Google Chromebox for Meetings: Face-to-Face Meetings Remotely

Google is taking its Hangouts to the board room and staff meeting room, with the new Chromebox for Meetings.

Google has positioned Chromebox for Meetings to replace the technically complex videoconference system your business currently uses.  Up to 15 people can join a single conference hosted through Chromebox for Meetings.

The Chromebox for Meetings sells for a one-time fee of $999 and includes the “box” itself, a high definition camera, a microphone/speaker unit, and a remote control. In addition to the hardware costs, there is also a $250 annual maintenance fee to continue using Chromebox. That fee will be waived for the first year you use Chromebox.

Google says in its Official Blog:

“Meetings need to catch up with the way we work â€" they need to be face-to-face, easier to join, and available from anywhere and any device. Starting today, they can be: Any company can upgrade their meeting rooms with a new Chromebox, built on the Chrome principles of speed, simplicity and security.”

In its blog post, Google says that Chromebox for Meetings, when compared to other professional conferencing solutions, can be up to 10 times less expensive. The Chromebox device integrates with all of Google’s other Apps.  That means, for instance, that you can schedule invite others to join directly from Google Calendar.  You can invite customers from outside the company provided they have a Gmail address.  Or using UberConference they can join via phone.

Google claims it is easy to set up and join remote face to face meetings via Chromebox for Meetings.  No lengthy passcodes or leader pins needed, they say.  Participants can be in a conference room or join from their laptops, desktop computers, tablets or smartphones - no matter where they are.

Chromebox for Meetings is actually a collection of hardware from various makers packaged together into a turnkey system. The core of it is a Chromebox, which is a computer box that runs the Chrome OS operating system. The first Chromebox is made by ASUS.  Google says that Chromeboxes designed for holding teleconferences will be available later this year from HP and Dell, too.

Chromebox for Meetings is not aimed at satisfied Skype videoconferencing users.  It’s aimed at businesses that today may have more complex video- or tele-conferencing solutions, and that demand reliability and high quality, and may need to include more people than Skype allows. With the free version of  Skype you can make one-on-one video calls.  With Skype Premium (about $10 per month) Skype’s official information says you can have up to 10 participants, but if you read the fine print, Skype recommends only five.  Also, the video quality and sound quality sometimes can leave a lot to be desired with Skype.  Chromebox for Meetings would be a step up from Skype for businesses that hold a lot of meetings and demand higher quality.

Image: Google

More in: Google

Newest Version of Firefox Allows More Social Network Plugins

When you go online, you can be assured of two things. First, is that hacking is a very real possibility which must be guarded against at all times. And second, is that there are more social networks than you can shake a stick at. The arrival of the newest version of Firefox, the Firefox 27 browser - barely 2 months after Firefox 26 came out - addresses both those issues, and more.

The popular browser allows you to run more than one social plugin at a time, via its social API (how developers access the platform) and provides better security while visiting the many websites you do in a day.

First, the social API is a big feature upgrade. Before, it was limited to just one social plugin, but now you can run more simultaneously. According to ZDnet, there are currently three plugins available - Facebook Messenger for Firefox, Cliqz, and Mixi (only available in Japan). But PC Magazine is also reporting that the browser now also supports Delicious, and Saavn (an Indian music player)

In the screen grab above of Cliqz, you can see how the right-hand pane stays up and running while the main browser window is on another site. This can be useful, but if you have a small screen, such as a laptop, then having a constant right-hand pane can seriously cut into your screen real-estate.

With regards to the security side of things, Firefox now recognizes the Transport Layer Security (TLS) protocol by default. It did before but it wasn’t switched on. Google’s SPDY 3.1 protocol is also recognized by the browser.

Thirteen security fixes have also been dealt with, making Firefox more secure to use. Techcrunch says that SPDY and TLS are “essentially the successors of the well-known SSL cryptographic protocol.”

The Naked Security blog over at Sophos has listed the patches which have been applied, if you are interested (and can understand them.)

Those who have not installed the browser yet can go here to get the installation file. If you already have Firefox installed, the browser should update automatically (if you have the option switched on in the preferences).

Newest Version of Firefox Allows More Social Network Plugins

When you go online, you can be assured of two things. First, is that hacking is a very real possibility which must be guarded against at all times. And second, is that there are more social networks than you can shake a stick at. The arrival of the newest version of Firefox, the Firefox 27 browser - barely 2 months after Firefox 26 came out - addresses both those issues, and more.

