5 Activities that Yield the Biggest ROI on Your Time

roi on time

If you’re like most small-business owners, time is your most valuable resource. Figuring out how and where to spend your time to yield the biggest payoff can be one of the most difficult and stressful things you do. But as with money, time well spent will return to you tenfold - and squandered time will leave you deeper in the hole.

Below is a guide to five ways to spend your precious minutes and hours to yield major returns and get the best ROI (Return On Investment) for your time.

Smart Time Investments for Busy Business Owners

Too often, small-business owners get sucked into the cycle of putting out fires, spending their days solving immediate, short-term problems that won’t translate to any long-term gains. Consider this cautionary tale: A neighbor of mine had three children. She worked full-time and was always rushing to get them off to school, home from school, fed, bathed and in bed. At the dinner table, she’d cut their food so they could eat faster so she could get the dishes done and they could get to their homework.

One day, she served chicken patties and her 11-year-old daughter waited for her to cut them. She was bewildered - how was it that an 11-year-old couldn’t cut her own food? Of course, she realized it was her own fault: it had been easier in the short-term to do the work for her daughter, but in the long-term, she had the much harder task of teaching an 11-year-old to use a knife.

While it’s difficult to break the do-everything cycle, learning to delegate is the only way to free up your future time for pursuing long-term growth opportunities. Commit some time to at least one of these activities every day, and you’ll soon find you have more time to spend on big-picture, business-growing projects.

1) Hire the Right People

When you finally have the budget to hire a new team member, it’s tempting to find someone as quickly as possible and get them started. After all, chances are you’ve been in need of this person for months, and all you want is a break from the constant work. But rushing the process and hiring the wrong person will only drain your time more as you correct their work, explain your policies over and over and teach skills they should already have.

When you invest time upfront in defining the role you need filled, creating a job description, networking and requesting recommendations, checking references, and interviewing, they payoff is huge: you find the right person for your team. He or she will understand your business goals, take the initiative to push projects forward, and generally help you grow.

Best of all? You won’t have to spend your time fixing his or her work.

2) Train Your Team

Hiring the right people is key. But you also have to train them so they’re aligned with your company goals and mission. Don’t make the chicken patty mistake. Every project is an opportunity for your team to learn new skills.

Over time, learning these skills will allow them to take on more and more of the work you do, which frees you up to pursue bigger and bigger projects.

3) Proofread Your Emails (And Ask Follow-Up Questions)

How many times have you read and reread an email without understanding its message? How often have you replied with a clarification question or picked up the phone to ask for more details? More important, how often have you received an email asking for clarification about something you wrote?

It’s all too tempting to hit “Send” as soon as we’re done dashing off an email. But failing to proofread is a surefire way to waste everyone’s time - your team members will scratch their heads trying to figure out what you meant and either respond with a request for more information or (in the worst-case scenario) misinterpret your note and start on a counter-productive task. And miscommunications don’t just happen over electronic media - in person, too, messages can be misunderstood.

After passing along an important message to an employee, don’t just ask if they “get it.” Instead, ask them to restate the request or concept in their own words to make sure everyone’s on the same page. This 30-second exercise can save hours and hours of frustration and needless work.

4) Evaluate Your Risks

Your Internet goes out for a day. An overloaded circuit causes a power cut. You get hit with a $6,000 fine from Getty images because the blogger you contract with (unknowingly) posted copyrighted material without proper attribution. Any of these situations (and countless others) could leave your business scrambling to catch up.

Luckily, there are ways to prevent what may seem like out-of-the-blue disasters. Investing a little time in assessing the risks of various projects you take on (e.g., double-checking the maximum electrical load of the outlets in your office or training your employees) empowers you to avoid any risks that are within your power to avoid. For those risks that are beyond your control (e.g., a storm-related flood), you can invest in business insurance so that you have the financial means to recover from unexpected setbacks.

So how can you assess the various risks currently facing your business? Talk with an insurance agent who specializes in coverage for small-business owners in your industry. They’re in the industry of risk management, so they know how to identify risk factors you may not have thought of. Alternately, consult with a business owner in your field who has more experience than you do. The SBA’s SCORE offers such mentoring resources to entrepreneurs around the country.

5) Plot Out Employee Benefits

Small businesses typically can’t offer the same robust health insurance or retirement packages available at larger corporations. You have to make the most of those benefits you can afford to provide. The good news is that, because your team is probably small, you can ask them directly which benefits they’d most like to have.

Whether your team wants flexible hours, work-at-home days, discounts at a gym, or more vacation days, invest time in identifying and meeting those demands as best you can. Showing your employees you value their lives outside the work they do will boost morale and improve their commitment to your company and your mission.

