7 Simple Deductions To Remember To Get The Most Out Of Your Taxes Next Year

Tax day came and went. The trauma will be felt for a while, but you’ll recover and forget all about it… until next year… When the next tax day comes along, it’s about time for you to be prepared and make it a priority to try to squeeze out as much as possible from your return so that you may keep your head above the water and a little beyond that.

Doing your taxes is about as much fun as repeatedly dropping a bowling ball on your foot. In other words, you’re normally not totally enthusiastic about it. If you hire help, that makes the process a whole lot easier. If you’re filing on your own, you’re in for a world of pain.

There are a lot of deductions you can take out next time you blow the dust from the side of the desk you normally do your taxes on. Here’s the friendly neighborhood advice from Hiscox, a company that provides several types of insurance, in a nutshell:

• Insurance Premiums - You can actually deduct some of the premiums from many different types of insurance, like healthcare and mortgage insurance. This is a deduction any small business can write off.
• Trade Publication Subscription Fees - The IRS has decided that trade publications are a part of business development. They *generally* let small businesses write this off, too.
• Furthering Your Education - If you’re finishing college or taking some other sort of higher education, you might want to have a look at what you can deduct from those expenses. The tax man is happy when you go back to school.
• Anything That Makes Your Building More Energy Efficient - You should really have a look at what tax deductions you can make from purchasing more eco-friendly equipment. You would kill two birds with one stone: You save on your energy bill and on your taxes. Could life get any better?
• Ads - Made an ad? Deduct it! It’s that simple. This counts as a business expense.
• Travel - This one’s a bit grey. They allow you to deduct travel expenses. However, you have to follow their guidelines on calculating such a deduction for ground travel. Air travel also gets its own publication (this one‘s from 2012). Thanks, IRS!
• Any materials - If you buy a pen, a calculator, a statuette of Elvis on a motorcycle (as long as your business is Elvis-related or something), new box cutters, scotch tape, or a new desk, all of this stuff’s deductible. Any materials you use (not just inventory and other stuff) factors into the whole business supplies ordeal.

Depending on your situation, it may or may not be difficult to calculate these deductions. But any penny you don’t pay to the Uncle is a penny you get to use to make your customers happier!

Verizon Wireless Rolls Out Online Storage for Files

Verizon recently rolled out 500 MB of free online storage for its customers that use certain smartphones and tablets. It allows them to sync stored data between some Android and Apple devices.

Called Verizon Cloud, Verizon customers get the first 500 MB for free.  After that, customers of Verizon pay for more storage through either of two plans: $2.99 per month gets you 25 gigabytes of storage and $9.99 for 125 gigabytes.  TheVerge.com points out that Verizon’s 125 GB offer compares favorably with Dropbox which offers 100 GB for the same price.  But Google Drive and Microsoft’s Sky Drive are offered at about half that price.

One thing that sets the Verizon offering apart is that it can store call logs and text messages â€" along with music, video, and other files.

According to Verizon’s David Samberg, “Additionally, as customers use multiple devices, sometimes running on different operating systems, Verizon Cloud will allow for the transferring of some content between Android and iOS devices, making it accessible across smartphones, tablets and computers.”

PhoneDog.com reports that the Verizon Cloud service will only be available on a limited selection of devices initially, all devices manufactured by either Motorola, HTC, or Samsung.

A Consumer Product - But Some Business Implications

Keep in mind that this offering  is positioned as a consumer product, and not intended for businesses.  No word was given about whether the storage can be used with Verizon small business plans.

However, many solo entrepreneurs and home-based business owners use consumer plans for their wireless devices.

Also, sometimes employees use their own wireless devices in work situations, due to the BYOD trend.  Keep that in mind when it comes to record retention and other policies.  Employees may be saving files in the cloud, from their personal devices that they also use for work - one more thing for your IT Department to consider.

