Curved Smartphones Trend: G Flex Ready for the U.S.

“Curved” is all the rage when it comes to smartphones these days.  In fact, 2014 may be shaping up as the year of curved smartphones.  First Samsung announced one available in Korea at an eye-popping price of about $1,000. Then Apple announced it would be releasing two curved phones sometime in 2014.

And now LG, which announced its own curved smartphone in November, says its phone (pictured) will soon be arriving on U.S. shores.  The G Flex will be available in the United States in the first quarter 2014, through AT&T, Sprint and T-Mobile.

LG made the announcement at the recent Consumer Electronics Show in Las Vegas, IGN reports. The phone, with a six inch curved screen will available from carriers AT&T, T-Mobile and Sprint. 

So why does a phone need to be curved, and what are the advantages of curved smartphones over flat / straight smartphones?  According to the LG press release, there are several advantages of this curved phone:

“The vertically curved design of the LG G Flex reduces the distance between one’s mouth to the microphone when the device is held against the ear, as traditional telephone handsets used to. The LG G Flex employs a curvature arc that is optimized for the average face, to deliver improved voice and sound quality. The curved form increases the sound level by 3dB compared to typical flat smartphones. The curved design also offers a more reassuring grip and fits more comfortably in one’s back pocket. What’s more, in landscape mode, the display offers an immersive, cinematic experience, with the result being the most comfortable viewing angle for watching videos or playing games.”

Here’s a review of the device from TechSmartt:

The phone also features a 13 megapixel camera on the back and a two megapixel camera on the front. Reviewers say the battery (which is also curved, of course) will stand up to days of heavy use.

The phone’s curved design supposedly allows it to be more resilient. If weight is applied flattening the phone (say by someone sitting on it or sitting down with it in his or her back pocket), no worries, reviewers say. The  phone will simply bend back to its proper shape undamaged.

There’s also the much discussed “self-healing” back of the device on which minor scuff marks from your keys, for example, when the phone is in your pocket, seem to disappear over time. (Just don’t take a knife to it or anything more extreme.)

So, with all these pros, what kind of negatives could possibly discourage you from buying this phone for your business?  Well, the cost might be one thing.

Android Authority reports that, based on the phone’s current price in its native Korea, it might cost more than $900 here in the states. That might be more than $200 out of pocket even after signing a two year contract and receiving carrier subsidies.

Image: LG

Three Traits Your Web Designer Must Have: Listen, Creativity, Technical Competency

Smallbiztechnology.com recently went through a visual upgrade (and some other things).

In working with our web design team (Andigo Media) I learned a few things about what makes a great web design company.

LISTEN -  I’ve worked with many web designers and the GREAT web designers stand out because they listen. Before they talk about code, color, SEEO and etc - they ask about your goals, what you are trying to accomplish, how the webs site will be used.

If you’re web designer does not serve as your ONLINE CONSULTANT, and you are not willing to listen to them - you’re wasting your time.

CREATIVITY - A good web designer will the creative ability to provide a variety of designs. You do NOT want a web site that looks like everyone else. Some web designers get stuck in a rut and they can only design one type of visual. A web designer who works with a team is able to deliver the creativity you need

TECHNICAL - When it comes time to

• connect your Wix web site to Infusionsoft then (or some other “thing” that a techie might do)
• integrate with Eventbrite then
• ensure it’s all secure then 
• add some custom design
• or maybe just upgrade your WordPress web site

It is essential that your web designer (or his team) have the technical ability to do what’s needed.

For true small businesses who are looking for growth - YOU MUST hire a web designer that can build you a business web site - not a toy web site.

MasterCard and Web.com Offer Payment Solution Take-A-Payment

MasterCard and Web.com have teamed up to create a solution both companies say will make it easier and faster for businesses to get paid online. The option is called Take-A-Payment and is now being offered as part of Web.com’s website design and hosting services. But it is built with MasterCard’s less than a year old Simplify Commerce development tools.

In a phone interview with Small Business Trends, Debbi Lechner, Vice President of Ecommerce Product Marketing at Web.com explained:

“A lot of small businesses count themselves out of the ecommerce solution. It’s very simple. It’s an opportunity for small businesses to get involved.”

Web.com offers a range of options from build-it-yourself Web design tools to design services, hosting, domain names etc., Lechner said.

