Top Stories: Microsoft Changes Leadership, Facebook in Name Dispute

Here’s the news you need to know as a savvy small business owner this week. Our Small Business Trends editorial team has you covered.

Leadership

Microsoft has a new CEO. Microsoft announced Satya Nadella as new head of the company this week. Many people are talking about what Nadella’s new leadership may mean. It could signal a new era and a new direction for the iconic technology company.

Apps & Social Media

Facebook won’t change the name of its Paper app. That’s despite the fact that another company, FiftyThree, already has an app by the same name…or nearly the same. The smaller company trademarked the name “Paper by FiftyThree” and is now considering its options.

Schedule your home deliveries with Doorman. The new startup combines an app with a local delivery service. Send packages to Doorman’s delivery center, then set up an evening delivery time with the company’s mobile app. It’s an example of finding and filling a need.

Klout is reinventing itself. You probably haven’t heard that name in a while. But the app that tries to measure a user’s social media influence is retooling. Small Business Trends publisher Anita Campbell has the story about the company’s come-back attempt.

The Pebble App Store is open. The device that led the way in the smartwatch market is now leading in another way. Pebble has launched an app store for its popular wearable device. The store will be a one-stop for users and developers alike interested in a better Pebble experience.

Marketing Basics

Marketing is the differentiator. Read about this unique business. Quality Logo Products is a commercial products distributor that distinguishes itself with its engaging Web presence. But as Co-Founder Bret Bonnet reminds us, the company’s people are also key to its success.

The new art of viral. It used to be that the secret to making a great Super Bowl ad was to create a visually arresting experience that would grab the audience’s attention for the short period of time it appeared on  the screen. Then the trick was to get your ad talked about even before the big game. Today, the key may be to get your ad banned. Did somebody say instant online viral appeal?

Products & Services

Amazon Kindles may soon be your point of sale. It’s uncertain whether this plan will ever come to fruition. But there’s a possibility that Amazon Kindles may be finding their way into small retailers. They won’t be products. They will be part of the payment system.

37 Signals is now Basecamp. In some ways, it has been for a long time. Founder Jason Fried says the company name change makes sense. The Basecamp product is so closely associated with 37 Signals. Other products will be either spun off as other businesses or sold.

Is your IT just right? These days increasingly your small business can have IT services just like the big guys. One such service is Just Right IT from HP. Here is a closer look at how the service is expanding.

Marijuana tourism creates whole new business model. Who would have thought a few years ago that Marijuana could go from illegal substance to a tourist attraction. But the launch of My 420 Tours has done just that, giving customers a closer look at Colorado’s now totally legal Marijuana industry.

Web

50 new domain extensions are now available. No, they may not all be as desirable as a .com, explains Web.com, which markets some of the new extensions. But the number of available .com names is dwindling and the cost for many of these new domain extensions is lower. So  they may be an appealing alternative for some.

NBC adopts infinite scroll. The website for NBC News has unveiled a new infinite scroll format. Like it or hate it, it is cutting edge. Small Business Trends publisher Anita Campbell explains the new Web design. It’s one option for businesses with a website, particularly media groups. But it may not be for everyone.

Stats

Small businesses create more jobs. Want proof that small businesses remain an economic force? Just look at the latest ADP Employment Report. You’ll see that in January, small businesses outperformed big businesses for job creation again.

Reading Photo via Shutterstock

Confide App Lets Businesses Keep Text Messages Off-the-Record

A new app called Confide allows you to take your text messages off-the-record, for business or other purposes. The app is so far available for download to iPhone only.

The way Confide works is a bit different than a traditional messenger service. To read a message, a recipient needs to swipe over orange blocks that let you read only one word at a time.

The previous word changes to a gray block when read. When the message is read entirely, it is permanently deleted, even from Confide’s server. That enables you to keep text messages private.

In order to exchange messages, both sender and recipient must have the app downloaded.

A person receiving a message through the Confide app will not be able to forward it to another person, save it on their phone or even take a screenshot of it. Confide Co-Founder Jon Brod told Fox Business Network that if someone tries to take a screenshot of a message, they’re “kicked out of the app.” The sender and the recipient are alerted of the violation of terms immediately.

The idea for Confide came to Co-Founders Brod and Howard Lerman while attempting to have a confidential exchange via email. The two wanted to speak candidly about a prospective employee but didn’t feel secure discussing the topic knowing files of their conversation would remain. In a post on the official Confide blog, Brod explains:

“This summer, Howard Lerman emailed me asking for a reference on someone who had worked for me. I replied the way most people do in that situation: ‘Hey. Would rather not put this in writing. I’ll call you…’ It was clear that there are all kinds of things professionals are willing to say but not put in writing. In those situations, Email and SMS fail. And in-person meetings or phone calls are often not possible or convenient.”