McAfee jumps into IAM with one-time password, cloud SSO products

This past Thursday, Santa Clara-based McAfee Inc. entered the identity and access management space through something of a side door. McAfee, which is a wholly owned subsidiary of Intel Corporation, is shifting products out of the Intel portfolio.

Senior Product Marketing Manager Robert Craig said the decision to transition two products into the McAfee portfolio was made last August, "primarily because McAfee has an enterprise sales force that's used to selling software, whereas the Intel sales force is really more used to selling to manufacturers and hardware distributors. And, of course, McAfee's a very strong security brand, where Intel is more of a hardware brand."

Craig also noted that when McAfee execs looked at their overall product portfolio, "there wasn't really anything for identity."

The new McAfee identity and access management (IAM) products are:

• McAfee One Time Password: scalable multifactor authentication solution which delivers a one-time password (OTP) to any mobile device or PC.
• McAfee Cloud Single Sign-On: delivers single sign-on (SSO) for hundreds of cloud-based applications.

A point of interest with the SSO product is that it can be implemented either using an on-premises installation or as a cloud service. Furthermore, it's a "hybrid SKU," Craig said. "Customers can buy one license on the SKU and then they can apply the license to either an on-premises version or a Software as a Service (SaaS) version. Customers will be able to mix and match how they apply their licenses."

The cloud component of SSO may indeed be an increasing concern to enterprises. McAfee sponsored an Enterprise Security Group survey of 307 IT security professionals to find out more about their views on cloud security. Forty-six percent of organizations use between one and five cloud applications or services; 40% use between six and 10 cloud applications or services; and 14% use between 11 and 20 cloud applications or services today. Additionally, the number of organizations using between 11 and 20 cloud applications or services will increase from 15% to 40% over the next 12 months, the survey said.

IDC analyst Sally Hudson likes the new offerings. "McAfee is delivering a triple threat here: SSO for on-premises, SSO for SaaS/cloud and 2F software token delivery via a smart phone. Hudson thinks this should make them a very attractive choice for not only enterprises, but for independent software vendors delivering SaaS and cloud solutions, as well.

"Since many companies currently have a mix of SaaS and on-premises applications, and many more are moving to adopt SaaS within their organizations, the ability for an SSO solution to function well in both environments is ideal from a market penetration and growth perspective, she said.

Hudson also noted that there has been a general shift from hardware tokens to soft tokens as a function of cost and greater flexibility. "The ability to use one's mobile device as part of a two-factor/multifactor authentication process is very appealing to many corporations and other organizations, as it reduces cost in replacing lost hardware tokens."

As part of its identity product announcements, McAfee announced it is also creating a new McAfee Identity Center of Expertise, staffed with experts in identity and cloud security, to assist users with questions pertaining to identity and access management issues, such as architecture requirements and best practices.

Coworking Spaces: The New Workplace Alternative That Increases Productivity and Creativity

CoCo, Minneapolis, MN
LiquidSpace CEO Mark Gilbreath calls CoCo “a dramatic one-of-a-kind workspace.”

Coworking (yup its one word) refers to the growing phenomenon of available for hire, shared office spaces where budding entrepreneurs, small and medium sized business owners, freelancers or people engaged in similar fields can come together to get their work done. Workstations are available for hire by the hour, day or month depending on your requirement with prices ranging from $5 an hour to $400 a month and beyond. There are cheaper options as well. These coworking spaces come with all the amenities of a modern office as well as recreational sections like a snack and coffer counter, lounge and maybe even a pool table to help you bond with fellow coworkers.

And it’s not just smaller businesses which otherwise may not be able to afford the plush infrastructure the coworking spaces have to offer, even companies such as Google, GlaxoSmithKline, Amazon, Twitter and Nokia have been known to outsource their office spaces to companies such as Regus (the world’s largest provider of flexible office spaces).

