XYRM Innovation: 07/11/13

5 Tips to Pitch Investors the Right Way

pitch investors

Itâ€™s that time - you have to pitch in front of a prospective investor, convince them and get the necessary funds for your startup. This can be a great experience or your worst nightmare. Everything depends on how you prepare for it.

Letâ€™s take a look at the points that can make the venture easier for a new entrepreneur.

Do Your Homework

The investor you face may have a minuscule knowledge about your field of work or they may be an expert. Whichever category of financiers you face, they expect you to have knowledge of every aspect of the business.

Typically, an investor looks for pitches to convey answer to basic questions:

What problem do you solve?
Who are you?
What have you done until now?
How do you plan to make money?
How can the investor help?

If your startup is about selling computer applications and you have no knowledge about the information technology industry or donâ€™t have a business plan, an investor may not feel confident about putting their money on you.

You need to have mastery over all details about your business, your industry, your competitors, your budget and your objectives. If you fail to provide a definitive answer, an investor may not be impressed with your pitch.

Memorize Specific Details

An incompetent entrepreneur says that their business can generate savings for customers. A competent entrepreneur says that their business can generate savings worth $100 for customers.

The easiest way to distinguish a good pitch from a bad one is the way you make it. If you are vague, investors may not think of you as an ideal candidate to invest their money in.

Definitive answers always work best. Be prepared with facts and figures. Whether an investor knows all or nothing about the field, they will be impressed if you have clear-cut points and explicit answers.

Have a Story

Your pitch before an investor is not about rattling off key statistics. Almost all entrepreneurs can memorize and deliver a speech. The problem is - it will fall flat and fail to impress anyone if itâ€™s not connected to you.

A pitch is only a good one if you can relate to it. This becomes possible if it is associated with your life. If you are impersonal about the endeavor, chances are high that the investor will be able to sense your lack of interest.

An investor is not automated. He/she is human. Like every human being, he/she will be more interested in your ideas and knowledge. He/she will only feel enthused about your business concept if you yourself are excited about it.

A simple trick - practice your presentation in advance. If possible, record it. This will help you evaluate your presentation and modify it to make it attractive.

Hone Your Communication Skills

On the personal front, you may have excellent communication skills. However, you need to make sure that your business communication skills are also appropriately perfected before you make the pitch.

Many times, an entrepreneur fails to make an impression on an investor because he/she tries too hard. If you are too formal or too serious, or perhaps too much of a flatterer, things may not turn out the way you wish.

Pay attention to what you say. Pay attention to what the investors ask. Be respectful. Be friendly. The prospective investors you face today may become the solid foundation for your business tomorrow. Treat them the way you would like to be treated by business associates.

Be Open to Feedback

A know-it-all attitude conveys the wrong message to an investor. When you are a new entrepreneur on the lookout for startup funds, you cannot afford to send such a message out.

Keep in mind, every entrepreneur learns throughout their journey from a startup to an established business. Your pitch to impress investors may be very good; however, there is always the opportunity for improvement.

If an investor asks something you donâ€™t understand, politely ask them to explain the question. If they have something to say about your pitch, listen to them carefully. You may learn a lot from experienced investors but only if you have the right attitude.

An investor is human. You can create and nurture a good business relationship with them if you have the right approach. Remain coachable as it will ensure that you continue to learn new things about your area of business from these pros.

The key to success is to be prepared and be yourself.

If you have a mentor, practice your pitch before him/her. You may also get help from a career coach. If you know someone who has pitched in front of investors successfully, ask them for a review of your pitch.

Business Pitch Photo via Shutterstock

5 Tips to Pitch Investors the Right Way

pitch investors

Letâ€™s take a look at the points that can make the venture easier for a new entrepreneur.

Do Your Homework

Typically, an investor looks for pitches to convey answer to basic questions:

What problem do you solve?
Who are you?
What have you done until now?
How do you plan to make money?
How can the investor help?

Memorize Specific Details

An incompetent entrepreneur says that their business can generate savings for customers. A competent entrepreneur says that their business can generate savings worth $100 for customers.

