Seems Like Every Business Is Being Hacked. Are You Next? AVG’s Mike Foreman on Small Business Security

Over the past few weeks we’ve heard about several large businesses being hacked.

It’s the small attacks that don’t make the headlines.

What can you do to ensure your business is protected. AVG’s, Mike Foreman, head of AVG small business, offers some practical advice in this discussion with Ramon Ray (Smallbiztechnology.com)

Check out the discussion below, or here - http://www.youtube.com/watch?v=ojn0IiNtfi4



Your Employees Are Your Most Valuable Recruiting Tools

The most obvious and glaring trend for recruiting is the use of social media for outreach to active and passive candidates. Most recruiters, staffing firms and other companies will tell you that their job opportunities need to be readily available, easily accessible and mobile friendly.

Building your company’s employment brand and online presence is essential not only in making candidates aware of your company as an employer, but also in giving them the ability to easily apply for a position no matter where they are, or what device they’re using, when they come across your company online.

Given that most companies today understand and undertake these practices, the question becomes, how do you best utilize your company’s online employment brand to attract the best talent? What can you do to set yourself apart from the competition?

One vital asset that recruiters often overlook are the people sitting right around them in the office. Current employees can provide valuable help in the recruiting process. The most direct way they can impact the process is through candidate referrals. Most businesses have an employee referral program, where current employees receive an incentive (usually in the monetary form) for referring a candidate who gets hired.

If your company does not have this type of program in place, it should be a high priority item to get one set up.

Assuming you do have a system, make sure your employees are aware of it. It’s one thing to mention it in an employee handbook with a dearth of other information that an employee may or may not retain, but it’s better to emphasize it separately - and repeatedly.

Keep It Top of Mind

One tactic that works well is reminding your employees of the program in conjunction with mentioning a new position the company is looking to fill. Whether it’s through a company-wide e-mail, an internal company Facebook group or some other form of mass communication, it’s beneficial to make everyone at the company aware of any new opening.

And while you’re mentioning the opening, it won’t hurt to remind everyone of the employee referral program. Make sure to give enough details about the incentive, and be clear with instructions for how to submit the referrals.

Encourage Use of Social Media

In addition to employee referrals, another way to utilize your employees to help build your brand is to get them going online. Encourage them to use popular social media sites LinkedIn, Facebook and Twitter. When you have a link to a job opening or any other recruiting/branding related effort, make it easy for them to share it online to their social media circles. This is especially important for a site like LinkedIn, because most of your employees’ networks and groups are filled with passive candidates.

Sharing updates about your company is a great way to make them aware you’re hiring.

Encourage Company Reviews on Job-Seeker Sites

Another way you can have your employees engage online is by encouraging them to fill out reviews (which can be anonymous) on popular job-seeker sites like Indeed, Career Bliss and Glassdoor. The more - hopefully positive - reviews your company gets, the better you will look to potential job-seekers.

As a recruiter, you can go on and on bragging about your company to candidates, but ultimately a candidate knows “selling” your company is part of your job. Hearing what employees, not recruiters, have to say about the company gives your organization more transparency and lets candidates receive a first-hand prospective from someone who is currently in a job they’re considering applying for on your team.

Conclusion

Do not be afraid to reach out to your current employees as recruiting ambassadors, because in addition to you, they’re the ones who know best about what it is like to work for your company. Obviously not everyone will be responsive to this kind of outreach, so it could be helpful to identify some “go to” employees whom you can always count on to help out with everything from referring candidates or just sharing updates on LinkedIn.

Asking employees to perform additional tasks outside their usual duties can sometimes be perceived as a nuisance, so be sure to be delicate and tactful when communicating with co-workers. Make sure people understand the reason behind what you’re asking and how it will help the company.

And don’t get discouraged if everyone doesn’t seem like they’re on board. Remember, the ones who are most responsive to the idea will likely be the best ambassadors of your brand.

Hiring Photo via Shutterstock



New Microsoft CEO May Lead in Different Direction

The appointment of Satya Nadella as the new Microsoft CEO may signal a change in direction for the technology giant. And the ramifications could be felt by anyone who does business with the company or who uses Microsoft products.