While Marissa Mayer may have slammed ‘working from home’ options for her company, there is a lot of merit in offering your employees the ability to work remotely from coworking spaces.  As per Mark Dixon, Regus CEO (in an interview with FastCompany), “The future of work should not be dictated by space or place, but by the individual and the tasks that he or she has to deliver”. With employees no longer being tasked on number of hours they put in and instead on being able to get the job done, coworking spaces are a great way to facilitate flexi- working hours and in the bargain enjoy a better work-life balance.

The Global Coworking Survey 2012,conducted by Deskmag across more than 2000 people, backs up the advantages of coworking with statistical data that will hopefully silence some of the skeptics. Here are the key results that showcase clear benefits from coworking:

• Increase in productivity - 71% of respondents
• Improved work standards - 62 % of respondents
• Able to focus better - 68% of respondents
• Better time management of tasks - 64% of respondents

For growing business coworking spaces are a great option for working in a vibrant professional environment without having to take on the pains of operating an office. For established businesses, coworking enables a more a flexible approach for work as well as helps in reducing the cost of owning infrastructure at all times versus using it as and when the requirement arises ( large conference rooms for instance).

Two Apps That Take The Headache Out Of Showing Presentations

You can’t bring your laptop everywhere, and trying to connect your laptop to someone else’s system is often a major pain. There are a couple of options for dealing with this. To avoid file issues and software troubles, you can build your presentations in Google Drive, using Slides.

But to avoid being trapped behind a computer the whole time, try an app.

When it comes to mobile presentation apps, SlideShark is the one to beat. You can do your PowerPoint presentations from an iPad, iPhone or iPod Touch, and SlideShark keeps your presentation the way you meant for it to be seen, with all your animations, fonts, colors, graphics, videos and hyperlinks intact.

Your presentation is kept in the cloud while you control the presentation from your mobile device. You can broadcast your slides over the web to remote or in-person attendees. The latest SlideShark update includes the ability to annotate your slides (draw on and highlight slides), and use your iPhone as a remote control and laser pointer if you project from your iPad.

The basic app is free, with paid options for power users. Download the app here.

Unfortunately SlideShark isn’t available for Android phones, and there’s nothing exactly like it for Android. But take a look at SlideRocket and PowerPoint Keynote Remote for apps with similar functionality.

How do you avoid presentation headaches? Ever have a presentation disaster? Let us know in the comments below!

Two Apps That Take The Headache Out Of Showing Presentations

You can’t bring your laptop everywhere, and trying to connect your laptop to someone else’s system is often a major pain. There are a couple of options for dealing with this. To avoid file issues and software troubles, you can build your presentations in Google Drive, using Slides.

But to avoid being trapped behind a computer the whole time, try an app.

When it comes to mobile presentation apps, SlideShark is the one to beat. You can do your PowerPoint presentations from an iPad, iPhone or iPod Touch, and SlideShark keeps your presentation the way you meant for it to be seen, with all your animations, fonts, colors, graphics, videos and hyperlinks intact.

Your presentation is kept in the cloud while you control the presentation from your mobile device. You can broadcast your slides over the web to remote or in-person attendees. The latest SlideShark update includes the ability to annotate your slides (draw on and highlight slides), and use your iPhone as a remote control and laser pointer if you project from your iPad.

The basic app is free, with paid options for power users. Download the app here.

Unfortunately SlideShark isn’t available for Android phones, and there’s nothing exactly like it for Android. But take a look at SlideRocket and PowerPoint Keynote Remote for apps with similar functionality.

How do you avoid presentation headaches? Ever have a presentation disaster? Let us know in the comments below!

Edit Images Interactively With Adobe Photoshop Elements 11

You have probably heard of Adobe Photoshop. The Lexus or Mercedes or Ferrari of photo editing tools. Many small business owners dream of such a powerful tool, but often find that it is too much “engine” for their needs.  This product review is for small business owners who need to edit images with a photo or image editing tool, but want something fast and simple.