In its review of Confide, PC Mag notes that, unlike other encrypted messaging services like Wickr, Confide is for text only and doesn’t allow users to send photos or video.

This also sets Confide apart from more general use apps like SnapChat, which also delete messages sent to select people in your network but generally includes visual content.

Image: Confide App

Colorado Business Gives Tours of Legalized Marijuana Industry

Matt Brown’s isn’t your average tourism business.

Brown is co-owner of My 420 Tours, a company that conducts tours into Colorado’s legalized marijuana industry.

On Jan. 1, 2014 recreational use of marijuana was legalized in Colorado (and also Washington state).  And the legalized marijuana business is booming. Time magazine reported  that there are already fears of a shortage.

My 420 Tours doesn’t sell dime bags to its guests, i.e., it doesn’t sell any marijuana.  Instead, as a tour guide the company arranges samples of product as visitors tour locations in Colorado’s marijuana industry. The upcoming “Love of Cannabis” tour includes edible marijuana product samples from vendors, a visit to a growing operation, as well as a cooking class that incorporates the herb into recipes. A special social gathering and other events are included in the three-day package, according to a description at the company’s website.

All guests of My 420 Tours are given private transportation for their entire stay, from the moment they leave the airport until the end of the tour. Hotel accommodations are also provided, at a “420 friendly” location, of course. The idea behind the tours is to connect the public with the product, like Coors does with its beer. Tours show guests how to legally enjoy marijuana within the confines of state laws. Brown tells Fox Business News recently in an interview:

“This isn’t about 21-year-olds who want to smoke pot. This is adults who want to follow the rules. We don’t want people driving around while stoned.”

This tour business has also avoided one major hangup noticed during legalization’s early days: it’s a cash only industry. We noted recently that federal banking laws as well as credit card company policies restrict marijuana sales via credit card. Since it’s not selling marijuana, My 420 Tours bypasses those restrictions and takes major credit cards for purchases. That’s a good thing, too. A couple can expect to pay at least $2,500 for the upcoming Valentine’s Day-themed tours, according to the company’s site.

For those who don’t know, “420″ is an underground code name for cannabis or marijuana - hence the company’s name.  But marijuana is emerging from the underground, and fast becoming the bastion of startups.  While My 420 Tours claims to be the first in its industry, a quick Google search yields other companies offering pot tours, too.

And what exactly are the rules around marijuana usage in Colorado?  This summary appears on the My 420 Tours website:

“On January 1, 2014, Colorado’s medical marijuana dispensaries were allowed to begin converting from medical-only sales to full retail sale to anyone over 21 years old. Customers with a valid Colorado ID are allowed to purchase up to 1 ounce (28 grams) of marijuana or the equivalent amount of marijuana-infused products. Visitors to Colorado with out-of-state or international ID are allowed to purchase up to 1/4 ounce (7 grams) of marijuana or infused products, per visit to the dispensary. All adults are allowed to possess up to 1 ounce of marijuana while in the State of Colorado.”

Marijuana image via Shutterstock

Colorado Business Gives Tours of Legalized Marijuana Industry

Matt Brown’s isn’t your average tourism business.

Brown is co-owner of My 420 Tours, a company that conducts tours into Colorado’s legalized marijuana industry.

On Jan. 1, 2014 recreational use of marijuana was legalized in Colorado (and also Washington state).  And the legalized marijuana business is booming. Time magazine reported  that there are already fears of a shortage.

My 420 Tours doesn’t sell dime bags to its guests, i.e., it doesn’t sell any marijuana.  Instead, as a tour guide the company arranges samples of product as visitors tour locations in Colorado’s marijuana industry. The upcoming “Love of Cannabis” tour includes edible marijuana product samples from vendors, a visit to a growing operation, as well as a cooking class that incorporates the herb into recipes. A special social gathering and other events are included in the three-day package, according to a description at the company’s website.

All guests of My 420 Tours are given private transportation for their entire stay, from the moment they leave the airport until the end of the tour. Hotel accommodations are also provided, at a “420 friendly” location, of course. The idea behind the tours is to connect the public with the product, like Coors does with its beer. Tours show guests how to legally enjoy marijuana within the confines of state laws. Brown tells Fox Business News recently in an interview:

“This isn’t about 21-year-olds who want to smoke pot. This is adults who want to follow the rules. We don’t want people driving around while stoned.”

This tour business has also avoided one major hangup noticed during legalization’s early days: it’s a cash only industry. We noted recently that federal banking laws as well as credit card company policies restrict marijuana sales via credit card. Since it’s not selling marijuana, My 420 Tours bypasses those restrictions and takes major credit cards for purchases. That’s a good thing, too. A couple can expect to pay at least $2,500 for the upcoming Valentine’s Day-themed tours, according to the company’s site.