Nadella, a 22 year Microsoft veteran, will get about $18 million in total compensation in his first full year on the job, 2015, the Seattle Times reports. That includes a base salary of $1.2 million, a bonus of $3.6 million and a stock award worth $13.2 million.

But beyond these details so often covered by the media, how will the new Microsoft CEO’s leadership affect the direction the company takes as a whole?

There have been many weighing in since yesterday’s announcement.

On the Lookout for New Opportunities

Clearly, Microsoft is expecting something from Nadella beyond business as usual. In an email to employees, outgoing CEO Steve Ballmer noted:

“He’s got strong technical skills and great business insights. He has a remarkable ability to see what’s going on in the market, to sense opportunity, and to really understand how we come together at Microsoft to execute against those opportunities in a collaborative way.”

Glancing over the new Microsoft CEO’s list of accomplishments in a recent Microsoft press release on the appointment is impressive enough.

Achievements include leading the company’s move to the cloud and the building of an infrastructure that now supports products like Bing, the company’s search engine; and also Office and Xbox.

The decision for Microsoft Co-Founder Bill Gates to step down from his position as chairman of the board and take a more direct role in technology and product direction might help, too.

Prepared to Create New Products on the Web

Speaking of Bing, Danny Sullivan of Search Engine Land insists Nadella’s credentials as a Web pioneer at Microsoft are equally important.

Sullivan notes that in 2007, Nadella took over Microsoft Windows Live MSN Search, a Bing predecessor, and helped transform Microsoft into a major search engine contender.

Sullivan writes:

“When Nadella took over, Microsoft had started down the path of building its own search technology but still hadn’t gotten anywhere. By the time Nadella moved on elsewhere at Microsoft in 2011, Bing was moving up, both in share and respectability as a solid alternative to Google. It has continued that rise. Some knock it as being the number two to Google. I think having the number two search engine in the United States is an incredible achievement and one that ultimately may lead to profits.”

Needless to say, the Web is yet another frontier for Microsoft to explore with new products and services moving forward.

Ready to Compete with Google, Apple and Others

But most important, Nadella may be prepared to compete more directly with Google, Apple…and even Amazon.

The company led by this new Microsoft CEO will likely be more willing and able to deal with a technology market in which it is certainly no longer the only big player.

Developer John Gruber observes that a company led by Nadella will be less likely to focus on its past and miss key innovations like the mobile revolution.

Fellow developer Brent Simmons points out that under Nadella’s leadership, Microsoft’s Azure division was probably the only one in the company building services for the iPhone operating system. Other divisions have tended to limit themselves to building products and services for Microsoft’s own operating systems.

But with Microsoft more open to the idea of competition with other companies like Google, Apple and others could create more competitive products. Good news for Microsoft’s customers. It could also, says Simmons, be a remedy for a monopoly on cloud services by a company like Amazon.

Image: Wikipedia



Are You Making These 6 Content Marketing Mistakes?

Is your company performing content marketing correctly? Is your brand a publisher? Are you totally lost with my line of thought here? If so, let me back up.

It wasn’t until a few years ago that the term “content marketing” started to go mainstream. Content marketing is when businesses produce content (fancy word for articles, videos, audio) about topics of interest that don’t hawk the company’s brand or product.

For example, a real estate company may host a running blog on decorating tips. Or a coffee shop may publish stories on its site about positive study habits. Or a pet store may put out articles on best practices in dog training.

Content marketing is an incredibly effective way to attract potential and existing customers to your website and social media pages. The better the content, the more likely they will be to visit and think of your company when they need something that fits into your industry.

The concept is catching on so rapidly that there are even content marketing conferences and magazines dedicated to the idea. So before you launch your next marketing campaign, take note of the following content marketing mistakes.

Selling, Selling, Selling

Your content should not be about you or your company. This sounds counterintuitive (you may wonder why you would spend time writing something that wasn’t going to net you customers), but it is the only way to go.

By providing articles, audio and video that interests your base, people will start to come to your site as a trusted source of information. For many of those readers, that trust will eventually turn into dollars for you.

Sporadic Posting

If you want to hold an audience, you need to post content regularly.

Don’t have time to post every day?

No problem. Try twice or three times per week but keep it up - people will notice if you lag.

Exhibiting Lack of Focus

As the leader of your own CPA firm, one day you post an article about tax tips and the next day you post something about your dog’s trip to the beach. This lack of focus is a common mistake.