Enter the latest light version called Adobe Photoshop Elements 11 - a raster image editor that lets you paint and edit pictures interactively on the computer screen and save them in formats such as JPEG, PNG, GIF and TIFF. It helps the user create, edit, organize and share images from one place. It has most of the features of Adobe Photoshop CS (the full premium level version) but at a lower cost.

Aimed at hobbyists and consumers, even non-expert individuals can use it with relative ease and this makes it ideal for the small business owner. The straightforward color management system and effortless removal of the red eye effect, the no-fuss ability to change skin tone along with the other plugins are available in a simpler, trouble-free format. Advanced edits are also possible.

You can see on the screenshot below that I have also opened the Advanced Editor tool which gives you even more options than what you see on the right side of the screen here.

It is easy to see that a small business owner, such as a retailer, blogger, service provider, freelancer, or affiliate marketer, can make use of the basic editing and advanced editing features - different photographic effects, adding drama, creating monochrome, or illustration effects. Video playing and tagging are also available. Business owners who want to explain or demonstrate a concept, service or new product will find this feature essential.

What I Really Like:

• Great screenshot tool. Super useful for when you are surfing the Web and want to capture the screen you are looking at â€" and want to edit later.
• Geo tagging is now a way of life for hobbyists and business owners and is supported in this version of Photoshop elements. The program helps you access GPS data embedded in photos or lets you tag spots on a map.
• Cost factor. The program costs about one sixth of what Adobe Photoshop CS costs. For small business owners who want to grow their venture on a smaller budget, this is a key factor. There is a trial version also to allow you to try before you buy.
• Ease of Use. Unlike its bigger cousin Adobe Photoshop CS, this program is easy to use even for the amateur. It is more intuitive and has a cleaner interface; you will not have to take classes to learn how to use it. Business owners without a tech background or a lot of time will appreciate this.
• The editor has three sections: Quick, Guided and Expert to cater to different levels of users. They can be used independently of each other, or you can alternate between them.

What I Would Like to See:

Although the Import Media is pretty self-explanatory, if you have information divided into specific folders on your computer, you have to select each of those, one at a time. I’d like to see some sort of tool that lets me pick more than one folder at a time. When I go into the library, I don’t see all of my photos and wonder why.

Adobe is world-renowned for creating elegant and powerful tools to help the artist, photographer and other creative types. They are just as useful for the business owner - think about the last time you opened a PDF file.

The tools are often expensive, however, to their credit, they have listened to the market and created lighter versions that not only cost less, but work in a way that helps the business owner who doesn’t have time for a steep learning curve.

If you are in the market for a robust, affordable photo editing tool, take a look at Adobe Photoshop Elements. You can find it online at Amazon and often in stock in Costco for prices ranging from $69 to $99. The Adobe site sells it for $99.95. I was provided with a media copy to evaluate it for this review.

Best Email Service For Small Business: Gmail, ZohoMail or Outlook?

You need email to run your business. It’s most likely integral to your daily operations, so the solution you choose matters. You need the service that delivers the features you need, the storage space and the integration’s.

Let’s take a close look at some options of the best email service for small business, how much they cost, and what they offer.

Gmail (Google Apps for Business)

It’s the world’s top email service provider, offering an impressive suite of features to everyone for free. Business users pay between $50 - 120 per year per user for an enhanced version of Gmail and the associated apps with more storage space than free users.

• Storage: You get 25 GB worth of storage per user, plus 5 GB of Google Drive space.
• Custom Email Address: Your...@YourBusiness.com
• 24/7 Customer Support
• 99.9% uptime guarantee: Almost never goes down. If you can’t trust Google’s servers to stay up, who can you trust?
• Security: Strong encryption on your email, antivirus scans on attachments, and two-factor authentication when logging in.
• Business controls: Manage your employee’s accounts, security and settings.
• Compatible with desktop clients: If you use a desktop email client, like Outlook, Apple Mail, or Mozilla Thunderbird, you can keep using it with Gmail.
• Ability to disable ads

At the higher price point of $120 per year per user, you get Vault. Vault’s features include:

