percent of people that you don't care about their business by NOT having a mobile site? My guess is no!

Small business owners need to make sure that they have a functioning mobile version of their website. I know that my company is steadfast about making sure clients are doing all they can to attract customers, regardless of what device they are accessing them from.

What should SMBs consider when it comes to mobile?

Know how your current site looks: Have you checked your site on a mobile device lately to see how it displays? If not, there's no better day than today to find out. Google offers business owners a free tool to help SMBs learn how they're already doing and where they can improve.

Understand mobile surfers are task-oriented: While the number of “casual” mobile surfers may be growing thanks to higher functioning devices, the majority of mobile users are task-oriented. They're accessing your site while on-the-go because they're looking for specific information. Perhaps it's directions or a menu or hours. Go into your analytics and see what pages are getting the most views from mobile devices and then set your site up to highlight this information and make it easily available. Help customers to work through their tasks faster and the numbers show they won't forget it.

Mobile users are low on patience: Users accessing your site via their mobile device are less likely to hop through hoops looking for information. Instead, they'll just try another website. Likely a local competitor. Keep users on your mobile site by prioritizing the information you show, making content easy to read/skim through, and requiring as few clicks as possible. The more you make someone look for the information or wait for something to load, the greater the chance you're going to lose them in the process.

Make conversions easy: Outside of just lowering the number of steps, make it easier for users to finish tasks. Shorten forms, use checkboxes to make data entry easier, and make phone numbers clickable. Use big buttons with lots of padding around them to prevent against accidental clicks. Without the benefit of a keyboard and mouse, it can be tricky to perform tasks on mobile that are seamless on the desktop. Be aware of these limitations and account for them.

Take advantage of free resources: Google's Mobile Playbook and How To Go Mobile site offer SMBs with great resources to learn more about mobile

Above are some SMB-friendly tips to make sure your presenting as great of a mobile experience as you are a desktop experience.

How have you integrated mobile?

Using Mobile Tech Photo via Shutterstock




You Don\'t Need To Be A Professional Videographer To Make Great Videos – You Just Need Good Resources!

The only word that comes to mind when one talks about the internet and video uploads is ‘deluge'. Just try and fathom this piece of statistic: it is estimated that as of now, in any given minute over 72 hours worth of video files are uploaded to YouTube alone. Imagine trying to make yourself heard and seen in the midst of this avalanche of videos uploaded by people from around the globe, all sharing the same, the general aspiration as you.

A cursory look at any Top Ten YouTube Hits list on the net shows some interesting trends. Leave out the official music videos of established stars, movie trailers and promotional videos and what you have are the videos put by people from all walks of life, from all over the world. Videos made by these garner attention usually when they are from specific genres. Regardless of whether you are filming a planned short film or a family occasion, or capturing funny moments or freak accidents, it always helps if you get a good quality video.

Capturing a good video doesn't necessarily mean that you need an expensive video camera or a DSLR, though having one with you makes things easier, of course. But a vast majority of the videos that we get to see online are made with the ubiquitous cell phone camera. Most smart phones in the market, like the iPhone, nowadays sport capable cameras that in the right hands can capture captivating and compelling videos.

When it comes to expertise in the field of smart phones and the latest gizmos that the industry churns out, Jefferson Graham is on the forefront. In his capacity as host, producer and editor of the USA Today Talking Tech and Talking Your Tech video shows, and long term tech reporter for USA Today, Graham has earned a reputation as a tech guru. An accomplished videographer and photographer, he has authored nine books.

His latest offering, “Video Nation”, is a veritable delight for the DIY videography enthusiast and a comprehensive guidebook aimed at the beginner looking to create videos for the web. With in-depth information on such topics as how to keep the frame steady, manage the lighting, must-have tools and even tips to help the video go viral, the book has got its bases covered when it comes to wielding smart phone cameras like their professional counterparts.