The popular browser allows you to run more than one social plugin at a time, via its social API (how developers access the platform) and provides better security while visiting the many websites you do in a day.

First, the social API is a big feature upgrade. Before, it was limited to just one social plugin, but now you can run more simultaneously. According to ZDnet, there are currently three plugins available - Facebook Messenger for Firefox, Cliqz, and Mixi (only available in Japan). But PC Magazine is also reporting that the browser now also supports Delicious, and Saavn (an Indian music player)

In the screen grab above of Cliqz, you can see how the right-hand pane stays up and running while the main browser window is on another site. This can be useful, but if you have a small screen, such as a laptop, then having a constant right-hand pane can seriously cut into your screen real-estate.

With regards to the security side of things, Firefox now recognizes the Transport Layer Security (TLS) protocol by default. It did before but it wasn’t switched on. Google’s SPDY 3.1 protocol is also recognized by the browser.

Thirteen security fixes have also been dealt with, making Firefox more secure to use. Techcrunch says that SPDY and TLS are “essentially the successors of the well-known SSL cryptographic protocol.”

The Naked Security blog over at Sophos has listed the patches which have been applied, if you are interested (and can understand them.)

Those who have not installed the browser yet can go here to get the installation file. If you already have Firefox installed, the browser should update automatically (if you have the option switched on in the preferences).

Institutional Lenders Increase Small Business Lending Deals

A big trend in small business lending during the past few months has been the emergence of institutional lenders. This category includes:

• Insurance companies
• Family funds
• Hedge funds
• Other non-bank financial institutions that are looking for high yield investments

Typically, they are able to offer more competitively priced loan options than alternative lenders, who sometimes charge as much as 30-50% interest . They also can provide amounts up to $1 million or more.

Generally the rates that institutional lenders charge will fall somewhere between the 6-8% typically offered by banks and the high rates of cash advance companies. The result is that as these institutional lenders enter the small business lending marketplace, greater amounts of long-term, stable money becomes available to entrepreneurs. Borrowers can get better products at attractive interest rates and terms. This is good news.

During the last 3-4 months, my company has processed over $20 million in small business financing from institutional lenders. In fact, we have added institutional lenders as a new category in our often quoted Biz2Credit Small Business Lending Index. In January 2014, these non-bank lenders granted 56.5% of the funding requests they received â€" a much higher approval rate than big or small banks.

Because alternative lenders, such as factors and cash advance companies, charge such a high premium for their risk and the speed by which they process loans, other players have come into the marketplace looking to fill the void. My prediction is that the demand for short-term, high-interest financing will go down, particularly as the economic conditions continue to improve.

Meanwhile, big banks are approving a higher percentage of small business loan requests than at any time since the recession. Lenders with $10 billion+ in assets approved 17.8% of applications in January. They are benefiting because creditworthy borrowers are applying for funding, in part because the economy is slowly but steadily getting better. Certainly, conditions do not seem as dire as they were in 2009 or 2010. Now, when the banks request three years worth of financial documents, they see that companies’ situations have improved quite a bit during the time period between 2011 and 2013.

Meanwhile, loan approvals at small banks have climbed to 50.9%. This is significant because it means borrowers are more likely to get funded than to be rejected. What drives this is the fact that SBA lending has picked up considerably over the last month. Small banks, in particular, are processing a lot of loans through the SBA Express program (loans less than $350,000) and SBA 7(a) program (loans between $350,000 - $5 million).

They still play an important role. In 2013, they were willing to lend during the government shutdown, a time when banks could not get the information they needed from the SBA and IRS to facilitate SBA loans. However, they are experiencing a drop-off in approval rates, 64.1% in January 2014, down from 67.3% in December.

While alternative lenders offer quick decision-making, their rates are high. They now have to worry about increased lending by banks of all sizes, as well as the institutional lenders that are now trying to eat their lunch.

Lending Photo via Shutterstock

How A Brooklyn Martial Arts School Is Marketing Their Way To Profits and Happy Customers

I had the honor of chatting with Carmen Sognonvi (co-owner Urban Dojo) how she took control of their marketing and is growing sales and delighting customers.

Watch our Google Hangout, below, and learn how YOU can grow your business and leverage online and offline sales and marketing best practices for amazing success!