• Retention policies: Define retention policies that are automatically applied to your email and chat messages.
• Email and chat archiving: Your email and chat messages are archived and retained according to your policies, preventing inadvertent deletions.
• E-discovery: Be prepared for litigation and compliance audits with powerful search tools that help you find and retrieve relevant email and chat messages.
• Legal hold: Place legal holds on users as needed. Email and chat messages can’t be deleted by users when they’re placed on hold.
• Export: Export specific email and chat messages to standard formats for additional processing and review.
• Audits: Run reports on user activity and actions in the archive. Searches, message views, exports and more are shown.

ZohoMail

When we compare ZohoMail to Gmail, there are a lot of features in common. You’ve got instant chat, you’ve got a calendar, tasks, notes, custom email addresses, and even the 99.9% uptime guarantee.

However, ZohoMail has no ads at all, was designed for business users and it integrates with their multitude of business apps. They have too many business apps to list here, but apps for which Google has no equivalent include a CRM app, an accounting app, an invoice app, a recruiting app, and the list goes on. However, these apps are not included in the price of ZohoMail. As an example, Zoho Writer, the Google Drive equivalent on Zoho, which deals with text documents, presentations and spreadsheets, costs between $3 - 5 per user per month.

ZohoMail itself is cheaper than Google Apps for Business, at between $2.50 - 3.50 per user per month, or free for up to three users. However, you’re getting less storage space (10 and 15 GB, respectively).

Thus, if you need a solid email client without too many bells and whistles, and you don’t need the extra ten or fifteen gigabytes of space per user, you can save some money here. But to get what Google is offering you, you’ll end up spending more money and you still won’t get all the way there (because ZohoMail tops out at 15 GB, and there’s no video chatting, etc).

It’s true that Zoho offers a lot of business apps that Google doesn’t offer, but you don’t need ZohoMail to use their other apps. Zoho’s apps integrate with Gmail.

Outlook/Exchange Online

Microsoft has been working like a demon to bridge the gap between Google Drive and their own Office suite. And they’ve done it. With Office 365, their Office applications are available as web apps. Anything you can do with Google Drive, you can definitely do with this suite of apps.

With Office 365 Small Business, for $5 per user per month, you get the Office web apps, and familiar email features: shared calendars, 25 GB of storage space per user, and the ability to use your own domain name. You get web conferencing, 24/7 customer support, that good old 99.9% uptime guarantee and management features like that of Google’s Vault.

The email services can be had a-la-carte for between $4 - $8 per user per month, if you don’t need the Office suite.

Microsoft’s email services have recently had a significant upgrade, with a redesign and theoretically bottomless inbox space and attachments up to 100 MB on Outlook.com for free users. These space upgrades do not seem to be part of the Exchange Online services you’d receive with Office 365 Small Business, but Microsoft’s is still a very robust offering, exceeding Google’s services in some aspects.

-

In the end, it all depends on your personal needs. If you need a lot of storage space and a simple solution, Google Apps for Business might be your best bet. If you need integration with a more powerful suite of word processors and spreadsheet apps, Office 365 could be the way to go. And if you need no bells and whistles, just simple email for a good price, ZohoMail can help you out.

Let us know in the comments about your experiences with these services and which your business uses!

4 Tips to Improve Time Management

The more technology automates our lives, the less time we seem to have each day. Any available second is filled with responding to e-mail, managing social media sites, and dealing with billing and payroll. Aside from sacrificing sleep, many business owners aren’t sure how to squeeze an extra fifteen minutes out of a day, let alone an hour or two.

“The small business owners we work with know that their most valuable - and limited resource - is their time,” Brett Owens, CEO and co-founder of automatic time-tracking software Chrometa, says.  “And they also realize that the biggest predator on their time is interruptions…with emails and phone calls consistently being reported as the biggest offenders.”

 Through a combination of altering behaviors and using the technology tools available, small businesses can utilize each day’s hours more efficiently, freeing up time to spend bringing in more business. Here are a few great time management tips to help overworked small business owners.

