Top Stories: A Crowdfunding Service is Acquired and a Social Site Gets a New Look

Small Business owners have little time to keep up with the news important to them. Let the Small Business Trends editorial team help you keep track of what’s important. Read our roundup below.

Online Services

Dropbox has raised yet more funding and could be going public. But there are other useful cloud storage options out there. Online storage is becoming an increasingly hot market. Small businesses need to find an economic place to put their valuable data in the clouds. We’ve compiled a list that should at least get you started considering your options.

Fundable acquires LaunchRock. Basically, launch rock is a place entrepreneurs with a new product or service can set up a simple, no-nonsense landing page. The idea then is that they can use the site to start a pre-launch following. Small Business Trends CEO Anita Campbell gives us an overview of what the acquisition by crowdfunding site Fundable could mean.

Stripe may be a new way to take credit card payments on your site. The kicker is that you don’t have to invest in the server space or security necessary to encrypt and store your customers’ credit card information. Stripe processes the information on its own site for you. A recently announced redesign has introduced even more features.

Google wants to pay for referrals to its paid apps service. Specifically, Google says it will pay $15 per referral to its Google Apps for Business Service.  Like the popular free Google Web apps, this service includes features like Gmail, Google Drive and calendar. But starting at $5 per user, this version offers an enhanced menu of services for business users.

Want some free photos to use on your website? Certainly online publishers, like all small business owners, are always looking for deals. But this one comes with some drawbacks you may find less appealing then paying for photos. How about showing someone else’s ads on your website for free?

Mobile

T-mobile plan offers more data, but comparisons are tricky. Actually, we say comparing these programs is like comparing apples and oranges. But pick your own analogy. The T-Mobile plan is the latest example of how carriers are beginning to base their packages on data transfer instead of voice or texting. The question is how you use your mobile device and what plan would be best for you.

Yahoo wants to sell ads for mobile apps. It’s not a new idea. Among big Web properties, Facebook really pioneered the mobile app ad as a way to collect money from this rapidly growing market. But for independent developers including small businesses that have created their own apps, this could be another great opportunity to get the word out about your product.

Social Media

Facebook for Business is changing. Specifically, the new pages for businesses and brands will look a lot more like the layout for personal profiles. So now your business’s profile will look a lot more like the personal pages of you and your friends. This means information on your business neatly collected on the left side of the page. It also means your business feed will be centralized letting your fans know exactly where to look for the latest about your company.

Twitter ad rates still seem to be falling. It’s not necessarily anything to worry about and it could even be a great thing for your company. If there are users you’re trying to reach on Twitter, there are ways to do that now with little cost. But if you’re wondering why these rates are so cheap, well, it’s a bit more complicated then you might think.

Retail businesses have discovered Instagram. Recent media reports are centering on the ability the popular photo sharing software has to drive conversions and help generate sales. We’re not talking about Instagram’s new advertising services. These are just photos shared by people like you and me.

Software

It’s time to chuck that old operating system. The time has come. In April, Microsoft will be discontinuing support for its XP operating system. Microsoft just launched some new fixes to patch vulnerabilities in the system. Small businesses tend to stay with what works. But once Microsoft ceases support for XP, using it will no longer be a practical option. Here are the alternatives.

Choices are exploding for invoicing software. We’ve done posts on the choices out there for your business before. But recently, Tradeshift has reinforced the importance of the growing field with news it had raised $75 million in venture funds. We’ve also collected a list of other key players in the field.

Advice

Think big but take small steps. Some of the world’s most successful companies â€" take Google, for example â€" grew from very humble beginnings. But growing your business from a tiny startup to a huge company, or just into a healthy thriving small business, takes a very specific approach.

Tech

One ring to rule them all. This Bluetooth ring is the latest in wearable technology. But much more than that, it could be another tremendous productivity tool. Consider that by simply waiving your hand or drawing shapes or letters in the air, you can compose and send emails, open apps and more. The first to get their hands on this ring will likely be contributors to the Kickstarter campaign.

Taxes

IRS emails could mean real trouble this tax season. No, it’s not because you’re being audited. Think about it. You’d have to have already filed your return to be audited, right? Instead, security company Symantec warns there’s a lot of scammers and hackers around this time of year. Don’t be their next victim by being careless.

Reading Photo via Shutterstock



President Obama to Expand Overtime Pay: The Impact on Small Businesses

President Barrack Obama plans to use his executive authority to expand overtime pay. Officials say the President is granted the right to regulate overtime under the 1938 Fair Labor Standards Act.

In an article in the Washington Post, a spokesperson for the administration is quoted as saying:

“Today, after weathering the Great Recession, and through five years of hard work and determination, America is creating jobs and rebuilding our economy. But as a result of shifts that have taken hold over more than three decades, too many Americans are working harder than ever just to get by, let alone to get ahead.”