Try to stick with a theme in line with your industry. Your content should have a purpose. It should be useful to readers, not just an outlet for your personal thoughts or opinions.

Creating Boring Posts

The content you put out there doesn’t always need to be in text form. Change things up every once in a while with video posts, infographics or photo-heavy posts with captions.

Your effort to keep things fresh will help attract readers.

Loading Up on Keywords

Keywords are important to enhance the search engine optimization (SEO) of your content. But peppering in too many of them can get annoying.

Lets say you are a CPA writing an article about how employers can fill out 1099 forms for contractors. Your keyword phrase may be “1099 tax tips,” so anyone who Googles that phrase comes to your post first. That is all well and good, but try to mention your phrase only a few times in your piece. It will get redundant otherwise.

Using Bad Grammar or Making Typos

Don’t publish anything with less-than-stellar grammar. Remember that typos are a turn-off and can even decrease your company’s credibility in the eyes of potential leads.

Mistake Photo via Shutterstock



Zoho Books: Refreshed and Newly Designed Small Business Online Accounting Software

zoho-books-accounting-softwareAccounting programs are one of the most popular software that small businesses use.

We use our accounting software to manage our day to day cash flow, prepare tax reports and understand the overall financial health of our business.

Which online accounting software do you use?

Zoho recently announced its refreshed Zoho Books accounting software and improvements are in three areas:

  • From their press release: A completely redesigned and beautiful interface with improved workflows. Powerful analytics are delivered in the dashboard which will answer key questions regarding the business performance and cash flow. The banking module in Zoho Books has been transformed, and it now intuitively identifies uncategorized transactions fetched from bank feeds and matches them with existing transactions in Zoho Books. Business owners who bill their time to clients will find it easier to track time with the new calendar and weekly timesheet views. Fresh invoice templates have been added which can be customized, too.
  • Zoho Books is built on an open platform, and the robust RESTful APIs are open to third-party applications to integrate with the accounting software. The open platform provides an opportunity for app developers across the world to create applications that cater to small business needs. Recent integrations with Track1099.com and Tax1099.com will help reduce year-end compliance burden for business owners.
  • By giving clients access to the client portal, business owners can completely eliminate the need for unnecessary file transfer or time-consuming approvals. Clients can approve quotes, view recent transactions, check payment history and make an online payment from within the portal itself.

About three years ago Zoho’s CEO Sridhar Vembu said that Zoho’s focus will be not just on making products that are technically functional, but also products that LOOK good. He cited Apple as an example of a standard to aim for. From what I’ve seen of Zoho Books, Zoho has delivered.

It’s also good to see the open integration. By making it easy for 3rd party developers to connect to Zoho Books the ecosystem of value added services for Zoho Books only broadens.



Retired PCeU chief: Most cybercrime does not get reported

McMurdie, a retired Detective Superintendent with the Metropolitan Police who set up and then headed up the Police Central e-crime Unit (PCeU), said this week that most of the cyber crime taking place today does not get reported.

McMurdie, a veteran of more 30 years with the Met, retired last summer to join business consultancy firm PricewaterhouseCoopers as its senior crime adviser and spoke of the difficulties of battling cyber crime at the Forensic Science Society's inaugural `First Responders, Digital & Cyber Forensics conference in York.

Whilst at the PCeU, her remit was to undertake cyber crime investigations that impact the UK but she explained that work has been impacted by limited funds - even though statistics showed that a growing number of companies were being hit by the problem.

The PwC consultant told visitors that 93 percent of big businesses have been impacted by data breaches of one kind or another, and added that 73 per cent of big businesses are being hit by outsider attacks.

"In one investigation, we saw no less than 120 domains [being used by cyber criminals] that were designed to attack banking institutions," she said.

But what was the greatest surprise to McMurdie, who chose to leave Met ahead of its merger with the cyber arm of the Serious Organised Crime Agency (SOCA) into the National Cyber Crime Unit (NCCU) last October, was the relative youth of the offenders.

She flagged up one report in The Sun in 2011, where teenager Ryan Clearly was arrested and accused of masterminding attacks on Sony. 

"He was just 19, yet he carried out a series of attacks," McMurdie said, adding that other members of the Anonymous hacktivist group were also arrested and found to be relatively young.