In other words, happy employees are more efficient and productive, meaning they get more done every day.

A Stitch in Time

There’s still truth to the old saying that a stitch in time saves nine. If you don’t have time to mend those pants today, you definitely won’t have time to mend a much bigger hole in three months.

It may seem like a daunting project, but setting your business up for long-term growth by spending time now will save you time later.

ROI Photo via Shutterstock




5 Activities that Yield the Biggest ROI on Your Time

roi on time

If you’re like most small-business owners, time is your most valuable resource. Figuring out how and where to spend your time to yield the biggest payoff can be one of the most difficult and stressful things you do. But as with money, time well spent will return to you tenfold - and squandered time will leave you deeper in the hole.

Below is a guide to five ways to spend your precious minutes and hours to yield major returns and get the best ROI (Return On Investment) for your time.

Smart Time Investments for Busy Business Owners

Too often, small-business owners get sucked into the cycle of putting out fires, spending their days solving immediate, short-term problems that won’t translate to any long-term gains. Consider this cautionary tale: A neighbor of mine had three children. She worked full-time and was always rushing to get them off to school, home from school, fed, bathed and in bed. At the dinner table, she’d cut their food so they could eat faster so she could get the dishes done and they could get to their homework.

One day, she served chicken patties and her 11-year-old daughter waited for her to cut them. She was bewildered - how was it that an 11-year-old couldn’t cut her own food? Of course, she realized it was her own fault: it had been easier in the short-term to do the work for her daughter, but in the long-term, she had the much harder task of teaching an 11-year-old to use a knife.

While it’s difficult to break the do-everything cycle, learning to delegate is the only way to free up your future time for pursuing long-term growth opportunities. Commit some time to at least one of these activities every day, and you’ll soon find you have more time to spend on big-picture, business-growing projects.

1) Hire the Right People

When you finally have the budget to hire a new team member, it’s tempting to find someone as quickly as possible and get them started. After all, chances are you’ve been in need of this person for months, and all you want is a break from the constant work. But rushing the process and hiring the wrong person will only drain your time more as you correct their work, explain your policies over and over and teach skills they should already have.

When you invest time upfront in defining the role you need filled, creating a job description, networking and requesting recommendations, checking references, and interviewing, they payoff is huge: you find the right person for your team. He or she will understand your business goals, take the initiative to push projects forward, and generally help you grow.

Best of all? You won’t have to spend your time fixing his or her work.

2) Train Your Team

Hiring the right people is key. But you also have to train them so they’re aligned with your company goals and mission. Don’t make the chicken patty mistake. Every project is an opportunity for your team to learn new skills.

Over time, learning these skills will allow them to take on more and more of the work you do, which frees you up to pursue bigger and bigger projects.

3) Proofread Your Emails (And Ask Follow-Up Questions)

How many times have you read and reread an email without understanding its message? How often have you replied with a clarification question or picked up the phone to ask for more details? More important, how often have you received an email asking for clarification about something you wrote?

It’s all too tempting to hit “Send” as soon as we’re done dashing off an email. But failing to proofread is a surefire way to waste everyone’s time - your team members will scratch their heads trying to figure out what you meant and either respond with a request for more information or (in the worst-case scenario) misinterpret your note and start on a counter-productive task. And miscommunications don’t just happen over electronic media - in person, too, messages can be misunderstood.

After passing along an important message to an employee, don’t just ask if they “get it.” Instead, ask them to restate the request or concept in their own words to make sure everyone’s on the same page. This 30-second exercise can save hours and hours of frustration and needless work.

4) Evaluate Your Risks

Your Internet goes out for a day. An overloaded circuit causes a power cut. You get hit with a $6,000 fine from Getty images because the blogger you contract with (unknowingly) posted copyrighted material without proper attribution. Any of these situations (and countless others) could leave your business scrambling to catch up.

Luckily, there are ways to prevent what may seem like out-of-the-blue disasters. Investing a little time in assessing the risks of various projects you take on (e.g., double-checking the maximum electrical load of the outlets in your office or training your employees) empowers you to avoid any risks that are within your power to avoid. For those risks that are beyond your control (e.g., a storm-related flood), you can invest in business insurance so that you have the financial means to recover from unexpected setbacks.

So how can you assess the various risks currently facing your business? Talk with an insurance agent who specializes in coverage for small-business owners in your industry. They’re in the industry of risk management, so they know how to identify risk factors you may not have thought of. Alternately, consult with a business owner in your field who has more experience than you do. The SBA’s SCORE offers such mentoring resources to entrepreneurs around the country.