Still many in the business community and many of their supporters in Washington worry about the move. They say no matter how well intentioned, it might have a negative effect. Specifically, it could increase costs and make it difficult for these businesses to expand, as House Speaker John A. Boehner (R-Ohio) explains:

“There’s all kinds of rumors about what the President may or may not do with regards to overtime pay and reclassifying some jobs for overtime. But if you don’t have a job, you don’t qualify for overtime. So what do you get out of it? You get nothing. The president’s policies are making it difficult for employers to expand employment.”

The expansion of overtime would probably have less of an effect on current hourly wage earners. These would include employees like, for example, fast food workers who have been pushing for higher wages.

Instead, it seems more likely to impact salaried employees. The White House says millions of these employees are working 50 to 60 hours a week without sufficient compensation.

The Fair Labor Standards Act differentiates between salaried and hourly employees. Salaried employees manage others and, in general, do not qualify for overtime, while hourly workers do.

But the President could also raise the $455 a week wage floor under which even salaried employees would need to be paid overtime. That could force business owners to reevaluate salaried employees and either raise their wages or cut back their hours.

The President could also direct the U.S. Department of Labor to attempt to redefine jobs not generally thought of as hourly wage positions based on the amount of management of other employees they do.

In fact, it is in small businesses where the greatest problem with this change in policy may arise. Here, a smaller workforce often necessitates a blurring of lines between management and wage workers. Fewer staff wear more hats and everyone is willing to pitch in. But in a recent post at Forbes, staff writer Daniel Fisher explains:

“Small businesses will likely bear the brunt of the new regulations. If DOL increases the amount of time a manager must spend managing other employees, that will pressure restaurants and stores that only have a couple of employees and expect managers to roll up their sleeves and pitch in. Suddenly helping out on the dishwashing line becomes the trigger for an expensive lawsuit.”

Money Photo via Shutterstock



Another Twitter Outage the Result of a New Service Deployment Gone Wrong

twitter outage

Twitter has been experiencing Technical Difficulties lately. The latest happened earlier this week. The social network was inaccessible for more than a half hour. Many users were logged out of the Twitter system.

In a service notification, Twitter says it attempted to implement a new service and it failed:

“During a planned deploy in one of our core services, we experienced unexpected complications that made Twitter unavailable for many users starting at 11:01am (Pacific time).”

Twitter says it “rolled back the change” when it identified the problem. The site conducted a “controlled” restart to ensure other functions were working properly. The site was fully functional by 11:47 a.m. the same day.

There are few details on what that new change to Twitter was supposed to be. And all the changes may not have been completely rolled back, either. Upon our inspection, the “Connect” tab at the top of your Twitter.com homepage is different. Now, it’s labeled “Notifications.”

It was only just more than a week ago that Twitter suffered another service interruption.

In that disruption, thousands of users were sent emails informing them that their passwords had been reset. The reset supposedly the result of a system, or so users were told in the initial email. Then, in a follow-up message, users were told it had all been a mistake.

Twitter insists that it was not hacked and that user data was not compromised. Instead, it blamed a system error causing the emails to be sent.

Whatever the more recent problem this week, the system was not down for long. But it remains to be seen what upgrades the social platform still plans to introduce.

Blue Bird Photo via Shutterstock

More in:

Morrisons supermarket succumbs to insider threat

Staff pay and bank details posted by suspected insider at Morrisons.

On 13 March Britain's number four grocer, Morrisons, discovered that the pay data and bank account details for some 100,000 of its 132,000 employees had been published on the internet and sent to a newspaper.

It appears to not be a cyber attack, other than the fact that the stolen data was also published on the internet.  Nonetheless, the incident clearly illustrates how perimeter defences can be side-stepped by a well placed malicious insider, and the information security industry has been quick to suggest what might have been done to mitigate the threat.

Reuters reporters say that a company spokesperson told them: "Initial investigations suggest that this theft was not the result of an external penetration of our systems. We can confirm there has been no loss of customer data and no colleague will be left financially disadvantaged," adding that it is working with the police and cyber crime authorities to identify the source of the theft.

Darren Anstee, Arbor Networks commented to SCMagazineUK.com: “Companies must have incident handling response plans and teams in place to minimise the impact of any breach. Managing an incident like this efficiently can actually enhance reputation, if done well.”

In this regard, Paul Kenyon, co-founder and EVP of global sales at Avecto said in an email to SCmagazineUK.com: "We should give Morrisons credit as it has done all the right things in the aftermath. It reported the theft to the authorities, urgently reviewed its internal security measures and ensured its response is being led right from the top of the company.  It's difficult to defend against the insider threat but there are steps that can be taken. Limiting the number of administrative accounts and controlling access efficiently can go a long way to minimising the risk."

For Mark James, Technical Director at ESET UK, this means appreciating that detection is as important as protection, and in comments to SCMagazineUK.com said: “Appropriate security policies should be implemented to ensure alarms are raised as soon as unusual behaviour is detected. Should these hurdles be overcome, the proactive use of encryption should ensure sensitive data cannot be used for any meaningful purpose should it get into the wrong hands.”