In our discussion we talk about:

• How Urban Dojo came to close to moving our business 10 blocks away - and why had they done so, it would have been a disastrous mistake
• How to charge a premium rate for your product or service without being afraid of losing business
• Why marketing isn’t about getting your contact info out to your prospects, but rather, getting their contact info into your database
• How to take control of your business instead of hoping for the phone to ring

Check out Carmen’s blog, full of marketing tips here - http://www.carmensognonvi.com/take-control/

Join our discussion below, or here - http://www.youtube.com/watch?v=OvYQ2wDblGk

UK bank customers targeted by new Zeus variant

February 18, 2014

A new version of the notorious Zeus banking Trojan, which hides itself inside digital photos, has been discovered by research firm Malwarebytes. And in a worrying echo, Trustwave has uncovered malware that harvests credit card details from online stores then camouflages itself as a JPG picture file to escape detection.

Malwarebytes senior security researcher Jerome Segura revealed the new Zeus variant, dubbed ZeusVM, in a 17 February blog post. Segura includes a screen shot that shows ZeusVM targeting the customers of dozens of well-known banks worldwide, including Lloyds, Barclays and Santander, as well as Wells Fargo and Deutsche Bank.

The malware works by embedding its money-stealing code inside attractive images, such as a beautiful sunset, that the victim inadvertently downloads. ZeusVM then kicks in when the user logs on to the website of one of the targeted banks, stealing the user's credentials and potentially emptying their online account of money.

Segura said: "It appears the intended targets were primarily Europeans due to the larger number of banks from the EU in the configuration file. But there were also other banks in New Zealand or South America, so the malware authors didn't want to exclude anybody. Perhaps they were just concentrating on certain areas where they had the most knowledge. However this is just a hypothesis.”

He added: “Hiding malevolent code in such a way can successfully bypass signature-based intrusion detection systems or even anti-virus software. From a webmaster point of view, images (especially ones that can be viewed) would appear harmless. It's a reminder that a file should not be considered safe simply because it appears to be a legitimate picture, song or movie.”

Meanwhile, Trustwave's Richard Wells said in a blog post of his own that he too had tracked down an attack that hid malware inside a picture file - in a technique known as ‘stenography'.

The attacker infected an unnamed online store by planting malware inside one of the JavaScript files driving its customer checkout process. The malware was being used to harvest credit card details; it then disguised the encoded data inside what appeared to be a JPG file, before sending it back to the perpetrator.

Wells said in his blog: “As attackers become more and more creative with the methods that they use to hide their malicious activity, it is critical that the owners and administrators of online shops are aware of what exactly is occurring on their servers. The need for file integrity monitoring (FIM) is greater than ever.

“If an attacker modifies a website's source code, a FIM solution could alert administrators to a compromise in progress and help to limit the amount of data that could be compromised.”

Security expert Richard Moulds, vice president of product strategy at Thales e-Security, said the two attacks underline the need to use chip-and-pin encryption on cardholder data as regular PCs and servers can't be secured.

He told SCMagazineUK.com via email: “Although we hear relatively regularly of stolen cardholder data, we very rarely see stories of stolen PINs - we have a widespread solution for protecting this critical information.

“PINs are encrypted directly in the card reader as soon as they are entered by the shopper. They are only decrypted when absolutely necessary, and only in similarly hardened devices (hardware security modules - HSMs). Everything in between, including the point of sale terminal, only sees scrambled data which is useless to an attacker.

“Vulnerabilities such as those exposed by the Zeus banking Trojan have further highlighted the need a complete shift in the IT mindset and the need for this type of approach to security.”

The Trojan family which ZeusVM belongs to is one of the most widely used in the world, having infected millions of Windows-based computers, mainly to steal online banking information. It is also used to install the notorious CryptoLocker ransomware. Zeus variants date back to at least 2007.

UK bank customers targeted by new Zeus variant

February 18, 2014

A new version of the notorious Zeus banking Trojan, which hides itself inside digital photos, has been discovered by research firm Malwarebytes. And in a worrying echo, Trustwave has uncovered malware that harvests credit card details from online stores then camouflages itself as a JPG picture file to escape detection.