For a cost of $9.95 per month, Web.com users can add Take-a-Payment to their websites. It allows customers to pay invoices, service fees and other payments using a credit card. Website owners are then charged 2.85 percent for each payment plus a fee of 30 cents per transaction.

You don’t need to be a Web.com customer to use MasterCard’s new Simplify Commerce service. If you’re building your own website or have contracted with a developer, you can incorporate the new MasterCard solution into that project, too.

Another unique feature is that Simplify Commerce lets you take payment from a variety of credit cards rather than just from MasterCard.

There are other payment options like PayPal and Square that offer an opportunity to accept a variety of credit cards. But this is the first one we can recall run by a major credit card company that lets you accept payments through a competitor’s card.

In another call with Small Business Trends, Debbie Barta, Simplify Commerce Product Lead at MasterCard Labs explained:

“Merchants are looking for a simple one-stop shop online payment. We make it very simple for merchants to get up and running.”

You can setup a Simplify Commerce account directly from the MasterCard site for free. However, you’ll probably need a basic understanding of programming or the skills of a developer to make it work for you.

Image: Web.com

Hey Local Retailer - Are You Ready To Use Your Customers Cell Phones To Get More Sales?

Since I bought a new phone I’ve kept Foursquare on. It’s pretty neat. I’ get alerted when I’m near a restaurant or other retailer and encouraged to check-in, get a deal or just get information about it. I like this and think this version of “privacy invasion” is good.

Are you using Foursquare or other tools and services to boost engagement with local traffic to your local business?

Imagine the thousands of people streaming into a mall every day, or visiting downtown. Did you know how you can leverage local marketing tools and services to encourage customers to visit you?

As with any marketing it’s critical to MEASURE the return on your marketing investment.

Spending $5,000 on marketing and making $1,000 - means you are losing money. Of course for some marketing there is NOT a direct line between a sale and an advertisement. However, as you test your local marketing you should definitely look for a direct line between your advertising spend and a new (or repeat) customer.

There are solutions that compete with Foursquare as well. The Wall Street Journal writes “”Instead of offering a general promotion that may or may not hit a nerve, we can promote specifically to the customer’s taste,” says Mr. Zhang. He recently emblazoned workout tank-tops with his restaurant’s logo, based on the data about his customers’ gym visits”

Check out Foursquare advertising here.

For current customers make sure you are CAPTURING their information so that “for free” you can market to them over and over again and encourage them to buy from you - again and again.

After you ATTRACT customers make sure you have a system in place to regularly nurture and reach out to them. A CRM system is the ideal tool for this. Here’s information from Infusionsoft on attracting traffic and leveraging CRM to do it.

What You Can Learn from Family Businesses

For a while, the spread of corporate monopolies seemed destined to wipe out mom-and-pop shops for good. But family businesses demonstrated their resilience during the economic downturn, and now they’re stronger than ever. In fact, family-owned companies make up 90% of U.S. businesses. They are responsible for 80% of new jobs and 60% of all jobs in America.

And while those statistics include large corporations such as Ford and Walmart, small family businesses have also been thriving. According to Forbes, many workers laid off during the recession have established family businesses on the Internet, marketing and selling their products through cheaply purchased websites. And prospects seem good for the coming year. Fifty two percent of family business owners (PDF) foresee that their revenues will increase in 2014.

So what can your small business (or small family business) learn from these successful family-owned companies?

Dedication to the Business

A recent study by the Harvard Business Review found that most family business owners have a heightened level of commitment to their business’s health and longevity. The majority of owners run their family business to secure a livelihood for their children, so this gives them a strong vested interest in the continued success of their company.

This dedication also extends to those who work for family businesses. The 2013 Survey of Family Businesses (PDF) found that family employees tend to stay with the family business for an average of 20.6 years, as compared to the 4.6-year average for employees at non-family companies.

Magda Walczak has been working with her family’s business, W.W. Remodeling, since she was fourteen. She explains:

“When you’re working with your family, the stakes are higher. So you work longer and harder, which breeds success.”

Looking to the Future

Family businesses are also less likely to sacrifice their company’s longevity for short-term gains. As the Handbook of Research on Family Business details, most successful family-controlled companies have a conservative fiscal policy, low debt and high liquidity ratios. Additionally, “they guard against doing anything in the short run that might compromise the future of the business.”

This means less money is spent on unnecessary expenses. As the aforementioned Harvard Business Review says:

“It’s possible to identify [a family business] just by walking into the lobby of its headquarters.”