For those who don’t know, “420″ is an underground code name for cannabis or marijuana - hence the company’s name.  But marijuana is emerging from the underground, and fast becoming the bastion of startups.  While My 420 Tours claims to be the first in its industry, a quick Google search yields other companies offering pot tours, too.

And what exactly are the rules around marijuana usage in Colorado?  This summary appears on the My 420 Tours website:

“On January 1, 2014, Colorado’s medical marijuana dispensaries were allowed to begin converting from medical-only sales to full retail sale to anyone over 21 years old. Customers with a valid Colorado ID are allowed to purchase up to 1 ounce (28 grams) of marijuana or the equivalent amount of marijuana-infused products. Visitors to Colorado with out-of-state or international ID are allowed to purchase up to 1/4 ounce (7 grams) of marijuana or infused products, per visit to the dispensary. All adults are allowed to possess up to 1 ounce of marijuana while in the State of Colorado.”

Marijuana image via Shutterstock

Pebble Launches Its Own App Store, a Place for Users and Developers

It started with the iOS App Store for iPhones and iPads. Then Google Play for Android phones came along. Even the Mac OSX has its own app store. Now Pebble has its own app store for iPhone operating systems too. An Android version will be coming “very, very soon.”

The Pebble Store officially opened its doors this week. The store will allow Pebble’s growing developer community a one-stop shop for their apps and watch faces. The store will bring access to thousands of apps, including Yelp, Foursquare, ESPN and Pandora.

Here’s a closer look at some of the features from Pocketnow:

The Pebble started the trend of checking your watch instead of your phone for email messages and social media updates. Now users will have a place to look for the perfect app to complement it. Once something has been found, two taps will download the app to the watch.

The Pebble is not meant to replace your smartphone, but instead to work alongside it, using Bluetooth. Sales of the watch have been good, with developers offering third-party software. But unlike the other app stores we know and use, Pebble didn’t have its own central place where customers could browse for add-ons…until now.

However, before a new Pebble user gets too carried away with downloading apps, it should be noted that you can only download a maximum of 8 apps at any one time. So the App Store will also be a way to manage the apps that you are not using at the present time, in order to activate new ones.

Pebble tweeted an image of the new store just ahead of the store’s launch last week:

In the new store, users are able to browse categories, search for a particular app, or see suggestions at the bottom of the screen. Each app has ratings from other users, so you can see which apps are worth using and which should be avoided.

UK government champions cyber security

February 07, 2014

Cyber attacks are front of mind for the UK government and local companies, following comments from business secretary Vince Cable earlier this week. But concerns linger after the latest Waking Shark exercise.

Addressing members of the Cabinet Office, Department of Business, the Bank of England, OFCOM and National security and intelligence divisions at a briefing in London on Wednesday, Cable stressed that the country's banking, energy and mobility networks are increasingly under threat from cyber attacks.

“Cyber attacks are a serious and growing threat to British businesses, but it is particularly important that those industries providing essential services such as power, telecommunications and banking are adequately protected to avoid disruption to our everyday lives,” said Cable at the time, before urging partnerships between the government, regulators and industry.

“Today's event marks the next step in highlighting the important role of the regulators in overseeing the adoption of robust cyber security measures by the companies that supply these crucial services.”

This follows on from the GCHQ introducing the ‘ten steps to cyber security' and the Cyber streetwise initiative, as well as the Cyber Security Information Sharing Partnership (CSISP), which was formed in March of last year. Earlier this month, the Research Institute into Trustworthy Industrial Control Systems (RITICS), based at Imperial College in London, was also established to look at threats facing critical systems.

However, the government's work will not be easy judging by recent attacks against RBS/NatWest and critical infrastructure, but also by looking at the latest Waking Shark 'war' game carried out by banks back in November.

The Bank of England this week reported on the Waking Shark II exercise, in which hackers test bank defences. 220 people attended from banks and regulators but concerns were raised by the BoE shortly afterwards.

It concluded that the banks didn't collaborate with each other (it has suggested that the British Bankers Association co-ordinate bank communication in future), call the police when breached, and expressed confusion over regulatory reporting to the Financial Services Authority (FSA). One participant, who wished to remain anonymous, told SCMagazineUK.com that banks were reluctant to be the first to admit that their bank had been hacked.

As a result, information security market watchers believe that Cable's comments should be a stepping stone for future action.

 “UK Financial Institutions have real active infection inside their networks now, “said Adrian Culley, technical consultant of Damballa and formerly of Scotland Yard's Computer Crime Unit.

“Caphaw is an example of one such very prevalent advanced attack, there are many others. Despite Waking Shark II there appears to be a disconnect between Mr Cable's very timely warning, and banks actually holding accessible, actionable intelligence.