Malwarebytes senior security researcher Jerome Segura revealed the new Zeus variant, dubbed ZeusVM, in a 17 February blog post. Segura includes a screen shot that shows ZeusVM targeting the customers of dozens of well-known banks worldwide, including Lloyds, Barclays and Santander, as well as Wells Fargo and Deutsche Bank.

The malware works by embedding its money-stealing code inside attractive images, such as a beautiful sunset, that the victim inadvertently downloads. ZeusVM then kicks in when the user logs on to the website of one of the targeted banks, stealing the user's credentials and potentially emptying their online account of money.

Segura said: "It appears the intended targets were primarily Europeans due to the larger number of banks from the EU in the configuration file. But there were also other banks in New Zealand or South America, so the malware authors didn't want to exclude anybody. Perhaps they were just concentrating on certain areas where they had the most knowledge. However this is just a hypothesis.”

He added: “Hiding malevolent code in such a way can successfully bypass signature-based intrusion detection systems or even anti-virus software. From a webmaster point of view, images (especially ones that can be viewed) would appear harmless. It's a reminder that a file should not be considered safe simply because it appears to be a legitimate picture, song or movie.”

Meanwhile, Trustwave's Richard Wells said in a blog post of his own that he too had tracked down an attack that hid malware inside a picture file - in a technique known as ‘stenography'.

The attacker infected an unnamed online store by planting malware inside one of the JavaScript files driving its customer checkout process. The malware was being used to harvest credit card details; it then disguised the encoded data inside what appeared to be a JPG file, before sending it back to the perpetrator.

Wells said in his blog: “As attackers become more and more creative with the methods that they use to hide their malicious activity, it is critical that the owners and administrators of online shops are aware of what exactly is occurring on their servers. The need for file integrity monitoring (FIM) is greater than ever.

“If an attacker modifies a website's source code, a FIM solution could alert administrators to a compromise in progress and help to limit the amount of data that could be compromised.”

Security expert Richard Moulds, vice president of product strategy at Thales e-Security, said the two attacks underline the need to use chip-and-pin encryption on cardholder data as regular PCs and servers can't be secured.

He told SCMagazineUK.com via email: “Although we hear relatively regularly of stolen cardholder data, we very rarely see stories of stolen PINs - we have a widespread solution for protecting this critical information.

“PINs are encrypted directly in the card reader as soon as they are entered by the shopper. They are only decrypted when absolutely necessary, and only in similarly hardened devices (hardware security modules - HSMs). Everything in between, including the point of sale terminal, only sees scrambled data which is useless to an attacker.

“Vulnerabilities such as those exposed by the Zeus banking Trojan have further highlighted the need a complete shift in the IT mindset and the need for this type of approach to security.”

The Trojan family which ZeusVM belongs to is one of the most widely used in the world, having infected millions of Windows-based computers, mainly to steal online banking information. It is also used to install the notorious CryptoLocker ransomware. Zeus variants date back to at least 2007.

Can Lithium Give Klout New Purpose?

Lithium is buying Klout, the social influence measurement service, for a reported $100 million.

Questions have long been raised from a user’s standpoint about the value of Klout scoring. It’s not hard to find blog posts where people question or criticize the over-reliance on Klout scores.

In fact, other than checking your scores regularly and trying to earn small freebies from Klout Perks, there hasn’t always been a lot of reason for business people to repeatedly participate at Klout.com. Worse, some started gaming it.

Brent Leary, partner with CRM Essentials and CRM industry analyst, told us:

“Klout, when it first came out, was interesting as everyone was trying to figure out what online influence really meant. Interest in this area helped Klout to be seen by many as the de facto social influence score. But what soon happened was the gaming of the system. So instead of looking at how an individual’s natural online activity translated into and measured impact and influence, people focused on what they needed to do to drive up their Klout scores.”

Less than a week ago, Klout rolled out a new site that focuses on “content” to try to make the site better for users. As we pointed out, the features added â€" focusing on content sharing and scheduling social media updates â€" are late to the market.  Other players are already entrenched.

And now comes the news that CRM platform Lithium is buying Klout - and paying what insiders believe is a high price.  According to Chris Bucholtz, Director of Content Marketing at Relayware and CRM Buyer Columnist, speaking in an interview at Fierce Content Management:

“Klout, in theory, can tell you which people are most influential-and thus which customers are more influential. That would allow a business to give greater weight to customer support issues with customers who are more likely to talk about their experiences. Is that worth $100 million?”