In addition to forgoing lavish office spaces, family businesses are also less likely to take huge financial risks. While this can make them less successful in boom times, it means they can more easily survive economic downturns.

Customer Service

Family businesses are also especially dedicated to customer service. ExploreB2B.com found that family businesses “are not only working to get new customers but to keep the existing ones.”

This means that family businesses are more likely to go the extra mile to meet customer’s needs and resolve complaints. They are also more likely to provide personalized service and forge relationships with their customers. Walczak says:

“Because we’re all financially and emotionally invested in our business, we take care of our customers with much more care than our non-family competitors. This means that our clients are very loyal and give us a ton of referrals.”

Family Values

Family business owners work to maintain not only a thriving business from one generation to the next but also strong company values. One study found that business owners were most likely to encourage their children to “earn their own money, give to charity and volunteer.”

Another study (PDF) analyzed the websites of the largest family and non-family companies in search of their values. While both types of companies emphasized integrity, respect and customers, only family-owned companies associated their brand with generosity, humility, communication and service. These more community-oriented values can actually give family businesses a competitive edge.

As Lucia Ceja and Josep Tapies explain in a recent Business Spectator article:

“By dedicating energy to achieving the highest quality standards in their products and services, as well as by being humble and generous, [family businesses] are able to establish deep connections with other stakeholders.”

Investing in Workplace Diversity

According to the American Family Business Survey, 25% of CEOs in family businesses are women, and the majority of family businesses have women in top management positions. In comparison, only 3% of non-family Fortune 500 companies are currently led by women.

There has also been a shift in the role of women within family businesses. Whereas traditionally, the mother acted as a mediator between the father and children, now she is more likely to hold an active position within the actual business. This gives family businesses a leg-up over less diversified, non-family companies. A recent study by the U.S. Chamber’s Center for Women in Business found that the Fortune 1000 companies that have committed to diversifying their top positions consistently outperformed their peers.

Whether your small business is family or non-family owned, you can easily apply these strategies. If you dedicate yourself to your work, favor the long-term over short-term, prioritize customer service, instill family values and diversify your top positions - your company will be better prepared to face an uncertain economic future.

Family Business Photo via Shutterstock

AIG: Cyber insurance sales have risen by 30%

January 16, 2014

Multinational insurance provider AIG today told The Financial Times that sales of cyber insurance had jumped up by 30 percent in 2013 when compared with the year before.

“What we've being seeing is significant growth,” said Tracie Grella, who oversees AIG's cyber insurance initiatives as the head of professional liability. She added that cyber insurance had jumped by 30 percent on a year-on-year basis in 2013.

Despite this, there are conflicting figures on how just big cyber insurance has become. For all the prominent hacks against the likes of Target, a report from Experian late last year found that just 31 percent of US companies had cyber insurance policies in place. However, another study from risk management research firm Betterley Risk Consultants founds that the annual gross premium for US cyber insurance policies was USD $1.3 billion (£734.2 million).

It is perhaps no surprise then that one information security expert believes that it is still early beginnings for the nascent cyber insurance market.

“It's an immature market,” said Karl Schimmeck, VP of financial services operations at Sifma, an industry group for financial companies that last year spearheaded a simulated wide-scale cyber attack on Wall Street, when speaking to the FT.

“The risks are not very well understood. There's not a lot of historical information that insurance companies can call on to quantify their risk. That's part of the problem.”

Even AIG's own CEO, Peter Hancock, confessed at a recent conference that the market has plenty of growth ahead.

“This is still a very small market that gets more talk than action, but it is a growth opportunity,” said Peter Hancock, executive vice president of American International Group Inc and CEO of the insurer's property/casualty unit.

Speaking shortly after the announcement, Lior Arbel, the CTO of information security firm Performanta, said that the figure was welcome news, but worries that the policies themselves may not cover enough.

“It is not surprising given the growing prevalence of cyber-attacks that insurance to protect a company's assets from the danger is also growing to match the threat,” Arbel told SCMagazineUK.com.

“However, although insurance is important, it ignores that the damage from a cyber-attack goes far beyond specific infrastructure or hardware damages. The full effect of a cyber-security attack could involve not only the loss precious lost data, and a loss of trust, but also result in irreparable reputational damage with customers.

“Priority for budget must therefore be in technologies and strategies to prevent the cyber-attack in the first place. Businesses need to take proactive steps to ensure its information is properly monitored and secured, from external and internal threats, with the implementation of an effective Data Loss Prevention system. 