“How they are planning to ever respond decisively without such intelligence? These bodies are part of UK Critical National Infrastructure, and both active attacks, and the threat of attack, are real. Banks need this information to detect active infections and prevent them becoming breaches. It is clear many of them do not have this”.

He added: "It is somewhat alarming the 24 years after the UK's introduction of the Computer Misuse Act 1990, incidentally the first such piece of legislation in the world, that industry professionals are unaware what does or does not constitute a criminal offence. It is equally a missed opportunity that the Waking Shark II exercise included no Law Enforcement input."

Others added that Cable's speech, meanwhile, represented a “tipping” point for cyber security and showed that critical infrastructure is a new avenue for attack, especially as more of these connect to the Internet.

“The results of the Waking Shark II exercise, coupled with Vince Cable's speech, make it clear that that we have reached a tipping point in cyber security” ViaSat UK CEO Chris McIntosh told SCMagazineUK.com. 

“While previously relatively safe from cyber attacks, the modernisation of the country's essential infrastructure networks means they are now closely connected to the internet and so more vulnerable than ever. While at one level any threat could involve targeting individual sections of the networking, denying certain services at specific areas, at the extreme level attacks could potentially overload systems or override safety mechanisms, causing catastrophic damage to the surrounding area and the infrastructure as a whole. 

“Cyber attacks have developed to such a sophisticated level that they should now be viewed on a par with a physical attack on infrastructure,” he added. “In future organisations such as banks, gas distribution, rail signalling and mobile companies will need to ensure their networks are secure from attack at each individual point in order to meet these challenges; and decide whether increased connectivity for ease of access and communication is worth the risk to the wider network.”

Such are the concerns around cyber security, there's even the suggestion that the Waking Shark experiment should expand into other lines of business.

“It's now time exercises such as Waking-Shark are expanded beyond the financial sector and are replicated across all industries and critical infrastructure,” Mark James, technical director for ESET UK, told SCMagazineUK.com.

 “As threats constantly evolve, what's most important is to continually assess where their strengths and failures lie during unanticipated attacks, how effective their contingency plans are, the resilience of communication channels and adherence to protocol.”

Report: Internet data poses risk to UK\'s energy grid

February 07, 2014

A new report claims that information freely available on the Internet can be used to mount a cyber-attack on the UK's energy and allied utility grids.

The UK's Critical National Infrastructure (CNI) is open to attack by anyone using material freely available on the web, according to Dr Richard Piggin,  head of Control Systems Security Consulting with Atkins, the design and security systems specialist.

Presenting a report sponsored by the Institute of Engineering and Technology (IET) at a two-day conference on ‘CNI/SCADA-based system security - Cyber Security for Industrial Control Systems', Dr Piggin said that information on the Internet - including from blogs and social networks - can be used to mount a cyber-attack on the UK's energy and allied utility grids.

Perhaps more worryingly, he also suggested that researchers used freely available tools to identify the networked systems, their vulnerabilities and exploits that might be used to attack them.

"The research demonstrates the low level of technical knowledge that is required to successfully mount an attack against Industrial Control Systems," he said, adding that the findings highlight the necessity to manage third party access and activities.

Supervisory Control and Data Acquisition (SCADA) is a type of Industrial Control System (ICS) - computer-controlled systems that monitor and control industrial processes that exist on major systems, most notably in power stations, energy grids and other Critical National Infrastructure platforms.

Lancope CTO Tim Keanini said that as society grows more connected, including via social media networks, it becomes impossible to identify and protect all attack vectors.

A healthy balance of prevention and detection, he says, is required.

“While the CNI may turn out to be the ultimate target, defenders should not forget that it may be the most mundane and simple attack vector that may be exploited.”

“With so many moving parts in these complex systems, it may be a contractor that takes out the garbage that is your threat vector so you cannot leave any rock unturned when you perform your threat models,” he added.

Dwayne Melancon, CTO of fellow security vendor Tripwire, said that SCADA-based vulnerability information will always be available to those who know where to look.

“The discovery and disclosure is a normal part of information security, particularly when attackers are seeking information on recognisable abilities within their targets. The key is to ensure that agencies keep on top of the current vulnerabilities and the threat landscape,” he said.

“These organisations should ensure that they have a clear understanding of the risks, how their systems are configured, and how the vulnerabilities map to scenarios that could significantly impact their operations.”

The Tripwire CTO explained that carrying out a risk assessment, combined with a vulnerability assessment that priorities vulnerabilities based on the value of the assets involved in delivering service and potential mission impact from attacks is crucial.

“From a practical perspective, this is where you can gain real advantages from looking at security holistically. CNI managers should seek opportunities to use network segmentation, reduce the number of accounts that have access to critical data, and compartmentalise your network to minimise the amount of data the attackers can reach.”