In one PCeU investigation, she added, officers retrieved an old Dell PC from an defendant's house and were amazed to find that the machine was set up to run 16 virtual PCs - for cyber criminal purposes - even though the aging PC “was the kind that you'd expect to pull from a company's rubbish skip.”

In another investigation, PCeU staff found that one person was controlling a 200,000 node botnet, which was being used for complex cyber criminal activities.

So why are so many young people involved in cyber crime?

McMurdie answered her own rhetorical question by suggesting that society's [normal] codes of conduct do not exist on the Internet.

Despite their limited resources, she explained that the PCeU - with support from other branches of the Met and Police Forces across the UK - were able to move swiftly when the need arose.

McMurdie says that the programming capabilities of cybercriminals also seems to know no limits, as when Police arrested the hacker known as G-Zero and his girlfriend, they found an application with 8.1 million lines of code on his computer.

In that case, G-Zero (real name Edward Pearson) was given a 26-month prison sentence in connection with stealing the identities of 8 million people - as well as shutting down parts of Nokia's internal network.

"The scale of that crime was very large indeed," she said, adding that some estimates put the potential value of the fraud as high as £14.7 billion.



UK Government accused of launching DDoS attacks

Previously unknown UK Government secret service operation allegedly staging its own DDoS attacks against hacktivist groups

The latest files from former NSA Security Analyst Edward Snowden claim to show that an apparently top secret division of the Joint Intelligence Committee (JIC) - the effective parent to GCHQ, MI5 and MI6 in the UK - has been using cyberwarfare techniques since 2011 against the likes of Anonymous, LulzSec and other hacktivist groups.

NBC News, which seems to have a hotline to Edward Snowden of late, claims to have a classified document from the JIC that details the activities of fourth JIC division called JTRIG (the Joint Threat Research Intelligence Group).

The broadcaster makes the bold claim that JTRIG is an intelligence unit that is not constrained by domestic or international laws.

NBC also claims that JTRIG has been launching `Rolling Thunder' attacks - a type of distributed denial of service (DDoS) cyber-attacks - as well as planting malware on breached systems that reveals the identities of hackers.

The broadcaster says the document includes a PowerPoint presentation prepared for a 2012 NSA conference called SIGDEV, which Edward Snowden last month mentioned when talking about the NSA's alleged programme to tap metadata from smartphone and tablet apps.

The document alleges that JTRIG orchestrated a DDoS attack on IRC (Internet Relay Chat) channels used by Anonymous - and which reportedly resulted in 80 percent of the users quitting the Internet chat rooms.

The key question about the document's claims - if true - is which DDoS methodology that the JIC division used against the hacktivists, and whether - like many hacker groups - JTRIG used cloud-based resources to stage its attacks.

“While there must of course be limitations,” said Michael Leiter, the former head of the US government's National Counter-terrorism Centre and now an NBC News analyst, “law enforcement and intelligence officials must be able to pursue individuals who are going far beyond speech and into the realm of breaking the law: defacing and stealing private property that happens to be online.”

“No-one should be targeted for speech or thoughts, but there is no reason law enforcement officials should unilaterally declare law breakers safe in the online environment,” he said.

GCHQ's press office has refused comment on the reports.

Andrew Miller, COO with security vendor Corero Network Security, said that reports that the UK Government is launching its own DDoS attacks is a very interesting development.

"It would appear that the coin has been flipped and the staple attack of hacktivists has been used against them.  Security experts have long said that these types of attacks are far more than just another tool in the bedroom hackers arsenal, and with this news that the Joint Threat Research Intelligence Group (JTRIG) have used DDoS attacks, this has essentially been validated," he said.

Miller went on to say that we should remember that cyber-spooks within GCHQ are equally - if not more skilled than many black hat hackers - and the tools and techniques they are going to use to fight cybercrime are surely going to be similar to that of the bad guys.

"Legally, we enter a very grey area here: where members of LulzSec were arrested and incarcerated for carrying out DDoS attacks, but it seems that JTRIG are taking the same approach with impunity," he noted.

Miller also asked a rhetorical question as to whether it is a surprise that we find out this has taken place.