What does the acquisition mean for entrepreneurs and business people who use Klout?

No one is suggesting that anything will change immediately. It’s unclear what Lithium intends to do in the long run with Klout. But according to Leary, it raises interesting possibilities for renewed purpose once Klout is incorporated into Lithium:

“Klout in its current state is very limited and doesn’t add significantly to the understanding of influence from a transactional standpoint.  But tweaked and coupled with Lithium’s treasure trove of data on community behavior, it could give Lithium customers great insight into what and who is important to their communities, and help create better experiences to extend customer engagement into customer activities - like buying something, and/or advocating on behalf of the company.”

That seems to align with the focus on using data intelligence to define influencers that Lithium’s Chief Scientist, Michael Wu, spoke about at length in an interview a few years ago.  At the time he said, “At Lithium Technologies, we have about 10 years of data from over 200 communities.”

Now that kind of data, combined with Klout scoring, raises interesting possibilities for business intelligence.

Image: Klout

21 governments have used \"untraceable\" spyware

February 18, 2014

As many as 21 governments are said to have used the "untraceable" Remote Control System (RCS) spyware being sold by the Milan-based Hacking Team.

Researchers at The Citizen Lab, an interdisciplinary laboratory based out of the University of Toronto in Canada, have been investigating the spyware for months, but have mapped out where exactly this spyware strikes.

Detailing its findings in its second report on the matter, the group reveals that the spyware has been marketed and sold exclusively to governments by Milan-based Hacking Team for over two years, and adds that the product - which has been used to attack Moroccan media outfit Mamfakinch, UAE humans right activists Ahmed Mansoor and Ethopian journalists more recently - is advertised as being “untraceable” to a specific government operator.

The Hacking Group promotes its flagship product, RCS7, as being a “hacking suite for governmental interception”, while the follow-up RCS8 is billed as a “suite of remote monitoring implants” sold to governmental agencies. Both of these are able to capture data locally from devices, from copying files from the hard drive and recording Skype calls and instant messages to recording browser passwords and turning on the device's webcam and microphone. The user doesn't even need to connect to the internet.

RCS prays on exploits - researchers even claims that commercial suppliers, including Vupen from France, may have supplied Hacking Team customers with exploit details since 2012 - and avoids detection by re-routing data to four different proxies across the world. Despite all this, researchers say that the spyware is traceable after all.

“Our research reveals that the RCS collection infrastructure uses a proxy-chaining technique, roughly analogous to that used by general-purpose anonymity solutions like Tor, in that multiple hops are used to anonymize the destination of information,” reads the report.  “Despite this technique, we are still able to map out many of these chains and their endpoints using a specialized analysis.”

The Citizen Lab has found that 21 governments are past or present users of RCS with these countries comprising Azerbaijan, Colombia, Egypt, Ethiopia, Hungary, Italy, Kazakhstan, Korea, Malaysia, Mexico, Morocco, Nigeria, Oman, Panama, Poland, Saudi Arabia, Sudan, Thailand, Turkey, UAE, and Uzbekistan.

As researchers point out, nine of these countries received the lowest ranking - “authoritarian” - in The Economist's Democracy Index two years ago, while current users Egypt and Turkey are troubled by domestic protests.

Since the report, the Hacking Team - perhaps taking PR tips from the NSA - has been keen to stress that its software is only for fighting crime and terrorism, and not sold to repressive regimes or those blacklisted by EU, USA and NATO. 

“We have established an outside panel of technical experts and legal advisers, unique in our industry, that reviews potential sales. This panel reports directly to the board of directors regarding proposed sales,” said the firm in a statement recently.

However, the Citizen Lab has contested this and points to numerous examples.

It notes activity from an RCS endpoint in Azerbaijan between June and November last year, and tentatively suggests that similar techniques to those mentioned above could have been used to compromise investigative reporter Khadija Ismayilova in the lead-up to the national election. In addition, Human Rights Watch reportedly saw Kazakhstan government critics fade away on anti-torture measures as an RCS endpoint was active in the country. Activity has been strong in Italy, the home country of Hacking Team.

Summarising its findings, researchers from the Citizen Lab admitted that most of this hacking may be legally-sanctioned, and noted some alignment between the companies that sell exploit kits and those that sell surveillance Trojans. But it added that some of this hacking is most likely “abusive” and “unaccountable”.