Especially on that last aspect, namely, the steps necessary to help a video on its way to going viral, many people are just not aware of this. Even if you have an exceptionally well made video with compelling content, you have to get it out there, spread the word so to speak. As Miguel Leiva-Gomez talks in his article, “You Have A Channel, But Do You Have The Right Tools To Make A Video”, “everyone and his mother is on Youtube and Vimeo.” He talks about the importance of creating an audience, a fanbase in promoting one's video online.

If you need any convincing to join pretty much everyone else on the planet in jumping onto the online video bandwagon, maybe you should give these gentlemen a read.Optimized with InboundWriter



Phishing attacks evolve into traps waiting for victims

Phishing attacks have evolved into highly targeted ‘watering hole' tactics.

According to research by Websense, some phishing campaigns are now so targeted that as well as attacking governments and large organisations, such as the White House and RSA, they are now one of the primary vectors of data compromise and subsequent data loss.

Speaking to SC Magazine, Carl Leonard, senior security research manager, EMEA at Websense, said that spear phishing is not about sending 500,000 malicious emails in the hope that ten per cent of recipients will click on it, but it is targeted and dependent on timing.

He said: “There has to be something there that makes the recipient believe it is legitimate. It is often targeted and low volume and with a specific intention in mind.”

“The attacker doesn't do any emails at all; they are waiting like an alligator to jump out. We see this being used in the last six months and it is efficient to me, as people can be targeted with spear phishing messages and social engineering techniques are used in these ‘watering hole' attacks. The user sees something and thinks it is for them and clicks on it.”

Leonard said that an example of this would be a security journalist who would perhaps be interested in awards websites, so those websites would be compromised and when the journalist visited the website, that is when the phishing attack would happen.

The research also found that the majority of phishing attacks were sent on Mondays and Fridays. Websense said that it discovered 32 per cent of attacks sent on Fridays and 30 per cent sent on Mondays, while other days have only five per cent rates.

Leonard said: “It seems to be that users are more vulnerable at certain times of the week.”

According to Leonard, the best ways to protect against such attacks is to use technology, and URL sandboxing is one such option, but user eduction is better.

Asked if there was a change in tactics by attackers, Leonard said: “It comes down to the state of the economy, people are more interested in their finance and more people have access to the internet than ever before, and that is how users manage their lives and finances and attackers are people who want a slice of the pie.”



Microsoft to reject certificates with fewer than 1024 bits

Microsoft will reject all certificates with fewer than 1024 bits as of Tuesday 9th October 2012.

Following the announcement that it would revoke certificates with fewer than 2048 bits, Microsoft said that certificates with RSA keys less than 1024 bits in length will be blocked. Microsoft has recommended that people using RSA keys should choose a key length of at least 1024 bits after it spotted a number of digital certificates that did not meet its standard for security practices.

“Though we have no indication that those had been compromised or misused in any fashion, as a precautionary measure we've revoked them. A subset of those was in addition found to have code signing permissions, which has earned them a place in the Untrusted Certificate Store,” said Microsoft Trustworthy Computing spokesperson Yunsun Wee.

Paul Henry, security and forensic analyst for Lumension, said: “The biggest issue for this month from Microsoft is the certificate encryption. As we've been saying for the last several Patch Tuesdays, Microsoft is pushing out a patch that will break any encryption that is less than 1024-bit.

“This patch has been optional since August and we hope you've taken the time to test it and patch it. It will no longer be an option starting on Tuesday. There are still a few days left if you haven't tested it, but don't let this be an ‘I told you so' moment.”

Henry previously said that once this patch is applied, users will not be able to communicate with a product that uses 256-bit encryption, saying that this will impact any new product sales that include encryption and just as importantly, perhaps any previously sold products overseas and could create serious problems with computers using client server communications with these certificates.

He said: “Previously, in order to export a product, you had to use less than 256-bit encryption or apply for an export permit. Rather than going through the paperwork and time involved in getting an export permit, many chose to go with 256-bit encryption.”