5) Plot Out Employee Benefits

Small businesses typically can’t offer the same robust health insurance or retirement packages available at larger corporations. You have to make the most of those benefits you can afford to provide. The good news is that, because your team is probably small, you can ask them directly which benefits they’d most like to have.

Whether your team wants flexible hours, work-at-home days, discounts at a gym, or more vacation days, invest time in identifying and meeting those demands as best you can. Showing your employees you value their lives outside the work they do will boost morale and improve their commitment to your company and your mission.

In other words, happy employees are more efficient and productive, meaning they get more done every day.

A Stitch in Time

There’s still truth to the old saying that a stitch in time saves nine. If you don’t have time to mend those pants today, you definitely won’t have time to mend a much bigger hole in three months.

It may seem like a daunting project, but setting your business up for long-term growth by spending time now will save you time later.

ROI Photo via Shutterstock




Four Simple Steps To Protecting Your Mobile Device and Data While Traveling

Brought to you by AVG Technologies, the provider of Internet and mobile security, privacy and optimization to 150 million active users. There’s nothing small about small business in our eyes. Get more information how AVG can help your small business stay protected - go to http://www.avg.com/us-en/internet-security-business .

 

Are you afraid of putting a foot out the door of your business? Perhaps not, but you should be. No, Freddy Kruger isn’t going to stalk you, but in the 21st century, stalkers don’t have to literally follow you. They can gain access to your mobile device and you wouldn’t know any better until it’s too late.

Whether you’re traveling to the hardware shop to change some equipment or you’re going on a trip to China, you always need to exercise caution when using your mobile devices in strange territory. Every time you leave your office, you also leave the cozy confines of your protected internal network, which if configured correctly has kept nasty hackers at bay.

If you’re not concerned yet, how would it sound if I told you that anyone can sniff your device’s activity under an unencrypted Wi-Fi network? Applications like WireShark enable anyone to see everything that you transfer to and from your smartphone, tablet, laptop, or ultrabook. This practice is more popular than you think. There’s already a growing community of wanna-be hackers who spend their days sniffing out interesting data from phones and posting them on forums for everyone to see. You really don’t want something like that to happen to you!

So what steps can you take to protecting your mobile device and data while traveling? A couple of things, actually!

  • Don’t join any unencrypted Wi-Fi networks. If you don’t have to type some sort of code to get into the network, avoid it. This is where most hackers lurk! They’ll be able to see you send your account details and credit card information across the network to its destination and you wouldn’t know any better. Granted, many transactions are now encrypted but there are still holes. If you must use an unencrypted Wi-Fi network, restrict your activity to websites that use the “https” prefix, as opposed to “http,” in their addresses.
  • You’re really not safe even if you’re working on an encrypted network. Anyone else logged into that particular network can also sniff your activity. If you don’t trust people in your surroundings, you probably shouldn’t be logging in. Again, remember to use “https.”
  • Use a virtual private network (VPN), onion routing, an SSH proxy, or any sort of network tunneling that involves a certain degree of encryption. With this, you can connect to your local network at your business and browse through emails, sites, and social networks without eyes peering through your data.
  • Don’t forget to teach your employees all this advice! Especially if they carry sensitive business data on their mobile devices, it’s imperative that they learn to take care of that data. Otherwise, your business will leak at its seams, which can be potentially destructive. Your business is only as strong as its weakest employee. Train each one to follow these rules and you’ll be fine!

The world may seem peaceful and innocent from inside a glass screen, but that couldn’t be further from the truth. Now that you know how to engage the enemy, it’s time to go out on the street and practice your Wi-Fi Kung Fu.

 



Four Simple Steps To Protecting Your Mobile Device and Data While Traveling

Brought to you by AVG Technologies, the provider of Internet and mobile security, privacy and optimization to 150 million active users. There’s nothing small about small business in our eyes. Get more information how AVG can help your small business stay protected - go to http://www.avg.com/us-en/internet-security-business .

 

Are you afraid of putting a foot out the door of your business? Perhaps not, but you should be. No, Freddy Kruger isn’t going to stalk you, but in the 21st century, stalkers don’t have to literally follow you. They can gain access to your mobile device and you wouldn’t know any better until it’s too late.

Whether you’re traveling to the hardware shop to change some equipment or you’re going on a trip to China, you always need to exercise caution when using your mobile devices in strange territory. Every time you leave your office, you also leave the cozy confines of your protected internal network, which if configured correctly has kept nasty hackers at bay.