"Yes and no. From a certain aspect it's not the type of attack you would expect a western government to be using, but when you consider some of the victims of LulzSec's attacks (GCHQ, CIA, SOCA), it makes sense that they themselves would become a target," he concluded.



NBC News Site Goes Cutting Edge with New Infinite Scroll

If you are a fan of the infinite scroll, you’ll love the new NBC News website that unveiled today. If infinite scrolls and content that seems to lack any organization drive you nuts, then you won’t be so impressed.

The new NBC News site homepage (pictured above) is heavy on images, light on text.  It’s tablet friendly and in the words of Deborah Turness, President of NBC News:

“The new site doesn’t feel like TV content chopped up for the web â€" it is actually born of a seamless collaboration between TV and digital.”

I’ll tell you another thing it feels like â€" more like a blog than a typical news site. NBC says it has done research  into digital news habits to come up with the new design:

“This marks the website’s first significant design change since NBC News acquired full control of its digital properties in July 2012. After becoming independent from the joint venture with Microsoft, NBC News conducted extensive research into digital and mobile news consumption habits, and then designed an innovative, mobile-first new format that caters to those needs and behaviors.”

Much of the navigation is accessed through a pull-out menu from the 3 horizontal bars up in the left corner (a la Android type nav menus you find on mobile devices).

It’s definitely a pretty site, but I’m going to be contrarian on this.  It’s great for random browsing of news and wasting time.  But for business people, if you’re busy and want to get to the news that matters to YOU, those types of designs are a nightmare to sift through.  I like a site where you can find what you’re looking for.

Maybe I’m an outlier.  But I have a feeling that a couple of years from now we’ll see site design backtracking from these “browse and scroll” types of designs.

However, if you are a general news organization catering to a wide audience, many of whom are consumers, it might be just what you want â€" something where people jump around to this and that news article almost randomly.

The company says it’s really about storytelling, and that the Digital News arm of NBC News is creating original content just for the site (versus reheating the TV news) and presenting it in a digital friendly way.  NBCNews.com touts its “Stories that take many forms â€" from standalone images, tweets, or animated gifs; to lists or one-line summaries; to fully produced articles marrying text, video, and photos.”

NBC News should get kudos for being cutting edge and delivering a site that is fast and full of eye candy.  It’s certainly entertaining â€" but not necessarily all that useful for those trying to find content in an organized way. 

Image: NBC News screenshot



Is Your Day Filled with Phone Calls? New App By Frustrated Movie Producer Can Help Manage Them.

For some of us our inbox is flooded with email and we fight an hourly battle to respond, delete, sort, filter and delegate.

For others, like Gregg Fienbergâ€"the two-time Emmy Award nominated producer and executive producer of HBO’s “True Blood”, his day is filled with phone calls - brimming with them.

Gregg created a new mobile application to help solve one of the biggest conundrums for small business owners, administrators, and business executives: call management.

Gregg had grown tired of dealing with the frustrations that result from managing and tracking a lot of calls. His boiling point came on set one day when he missed numerous important calls because he didn’t have a system to keep them in order. His assistant Gabe was equally as frustrated using every communication vehicle possible, short of showing up on set, to remind Gregg to make a call.

Gabe and Gregg went on the hunt to find a solution to no avail. Sure, there were tons of apps to organize “to do” lists and phone call messages but they were looking for a shared platform that connected them in real-time. After much research, Gregg took matters into his own hands, organized a team and created CallPleaseâ€"a virtual call tracking system that allows executives and their assistants-slash-teams to manage their calls in real-time. At first it was just a solution for them, but Gregg shared it with a few Hollywood producer friends and … an app star was born.

CallPlease like a perfect solution for folks inundated with phone calls!

CallPlease is like email for call management. An assistant uses the CallPlease web interface to enter a message like “Call David Jones at 3pm to review the product” and it immediately populates on their boss’ CallPlease mobile app (tablet or phone). The app reminds the boss when to make the call via its alerts and notifications feature. After the call is made, the boss enters an action like “completed call” or “left message” immediately letting the assistant knowing what transpired. No more mixed signals or time wasted.