1) Overhaul Your E-Mail Habits

It’s probably no surprise to find that e-mail decreases productivity. We’ve become attached to our inboxes, checking e-mail almost obsessively to see if some urgent message has arrived. Outlook’s notification feature doesn’t help-we can barely complete a single task on our PCs without an e-mail notification popping up to distract us.

One efficiency-booster recommended by experts is to limit the number of times a day you check your e-mail. Once or twice an hour should be sufficient to catch any emergency that comes your way. If you’re still reluctant, try putting off e-mail for an hour and see how much you accomplish. Or, better yet, use automated software to analyze just how much of your day is consumed by checking and responding to e-mail.

Chrometa’s Outlook, Gmail, and Mac Mail plug-in help with billing by tracking how much time you spend on each e-mail. But this valuable tool can help even those businesses that don’t bill by the hour determine just how much time is spent answering e-mails.

2) Keep a Schedule

Whether your schedule resides on your smartphone, your Outlook account, or in a paper daily planner, set up a system that works for you. Keep all notes, thoughts, and meetings in the same place and whenever you have an idea, jot it down for later reference. This can help keep you focused on the task at hand, with the added benefit of ensuring you remember important meetings and upcoming events.

3) Learn to Say, “No”

It may be one of the hardest things for an overachieving business owner to do, but when you agree to everything, you won’t have enough time to satisfy all of your obligations. When you begin to feel as though you are too busy to keep up, delegate some tasks and turn down those that aren’t essential to your business’s overall goals.

4) Automate Billing

Today’s technology tools go beyond simply allowing you to complete, track, and process invoices and payments. Chrometa’s invoicing tool captures billable time automatically and cuts invoices based on that time. No more manually tracking every hour spent working on a client’s project. The invoices also make it easy for clients to pay online, which helps maintain cash flow.

Chrometa also enables SMBs to separate tracked time by employee. This allows separate team members to work on projects without compromising the billing for the main employee assigned to that project.

“Despite what many time management gurus may preach, there’s not really a practical way to stop these interruptions in the year 2013,” Owens says. “Clients are going to email you, and they are going to call you - and they don’t want to read an autoresponder about how you check email twice a day.  So, it’s important that interruptions are: 1) Managed, so as to reduce their frequency while still being responsive to clients and customers, and 2) Recorded, so that you have an accurate record of where your time is going.”

Chances are, you’ll likely never completely rid yourself of that “always too busy” feeling. But by utilizing some of these time-tested time management techniques, you’ll improve your own productivity and maybe even free up some time to enjoy a few minutes of relaxation every day.

20 Grammar Rules for Business Owners

Your high school and collegiate days might be behind you, but that doesn’t mean the English lessons you learned are over as well.

Even in today’s professional business world, I run across endless grammatical errors in my business dealings. While most typos are forgivable, others cause confusion and don’t provide a good impression.

Whether you’re posting content for your brand or simply exchanging a business email, it’s extremely important for anything you write to be error free. After all, you don’t want to make a negative impression with poor grammar. Clean and compelling content influences both B2B and B2C consumers. Follow these 20 grammar rules below.

Who Versus Whom

“Who” correlates with the pronouns he/she while “whom” correlates with him/her.

Continual Versus Continually

“Continual” means always occurring whereas “continuously” means never ending. You definitely wouldn’t want to mix these up in a business contract.

Nor Versus Or

This is one of the grammar rules that is a simple one to remember. Just think of the N. Nor follows neither while or follows either.

Complement Versus Compliment

A “complement” enhances or adds to something, such as a pair of earrings complementing an outfit. On the other hand, a “compliment” is something nice that is said such as, “I like your earrings.”

Affect Versus Effect

Affect is a verb, “That song affects my mood.” Effect is a noun, “That movie has such an inspirational effect.”

Bring Versus Take

You “bring” something with you on vacation, but you “take” something away from it.