If you’re not concerned yet, how would it sound if I told you that anyone can sniff your device’s activity under an unencrypted Wi-Fi network? Applications like WireShark enable anyone to see everything that you transfer to and from your smartphone, tablet, laptop, or ultrabook. This practice is more popular than you think. There’s already a growing community of wanna-be hackers who spend their days sniffing out interesting data from phones and posting them on forums for everyone to see. You really don’t want something like that to happen to you!

So what steps can you take to protecting your mobile device and data while traveling? A couple of things, actually!

  • Don’t join any unencrypted Wi-Fi networks. If you don’t have to type some sort of code to get into the network, avoid it. This is where most hackers lurk! They’ll be able to see you send your account details and credit card information across the network to its destination and you wouldn’t know any better. Granted, many transactions are now encrypted but there are still holes. If you must use an unencrypted Wi-Fi network, restrict your activity to websites that use the “https” prefix, as opposed to “http,” in their addresses.
  • You’re really not safe even if you’re working on an encrypted network. Anyone else logged into that particular network can also sniff your activity. If you don’t trust people in your surroundings, you probably shouldn’t be logging in. Again, remember to use “https.”
  • Use a virtual private network (VPN), onion routing, an SSH proxy, or any sort of network tunneling that involves a certain degree of encryption. With this, you can connect to your local network at your business and browse through emails, sites, and social networks without eyes peering through your data.
  • Don’t forget to teach your employees all this advice! Especially if they carry sensitive business data on their mobile devices, it’s imperative that they learn to take care of that data. Otherwise, your business will leak at its seams, which can be potentially destructive. Your business is only as strong as its weakest employee. Train each one to follow these rules and you’ll be fine!

The world may seem peaceful and innocent from inside a glass screen, but that couldn’t be further from the truth. Now that you know how to engage the enemy, it’s time to go out on the street and practice your Wi-Fi Kung Fu.

 



4 Key Components For Social Media Marketing Success

You want your business to be successful, right? Of course you do. In that case, you need to make sure you have an amazing social media campaign. Do you know what components for social media you need to make your social media marketing campaign reign?

Social Media Accounts

components for social mediaSocial Media Concept Photo via Shutterstock

One of the biggest components for social media success is the accounts themselves. And you need a variety of them. You’re not going to have tons of success if you only have a Facebook page. A Twitter account is great, but remember, it only allows you 140 characters per post. When you have a variety of accounts, you reach more people and are able to work in different mediums.

The Perfect Audience

components for social mediaAudience Concept Photo via Shutterstock

Let’s face it - if you don’t have an audience, you might as well go home. There’s no point in even putting the work in if no one is interested in your product or service. Luckily, there is always someone who is going to be interested. You just need to find them.

When looking for the perfect audience on your social media accounts, you need to make sure that you are billing yourself correctly. If you are a business that thrives on a local audience, make sure that you are marketing toward your city. Getting the right audience will help ensure your success. You can have a huge audience and still fail if they are an audience of the wrong people.

Creating Your Content

components for social mediaContent Concept Photo via Shutterstock

Social media is all about being social. If you never make posts, there’s no point in having the accounts. You need to make sure that you’re constantly creating content for your accounts. The content you create should be interesting, informative and awesome. No one wants to read boring updates. You also need to remember that no one is going to follow you if all of your content is about your sales or your business.

Make sure that your content is actually something that your followers are going to enjoy. Offer different types of content. Link to interesting articles or other posts you find around the Web. Share jokes or quotes. Don’t be afraid to talk about your sales or offer information about your business. Just don’t make it the only thing you talk about.

Stay Current and Relevant

components for social mediaStay Current Photo via Shutterstock

One of the biggest components of social media success in the marketing world is staying relevant. You need to make sure that you are current. Depending on your market, this could mean that you are updating on a daily basis or even more frequently. Other markets may only require updates once a week or so. Either way ensures you don’t fall by the wayside because you aren’t keeping your pages fresh. The longer you let your social media accounts go without new content, the further behind you fall.

Keep your head up. Even though social media marketing takes work, it can be a lot of fun. Get your business out there to the right audience, and you’ll have some amazing interactions with your customers.




4 Key Components For Social Media Marketing Success

You want your business to be successful, right? Of course you do. In that case, you need to make sure you have an amazing social media campaign. Do you know what components for social media you need to make your social media marketing campaign reign?

Social Media Accounts

components for social mediaSocial Media Concept Photo via Shutterstock

One of the biggest components for social media success is the accounts themselves. And you need a variety of them. You’re not going to have tons of success if you only have a Facebook page. A Twitter account is great, but remember, it only allows you 140 characters per post. When you have a variety of accounts, you reach more people and are able to work in different mediums.