The easiest way to distinguish a good pitch from a bad one is the way you make it. If you are vague, investors may not think of you as an ideal candidate to invest their money in.

Have a Story

A simple trick - practice your presentation in advance. If possible, record it. This will help you evaluate your presentation and modify it to make it attractive.

Hone Your Communication Skills

On the personal front, you may have excellent communication skills. However, you need to make sure that your business communication skills are also appropriately perfected before you make the pitch.

Be Open to Feedback

A know-it-all attitude conveys the wrong message to an investor. When you are a new entrepreneur on the lookout for startup funds, you cannot afford to send such a message out.

The key to success is to be prepared and be yourself.

Business Pitch Photo via Shutterstock

Customers Via Social Media Are Less Profitable Than Those From Search

customers social media

If you run an e-commerce business, you should know that how a customer finds your site makes a difference in how much they spend with you.

A recent study by Custora, a predictive analytics platform for e-commerce marketing, says customers that find your site through search engines provide the greatest lifetime valueÂ (PDF), 54 percent above average.

Thatâ€™s just a fancy way of saying that these customers will spend more at your online store over a longer period than other visitors who might make only a single purchase and never return.

CPC and Email Also Effective

Other high performers as far as delivering customers of above average lifetime value to your e-commerce business are Cost Per Click advertising and e-mail marketing, the study said.

Customers reaching your site through Cost Per Click ads represent 37 percent above the average lifetime value to your website.

Meanwhile, e-mail marketing delivers customers who are 12 percent above the average lifetime value to your e-commerce business.

Social Media Lags Behind

And where did social media place in the ranking based on the Custora study?

Well, not too high, as it turns out. For all the fuss made over social media, customers visiting from these sites can actually represent relatively low lifetime customer value for e-commerce.

In fact, Facebook visitors represented only 1 percent above average customer lifetime value for e-commerce merchants. Worse yet, the lifetime value of customers acquired through Twitter was 23 percent below average.

Conclusions

So does this mean social media marketing has no value to e-commerce businesses at all? Gary Shouldis of 3 Bug Media doesnâ€™t think so:

No, itâ€™s just that marketing to people on social media is usually a top of the conversion funnel activity while search and PPC customers are usually at the end of that conversion funnel, with wallet in hand. Understanding where potential customers are in the buying cycle is important when creating your marketing plan.

Using Google Analytics tools, Custora conducted the study by looking at 85 retailers and tracked about 72 million customers who were making purchases online.

Image: Custora

UpCounsel Gets Laywers to Bid for Your Business

upcounsel

Legal help for a small business owner can be quite a financial setback, no matter how necessary the help may be.

A new Web service allows small businesses to pay for just the services they need from an attorney. UpCounsel, which launched last year, lets attorneys submit quotes on specific services posted by small business owners an others. GigaomÂ compares the service to TaskRabbit, a site that allows part-time workers to bid online for various tasks and errands posted by members.

As with TaskRabbit participants, attorneys working on UpCounsel are screened before being permitted to participate. In addition to a quote on the particular service posted, attorneys are permitted to post a brief personal message to help clients make up their minds.

In a post on the official UpCounsel Blog, co-founder and CEO Matt Faustman explains the rationale behind the service:

We at UpCounsel saw some problems in the market for legal services - especially for those offered to small and mid-sized businesses.

Faustman, a former practicing small business attorney, said heâ€™d been inspired to found UpCounsel after an experience with two startup entrepreneurs who, he said, had taken a DIY approach to legal documentation when setting up their company.

Faustman said the pair had used a well-known online legal document service to set up their company with disasterous effects. The businessâ€™s set up turned out to be all wrong costing the partners thousands in legal bills just to fix the problem.

He said UpCounsel was created to addressed a specific issue. Small business owners cannot afford the costs of legal fees, especially when starting out, and resort to doing many of the legal tasks themselves to cut costs.

Current online resources of legal information are sometimes lacking and following their advice can sometimes lead to additional problems, Faustman said.

Image: UpCounsel

Zscaler Security Cloud

Zscaler is a comprehensive suite of security services delivered from the cloud. It covers email, web and mobile computing. Some services it provides are anti-malware, browser and application vulnerability management, policy enforcement for mobile computing, bandwidth and QoS management, web filtering, intellectual property protection and regulatory compliance.