CallPlease actually lets a whole team share one account so several assistants and their boss are connected. With CallPlease, you can:

  • Track your calls in real-time between you and your assistant on all devices (or you can be a single user)
  • Available on iPhone, Android (this month) and all tablets
  • See your conversation history just like an email thread on your phone
  • Manually or use Use Siri to enter notes after the call right on the device
  • Integrate your address book
  • Export and print call log


UK shines as spam levels soar worldwide

Sophos' latest report into the top spam-relaying nations finds that this is a global trend which often leads to bigger malware attacks.

The anti-virus vendor released its final “Spampionship” league table of 2013 on Tuesday, and the study concluded that the US was once again the most prolific country, accounting for 14.5 percent of the total spam sent worldwide in the fourth quarter.

China re-emerged in second place with 8.2 percent of all spam, with Russia growing from 3 percent to 5.5 percent on a quarterly basis. Less populated countries like Belarus - which had the highest level of spam per person - the average computer there is 10 times more likely to send spam than if based in the US. Luxembourg and Kuwait also featured highly on the list, leading Sophos senior security analyst Paul Ducklin to say that spam remains a global issue.

“There is a serious side to spam, this truly is a global problem,” he told SCMagazineUK.com. “The spam aspect is just a symptom - the start of the problem. Zombie malware means the crooks are already on the inside. We don't know what else [cyber criminals] are doing inside networks.” 

“It's very rare that a botnet has one version - crooks often update it and repurpose it. If you deal with the spam problem, and stop it in the first place, you are getting rid of future malware.” 

Ducklin pointed to spam's continued dominance by revealing that Microsoft founder Bill Gates predicted the death of spam by 2006, when speaking at the World Economic Forum in Davos two years before. 

Cyber criminals often infect these computers by using remote-control malware, and are almost always based out of other countries, and Ducklin goes onto suggest that the results from smaller countries suggests less attention on implementing information security. 

The UK, he adds, may have benefitted in this regard. The country was 19th on the list by spam volume, accounting for 1.6 percent of the world spam, and 47th by population with 0.55 of the US score (the US was 27th in the world on this rating).

The Sophos analyst admitted that it is hard to predict why the UK remains ahead of the curve, but personally hoped that government initiatives like the Cyber Streetwise scheme may have had a helping hand: “Are [public service and government initiatives] working? We can't prove it but let's hope so.” 

This report, available on the Naked Security blog, follows a spate of spam activity in recent weeks, with Symantec unearthing a new Twitter spam campaign targeting Super Bowl and Miley Syrus fans recently. Cloudmark, meanwhile, found that 85 percent of SMS spam messaging in the UK used money to entice victims, such as payday loans and sports betting, while Kaspersky Lab also used a recent report to detail the risk of spam in emailed loan offers. 

However, while Kaspersky Lab senior security researcher David Emm told SCMagazineUK.com that the firm has seen spam levels drop - less than 70 percent of email traffic is now spam - he worries that attackers are increasingly looking to steal confidential data. 

“Whereas previously spammers often exploited the trust of unwary victims, they now face a new generation of IT-savvy targets,” said Emm. “As a result, they are adopting new tactics - for example, sending malicious attachments in the guise of anti-virus updates.”

“Increasingly, such malicious attachments are designed to steal confidential data.  However, this is no longer just bank logins, but login credentials for social networks and email.  This reaps rewards for the spammers since stolen credentials for e-mail, for example, can often be used to access lots of other content - including social networks, instant messaging, cloud storage and credit card information.”



BYOD puts \'enormous pressure\' on IT departments

Bring-your-own device smartphones and tablets are being brought in en-masse by employees, but this is leading to dire consequences for the enterprise IT department, according to a new study.

In its latest quarterly report on “The State of Enterprise Mobile Security”, Forrester reports that 70 percent of enterprises across Europe and North America expect to provide more mobile support to their staff over the next 12 months as a high or critical priority.

Despite these plans however, it appears workers are taking mobile matters into their own hands and making BYOD decisions without first consulting their technology managers.

The study revealed that more than 46 percent of tablet and 32 percent of smartphone users have purchased at least one off-the-shelf application for work, with 60 percent and 55 percent respectively selecting their own device to use for work purposes. Furthermore, 15 percent of employees profess to having accessed sensitive data - such as customer information and non-public financial data - but not from work-sanctioned devices.

In announcing the news, analyst Chris Sherman said that users are thinking solely about what device makes them most productive and less about the security implications.