New Linkup ransomware steals your bitcoins

February 07, 2014

New ransomware has been discovered that slyly mines computers for bitcoins to steal.

The ‘Linkup' malware was spotted by German-based security firm Emsisoft. In a 3 February blog, Emsisoft's Steve Nowicki describes how Trojan-Ransom.Win32.Linkup differs from earlier ransomware in that it doesn't lock the user out or encrypt their files. 

Instead, it alters the user's DNS settings to stop them accessing the internet, and sends them to the ransomware site which displays a fake message from ‘the Council of Europe' suggesting they have been involved in accessing child pornography.

The software then demands a ransom of just one Euro cent and the user's personal data including credit card details. Meanwhile, it downloads a bitcoin mining botnet.

“Linkup represents a new approach to infection, which combines two known techniques - ransomware and bitcoin mining - to create one potent form of money-making malware,” Nowicki said.

Martyn Ruks, technical director at UK-based security research firm MWR InfoSecurity, said Lockup displays a level of deviousness in the way it is designed and operates.

He told SCMagazineUK.com: “This ransomware is using classic persuasion techniques of fear and authority to compel users into acting rashly and pay the demanded fee. The small amount should in fact raise suspicion, but by providing a far simpler way out of the implied threat of legal action, most users are likely to jump at the opportunity, opening themselves to further fraud.

“This sudden reaction is compounded by the removal of standard internet services, since the primary source of information and help about such problems is not only cut off, but each attempt to use it reinforces the implied threat.”

Ruks said that the payload to mine bitcoins means “even if the fraud aspect is unsuccessful, the attacker has already seen financial gain for the duration that the affected machine is running and compromised”.

A spokesperson for Emsisoft agreed that the software is devious and told SCMagazineUK.com: “While the ransomware is quite conspicuous, the Protominer (bitcoin miner) takes place in the background. This is almost similar to the psychological deception employed with Trojan rogues, where it looks like an anti-malware but is actually malware underneath - except with Linkup it's one type of malware distracting you from another.”

But Kevin O'Reilly, a senior consultant at UK security research firm Context Information Security, pointed to some weaknesses in Linkup. He said DNS hijacking is typically used to redirect victims to unwanted websites or search results or to prevent anti-virus software from updating, not to prevent internet access altogether.

“To deny all internet access completely is a more blunt use of such a method, and perhaps self-defeating as it may prevent the ability to make the online ransom payments the authors so obviously covet.”

O'Reilly added: “The bitcoin mining component of this malware may also be flawed in its conception. To make money from average PCs would require a huge number of them working in tandem for quite some time - which is perhaps a little optimistic on the part of malware which so obviously cripples a victim's machine.”

 “The bottom line is the same as ever. Users should protect themselves by being cautious about what attachments they open, stay patched and up-to-date, and run a well-reputed and up-to-date anti-virus product.”

Linkup emerged shortly after the discovery of the Locker ransomware virus In December, itself a copycat of the notorious CryptoLocker malware which first appeared last September.

Linkup was discovered in the same week as European police agency Europol warned that ransomware has become a multi-million euro business. A report by Europol's EC3 (European Cybercrime Centre) and the Dutch National High Tech Crime Unit says ransomware has seen “exponential growth” in the European Union over the last two years, infecting millions of computers and forcing tens of thousands of citizens to pay ransoms.

Sochi Olympics hacking claim \'fraudulent\'

February 07, 2014

A dramatisation of a hack by security firm Trend Micro on America's NBC TV News has been slammed by other security experts as "100 percent fraudulent".

In the lead-up to the Winter Olympics, people have been warned to watch out for malware, spam and spear-phishing attacks on websites and email, with the US-CERT agency issuing strongly-worded advice on February 4 and 5:

“Whether viewing live coverage, event replays or checking medal statistics online, it's important to visit only trusted websites,” the statement read.

“Events which gain significant public interest and media coverage are often used as lures for spam or spear-phishing campaigns. Malicious actors may also create fake websites and domains that appear to be official Olympic news or coverage that can be used to deliver malware to an end user upon visiting the site (also known as drive-by downloads or watering holes).”

However, a subsequent NBC TV news report featuring Trend Micro threat researcher Kyle Wilhoit was met with strong criticism after the report showed how easily it would be for Russian hackers to infect the computers and smartphones of anyone actually visiting Sochi.

The report is headlined “All visitors to Sochi Olympics immediately hacked” and features Wilhoit and NBC News chief foreign correspondent Richard Engel in a Russian restaurant, using a new smartphone to browse for information on the Games. “Almost immediately we were hacked…. malicious software hijacked our phone before we even finished our coffee” reports Engel.

Their two computers were also infected. “It had taken hackers less than one minute to pounce. Within 24 hours they had broken into both computers and started helping themselves to my data,” Engel said.