Zscaler boasts the world's largest security cloud and it is accessible from just about anywhere on the planet. Zscaler works on the basis of distributed data centres. The localised data centre is where the customer's policies reside, but in seconds that data centre can push the policies out to the others around the world. This helps ensure that users in remote locations stay as current as the users accessing through the nearby data centre. This provides what Zscaler calls 'shadow policy'. This follows the user, and because it is relatively local, no matter where the user is in the world there is little latency in receiving the policy and applying it.

The nearness of the data centre to the user globally also reduces latency that the user would experience if they had to access the cloud and then, over the cloud, access the data centre back home. For road warriors, this can provide a big benefit.

One thing that particularly impressed us was the simplicity of the user interface. It is all in a single console, but that is not as impressive as the simple visualisation scheme the product uses to convey information that can otherwise become somewhat confusing. Administration is clean and the information the administrator needs to create, modify and push out policies is easily at hand.

Reporting is comprehensive and can be delivered in near real-time, meaning that it is completely up to date with users' activities. We liked that the Zscaler services move with the user, no matter where in the world the user happens to be. This by itself is a big benefit. Finally, we liked that Zscaler is constantly gathering global threat data that it uses in protecting customers' data.

Total Defense for Business

Total Defense provides end-to-end security delivered from the cloud, including unified web, endpoint and email security, giving the same level of security as in the enterprise with a single console. This product covers a lot of territory.

For endpoint protection, there is a lightweight agent on the endpoint, just as one would expect in an enterprise implementation. The agent communicates with the cloud; email security is achieved by redirection, and web security through a proxy service with more than 900 entry points around the world. The product supports Windows, Mac and Linux, with mobile devices on the way.

Total Defense is known for its anti-malware capabilities, and those are built into this product. Each capability has its own dashboard - all accessed from a single console - and each is individually configured. The three modules can be purchased separately if desired. Administration is centralised for all three modules - accomplished seamlessly from a single console. It is policy driven and the policy engine is comprehensive and robust.

Access control can be accomplished with integration into directory services such as Active Directory, Oracle, Novell and OpenLDAP. The suite can support multiple instances of directory services to fit into the organisation's architecture.

The usual web filters can be set up to manage by type of site and other rules. Everything is thoroughly monitored and logs/audit trails are available for compliance audits. In addition to inspecting packets as they enter the system, periodic malware scans can be scheduled or applied manually. It uses multiple scanners, including its own and third-party products. Signature updates for all are automatic.

Overall, we found this a solid and comprehensive product. It fits an important niche in that it manages security on three critical aspects of today's enterprise: web, email and endpoint. It is relatively easy to set up and manage, and covers a lot of territory. This is one case where having the security management system in the cloud pays dividends. Not only does the cloud-based system have better performance in such areas as anti-malware updates, packet scanning, etc., it also provides safety for email and web browsing as users travel around the globe.

CloudLock Information Security Suite for Google Apps

One of the major issues in cloud-based security is that it is very hard to do. For lots of reasons, many from the business perspective, it is difficult to make the cloud as secure as the on-premise data centre. There are lots of things that go into security, as we all know, and the objective of any cloud-based product must be to make the cloud as secure as the data centre. Additionally, to be truly effective that security should behave and be manageable in much the same manner as the data centre. CloudLock is, by these measures, truly effective.

CloudLock provides data privacy, governance and management, as well as account protection and external application management and governance. Google Apps is the only environment supported currently, but there are more on the drawing board. CloudLock uses the Google Apps API to collect necessary metadata and apply that to the product's rules engine. This allows most of the same security functions - when working in the cloud - as organisations are accustomed to in their data centres.

For example, because data moves through the security protection, CloudLock can do such things as data leakage prevention, identifying such things as personally identifiable information. It can enforce acceptable use policies and is content aware.

The product is policy driven. Its dashboards for analysis and policy development are simple, to the point and easy for the administrator to use. In addition to the general tools, CloudLock provides a robust application firewall. This facilitates application-level access control, which is necessary due to the application environment being outside of the organisation's physical control.