Me Versus I

If there are other people in the sentence such as, “Mary, Bob, and I” or “Mary, Bob, and me,” then take out the other people and see what makes sense.

There, Their, They’re

“There” refers to a place, “their” refers to someone’s possession of something, and “they’re” is a contraction of they are. Most of us already know this, but it’s easy to exchange these words. Unfortunately, spell check doesn’t catch these mistakes.

Your, You’re, Yore

Similar to there, their, they’re, spell check usually can’t tell the difference between these. “Your” is possessive, “you’re” is a contraction of you are, and “yore” refers to the past.

To, Too, Two

Phew, there are so many triplet words to watch out for. Use “to” when you’re going to a place, “too” to denote also or as well, and “two” to specify the number 2.

Fewer Versus Less

If you can count it use fewer, but if it’s uncountable, then use less.

Principal Versus Principle

Just think of the last 3 letters of each word. PrinciPAL is a person whereas principle is a moral or standard that is upheld.

It’s Versus Its

“It’s” is a contraction for it is, while “its” is a possessive pronoun.

Literally

Do not be sarcastic if you use the word “literally,” especially in the business world. “I am literally starving to death,” means that you’re about to die from dehydration or starvation. Don’t say literally unless you literally mean it.

Capital Versus Capitol

When talking about Washington, D.C., this is especially tricky. “Capital” is a city such as D.C., but “capitol” is the building where lawmakers meet. So the capitol is usually in the capital. By the way, capital can also reference wealth.

Ultimate

It means “the last.” For instance, “The Titanic’s maiden voyage was its ultimate voyage.” Be careful when using this word. You’re innocent “ultimate last day at work” might translate to the last day of your life.

Who’s Versus Whose

“Who’s” is a contraction of “who is.” If who is doesn’t make sense, then use whose.

Than Versus Then

When comparing use “than,” and in all other instances use “then.”

Enormity

CAUTION: Do not confuse “enormity” with “enormous.” Enormity means “evil” and does not associate with the size of something. “The enormity of our marketing campaign” doesn’t refer to how enormous the campaign is - it refers to it as evil.

Elicit Versus Illicit

“Elicit” is the process of evoking something. You want to elicit a response from consumers with a marketing campaign. “Illicit” means illegal. Your business wants to avoid illicitly acquiring products.

Imperva launches community-backed threat protection

Imperva has announced the launch of a crowd-sourced technology that it says can protect users and enable them to draw intelligence from.

Launching SecureSphere 10.0, the company also unveiled ThreatRadar Community Defense, its first crowd-sourced threat intelligence service that aggregates and validates attack data from web application firewalls to help protect against hackers, automated clients and zero-day attacks.

According to the company, Imperva ThreatRadar Community Defense delivers crowd-sourced threat intelligence gathered from live attack data from web application firewalls deployed around the world and distributes this data in near real-time.

Amichai Shulman, co-founder and chief technology officer of Imperva, said: “Together, Imperva ThreatRadar Reputation Services and Community Defense pull crowd-sourced data from around the world to provide heightened insight into the identity of these attackers.

“As the first company to deliver crowd-sourced threat intelligence for web application firewalls, we continue to innovate to deliver what we believe are the best, most advanced web application security solutions available to meet the evolving needs of our customers.”

According to its April Hacker Intelligence Initiative report, analysis of real-world attack traffic against 60 web applications between January and March 2013 found that businesses can reduce the risk of successful attacks against their organisations by identifying and blocking attack sources, payloads and tools that are found to target multiple websites or organisations.

It said that attack sources make up a disproportionate amount of the overall traffic against enterprise organisations in the report, and can be identified only by analysing crowd-sourced attack data from a broader community.

It found that crowd-sourcing increases community protection against large-scale attacks, as multiple attacking sources and payloads gradually cover more and more targets, thus affecting larger parts of the community and a cooperating community can benefit by exchanging security and threat information.