“Hacking Team has made a number of statements that seem intended to reassure the public, as well as potential regulators, that they conduct effective due diligence and self-regulation regarding their clients, and the human rights impact of their products,” said the research team in a statement.

“They also market their RCS product as untraceable. Our research suggests that both of these claims ring hollow.”

ICO and doctors slam new NHS patient database

February 18, 2014

The Government has been criticised by its own privacy watchdog, the Information Commissioner's Office (ICO), and by the British Medical Association (BMA) over its controversial plan to collect the health data of every person in England on a single database.

The Government has been criticised by its own privacy watchdog, the Information Commissioner's Office (ICO), and by the British Medical Association (BMA) over its controversial plan to collect the health data of every person in England on a single database.

The ICO has accused NHS officials of failing to explain the new scheme in the way they promised to, while the BMA is “deeply concerned” that patients have not been properly told how they can opt-out of the new ‘Big Brother' database'. They have since called for the scheme to be halted until that happens.

Under the £50 million ‘care.data' plan, from April onwards the electronic patient records in every GP practice in England will be gathered and then merged with data from hospitals, social care and community services to create a single anonymised database that can be accessed by researchers from academia and pharmaceutical companies.

But anyone can opt-out of the scheme and leaflets sent to all 22 million households in England last month were supposed to explain the plan. But a BBC survey shows just 45 per cent of people are aware of the scheme.

The BMA, which represents doctors, is “deeply concerned” at this and BMA GPs committee chair Chaand Nagpaul said that the government needs to spend more time educating the public.

“Patients remain inadequately informed about these proposals. We call on the Government to ensure public trust in the system by properly informing the public about care.data before the currently planned data extracts commence, and produce evidence this has been achieved prior to uploads taking place.”

The ICO is also concerned that NHS England officials have not explained the plan in the way they committed to and has launched an investigation.

An ICO spokesperson told SCMagazineUK.com: “We were shown the communications plan for this. But we don't feel it's been implemented necessarily in the way that we expected.

“The NHS themselves have introduced an opt-out - it's not an opt-out under the Data Protection Act - but even so they're still obliged to let people know about it, and that's what we're looking at.

“Our role is to see whether patients are being made aware of what's happening to their records and the fact that they can opt out if they want to. We feel that the opt-out itself has not been explained as clearly as we were told it would be by NHS officials.”

The BMA's 17 February call to delay the scheme has been backed by privacy campaigners. Nick Pickles, director of Big Brother Watch, told SCMagazineUK.com via email: “NHS England has failed to properly inform patients and with even GPs still raising questions about what will happen to the information, there is no doubt that this scheme should be delayed.”

Pickles also pointed out that people can opt out of the scheme by visiting the website https://www.faxyourgp.com/.

The new database has been backed by medical charities, who insist that NHS data sharing will save lives. Last month, charities and medical research organisations including Arthritis Research UK, Cancer Research UK, Diabetes UK, the British Heart Foundation and the Wellcome Trust ran a joint advertising campaign urging people not to opt out.

Meanwhile, NHS England is investigating reports that some people did not receive the information leaflets. A spokesperson said: ‘We are absolutely committed to ensuring the public understands the benefits of this important initiative and also the choices available to them. This is why we provided leaflets and posters to every GP practice in August 2013, have produced a video animation, and have established an information line on 0300 456 3531 for patients to call if they have any questions or concerns.

“We also contracted to deliver a leaflet to every possible household in England during January; we are investigating reports that people did not receive leaflets.”

The row is a new body blow to the care.data programme, coming just days after the NHS' own risk analysis showed that the database will be vulnerable to hackers and the insider threat (SC Magazine UK, 17 February).

Last month, it was also revealed that the opt-out clause could break the forthcoming new EU-wide data privacy law which may insist people must actively ‘opt-in' before their personal data can be used (SC Magazine UK, 21 January).

Online Billing and Invoicing Execs Discuss Hiveage. Free and Simple Sir Lankan Built App for Small Businesses

Hiveage is a free online billing and invoicing service created by two Sri Lankan entrepreneurs.

In this Google Hangout they discuss with Ramon Ray, why their service is free and how it’s different than competing services.

If your current invoicing service is not working for you or you’re using manual systems, Hiveage is a service you should consider.