One strong function is its ability to examine how other organisations are treating a particular application residing within Google Apps. Users can be restricted from accessing particular applications (the app is banned), so it is helpful to know what the community at large is doing about allowing access. Community trust rating communicates that information to the administrator to assist in determining what apps should be allowed and which should be banned.

We liked this tool for its direct applicability to an important cloud environment. We also liked its comfortable look and feel.

Symplified

Symplified addresses access management to cloud applications. It is visualised best as a single sign-on (SSO) product for the cloud. However, as the company is quick to point out, SSO is just the convenience piece, although many would argue that it is a very big convenience given a large number of cloud-based applications the organisation may be using.

A large portion of Symplified is really a sophisticated identity and access management tool. The big plus here is that it really does not care where your application is. It could be behind the firewall or in the cloud. Access and identity management of both is necessary, and Symplified does that in such a way that the users cannot tell the difference. The location of the app simply does not matter. While the user is enjoying a seamless access experience to the applications that they need, Symplified is quietly logging all accesses and storing the data away for compliance purposes.

There are lots of little goodies that together make Symplified a good choice for this type of product. First, it works with mobile devices. That is a must-have in today's enterprises. Second, it integrates cleanly with Active Directory, making administration straightforward. Symplified can handle one-time passwords for multi-factor authentication. In short, the cloud and hybrid cloud/on-premise applications all behave alike from the user perspective, and they all function directly from the user's dashboard once they log in to it.

Administration is straightforward. Using a tool, called the Studio, administrators set up policy and manage the user-application interactions. Users can interact directly as well, creating connectors for various apps. However, in most cases no new connectors are needed since out of the box Symplified comes with quite a few of the most used ones.

We liked this item because it addresses an important challenge in an elegant, scalable way without forcing differentiation from the user perspective between on-premise and cloud-based applications. As the application fabric of most organisations becomes increasingly complicated, this tool will find an increasingly large market.

CloudLock Information Security Suite for Google Apps

We liked this tool for its direct applicability to an important cloud environment. We also liked its comfortable look and feel.

Symplified

CipherCloud for Office 365

Many organisations outsource email to a cloud provider, and one of the most successful of these providers is Microsoft with its Office 365 offering. This is a cloud-based version of Microsoft Office that adds a few additional features making it an attractive option, especially for small to mid-sized organisations. However, it is not without its security weaknesses, as is the case with all cloud-based offerings.

The major issue is that email can be quite sensitive and there are privacy requirements to which an organisation in certain markets must adhere. If the email is in clear text, in the cloud those privacy requirements are not being met. Likewise, the cloud provider has access, and if the provider is ordered by the courts to reveal all of the content stored in its systems, your clear text email may be at risk of disclosure without your consent or even your knowledge. This is where CipherCloud for Office 365 comes in.

This innovative product is very simple in concept: It encrypts email end-to-end, and it does it without interfering with the user experience. Moreover, since the encryption keys are retained on-premise, the organisation is not at risk for loss of the keys, misuse of the keys or any of the onerous regulatory penalties for exposing - or potentially exposing - private information to unauthorised access.

The system, from the user perspective, is simplicity itself. The administrator decides what gets encrypted - all email and calendar or selective encryption - sets the policy, and the rest is seamless and transparent to users. The email can be recalled as PST files and decrypted locally if the need should arise, so the organisation is not at risk of the cloud provider being shut down. Encryption is strong - AES 256 FIPS-approved, so protection is robust. Likewise, the product can support other cloud-based applications, so developing a secure cloud strategy gets easier.

We liked this tool for its simplicity and direct application to a real challenge. The fact that it is extensible to other applications and that there are more apps on the drawing board, just adds to its promise.

Information request reveals continued increase in NHS data breaches

Data breaches in hospitals rose by 20 per cent year-on-year.

According to a Freedom of Information Act request from 55 hospital trusts by Pulse Today, the number of breaches rose from 2,337 in 2011/12 to 2,805 in 2012/13. These included patients being given a different patient's details in error, patient information being given to a relative without their permission, voicemails left to the wrong person, letters left in public meeting rooms and letters sent to patients' previous GPs.