The Perfect Audience

components for social mediaAudience Concept Photo via Shutterstock

Let’s face it - if you don’t have an audience, you might as well go home. There’s no point in even putting the work in if no one is interested in your product or service. Luckily, there is always someone who is going to be interested. You just need to find them.

When looking for the perfect audience on your social media accounts, you need to make sure that you are billing yourself correctly. If you are a business that thrives on a local audience, make sure that you are marketing toward your city. Getting the right audience will help ensure your success. You can have a huge audience and still fail if they are an audience of the wrong people.

Creating Your Content

components for social mediaContent Concept Photo via Shutterstock

Social media is all about being social. If you never make posts, there’s no point in having the accounts. You need to make sure that you’re constantly creating content for your accounts. The content you create should be interesting, informative and awesome. No one wants to read boring updates. You also need to remember that no one is going to follow you if all of your content is about your sales or your business.

Make sure that your content is actually something that your followers are going to enjoy. Offer different types of content. Link to interesting articles or other posts you find around the Web. Share jokes or quotes. Don’t be afraid to talk about your sales or offer information about your business. Just don’t make it the only thing you talk about.

Stay Current and Relevant

components for social mediaStay Current Photo via Shutterstock

One of the biggest components of social media success in the marketing world is staying relevant. You need to make sure that you are current. Depending on your market, this could mean that you are updating on a daily basis or even more frequently. Other markets may only require updates once a week or so. Either way ensures you don’t fall by the wayside because you aren’t keeping your pages fresh. The longer you let your social media accounts go without new content, the further behind you fall.

Keep your head up. Even though social media marketing takes work, it can be a lot of fun. Get your business out there to the right audience, and you’ll have some amazing interactions with your customers.




Radware\'s Ron Meyran discusses DoS attack tools, planning, execution

Denial-of-service attacks are on the rise, and Ron Meyran, Radware's director of security solutions, answered our questions about how these attacks are being used and described the weaknesses being exploited. He also recommended downloading the DoS attack tools being used against you to test your own infrastructure -- before someone else does.

We're definitely seeing a significant increase in DoS attacks. They've at least doubled from last year. But I suspect that a significant portion of this increase is because organizations are just now becoming aware that the slowdowns they suffered are actually attacks.

Ron Meyran,
director of security solutions, Radware

What kinds of weaknesses do attackers search for when studying and selecting denial-of-service (DoS) targets?

Ron Meyran: Attackers are looking for standard weaknesses in the form of open ports, inspector rules, remote maintenance, etc. The main thing they're really interested in is the application: how it's designed and whether or not there are any software bugs that can be exploited.

With denial-of-service attacks, it's not necessarily the standard vulnerabilities that intrusion prevention systems [IPS] or firewalls would cover, but if the center for mobility is reached it enables an attacker to launch a smart attack with relatively low traffic -- and it can cause a lot of damage.

For example, attack tools like Slowloris can consume all of the services of a Web server in less than a minute and make it unavailable to other users. If a website provides information like large image files or enables you to perform a search on the database, it simply places a standard search or a download of the same large file over and over to kill the availability of the servers. So we're seeing a shift from bandwidth attacks, which involve sending irrelevant traffic to a target, to today's central processing unit [CPU] attacks on targets. CPU attacks target the CPUs behind the servers, where you can increase the CPU utilization quite easily with application attacks.

How are DoS attacks being used?

Meyran: Within the past four years we've seen a major shift in attackers' motivation. Hacktivism has become a major trend -- with Anonymous, Lulzsec, the Nightmare Group and others launching attacks based on ideals. If Turkey, for example, is trying to filter content on the Internet, they'll attack the Turkish government's website; it's a form of protesting.

Another technique is 'camouflage attacks,' in which attack tools are distributed and a group simply coordinates the data or start of the attack. The attack on Sony PlayStation was originally thought to be a DoS attack, but it was eventually revealed to be a camouflage attack. Why? The attackers were running a high-coverage attack on Sony's network. They knew that once the security equipment reached a 100 CPU utilization rate, it would either let the traffic in or bypass all traffic. Then they could use a secret injection and other low-and-slow attacks to break into Sony accounts. The real attack was the penetration into their databases, which they couldn't see, of course, because they thought they were fighting a DoS attack, and also because the volume of the attack traffic behind the DoS effectively 'camouflaged' it.

How much of a time investment goes into reconnaissance prior to DoS attacks?

Meyran: The reconnaissance lasts days or weeks, and eventually an attack will last several hours or days. Generally, attackers will invest the time. But it's cumulative time, since it's a set of security experts or hackers who study the victims for several weeks and then share their findings and combine strategies to knock down the website. It's a significant amount of time investment. And the victim who has no idea they're about to be attacked isn't investing any time at all.