Check out our interview here http://www.youtube.com/watch?v=ii3PMNRaUz8 or below

How Big Leaps Can Be Dangerous to Your Business

Most small business owners think they have to take giant risks to be successful. They reason that the greater the risk, the bigger the reward. This is common wisdom since, when a success story gets publicized, no one hears about all the interim steps that were taken to get to the final result.

No one sees the up, down, and sideways paths it took to reach that goal.

It is much safer and ultimately more effective to make a small decision, examine its result, and learn what you can from it. Then make another decision based on that outcome.

Think of each small decision as another piece of completing a puzzle. Never pin the future of a company on one decision, action, or resource. “Go big or go home” or “playing for all the marbles” may make a good slogan, but it has no real place in business.

Here is what to do get the most out of each new opportunity:

A Huge Customer

Downsize expectations. Start with small sales goals. No matter how big the opportunity or how famous the brand, keep the excitement in check.

While you may not want to treat them like just another customer, assume sales will build very slowly over a longer period of time.

The Next Employee

Be realistic. On any team, a new player can have an impact, but typically this takes time.

Before hiring, find out if the prospective employee truly has demonstrated what they can do in the job. Having previous experience at a competitor or a large brand-name company may not translate to success at your business.

The Next Product Line

What have the initial customers said about the product? How can it be rolled out to a small release to ensure it works as expected? Have these initial customers paid for the product, and what real results have they accrued as a result?

Most products take time to be adapted by the marketplace. This also usually only happens when supported by a substantial marketing budget.

The Next Consultant

No matter how good their experience is, one person cannot make a huge impact immediately.

Start the consultant with a small scoped project with stated goals. At the project’s completion, match the goal against the actual results. If the outcome is positive, do a second project and build scale from there.

The Next Market Change

Test, test, and test. Do this before a large investment is made in project development or a big marketing expense rollout. Have you really identified a pain in the market from people who can pay to fill it?

This is only demonstrated by paying repeat customers (and referrals) and not with what prospects say when you survey them. Many people will say yes when surveyed, but few will say yes when you actually ask them for money.

The Next Competitor

What a customer substitutes for one product is constantly changing, so it’s difficult to keep up. Know everything customers do with the same money they use to buy your products or services. Keep up to date on all these competitors, and track where they are making their largest investments.

As Chinese general Sun Tzu said, “Keep your friends close and your enemies closer.”

This article, provided by Nextiva, is republished through a content distribution agreement. The original can be found here.

Risk Photo via Shutterstock

Google buys sound authentication start-up

SC webcasts on demand

This is how to secure data in the cloud

Exclusive video webcast & Q&A sponsored by Vormetric

As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.

View the webcast here to find out more

More in News

Researchers say that more than 300,000 user credentials have been uploaded on forum Pastebin over the last year.

The National Health Service has admitted that patient confidentiality could potentially be undermined under its new centralised patient database system.

Online crowd-funding website Kickstarter was hacked last week, with hackers getting access to customer data.

Pee U! Your Smell Could Someday Be Used for Personal ID

If your business requires a security clearance or other personal identification system such as a photo ID, your employees’ distinctive body odors might someday be their IDs.

Researchers in Spain say they’re working on a system that helps identify people by their scent. This would be the latest in a long history of using various individual characteristics - fingerprints, retina scans and the like - to identify people.

The team at Universidad Politecnica de Madrid say their smell test is accurate 85 percent of the time right now. They are being aided by the Spanish technology firm IIia Sistemas SL.  Discovery News reports:

“While iris and fingerprint scans may have a higher accuracy rate, the researchers contend these techniques are commonly associated with criminal records, perhaps making people reluctant to participate with the process. On the other hand, facial recognition has a high error rate. Therefore, the development of scent sensors that could identify a person as they walk through a system stall could provide less invasive solutions with a relatively high accuracy rate.”

The accuracy rate may not be 100 percent. However, if you’re looking to increase workplace security without turning your office into a quasi-police state, an odor test might be one answer. It would likely be less intrusive than fingerprinting or eye scanning all your employees.

From the standpoint of traveling for business, an odor test might also be easier and less intrusive. Researchers indicate one of the main places the technology could be employed is at airports where it could be used in place of the more conventional photo ID.

Writer Nic Halverson explains:

“TSA agents may have reputations for being gruff grouches who love nothing more than to nose through your bags, but their rotten tempers might be because of all the rank B.O. they’re forced to smell, day in, day out.”