The request found that following a 15 per cent increase in data and confidentiality breaches between 2010/11 and 2011/12, there were 7,138 incidents over the last three years at the 55 trusts.

A spokesperson for theÂ Information Commissioner's OfficeÂ said: â€œThe health service holds some of the most sensitive information available. This is why it is so important that they look after patients' data correctly and in compliance with the Data Protection Act.

â€œWe will continue to work with the health service to help them keep the personal information they use and store secure.â€

Stephen Midgley, vice president of global marketing at Absolute Software, said: â€œAs a public service, the health sector supports over a million patients each day, and this responsibility includes the protection of any patient confidential information. The claims of a member of the public finding a letter in hospital grounds with the clinical diagnosis of another patient's cancer, is simply unacceptable.

â€œWith the NHS facing tough cost saving initiatives and the wider data debate and challenges surrounding the plans to deliver a fully paperless model by 2018, it's essential that the world's largest healthcare system considers the risk impact of data breaches and puts protecting its physical and digital data assets at the top of its priority list.

â€œThere are basic steps organisations can take to protect themselves, and the first is a comprehensive data policy in place from the very beginning. This starts with education, right across the NHS and its staff.â€

Federal agents told to stay away from Def Con

Federal agents will not be welcome at the upcoming Def Con conference, founder Jeff Moss has said.

In a statement posted to the Def Con website, Moss said the decision to ask 'feds' not to attend the Las Vegas-based conference in August this year was due to delegates being uncomfortable with 'recent revelations'; a possible reference toÂ allegations by former defence contractor Edward SnowdenÂ that the US National Security Agency had engaged in wide-spread communications interception.

"When it comes to sharing and socialising with feds, recent revelations have made many in the community uncomfortable about this relationship," Moss said. "Therefore, I think it would be best for everyone involved if the feds call a time-out and not attend Def Con this year.

"This will give everybody time to think about how we got here, and what comes next." The move sparked some objections from Twitter users who questioned its validity and noted that feds were positive contributorsÂ to the security community.

Moss said Def Con had become over two decades an "open nexus of hacker culture" where security pros, researchers and feds could meet on neutral territory in the spirit of openness and respect. In response, organisers of the London-based conference 44Con tweeted that feds "feeling left out over the Def Con snub" are "always welcome at 44Con".

If You Want Entrepreneurial Success, Learn to Embrace Failure

entrepreneurial success

First off, let me tell you this: I fail - a lotâ€¦ and Iâ€™m ready for more failures.Â Before you say, â€œAre you out of your mind,â€ let me explain a bit.

I hate the feeling of failure.Â Nobody likes to fail.Â But I learned during my entrepreneurial career that if you want to achieve entrepreneurial success, you need failures. You need to fail and the more you fail, the closer you are to your goal.

Embrace Failure to Reach Entrepreneurial Success

Iâ€™d like to illustrate this in the game of basketball.

Do you know why Miami Heat won the NBA 2013? No, itâ€™s not because of the LeBron James.Â Of course, itâ€™s a team game, so everybody contributes.Â However, thereâ€™s a tipping point which has changed the course of the game: Ray Allenâ€™s 3-point shot.

Iâ€™m a fan of Ray Allen.Â Ray is a seasoned NBA players, with 17 years of NBA experience under his belt; he was a superstar, but he has passed his prime years. He is a clutch player, meaning on crucial moments in a basketball game, he will most likely to be the go-to player to take the final shot. Iâ€™m sure Miami Heat hired him due to that reason among some others.

Itâ€™s not easy taking the final shot. Only a few NBA players have the mentality to do it.Â Itâ€™s nerve-wrecking, especially when the destiny of your team is within your hands - literally.

Shooting the last basketball (called a buzzer-beater,) Ray made some and missed a lot.Â Again, itâ€™s not easy.Â But this time, when Miami Heat was on the brink of losing the NBA Finals, Ray made a three-pointer a second before the game was over. The game went into an overtime and Miami won the game - and go all the way by winning the next game to grab the title.