Are DoS attack tools evolving?

Meyran: Attackers usually use the same sets of tools -- Slowloris, Sockstress, LOIC [Low Orbit Ion Cannon] and HOIC [High Orbit Ion cannon]. All of these tools include network attacks, server attacks and application-level attacks. The point here is the mix or the blend of the attack vectors and the definition of the attack vectors. We're seeing them getting smarter. Once they start launching the attack, they've already learned which tools the target is using to protect their assets. If they've discovered a signature-detection engine, they'll simply change the attack vector pattern.

For example, they may be using an HTTP flood, but they'll ask for different pages or include different parameters in the HTTP GET request, so each time the target manages to define the signature to protect, the attackers immediately change the pattern and the signature becomes obsolete.

So the attackers are quite smart. It isn't rocket science to protect against it, but the point is that most organizations aren't preparing for attacks. It's the equivalent of bringing a knife to a gunfight. Organizations think they should get ready for an attack by deploying security equipment, defining security policies, updating signature files on their equipment … and that's it.

Once an attack is carried out, organizations will study the logs to see where the breaches occurred and find their weaknesses, and then they'll make improvements.

To date, most DoS attack tools are available on the Internet. Organizations can download them and test their infrastructure in about an hour. This is one of the first things I recommend to people. If you test your own infrastructure, you'll know how it'll respond to an attack.

Is malware involved in DoS attacks?

Meyran: With regard to DoS, malware isn't a key tool. But we sometimes see attackers infect servers of a cloud provider or hosting provider so they can remotely control the servers to launch their attack. The motivation to use servers rather than end-user PCs is because servers have higher CPU capacity, better networking connections and they're available 24-7.

The typical damage done due to denial-of-services attacks on a medium-sized organization is $3 million per year. If organizations invest maybe 5% of that amount, they could get ready and prevent that damage and cost of downtime.

Can organizations do anything differently, knowing how hackers prepare for DoS attacks?

Meyran: More than half of all organizations think their firewall and IPS can protect them against DoS. This shows they don't really understand that firewalls and IPS are stateful devices, while DoS is about creating new sessions and turning firewalls and IPS into bottlenecks. Once you fill the firewall or IPS session table, no new sessions are available and the firewall will block any new sessions and the IPS will fall into bypass -- and this equipment is the core of network security.

What do you expect to be the most important tool to prevent DoS attacks in the next few years?

Meyran: Organizations will need equipment on their premises to detect application attacks, but it looks like service providers will be responsible for providing a level of protection against the volumetric or network attacks that can saturate the Internet link connection. The service provider should be the one removing the excessive traffic -- which can cause the Internet links to prevent legitimate traffic flow into the infrastructure.

But on the other hand, organizations need equipment on site to analyze what's going on. They need the visibility, since most of the traffic today is carried or moved on the secure sockets layer [SSL] and no one discloses their SSL certificates to their service provider. So you need the equipment on site to look into traffic and decide whether a new session is a legitimate user or attack traffic that should be terminated immediately.

Are DoS attacks increasing significantly in 2013?

Meyran: We're definitely seeing a significant increase in DoS attacks. They've at least doubled from last year. But I suspect that a significant portion of this increase is because organizations are just now becoming aware that the slowdowns they suffered are actually attacks. In many cases, organizations don't have the tools to identify why the infrastructure is slowing down and they think it's a technical problem, then it stops and they think they've fixed the problem.

More people need to be aware of these attacks and report them when they occur.




Research reveals 2013 boom in mobile malware

Significant rises in mobile malware, specifically for Android, has been detected over the past six months.

According to research from Fortinet, it has detected a 30 per cent increase in mobile malware over the last six months, with more than 1,300 new samples per day. Similar research by Trend Micro uncovered 718,000 malicious Android apps in the first half of 2013.

In its security roundup report, it said that from 509,000 spotted in the first quarter of 2013, Trend Micro predicted that the number of malicious Android apps would top the million mark before the end of the year.

In particular, data-stealing malware was on the rise, while malware had been found on the official Google Play store.

Fortinet said that it was currently tracking over 300 unique Android malware families and over 250,000 unique malicious Android samples. Axelle Apvrille, senior mobile anti-virus researcher for Fortinet's FortiGuard Labs, said: “Three years ago, mobile malware wasn't much of a concern, and most malware at the time targeting smartphones and tablets was nothing more than 'annoyware' such as the Cabir virus or scam software used to commit SMS fraud or replace icons.