But the report has been rubbished by some security experts, led by Errata Security's Robert Graham. He said in a 6 February blog that the NBC story was “100 percent fraudulent” and “the story was fabricated”.

“The story shows Richard Engel ‘getting hacked' while in a cafe in Russia,” said Graham. “It is wrong in every salient detail. One, they aren't in Sochi but in Moscow - 1,007 miles away. Two, the ‘hack' happens because of the websites they visit (Olympic-themed websites), not their physical location. The results would've been the same in America.”

“Three, the phone didn't ‘get' hacked - Richard Engel initiated the download of a hostile Android app onto his phone.”

Gartner vice president Paul Proctor agreed in a blog post the report “is misleading”.

“They have directly positioned this as just turning on your mobile device and computer will result in you being ‘hacked'. This is an overstatement and misleading,” said Proctor.

“Most everything they describe in the story is as equally true at your local Starbucks as it is in Sochi. Therein they miss the opportunity to present a more accurate picture of global security, as opposed to the ‘evil Russians'.”

Wilhoit defended himself in Twitter exchanges. Asked if he was ever actually in Sochi, the analyst replied: “Nope. They wouldn't let me leave Moscow…Paper will be coming out soon about the details of what went on.”

Wilhoit did however admit that the editing of the story was out of his hands, and as such suggested the story was twisted

“Unfortunately, the editing got the best of the story,” he tweeted. “Cut a lot of the technical/context details out. White paper coming soon.”

He added: “I can't control how things get edited. I can, however, publish technical blogs.”

Security expert Brian Honan of BH Consulting told SCMagazineUK.com that the impact of the TV report will be to make the job of security professionals that much harder.

“The problem with overstating and sensationalising threats is that you can end up being like the ‘boy who cried wolf'. As an industry we have been struggling to ensure the mainstream public understand and appreciate the threats. Over-hyped and sensationalised stories from mainstream media hinder that message rather than help,” he said.

Asked what people browsing websites for information on the Sochi Olympics should do to secure themselves, he told us: “Criminals will set up fake sites to draw in unsuspecting users, so make sure to stick to official websites and blogs associated with the Olympics themselves or the media companies covering them. Do not click on pop-ups or download software that you are not sure of. Be wary of unexpected messages you receive via email, instant messaging or on social networks. If you are not sure of the content or the origin of the message do not click on any attachments or links.”

Honan went onto say: “One key element not mentioned in the NBC report is that the reporter connected and browsed the internet using computers and devices straight out of the box. So they had no anti-virus software installed, no firewall software installed and no software updates to ensure the systems were protected from known threats. In addition, the reporter deliberately downloaded a file onto his device from an unofficial website associating itself with the Winter Olympics which in turn infected his machine.”

The analyst, while urging computer uses to download anti-virus solutions and patch where required, also advised Sochi visitors to beware free Wi-Fi networks.

“Make sure all your internet traffic is encrypted, ideally you should employ a VPN to protect your online communications,“ he said. “Do not plug in USB devices, such as free USB sticks, that you receive from others without ensuring there is no malware on them. Encrypt the storage devices that you are using, be that the hard disks in your computers, your mobile phones and tablets, and also any portable storage devices you may have.”

“Do not access sensitive accounts from systems you have no control over, such as PCs in internet cafes or internet kiosks.”

7 Zen Principles Make You Happier and More Successful in Business

7 years ago on February 7, 2007, I launched my business and became an entrepreneur for  the second time. I am quite in awe that I am still here given the tumultuous years and change we have all been through.

I consider myself a “spiritual entrepreneur,” as I deeply care about the what, why and how of giving back to the community, people and world that supports me.

Professional fundamentals and personal values are the keystone of long term success. I am so intrigued with this that I made this timeless ideal the focus of my new book #trusthewhy coming soon:

“There is something about putting the right energy and intent out that just attracts the right things, as well as the opposite. Serendipity, law of attraction, call it what you like, it is real and I have come to accept it, believe it and live it.”

Below are seven principles of Zen that can be applied to your personal happiness and business success.

Eliminate the Clutter - Kanso

Take a good hard look at pruning people, places, processes and things that are cluttering up your path that are not adding to you and helping you to grow.

Who and what do you need to let go of and move on from?

Work-Life Integration - Fukinsei

We must always be improving and refining our work-life integration or else it’s just a continuum of crash and burn.

How can you recharge and renew your priorities, energy and health? 

Simplify and Streamline - Shibumi

Try to make things easier to do and follow by making efficiency your goal in multi-tasking. This is about finding and using appropriate apps, technologies and systems to help make things simpler and more user friendly for you and your customer.

Remember, creating the memorable customer experience is the key to customer retention.

Authenticity - Shizen

Nothing is more important than being who you say you are and delivering that consistently. Come out more from behind your business so that people can get to know the real you.