Now, if only we could use an odor ID to access our Facebok, Twitter and other sites. It would be great to leave all those hard to remember pass codes behind. Maybe using body odor as an access to your important computer accounts would make hacking into them a bit more difficult as well.

Odor Photo via Shutterstock

Hackers post hundreds of thousands of user credentials on web

February 18, 2014

Researchers say that more than 300,000 user credentials have been uploaded on forum Pastebin over the last year.

Swiss infosecurity and computer forensics company High-Tech Bridge carried out the research recently and found that 311,095 user credentials - comprising log-in and password pairs - for various services, websites and emails have been compromised on Pastebin.

Set up in 2007, the website is primarily designed for storing text for a certain period of time, but has more recently been adopted by hackers to reveal, as just a few examples, compromised account details from Comcast, the FBI, Tesco and the Singapore government.

The firm adds that each leak record on Pastebin contains 1,000 user credentials, but - intriguingly - suggests that most leaks are from hactivists who post personal data and passwords of law enforcement and security agencies, just to show that it is possible.

Company CEO Ilia Kolochenko told SCMagazineUK.com that hackers primarily take to Pastebin to show off their expertise, rather than for direct financial gain, and often belong to hactivisim groups like Anonymous and LulzSec. “It's a proof of concept; they'd like to show that they've hacked someone.”

The company went on to note: “The posts are in effect, adverts for the attackers' capabilities”. 

Researchers found that compromised details were across all sectors, while Kolochenko himself noted that some hackers compromise accounts for financial gain. For instance, he said that some would extort money by threatening to publicise private data, but would require only a “reasonable” amount of money so that the victim wouldn't invoice any law enforcement.

It turns out that while hackers adopt an array of attach techniques - from phishing to social engineering - to compromise an attack, email services like Gmail are the first port of call, as they often tie to banking services and other password-protected websites.

Indeed, email systems were the highest source of a leak at 40.9 percent, with Gmail the most compromised email account with 25.1 percent. The reason why is simple, according to Kolochenko.

“Gmail today is the most popular free email service and it's used by millions of people. Many people who have Gmail also do things like online shopping and online banking,” he said, before adding that Google itself has improved security measures with things like SMS authentication.

“But it's not a Gmail problem…it's the people who are using Gmail.”

Hackers post hundreds of thousands of user credentials on web

February 18, 2014

Researchers say that more than 300,000 user credentials have been uploaded on forum Pastebin over the last year.

Swiss infosecurity and computer forensics company High-Tech Bridge carried out the research recently and found that 311,095 user credentials - comprising log-in and password pairs - for various services, websites and emails have been compromised on Pastebin.

Set up in 2007, the website is primarily designed for storing text for a certain period of time, but has more recently been adopted by hackers to reveal, as just a few examples, compromised account details from Comcast, the FBI, Tesco and the Singapore government.

The firm adds that each leak record on Pastebin contains 1,000 user credentials, but - intriguingly - suggests that most leaks are from hactivists who post personal data and passwords of law enforcement and security agencies, just to show that it is possible.

Company CEO Ilia Kolochenko told SCMagazineUK.com that hackers primarily take to Pastebin to show off their expertise, rather than for direct financial gain, and often belong to hactivisim groups like Anonymous and LulzSec. “It's a proof of concept; they'd like to show that they've hacked someone.”

The company went on to note: “The posts are in effect, adverts for the attackers' capabilities”. 

Researchers found that compromised details were across all sectors, while Kolochenko himself noted that some hackers compromise accounts for financial gain. For instance, he said that some would extort money by threatening to publicise private data, but would require only a “reasonable” amount of money so that the victim wouldn't invoice any law enforcement.

It turns out that while hackers adopt an array of attach techniques - from phishing to social engineering - to compromise an attack, email services like Gmail are the first port of call, as they often tie to banking services and other password-protected websites.

Indeed, email systems were the highest source of a leak at 40.9 percent, with Gmail the most compromised email account with 25.1 percent. The reason why is simple, according to Kolochenko.

“Gmail today is the most popular free email service and it's used by millions of people. Many people who have Gmail also do things like online shopping and online banking,” he said, before adding that Google itself has improved security measures with things like SMS authentication.

“But it's not a Gmail problem…it's the people who are using Gmail.”