"If a company or its customer data is stolen, no amount of insurance money will win back confidence in the company.”

AIG: Cyber insurance sales have risen by 30%

January 16, 2014

Multinational insurance provider AIG today told The Financial Times that sales of cyber insurance had jumped up by 30 percent in 2013 when compared with the year before.

“What we've being seeing is significant growth,” said Tracie Grella, who oversees AIG's cyber insurance initiatives as the head of professional liability. She added that cyber insurance had jumped by 30 percent on a year-on-year basis in 2013.

Despite this, there are conflicting figures on how just big cyber insurance has become. For all the prominent hacks against the likes of Target, a report from Experian late last year found that just 31 percent of US companies had cyber insurance policies in place. However, another study from risk management research firm Betterley Risk Consultants founds that the annual gross premium for US cyber insurance policies was USD $1.3 billion (£734.2 million).

It is perhaps no surprise then that one information security expert believes that it is still early beginnings for the nascent cyber insurance market.

“It's an immature market,” said Karl Schimmeck, VP of financial services operations at Sifma, an industry group for financial companies that last year spearheaded a simulated wide-scale cyber attack on Wall Street, when speaking to the FT.

“The risks are not very well understood. There's not a lot of historical information that insurance companies can call on to quantify their risk. That's part of the problem.”

Even AIG's own CEO, Peter Hancock, confessed at a recent conference that the market has plenty of growth ahead.

“This is still a very small market that gets more talk than action, but it is a growth opportunity,” said Peter Hancock, executive vice president of American International Group Inc and CEO of the insurer's property/casualty unit.

Speaking shortly after the announcement, Lior Arbel, the CTO of information security firm Performanta, said that the figure was welcome news, but worries that the policies themselves may not cover enough.

“It is not surprising given the growing prevalence of cyber-attacks that insurance to protect a company's assets from the danger is also growing to match the threat,” Arbel told SCMagazineUK.com.

“However, although insurance is important, it ignores that the damage from a cyber-attack goes far beyond specific infrastructure or hardware damages. The full effect of a cyber-security attack could involve not only the loss precious lost data, and a loss of trust, but also result in irreparable reputational damage with customers.

“Priority for budget must therefore be in technologies and strategies to prevent the cyber-attack in the first place. Businesses need to take proactive steps to ensure its information is properly monitored and secured, from external and internal threats, with the implementation of an effective Data Loss Prevention system. 

"If a company or its customer data is stolen, no amount of insurance money will win back confidence in the company.”

Social Credit: Are You Ready for the Future of Social Media As A Measure of Credit Risk?

Social media is fun. Social media is a great way to build brand recognition and customer engagement.

We know this. But there’s more.

Some startups are now leveraging social media as a tool to measure the credit worthiness of their customers. As a business owner - this could be something you might want to consider as you evaluate what credit to offer your customers.

The flip side of this, is that YOU must understand that this concept of “social financial credit scores” is only going to grow. Companies will use YOUR social activity to measure your credit score. This furthers the reason why YOU must use social media and ensure you’re not using it for just fun and games.

The post you make on Facebook today, could come back to haunt you 2 years from now - be careful.

The Wall Street Journal writes, “There could come a time where certain social media could be predictive and we’re looking at that, but it isn’t yet,” said Anthony Sprauve, senior consumer-credit specialist at FICO.

Companies pioneering the practice generally lend to borrowers with troubled credit histories or no bank accounts. They say the use of alternative scoring metrics helps make credit available to people who might otherwise be denied and that they are careful not to violate federal credit laws.”

9 Hot Marketing and Sales Priorities Every Small Biz Needs to Implement

Infusionsoft (all in one sales and marketing software for small business) brought together a virtual panel of sales and marketing experts to get their predictions for the HOTTEST initiatives in sales and marketing for 2014.

Our experts include:  Melinda Emerson, Ann Handley, Gene Marks, Rieva Lesonsky, Anita Campbell, Seth Godin, Ginger Conlon, Rebecca Sprynczynatyk, Laurie McCabe, David Raab, Aaron Stead, Greg Head, Jeff Mask, )

These predictions include:

• Email Marketing is NOT dead, but very much alive
• Better communication is important. Words matter
• The Year of of Less is More
• Local Customer Targeting
• Marketing on Tiny Screens
• Video Content Is a Must
• and many more predictions. Each prediction has advice and insight!