The Moral of the Story?

When you see opportunities, you need to give it a go. When you fail, try and try again.Â Before you know it, you are used to taking risks and when you are used to the fail-and-try-again cycle, eventually you will make it - big time.

You see, entrepreneurship is not about finding success on your first try.Â Entrepreneurship is about finding success through a series of failures - the faster you fail, the faster you will find success.

Why Do I Need to Fail?

The answer is: You donâ€™t NEED to fail. However, in entrepreneurship, you WILL fail in one way or another. Thatâ€™s how things go.

An entrepreneur I know told me that he was willing to go through many failures for just one success. Why? Because he has proven time and time again that the successes he achieved were well worth the failures.Â Heâ€™s ready to fail 100 times for that 1 success - and heâ€™s ready to fail more.

The guys in Silicon Valley know it very well: They embrace failures - pretty much in the similar line of thinking.

Hereâ€™s another one for you: Thomas A. Edison, the inventor of light bulbs, once said in his epic quote:

I have not failed 1,000 times.Â I have successfully discovered 1,000 ways to NOT make a light bulb.

So, do you want entrepreneurial success?

Well, get ready to fail - and make sure you learn something from every failure youâ€™ve experienced. Otherwise, failures will be - well, failures.

Miami Heat celebration Photo via Shutterstock

Senior management do not understand security metrics as it is too technical

Half of IT professionals do not believe that their metrics adequately convey the effectiveness of security risk management efforts to senior executives.

According to a survey of 1,321 professionals by Tripwire and the Ponemon Institute, 49 per cent did not believe or were unsure that their organisations' metrics could convey security risk management efforts to senior executives.

When they were asked why metrics were not created that could be understood by non-technical management, 53 per cent said the information is too technical to be understood by non-technical management; 42 per cent blamed pressing issues; and 43 per cent said that they only communicate with executives when there is an actual security incident.

A third (35 per cent) said it takes too much time and resources to prepare and report metrics to senior executives, while 13 per cent said that senior executives are not interested in the information.

Rekha Shenoy, vice president of marketing and corporate development at Tripwire, said: â€œThese results correlate with the dozens of conversations we have been having with CISOs across the globe.

â€œCISOs talk about the importance of leveraging metrics as a way to influence business leadership and build a risk management practice within their companies. Unfortunately, they struggle with the bigger challenge of producing meaningful metrics, while those they use are rarely aligned with business goals.â€

Dr Larry Ponemon, chairman and founder of the Ponemon Institute, said, â€œEven though most organisations rely on metrics for operational improvement in IT, more than half of IT professionals appear to be concerned about their ability to use metrics to communicate effectively with senior executives about security.â€

Third-parties often used to target foreign companies, claims Intelligence and Security Committee

The main focus of intelligence and security agencies' work on cyber is on countering hostile foreign activity and covert intelligence gathering, as countries use private groups to carry out state-sponsored attacks.

According to the Intelligence and Security Committee (ISC) of parliament annualÂ reportÂ for 2012-2013, beyond â€˜known' attackers, the committee had been told that a number of countries are also using private groups to carry out state-sponsored attacks.

It said: â€œThese state-affiliated groups consist of skilled cyber professionals, undertaking attacks on diverse targets such as financial institutions and energy companies. These groups pose a threat in their own right, but it is the combination of their capability and the objectives of their state backers that make them of particular concern.â€

It also said that it had learned that there was more increased targeting of professional services firms (such as lawyers and accountants) as opposed to other, more obvious, targets that may have stronger defences.

Foreign Secretary William Hague was quoted as having said that such a trend was â€˜worrying', as such attacks are a route into a defence company or high tech manufacturer where a lot of data is sitting with lawyers or accountants. â€œIf they are soft targets, well, then it becomes quite easy to get that data a different way,â€ Hague said.

The report also claimed that such third-party attacks were targeted against government departments via industry suppliers. This apparently has led to Ministry of Defence (MoD) data being stolen.

The report also claimed that the UK is facing a cyber threat that is at its highest level ever, and the committee called for planning to begin now to ensure that resources will be made available to combat cyber attacks in the latter half of this decade.