If not replaced by this deadline, the risk of certificate-based malware attacks will remain high and disruptions to business and computing operations could include everything from Internet Explorer failures to inability to encrypt or digitally sign emails on Outlook 2010 and other legacy systems that rely on the older, weaker encryption keys.

The issue began with Flame's ability to create certificates that allow software to appear as if it was produced by Microsoft. According to key and certificate management vendor Venafi, Microsoft has advised its customers to take this step to harden security against known vulnerabilities and attack vectors in order to prevent business and operational disruptions.

Carl Leonard, senior security research manager, EMEA at Websense, told SC Magazine that Microsoft has given notice to people about the change, but it was difficult to make changes on technologies that may be used more frequently.

He said: “Microsoft have provided quite a few details to verify the capability of certificates in the browser, but it has been up to IT departments within businesses top realise this is happening and do an assessment on what to do.

“The good thing is that Microsoft are making a concerted effort to help people evaluate their security, as companies need to do this to help people and how it is securing individual servers and websites. It is also about how to digitally sign certificates or about how Outlook communicates with the Exchange server.”

Leonard said that businesses should not be using 256 or 512 bit anyway, and should have thought about upgrading previously, and said it was good that Microsoft helping everyone understand better security, and that people should be using 2048 bit certificates anyway.



U.S. Jobless Rate Declines to 7.8 Percent

The U.S. jobless rate fell unexpectedly last month, adding an estimated 114,000 workers according to the U.S. Department of Labor. But experts are not heralding a rebound for the economy. Small business owners, entrepreneurs, and many self-employed may be taking matters into their own hands, unable or unwilling to return to a full-time position with another company. We're interested to know whether your business is hiring or planning on doing so in the near future. Let's start a discussion in the comment area after this roundup!

Ups and Downs

An unexpected surprise. Experts are reluctant to call the lower than expected jobless rate a sign of robust recovery, and as we'll see later, some of the numbers may be including workers who have given up on seeking a full-time position in another company. Regardless of the reason, increased disposable income could also be good news for entrepreneurs. Bloomberg

So what does it mean? While some have claimed political motivations behind the recent jobless decrease, any inaccuracy in the numbers is more likely due to errors in the way data is collected for the estimate, writes Scott Shane, Professor of Entrepreneurial Studies at Case Western Reserve University. The economy is certainly not robust, but as we'll see, some tough entrepreneurs are ready to weather the storm. Small Business Trends

The New Normal

Declaration of independents. A growing number of “independent” workers, including many younger professionals, are opting not to return to traditional jobs once the economy rebounds. A recent study by MBO Partners claims many are opting for independent employment, essentially self-employment, due to difficulties with traditional career paths, but the study could also indicate there will be more entrepreneurs in the future. Web.com

Everything in moderation. One place work-at-home business people are building new careers and businesses is in the forum and online community moderator market, according to guest blogger Stacy Pulliam. Forums and online communities continue to expand on the Web, representing almost every field or interest. If you have a particular expertise, find a community fitting your niche. The Work at Home Woman

Start Me Up

A Website of your own. Another option is to start your own business, and an online business offers the least capital intensive option to launch a venture of your own. But don't make the mistake of rushing into it without a plan, blogs Kelly Fitzsimmons. Like any other business, an online venture requires a solid strategy, so here are some things to do first. Build Your Own Online Business

Back to Basics

Insuring the future. No matter what kind of small business you create, some basic requirements need to be considered. You must arrange for low cost small business insurance for example, to protect you and your business as it grows. Fortunately, options exist, and in this post, guest blogger Carrie Johnson lays out some of the basics. Small Biz Diamonds

Preparing for the inevitable. Another consideration for all businesses is tax time at the end of the year, and perhaps quarterly reporting, depending upon earnings. The best way to prepare for taxes, even in a small business, is to plan way ahead. Here are some suggestions from blogger Miranda Marquit. Planting Money Seeds