February is already here (almost). One month, of your 12 months of work is now OVER (almost).

It’s not too late to focus your efforts and do BETTER in 2014 than you did in 2013.

If you want more customers, more revenue, more sales in 2014 you must work HARD to make that happen NOW

The experts we’ve brought together, sharing their best strategies for rocking 2014 is a great starting point.

I’ve already been making great progress on my 2014 commitments - continuing to exercise, taking more notes and more. What about you?

Toshiba Unveils What It Claims Are the World’s First Ultra HD Laptops

The same ultra high definition image display that will soon be in new TVs is coming to laptops, too. Toshiba has announced two new ultra high definition laptops. One will be most useful to businesses with high end video editing, graphics or other design work.

The Tecra W50 and Satellite P50t will have Ultra HD 4K resolution. (That’s more than 4,000 pixels or about four times the resolution of normal high definition TV.)

Both high-end laptops will have a 15.6-inch display with 3840Ã-2160 resolution.

In a prepared statement introducing the laptops, Toshiba vice president of marketing and engineering Carl Pinto said:

“As a leader in Ultra HD, we are leveraging our 4K TV expertise to deliver a display capable of four times the resolution of Full HD to provide smoother images with astounding details. We have applied years of experience and engineering resources to bring Ultra HD 4K technology into our premium laptops for consumers and businesses so they can usher in the next generation of content creation and consumption.”

Toshiba says the Tecra W50 is equipped to run intensive image and graphics programs like AutoCAD and SolidWorks. It has 2GB of dedicated video memory to handle the workload.

Here’s a peek at the device from “tech legend:”

Toshiba says the Satellite P50t is designed to be a more portable device and features touchscreen interfacing. Though the company considers it more of an entertainment computer, it’s easy to see how this device could be used for mobile business too â€" depending on the price tag. And that’s the issue.

No cost has been linked to either of these Toshiba laptops in the official company announcement. (They’re expected to be available in mid-2014.) But considering the relatively new 4K video technology and Ultra HD displays, we can assume they will be expensive.

Image: Tech Legend Video Still

UK government institute to crack down on infrastructure attacks

January 16, 2014

A new government-backed research centre is aiming to tackle the threat on the country's industrial control systems.

The Research Institute into Trustworthy Industrial Control Systems (RITICS), based at Imperial College in London, will look at the threats facing critical systems that control things like manufacturing, power generation and the national rail network.

The centre, which is funded by the Engineering and Physical Sciences Research council (EPSRC) and Cabinet Office (via the Centre for the Protection of National Infrastructure - CPNI), will also analyse and devise ways of countering cyber attacks that can shut down these systems.

The Institute's director is Professor Chris Hankin, the director for the Institute for Security Science and Technology at Imperial College, said that its primary focus will be mitigating risk in future.

“Our industrial control systems are vital for running most of the industrial processes that underpin modern society,” said Hankin in a statement. “From electricity generation to making sure trains run on time, these systems are vital to our everyday lives, but more work needs to be done to determine how vulnerable they are to threats from cyber-attack.”

Speaking to SCMagazineUK.com, Hankin said that the RITICS centre will look to understand the harm of incoming threats, how they can articulate those threats as business risks, and conjure “novel, effective and efficient” interventions.

The Institute director did warn, however, that it will take time to understand the specific threats.

“The projects that constitute RITICS won't start until October,” he told SCMagazineUK.com.

“I am spending time building a network of industries to develop a better assessment of the real threats.  The threats come from the fact that ICS have increasingly become integrated with enterprise IT.”

Industrial control systems are often found in large, remote areas making them vulnerable to attack. These have historically been operated in isolation, but with an increasing number connecting to business IT networks - allowing for regular maintenance - they are increasingly susceptible to attack.

“Attacks on industrial control systems are becoming more common,” Tripwire CTO Dwayne Melancon told SCMagazineUK.com.

“Many of these controllers affect things like power grids, pipelines, and even the food supply chain, so successful attacks can be quite disruptive and disconcerting which increases the attractiveness to many attackers.  Effectively, many of these attacks are similar to the distributed-denial-of-service (DDoS) attacks aimed at financial institutions but they can impact critical infrastructure.” Melancon added that attacks were also more likely to surface as a result of trends like the “Internet of Things” and SmartGrid.