"Workers are choosing and will continue to choose those devices and solutions which make them the most productive," wrote Sherman in the report.

And despite this coming shortly after another recent report, this time from Juniper Research, which indicated that a third of all personal mobile devices will be in enterprises by 2018, there are signs that businesses are moving away from the BYOD trend and back towards corporately-deployed devices - a possible recipe for technology disaster and confusion.

Indeed, Forrester's study - carried out in Canada, France, Germany, the UK and US - shows that 74 percent of firms have either purchased or plan to purchase smartphones for employees, with this figure at 65 percent for tablets. Another third (33 percent) are planning to spend on enterprise app stores, and 49 percent intend to increase spending on mobile apps and middleware by at least five percent in the coming year.

"These consumer trends are putting enormous pressure on security professionals to determine how far to open the company "gates" to personal devices," wrote Sherman. "Security professionals have to face this reality head-on and come up with a plan to embrace worker productivity through BYOD." 

Former CISO Phil Cracknell, now head of security and privacy services at Company 85, is an outspoken critic of the BYOD trend and says that many issues have not been resolved.

“BYOD is putting pressure on IT right now. Many of the elements which reflect a total cost of ownership of BYOD are not being fully recognised when business is considering and implementing or at least planning to implement,” he told SCMagazineUK.com.

“HR/Legal issues, responsibility for a replacement device in the event of theft or malfunction - who would that lie with? The individual or the company? What would that person do if they couldn't afford a replacement right away?”

Ovum analyst Richard Absalom, who focuses predominantly on enterprise mobility, concurred with Forrester's findings and added that BYOD may not be the correct path for all companies.

“Those figures look like they add up compared to our own data, and I'd agree that we see some businesses going back to a corporate deployed model - although depending on how that's done they aren't necessarily turning their back on BYOD.

“BYOD isn't always the right way to go, as organisations in highly regulated industries in particular may have very legitimate security and privacy concerns around it. But they do need to do something about it as it will simply go unmanaged and cause even more problems if they don't.

“It's important therefore for a mobility strategy to understand and address the drivers of BYOD, such as employees wanting to use a single device rather than carry two phones around with them, one for personal and one for work usage. Having a CYOD (choose your own device) or a COPE (corporate owned, personally enabled) policy would still mean corporate deployment but may go down just as well as BYOD with employees.”

Forrester and Ovum aren't the only researchers to doubt the BYOD trend - Gartner recently said that a fifth of all enterprise BYOD projects will have failed by 2016, and this led Paul Steiner, MD EMEA for cloud storage provider Accellion, to say that businesses are waking up to the trend.

“The BYOD trend has changed the way that companies need to invest in security. Managing a device that is not owned by the corporation is a waste of money,” he said in a statement emailed to SCMagazineUK.com.

“Security mustn't be cast aside by enterprises in their quest for an improved user experience."



Quality Logo Products: Marketing is the Differentiating Factor



Quality Logo Products: Marketing is the Differentiating Factor

Sponsored Post A mug is a mug is a mug. That’s why Quality Logo Products spends so much time on marketing and customer service. The company has 80 employees at its Aurora, Ill. headquarters. Forty percent of them, with the exception of the accounting department, are in IT, content and media marketing. They are in charge of ...

The post Quality Logo Products: Marketing is the Differentiating Factor appeared first on Small Business Trends.



Exclusive: Bitly hit by DDoS attack

The website of URL shortening service Bitly was down on Wednesday morning.The company has blamed a DDoS attack.

Visitors to the website were greeted with the messages ‘this webpage is not available' and ‘no data received' along with the respective error codes “ERR_TIMED_OUT” and “ERR_EMPTY_RESPONSE". The website was initially not accessible for approximately 20 minutes (between 10.10am and 10.30am GMT).

The service returned shortly afterwards, but the company then posted: "We are currently working to mitigate a DDoS attack. Some services will be unresponsive." The message, seemingly only visible to Bitly account holders, was later amended to say it was a "denial of service attack" and was removed from the website at 11.30am GMT. 

Bitly claims to shorten more than one billion links per month, and is most often used for social networking, SMS and email. A growing proportion of its users are enterprises and SMBs. Some larger groups even customise their own links via Bitly - The New York Times uses nyti.ms and soft drinks manufacturer Pepsi uses pep.si.