Shulman told SC Magazine that generally, few people are responsible for attacks and these are generally criminal and industrial hackers. “Only three per cent of all IP addresses are recognised as being attackers, but they are responsible for 97 per cent of all attack volume and if you are aware of the IP address, you can benefit,” he said.

“This is our way of slotting into the application security domain. These are not application security attacks, with reputation feeds it was hard to achieve and analyse when we were looking at phishing, command and control servers and botnets. This is the first time we have added a layer of application security.”

Shulman said that ThreatRadar Community Defense is available for free for users if they choose to send data, or a charge applies if they do not send it.

Blue Coat: Vendor partnerships will reap benefits for users

Technologies need to be more transparent and vendors need to work together for the benefit of users.

Speaking to SC Magazine, Chris Pace, director of product and solutions marketing at Blue Coat, said that security should be about keeping people safe and called on vendors to form more partnerships to achieve this.

Pace said: “We encourage technology partnerships as we see it as two halves of a whole solution and we want users to be as safe as they can be. Also, security vendors need to cooperate more, start getting better and understand where your technology is fit for organisations.

“We can say that without transparencies, technologies are not as great as they could be.”

Asked about recent comments made by Dinis Cruz, principal security engineer at Security Innovation, on the need for underlying source code of technology to be more transparent so users know what they are dealing with, Pace agreed, saying that this makes sense at the technology layer.

“But what is good for business is an understanding of the underlying technology. The big vendors are stuck with so much security technology and users say that they cannot trust it to do all the things.

“We run the risk of being irresponsible if we say we can offer 100 per cent security and it is how we contribute to the market and the security professional has the right to question as a buyer and user.”

Pace went on to say that the next step after mastering technology should be to understand human behaviour and how users interact with technology, saying that vendors and users need a better understanding of how people work inside the business, as "the human is a lot less tangible than an application in a data centre".

Targeted attack reveals flaws of mobile device management software

Mobile device management software is only as secure as the device it is on, and both are easily intercepted.

Speaking to SC Magazine, Lacoon Mobile Security CEO Michael Shaulov demonstrated a technique of delivering a mobile remote access Trojan (mRAT) to both Android and iPhone devices that allows for total interception of the device and the mobile device management software and its apparently secure content.

In a demonstration, Shaulov showed that dropping a targeted attack with the mRAT will allow access to the microphone, geolocation and contact details. Shaulov said: “The software for this can cost £29 and there is a huge amount of software available.

“We found that in Israel in October 2012, one in every 1,000 infected users was with an mRAT and for a targeted threat it is quite scary.”

In the attack, a link is sent by SMS claiming to be a game that is packaged with the malware. This malware, once downloaded, exploits a vulnerability in the phone to get root access to the device that allows all communication to be seen by a third party and if they want, listen to all conversations, which are downloaded to an email account of the attacker's choosing.

Shaulov also warned that if an infected device were to be connected to a network-connected device, this could cause others to be infected too.

In terms of bypassing the mobile device management software, Shaulov said that if the victim is running such an application then it can be intercepted. “All encrypted emails and documents are placed here and it doesn't matter which vendor technology you use, they all work in the same way,” he said.

“All data is encrypted, all communication is encrypted and if the device is jailbroken or rooted then the mobile device management software will not work and alert the administrator.”

He explained that mobile device management software will not be able to detect this, and the console can be bypassed as the malware has a higher privilege than the software. “It will work on every container wrapper,” he said.

“The mobile operating system has a sandbox and the attacker can do whatever they want. The secure container is as secure as the operating system itself. The mobile device management software has static policies and can be bypassed and it doesn't provide visibility or assess risk in real-time.”

To mitigate the problem, Shaulov recommended building layered protection, be able to assess risk in real-time, be able to do behavioural analysis and understand the vulnerabilities in every platform. In this test, a leading mobile device management software was used, along with a Samsung Galaxy S3 and an Apple iPhone 4.