The centre is part of the UK Government's Cyber Security initiative, which was put in place in November 2011. The scheme has been backed by £650 million of government funding and its objectives include making the UK secure for doing business in the cyberspace, making the country ‘more resilient' against cyber attacks and more knowledgeable on cyber security in general.

Forrester Research analyst Andrew Rose told SCMagazineUK.com that the new institute is “essential” to protecting the national infrastructure, as many services remain reliant on dated technology.

"This new research institute is essential to the protection of national infrastructure and should enable the good work initiated by the CPNI to drill down to a deeper level,” he said.

“So many essential services have their foundation on technology which is, to be honest, dated and difficult to protect. Power generation or water pumping plants simply can't be as closely evaluated, or as regularly patched, as a Windows system, yet they are often based on underlying routines that predate Windows and were written in a more naive era of coding.”

Rose did say however that the budget of £2.5 million “isn't going to make much impact” but urged collaboration with vendors and government entities in the US and Europe.

“At the end of the day, the UK depends on systems that were not built for the modern threat landscape. It is essential that we find new ways to protect this infrastructure as any failure could have dramatic consequences."

Microsoft reverses Windows XP security stance

January 16, 2014

Windows XP has been given a 15 month stay of execution to support Windows 7 and 8 migrators.

Microsoft has completed a U-turn and backed off from previous resolute statements on security updates being withdrawn when Windows XP gets to its intended end-of-life in April, offering an olive branch of antivirus signatures and security scanning from Security Essentials until at least July 2015.

As reported previously, Windows XP was due to go end-of-life on April 8 2014, meaning that security patches would cease to be offered beyond that date for the dated operated system.

Unconfirmed reports from late last year suggested that some users of embedded versions of Windows XP were offered at least one year's extra support in return for a £183  (US$ 300) fee. SCMagazineUK.com understands that this was particularly necessary where bank ATMs are involved, as many units, notably those in pubs and clubs, are driven using these versions of Windows XP.

But in a surprise statement from its Malware Protection Centre (MPC) issued late on Wednesday, Microsoft said that it will continue to provide updates to its anti-malware signatures and engine for Windows XP users through until July 14 next year.

This is directly at odds with statements of late last year and even earlier this month, when Microsoft announced plans to cease Windows XP updates to its Security Essentials software, which was launched back in 2008, as well as cease updates to the version of Security Essentials.

In its MPC statement, Microsoft said that its move "does not affect the end-of-support date of Windows XP, or the supportability of Windows XP for other Microsoft products, which deliver and apply those signatures."

"For enterprise customers, this applies to System Centre Endpoint Protection, Forefront Client Security, Forefront Endpoint Protection and Windows Intune running on Windows XP. For consumers, this applies to Microsoft Security Essentials. Our research shows that the effectiveness of anti-malware solutions on out-of-support operating systems is limited. Running a well-protected solution starts with using modern software and hardware designed to help protect against today's threat landscape," the software giant said.

"Our goal is to provide great anti-malware solutions for our consumer and business customers. We will continue to work with our customers and partners in doing so, and help our customers complete their migrations as Windows XP end of life approaches," it added.

Many security vendors have indicated they expect a surge of attacks against Windows XP Service Pack 3-based systems after the end of support, based on observations of a similar surge when Windows XP SP2 support ended.

Bob Tarzey, an analyst and director with Quocirca, the security and business analysis house, said that Microsoft is effectively admitting that users will continue to linger with their XP deployments.

“The problem Microsoft has with security is, that whatever warnings it issues, it will be blamed for security shortfalls that arise by Microsoft choosing to reduce protection to its users, so it is looking at damage limitation,” he said.

“Stopping 80 percent of malware is far better than stopping none; no signature based anti-virus tools is designed to identify zero-day malware, you need other tools for that. For `essentials' read `basic', such anti-virus programmes are a line of defence against mass market malware and no one should pretend that they can provide 100 percent protection,” he added.

IT security commentator Emil Protalinski, meanwhile, added that Microsoft is in a tricky situation.

On the one hand, he says, the software giant needs to push consumers and businesses off Windows XP to more secure products, and the best way to do that is to stick to its end of support date.

"On the other hand, there are still so many millions of Windows XP users out there that leaving them completely vulnerable could cause more harm than good," he noted in his security blog on The Next Web.

Are You Suffering From Analysis Paralysis?

Business owners love plans the way drowning men love lifeboats. We’re convinced, and I must admit not without reason, that a good plan will save us from a sea of uncertainty, ensuring we will someday, somehow, make it to the shores of profitability and prosperity.