We want to know more about who we are trusting and engaging with today.

Subtlety - Yugen

Less is more. Focusing on how you can make a difference and solve problems through education and inspiration.

Contribute consistently in a thought provoking way by sharing your “experiential wisdom” through content marketing, social media and volunteering.

Amazement - Datsuzoku

There is nothing more wonderful and exciting than hearing and reading about the stories of real people and the amazing things that happen to them daily. Share your story and the stories of ordinary, real people doing extraordinary things.

Find RAK (random acts of kindness) that are happening in your world and beyond and celebrate them. This is the Zen and Karma that multiples and attracts more to you.

Calm Solitude - Seijaku

Take time to reflect, muse and meditate even for short dedicated amounts of time.  Zen is about intuition and listening for the prompts and messages that are all around us.  This principle is so essential to well being and translates to our families, community and businesses.

Listen, look and pay attention to the day you are in.

The Zen of my business success has always started with me and continues with we. The journey has had its own ebb, flow and pace and has continued to move me exactly in the direction I am supposed to be going.

Here’s to your Heiwa (peace) and Seiko (success), always.

Zen Photo via Shutterstock

Book Review: “Influence Marketing” by Danny Brown and Sam Fiorella Will Have You Embracing The Power of Influence

I recently read “Influence Marketing” by Danny Brown and Sam Fiorella - a book designed to show you how to Create, Manage, and Measure Brand Influencers in Social Media Marketing.

This book defines what influence marketing is and how it impacts your brand. In the book, Brown and Fiorella share a ‘blueprint’ to follow that will help you increase your bottom line through influential relationships. It’s all about getting others to be your brand advocates and spread the word about your product and service.

Check out my full video review here, or watch below:

Microsoft’s New CEO (Satya Nadella) and Small Business. 8 Small Business Experts Weigh In.

With the recent appointment of Satya Nadella as Microsoft’s new CEO, what will the world of small business look like for Microsoft.

Cloud computing

Microsoft Office is still the dominant office productivity software for businesses. However, large numbers of small businesses are using cloud based software to power their small enterprises. Google and a range of other vendors are massively leading in this transition. Microsoft’s Office 365 is gaining traction, but this is an area Microsoft is BEHIND in, not leading in.

Search and local 

Bing, a feature filled and good search engine, is still a shadow of Google’s dominance. In regard to the market share for local search - Google, Yelp and other vendors are leaders in this space as well. Not Microsoft.

Operating system

The operating system is important for many businesses - we can run our computers with out. However, once you turn on your computer - many small business owners just go to their browser of choice to get their work done.  While Windows 8 is a powerful operating system, it’s battle is with the web browser. Microsoft must continue to educate on the benefits and value of Windows 8.

Microsoft assets

Microsoft has a powerful reseller and partner community, with local experts who can train and support small businesses. Microsoft has the breadth and depth of services that only a large company, not a startup, can provide. Yet GoDaddy, Google and other large companies can provide. Microsoft has a strong suite of products and services - mobile (Windows Phone, yet iPhone and Google are massive contenders), business software, Windows Server (yet server-less offices are on the rise) and online services.

There is a lot Microsoft has done and can do to continue to innovate and help small businesses grow.

What should Microsoft be doing for small business owners. What should Satya and Cindy Bates, Microsoft’s head of small business be focused on in this new chapter, in regard to small business growth?

I asked this question to a few friends of mine: Carol Roth, Gene Marks, Melinda Emerson, Anita Campbell, Rieva Lesonsky, Steve Strauss and Brian Moran.

Carol Roth, CNBC Contributor, Entrepreneur and Bestselling author
http://www.carolroth.com/ 

My one piece of advice is not to abandon loyalty in the face of innovation.  Small business owners, like me, have been using Microsoft products loyally for decades.  However, with every update to core products like Microsoft Office, we need to re-learn how to use them.  User interfaces, keyboard shortcuts and more seem to change to keep pace with trends.  However, as a small business owner it is both frustrating and time consuming to have to continually change the way we interact with products.  We are spending too much time adapting to tools that are supposed to save us time and make us more productive. I am all for new features, but there is a tremendous importance of keeping loyal consumers happy.  Feel free to add new variables, but always allow customers to work and interact with products in the manner they are accustomed to so that we can focus on running our businesses.

Small businesses are not mini enterprises!  They have distinct needs.  They operate much differently - leaner, swifter, . They don’t have as many staff or as much time to spend. And just because their organizations are small and their technology may not be as advanced, they’re not dumb.  Treat small businesses differently from consumers and from larger enterprises â€" that’s the first step toward meeting their needs and desires.