“However, as devices have proliferated, so too have cyber criminals eager to capitalise on the growing user base. Our research shows the proliferation of mobile malware will not abate anytime soon.”

JD Sherry, vice president, technology and solutions at Trend Micro, said: “Due to the fractured nature of the Android network, it is very difficult for patches to reach all users in an effective time frame. In some cases, users will never get patches as vendors leave their customers at risk of attack.

“Until we have the same urgency to protect mobile devices as we have for protecting PCs, this very real threat will continue to grow rapidly. At the rate this malware is accelerating - almost exponentially - we appear to be reaching a critical mass.”



Researchers release tools and code used to control Ford and Toyota test cars

Researchers who demonstrated how to compromise a car's internal network have made their work publicly available.

Three days after their DefCon talk, Charlie Miller, a security engineer at Twitter, and Chris Valasek, director of security intelligence at IOActive, have released a whitepaper (PDF) describing their research, as well as the data, tools and code used in their exploits.

“We hope that these items will help others get involved in automotive security research," Valasek wrote in a blog post.

“The paper is pretty refined but the tools are a snapshot of what we had.”

The pair tested on a 2010 Ford Escape and 2010 Toyota Prius and demonstrated how to control the steering wheel or the brakes. Both car manufacturers received the documents several weeks before DefCon.

“If the only thing that keeps our cars safe is that no one bothers to do this kind of research, then they're not really secure,” Miller told IDG News Service. “I think it's better to lay it all out, find the problems and start talking about them.”

Their talk, 'Adventures in automotive networks and control units', discussed findings involving controller area networks (CAN) and automobile firmware. CAN is a protocol that enables electronic systems in cars to speak to each other without the need for a centralised computer.

Toyota and Ford reportedly have responded to say they were more concerned with remote hacking and that Miller and Valasek's research required direct access to the automobile, something that would be visible to a real-life victim. 

Miller and Valasek responded that researchers a few years ago already accomplished remote infiltration. The purpose of their work was to learn how far one can go with direct access. In addition, they said that dashboard removal was not necessary.



Provide A Positive Mobile Shopping Experience Or Your Customers Will Flee! (Infographic)

It’s hard to find anyone these days who doesn’t own a smartphone.  And it’s even more difficult to find people who aren’t using those smartphones to help with every aspect of their life, including shopping.  71% of smartphone owners say they shop using their mobile device, but alarmingly, 88% of those who shop on their smartphone have experienced negative issues.

A recent survey conducted online by Harris Interactive, on behalf of Skava - a provider of mobile, tablet and in-store technologies, asked more than two-thousand U.S adults aged 18+ about their experience when shopping on smartphones.  The infographic below outlines what the study found:

The biggest pain points noted by mobile shoppers included:

  • 51% said that retailer websites are harder to navigate and use on a mobile device than on a desktop
  • 46% said that product images are too small to make buying decisions
  • 41% showed concerns over security on their smartphone
  • 26% said that the checkout process is a pain

 

“The sudden rise in the number of visitors accessing retailer’s websites from mobile took many retailers by surprise and they quickly created a mobile as a  first response, but the initial bounce rates were high and conversion rates low leaving many retailers thinking that people didn’t have an appetite to buy from mobile,” said Arish Ali, Skava Co-Founder and President. “It isn’t just about putting a mobile website out there - it is about building an experience that is easy for customers to use and takes into consideration the unique attributes of mobile devices. Achieving significant conversion rates on mobile is possible. Amazon, a constant threat to traditional retailer, generated $4 billion in sales through mobile last year. “

 

 While it’s clear that consumers are looking for the convenience of using their mobile device to purchase products from their favorite retailers, the level of service is failing to meet their expectations.  This opens a major opportunity for those small businesses (actually any business) that can offer a simple and positive mobile shopping experience for it’s products and services to those who have ‘fled’ and are looking for an alternative.



Provide A Positive Mobile Shopping Experience Or Your Customers Will Flee! (Infographic)

It’s hard to find anyone these days who doesn’t own a smartphone.  And it’s even more difficult to find people who aren’t using those smartphones to help with every aspect of their life, including shopping.  71% of smartphone owners say they shop using their mobile device, but alarmingly, 88% of those who shop on their smartphone have experienced negative issues.