Every business magazine on the planet has regular articles emphasizing the importance of planning. Our teachers and mentors stress how critical business plans are. There’s a non-stop conversation going on, telling entrepreneurs that they’ve got to plan, plan, plan.

But there’s one topic that never comes up. What happens when your plan gets in the way?  A disproportionate focus on creating plans can mean that actually implementing those plans, and improving your business, gets delayed.

2 Ways Your Plan Might Be Slowing You Down

The First Scenario

You’ve got a plan - a great, big plan.

In fact, your plan is so big, so comprehensive, so detailed that it becomes overwhelming to work with. Faced with the totality of everything you have to do and the deluge of detail that describes how you’re going to do it, your personal overload button gets tripped, and you wind up doing nothing at all.

The Second Scenario

You also have a plan - in fact, you’ve got lots of plans, and you’re always making new ones.

Every day, every hour, you have an idea, an inspiration, an innovation that will totally transform the way you do business.  None of these plans have been written down, leaving you without any clearly identified action steps. As a result, you wind up doing nothing at all.

Cutting the Problem Down To Size

You can have too much of a good thing. Plans that are too big and complex are a problem. So is having a large volume of incomplete plans. The temptation can be to throw out all of your existing plans, and start again from scratch, but that will only slow you down further.

Understand that there are reasons that we become stalled in the planning phase. The fear of making a mistake is huge; also common is a lack of resources or assistance to implement the plan. I would suggest to you that failing to improve your business is a huge mistake - and point out that it’s only by becoming more profitable that your business will gain the resources and help you need to make even more improvements.

At some point, you have to stop planning and take action. This means you’ve got to cut your plans down to size.

Analysis Paralysis Cure: Outcome-Driven Outlines

Choose One of Your Objectives

At this point, it doesn’t even matter which one. The goal is to get you out of the paralysis analysis mode and back where you’re supposed to be - actively engaged in improving your business.

Identify One Task That Will Move Your Company Closer to That Objective

For example, let’s say your objective is to become well-known to your local marketplace. One task that could help you achieve this task is to appear in local media, either in print, on television or online.

Consider How You’re Going to Achieve the Objective

It’s important to stay on task at this point. Don’t worry about everything else you want to accomplish with your business, you can come back to those ideas later. This isn’t the point, for example, to consider changing your business’ signage or revamping your website.

Outline, In Simple Steps

How are you going to accomplish the objective you’ve chosen? Notice that I’ve said outline, not plan. This is not the time for an in-depth, detailed plan.  You don’t always need the minutia. For example,  an outline for appearing on local media could look like this:

• Step One: Decide why local media would want to talk to you. What story do you have to tell them?
• Step Two: Identify an email address to contact: Local newspaper, local television news show, local news or community website.
• Step Three: Write an email to each of these contacts, letting them know you’re interested in appearing, and what you have to offer.
• Step Four: Send the email.

Implement Your Plan

The objective-driven outline is short and simple. Work your way through the steps. Taking action is the first step in creating a profound psychological change within yourself. It’s the equivalent of getting up off the couch and taking that first tentative jog around the block.

You may not see immediate results, but you’re creating the groundwork for change.

Repeat the Process

Regularly creating and implementing objective-driven outlines is a smart, strategic way to handle an overwhelming detailed plan. If you’re on the other end of the spectrum, and create too many incomplete plans, you’ll find that the use of objective-driven outlines will introduce an element of discipline and rigor into your operation.

Plans have a critical role in every business owner’s life. But if your plans are slowing you down too much, set them to the side temporarily and concentrate on some objective-driven outlines instead.

Taking action leads to accomplishments that will influence your future planning - for the better.

Overwhelmed Photo via Shutterstock

Think like an attacker:

January 16, 2014

Thinking like an attacker can help enterprises better secure their prime vulnerability - their endpoints, explains Nick Levay, Chief Security Officer, Bit9.

Enterprise endpoints - such as laptops and workstations - are increasingly targeted by attackers seeking to break into corporate infrastructures and take valuable/sensitive information. Why? First, compromising endpoints is relatively easy compared to systems inside the data centre, due to extensive client-side software flaws. For a company with global employees, the sheer multitude of endpoints presents a major risk and vulnerability. In addition, by their nature people are susceptible to social engineering - a non-technical intrusion that relies heavily on human interaction and often involves tricking people to break normal security procedures.