Satya Nadella as the new CEO of Microsoft, you have an amazing opportunity. As a company insider, your #1 goal will be to reinvigorate innovation and product development. To help Microsoft catch up to the speed of change, it will be important to hire new agile talent and engage all employees in finding solutions. I suggest conducting Voice of the Employee (VOE) sessions, to hear solutions your front line has to offer in this mobile first, cloud first business world where we all now operate.

Don’t just tell business owners about your great technological advances; show them how to use these advances to make their businesses more efficient. Too many companies struggle with understanding how existing technology can save them time, money and hours of stress and frustration. As Harvard Business School professor Theodore Levitt told his students “People don’t want to buy a quarter-inch drill. They want a quarter-inch hole!” As you move forward with your company, be the quarter-inch hole for small businesses.

Steve Strauss, USA Today Columnist

Don’t forget your roots. Microsoft started out as a small business that created great software that helped other businesses be more efficient. It may be tempting to have a finger in every pie, but the thing that made (and makes) Microsoft great is that it does software, especially business software, better than almost anyone. As small business people, we continue to need that leadership and innovation.

Rieva Lesonsky,  Grow Biz Media

Stop talking “Micro-speak”. For too long now Microsoft basically has had its own language. Small business owners and their staffs often don’t know what you’re saying, what problems you’re addressing or what solutions you’re offering. Microsoft needs to talk to entrepreneurs in clear and concise terms, and not in techno-babble.

Small business owners turn to technology to help them be more efficient and productive. Tell them how using Microsoft products and services will benefit them, saving them time and money. Entrepreneurs need help and will become loyal customers of companies willing to help them.

Has Your Business Performed a Hat Trick?

I’m not really much of a sports guy.

I live in the Chicago area and by default root for the Cubs. But if you asked me to name a single player on the team, you’d be waiting a while.

Still, I’ve been trying to do more sports themed cartoons recently and had written down words to play with: Touchdown, home run, slam dunk, etc. And then I remembered something called a hat trick.

I thought it had to do with hockey goals and three of something or other, so it was off to the Internet where Wikipedia told me that:

“A hat-trick or hat trick in sports is the achievement of a positive feat three times or more during a game, or other achievements based on threes.”

Mix it all together in a business setting and you’ve got this cartoon. Game, set, match!

Klout Reinvents Itself With Content Sharing - First Look

Klout, the app that attempts to measure your social media influence, just launched a new version.

The new Klout goes beyond just giving you a score and rewarding with “perks” (i.e, discounts and small freebies) for activity.  The new focus is on content â€" and sharing it.

In an announcement on the official Klout blog, Sanjay Desai, Chief Product Officer, wrote:

“People always ask us, ‘How can I raise my Klout Score?’ While the math is complicated, the answer is simple: create great content. That said, we all know how hard it can be to consistently share stuff that your friends and followers react to (trust me, it gets even harder with a couple of kids in tow.)”

To address that point, Klout now offers a content stream. It displays articles that are trending in popularity or are interest-based. Snippets appear right in the Klout dashboard:

You can share the content without leaving Klout (of course, you have to leave to read the full article you’re sharing first!).  You scroll through the content stream and click the share button next to an item.

If you are not ready to share immediately, you can schedule a tweet to go out later.  A little calendar pops up to schedule it:

The new Klout (or #newKlout as it is being called on Twitter) is a mixed bag.

It is definitely nice looking.  The design is updated, fresh and clean.

And it’s got more to offer users.  The new Klout’s focus on content and sharing delivers more of the “what’s in it for me.”

Klout needed to become more than an ego-scoring service measuring social media clout.  It was fun to see your Klout score at first - but only for a short while. Soon the novelty wore off. And it’s frankly demotivating for people who are new to social media.  Seeing a low score may motivate some, but for others it puts them off using Klout, especially if they don’t have much time to spend online.  They figure their scores will never get higher.

However, I can’t shake the feeling that Klout’s new content-sharing comes too late to the market.  Other sharing apps, such as Buffer and Hootsuite, have already become entrenched - certainly among business users. Hootsuite, for example, has 8+ million users.  Other sharing apps offer more features and functionality.

Klout “Perks,” where users with high Klout scores earn discounts and freebies, are still around.  There’s a certain novelty to earning a $5 McDonald’s coupon.  But is that kind of reward worth spending a lot of time at Klout to earn?   I see plenty of tweets about Perks, but it’s hard to imagine any long-term appeal to small business owners. Most of us have limited free time, and what little we have could be better used in other ways.

Another issue is that all the content feeds are big media publications.  That means the big keep getting bigger.  It doesn’t leave much room for independent bloggers or smaller news sites to get their content shared.  Klout needs to diversify and expand its content sources.

Some established Klout features seem to be missing in the new version.  Users are complaining on the Klout blog about not being able to find the friends list and the questions section, among other things.  Klout says they were “temporarily shelved” and will be back eventually.

The company’s announcement also says more content tools will be coming later.