Symantec, which itself uses Bitly links, earlier this month detailed that spammers were targeting Bitly along with users of instant messaging services Snapchat and Kik Messenger. In particular, the spammers were apparently abusing custom Bitly domains as a result of an API configuration problem, which left the API key visible.

“Spammers have found a way to create their own links using branded short domains in order to entice users into a false sense of security,” wrote Symantec researcher Satnam Harang at the time.

The anti-virus firm found Bitly links generated using custom domains owned by brands and companies like USA Today, National Geographic, The New York Post and MIT News, among others.

"Bitly has confirmed that some spammers obtained Bitly API keys belonging to various brands," Narang wrote.

SCMagazineUK.com has contacted Bitly, which was formed in 2008, for comments on this breaking story and is awaiting the company's response.



Malwarebytes accepts Bitcoins as virtual currency prospers

Anti-virus software vendor Malwarebytes has started accepting Bitcoin payments on Anti-Malware Pro. But do the benefits outweigh the risks?

Speaking exclusively to SCMagazineUK.com on Tuesday afternoon, company chief executive Marcin Kleczynski revealed customers will be able to buy the software in Bitcoins - in addition to credit cards and cheques - by entering their email address and paying via Coinbase, which takes one percent from each transaction - cheaper than most credit card companies. The user is then sent a confirmation email with the product key.

Kleczynski said that the solution is “actually more secure” than credit cards as it doesn't ask for an address and personal information, and added that it takes 0.03 Bitcoins as soon as it deems the user to have the relevant funds in their account.

For all this, the Malwarebytes CEO - who formed the company aged 14 some ten years ago - admitted that the move is a risk which could well attract derision as being a gimmick in the wider information security community.

“There are tons of little reasons [for accepting Bitcoins]”, Kleczynski told SCMagazineUK.com. “It's a trade-off but we're testing the waters. There are definitely threats but we don't think that they are insurmountable.”

“It's not really a gimmick - it's another avenue to make currency”, he added pointing to online retailer TigerDirect taking approximately £305,000 (US$ 500,000) in Bitcoin payments in just three days.

Kleczynski, who only came to this decision after buying Bitcoins of his own earlier this year, is similarly unconcerned about the virtual currency's fluctuating exchange rate (“there has been some stability") and maintains that the company won't simply be trading in their Bitcoins for US dollars.

Instead, he suggests that, as one example, Bitcoin payments will go to buy office equipment from TigerDirect, one of the earliest retail adopters of the virtual currency. “That's supporting the currency,” he said.

“Each week and month that goes by, new technology comes out making Bitcoin easier to use,” he added, noting greater ATM support and the growing availability of offline wallets.

The announcement, though not the first as far as big ecommerce outfits backing the open-source currency - which was created in 2008 - has attracted a buzz in the industry, although some believe that the amount of income from Bitcoin payments will be relatively low. Kleczynski himself admits that growth will be slow and is hoping for “hundreds” of payments after the launch.

“Lets put it this way, I imagine that they were influenced more by appearing "cool" and "down with the kids" rather than because they genuinely believed a significant proportion of their income would come through Bitcoin purchases,” veteran security researcher Graham Cluley told SCMagazineUK.com.

“That's not to say that they're wrong to offer bitcoin payment for their product”. Cluley added that a more common alternative would be PayPal.

Kenny MacDermid, ASERT research analyst at Arbor Networks, added that businesses embracing Bitcoins are likely to benefit from free advertising/press coverage and no charge backs, but worries about security and that fluctuating exchange rate.

“I think it's great that companies are starting to accept Bitcoins, provided they treat it like any other currency," he told SCMagazineUK.com.

“There are two major risks, the first being security of the coins once they are received, and the second being currency exchange risks. Both can be mitigated by using a third party Bitcoin processor like bitpay.com,” he added (Bitpay.com is a rival to Coinbase.com). “These companies allow you to set prices in your own currency and receive your own currency, but allow users to pay with Bitcoin. Of course you then have to trust the payment processor.

“For companies opting to accept Bitcoin directly, they must understand they'll be a big target. They should generally keep very little Bitcoin in a hot wallet (accessible from the internet). Treat it the same as they would the float in a cash registr of an open 24-hour gas station in a bad neighbourhood.”