As vulnerable endpoints increasingly come under attack, it's time for enterprises to turn the tables and start thinking like an attacker. Enterprises need to understand what attackers are looking for and which vulnerabilities are easy to exploit. From this perspective enterprises can see their security landscape in a whole new light and the realisation that a new generation of security is needed. This can help an enterprise better secure their prime vulnerability - their endpoints - and consequently, their IP and overall infrastructure; in addition, they will understand why traditional antivirus solutions have been superseded by new, integrated approaches which offer  a more viable and effective option.

Endpoints come under fire, traditional antivirus is no longer enough

According to Verizon's 2013 Data Breach Investigations Report, 71 percent of surveyed breach incidents targeted user devices. Theoretically, efforts aimed at protecting endpoints should include a focus on user awareness, in addition to strong host protection. But workers are focused more on doing their jobs than on the security of the computer they're using. Attackers know this, and they're leveraging this weakness through social engineering. The Verizon report also found about 78 percent of breaches were rated as “low difficulty” intrusions, suggesting that attackers didn't need to employ highly technical methods. It's not that the malware employed by advanced attackers is sophisticated; rather, it's their tactics that make them so effective, and social engineering is almost always at the forefront of attacks.

The underlying principle behind social engineering is that it's often easier to trick people than to hack into computing systems by advanced technical means. Social engineers get personal information or access to computing systems by exploiting people's natural tendency to be trusting and helpful. Social networks and the Web provide attackers with a wealth of reconnaissance information, helping them to precisely pinpoint and highly target individuals.

A classic example of social engineering is phishing - an email or phone call that appears to be from someone in authority, a member of the IT team or a trusted business - attempting to trick users into revealing their password or other personal information. Another example is “Click this Link” scams - these links often look legitimate but typically take users to a harmful websites designed to steal sensitive information or infect computers.

By thinking like an attacker, enterprise security teams should recognise how credulous people tend to be when targeted by social engineering, no matter how often these people may be “educated” on security procedures. This leaves enterprises with the option of strong host protection. Antivirus solutions, also known as signature-based blacklisting - where vendors compile lists of known malware - has become technically unfeasible, due to the massive growth in malware. With new threats emerging on a daily basis, antivirus solutions' lists of “bad software” can never be considered comprehensive. In addition, their “default-allow” model means that a piece of bad software only becomes known as bad once it has succeeded in compromising systems.

In a constantly evolving threat environment, a default-deny approach to security, often called whitelisting or application control - which permits only trusted software to run on endpoints and prevents unauthorised software from running - provides a better level of protection than antivirus. The notion that whitelisting could be challenging to deploy and manage is outdated. Today, whitelisting is policy-based and most organisations only need a few dozen policies to manage which software it trusts to run. Policies can be changed or deleted and new ones created by the security team quickly and easily as the needs of the organisation evolve.

New approaches integrate network and endpoint security capabilities

New approaches combine modern network defence techniques with endpoint and server data, helping enterprises to better identify and contain threats found on the network and on endpoints. Intelligent network devices capture suspicious files and confirm threats via a process known as detonation. The idea behind detonation is that files can be “exploded” by running the code and analysing whether it is making a clear attempt to act maliciously and aggressively, even if it's not known malware. But what detonation doesn't reflect is if attack code made it to the machines it intended to reach, if it ran or if it was stopped.

Today, detonation results can be immediately correlated with up-to-the-second endpoint monitoring and recording data to confirm the location, scope and severity of threats across enterprise endpoints. When every second counts, this enables security teams to prioritise and respond to threats faster and more efficiently. This is just one example of how network and endpoint security capabilities can come together to deliver more comprehensive, real-time intelligence from the network to endpoints and servers. Adversaries know that an attack can leave an enterprise scrambling, so today's advanced threats make this new approach critical to an organisation's security.

Conclusion

Unfortunately, users and endpoints have become the weak link in today's IT security chain, and increasingly stealthy attackers are looking to exploit them to the fullest. By thinking like an attacker, it is easy to see that excellent endpoint security is needed. Increasingly, enterprises need a new “double-barreled” approach to thwart today's increasingly sophisticated and relentless breed of attacker. The ideal approaches are those that integrate network and endpoint security capabilities, thus bridging the gap and delivering higher levels of actionable intelligence, greater proactivity and better overall protection.

Contributed by Nick Levay, Chief Security Officer, Bit9