A recent survey conducted online by Harris Interactive, on behalf of Skava - a provider of mobile, tablet and in-store technologies, asked more than two-thousand U.S adults aged 18+ about their experience when shopping on smartphones.  The infographic below outlines what the study found:

The biggest pain points noted by mobile shoppers included:

  • 51% said that retailer websites are harder to navigate and use on a mobile device than on a desktop
  • 46% said that product images are too small to make buying decisions
  • 41% showed concerns over security on their smartphone
  • 26% said that the checkout process is a pain

 

“The sudden rise in the number of visitors accessing retailer’s websites from mobile took many retailers by surprise and they quickly created a mobile as a  first response, but the initial bounce rates were high and conversion rates low leaving many retailers thinking that people didn’t have an appetite to buy from mobile,” said Arish Ali, Skava Co-Founder and President. “It isn’t just about putting a mobile website out there - it is about building an experience that is easy for customers to use and takes into consideration the unique attributes of mobile devices. Achieving significant conversion rates on mobile is possible. Amazon, a constant threat to traditional retailer, generated $4 billion in sales through mobile last year. “

 

 While it’s clear that consumers are looking for the convenience of using their mobile device to purchase products from their favorite retailers, the level of service is failing to meet their expectations.  This opens a major opportunity for those small businesses (actually any business) that can offer a simple and positive mobile shopping experience for it’s products and services to those who have ‘fled’ and are looking for an alternative.



New security classifications could confuse government departments

Public and private sector suppliers have been warned of the danger of 'data dumping', as they seek to comply with the new Government Security Classifications Policy (GCSP).

Under the new ruling, departments and associated parties have nine months to reclassify their data from using the current six tiers of protective markings to three, and should implement the changes systematically as part of a cohesive risk management program, said consultancy Auriga.

While presenting an opportunity for government departments, agencies and their private sector suppliers to simplify classification, the company warned that the process could prove painful in the short term, as organisations re-evaluate data, assign categories and adjust their risk management posture.

The GCSP will reduce the six tiers of the Government Protective Marking System (GPMS) of 'top secret, secret, confidential, restricted, protected and unclassified' to 'top secret, secret and official'. This has a proposed rollout date of April 2014. A taxonomy will need to be put in place to help direct the underpinning risk management processes and create a more informed risk-driven approach to management.

Geoff Eden, subject matter expert at Auriga, said that a data classification system should be an integral aspect of any organisation's data lifecycle processes, with the approach to risk management, and the necessary level of assurance, shaped by the characteristics of each classification.

“The GSCP can help departments and agencies realise the business and security benefits of this, but only if
data classification is well thought-through, effectively integrated with the organisation's data lifecycle processes, and not done in haste," he said.

Louise T. Dunne, managing director of Auriga, said: “Departmental planning will have to be meticulous where possible and involve substantial business and process change in order to realise more effective working practices and the required cultural change and reform that the policy is hoping to deliver. That takes time and patience but GSCP is essentially a form of transition and change management.”



Faxing errors leads Information Commissioner to fine Bank of Scotland £75,000

The Bank of Scotland has received a £75,000 monetary penalty from the Information Commissioner's Office (ICO) after customers' account details were repeatedly faxed to the wrong recipients.

The incident was first revealed by a member of the public who reported that they had been sent another person's mortgage information in 2009. Their account number was one digit different from the intended recipient. A second fax was sent in the same year to the wrong recipient with a two-digit difference in number. The member of staff was subsequently trained, but in 2011 the same member of the public complained to the data controller that they had continued to receive faxes, amounting to 60 in total.

The information included payslips, bank statements, account details and mortgage applications, along with customers' names, addresses and contact details. In total, at least 21 documents were sent in error during this time, with another member of the public receiving a further ten misdirected faxes.

Despite the knowledge of the mistakes and a warning from the Information Commissioner to the data controller, four further mistakes were made in 2012, with items including a death certificate sent to the wrong address.

The ICO said that the data controller had “failed to take sufficient appropriate technical and organisational measures against unauthorised processing of personal data so as to effectively prevent such unauthorised processing occurring”.

Its undertaking said that “given the consistent and widespread nature of this error, it appears reasonable to the commissioner that the data controller should also have taken steps to alert its staff, not only to the general issue of misdialling, but also the prevalence of this particular error”.

In issuing the £75,000 fine, the ICO said that it was satisfied that the contravention is of a kind likely to cause substantial damage and distress. One of the recipients said that they had shredded the faxes upon receiving them.

Stephen Eckersley, head of enforcement at the ICO, said: “The Bank of Scotland has continually failed to address the problems raised over its insecure use of fax machines. To send a person's financial records to the wrong fax number once is careless. To do so continually over a three-year period, despite being aware of the problem, is unforgiveable and in clear breach of the Data Protection Act.

“Let us not forget that this information would have been all a criminal would ever need to carry out identity fraud. Today's penalty reflects the seriousness of this case.”