George Anderson, Product Marketing Director at Webroot, emailed SCMagazineUK.com agreeing with this approach, adding that, “A well-developed and executed data security policy should be able to protect against all sorts of breaches, including internal ones. The best approach to security is to create a layered defence. It should encompass everything from identity protection and strong authentication like passwords, PIN and biometrics, to data encryption which ensures even compromised information can only be used by those with the necessary deciphering encryption keys and permissions”.

Paul Ayers, VP EMEA at enterprise data security firm Vormetric concludes: “This latest incident suggests that organisations are still struggling to protect their data resources from those already legitimately ‘inside the fence'. Organisations must be regularly assessing their security position and, more importantly, constantly monitoring their IT systems to detect and respond to data breaches as soon as they happen.  In turn, encryption of all data must be viewed as a mandatory, life-saving seatbelt. It's only with a deep level of security intelligence and data-centric security that businesses will be able to spot suspicious activity as and when it occurs, and stop outside attackers and rogue employees alike in their tracks.”



Bootstrapping with Services and a Paycheck

While building VOZIQ, Vasu Akula and his co-founders were faced with several tough questions. Should they take the product or the service route? Should they quit their jobs and focus on the business alone? Today, they can look back and say the decisions they took, though tough, helped them navigate well through the turbulent waters of entrepreneurship.

Vasu had worked for over 15 years with over 100 Fortune 500 businesses in helping them to leverage data as a business asset. He realized that while most companies invested in buying advanced analytics and business intelligence solutions, they were still not able to analyze data in the context of business opportunities and develop effective solutions due to lack of relevant skills.

Simply put, they had access to the technology but were unable to leverage its full potential.

There was a gap in how the business intelligence solutions were designed and Vasu together with his co-founder who had more than 20 years’ IT experience in building large scale, enterprise-wide systems founded VOZIQ in late 2011 and built a platform focusing on social media analytics. VOZIQ aims to transform the voice of the customer, the voice of competitors, and the voice of the client’s competitors expressed on social media platforms to provide actionable scenario-based information for various departments within a client’s organization.

Bootstrapping with a Paycheck

Initially, they faced a lot of challenges, primarily those related to time and money. They funded the business with their own savings and decided to keep their day jobs and work on the VOZIQ platform during evenings and weekends. Being on a tight budget, they also used the services of freelancers outside North America that allowed them to get quality work done at a relatively low cost.

Another tough but important decision that they took was to provide VOZIQ as a service rather than as a product. This way, they could understand the customer’s needs and at the same time use these inputs to enhance their product. They offered their platform on a complimentary basis for over a year. This allowed them to fully understand the value of social media customer opinions, and what businesses were trying to accomplish with such data. This process also allowed them to perfect their industry-specific lexicon development, which is key to analyzing unstructured data in a business context.

Both these decisions meant that product development took longer but they helped them develop a stronger product with a firmer footing.

Bootstrapping Success

Today, they help businesses by integrating internal voice-of-customer data with social media data and creating larger data sets to identify opportunities to improve customer experience. They also help B2B businesses by tracking competitor and influencer activities for content development and marketing activities.

As for the financials, VOZIQ turned cash-flow positive within two years of founding the business and is now targeting revenue of $1 million in 2014.

Vasu says they plan to target businesses in the travel and hospitality, retail, technology, financial services, and mobile/telecom that generate high volume of social media conversations. Their strategy is to use social media text analytics as a way to demonstrate their capabilities, and then to expand to internal data sources so as to bring holistic voice-of-customer analytics for the customer experience management within these verticals.

They also plan to generate revenue through two additional strategies, a SaaS product that customers can use on a self-service basis and market research and industry analysis reports. During 2014, VOZIQ plans to transition from beta to a paid SaaS product and take its initial reports to market. It would also triple its services team, mostly out of India, and offer attractive price points to businesses in North America.

I have recently written several case studies of sizable companies that have built significant businesses using bootstrapping-using services as a core strategy. Many even raised venture capital.

In fact, did you know that both Oracle and SAP were founded using the same tried and true method?

Additionally, Vasu and his partners have also used another tried and true method of getting a business off-the-ground: Bootstrapping using a paycheck. The founders did not quit their jobs until well into the revenue-generating stage. In fact, they broke even.

Yes, startups are a risky business. However, smart entrepreneurs learn how to manage the risk - and you should as well.

Boot Photo via Shutterstock



Anonymous group in DDoS Kremlin attack

A division of hactivism group Anonymous says that it was behind an attack on the websites of the Russian presidency, the Russian Central Bank and the Foreign Ministry on Friday.

The cyber attack saw the websites go offline briefly, although they are now operating as normal.

Reuters spoke to the Kremlin press office, which said that the details of the identity and motives of the hackers were unknown at that point. "A powerful cyber attack is under way on the (Kremlin) site," a Kremlin spokeswoman said at the time.

However, a group called Anonymous Caucasus later claimed responsibility, saying on Facebook: "This is just warming up, Russian Pig." Another group, Anonymous Russia, first revealed the hack on Twitter and this was the same group that brought down the Kremlin website in May 2012, in solidarity with protests against Vladimir Putin returning for a third term as president.

When the news broke there were few details on how the attack had been carried out, although a Russian news agency later claimed that the attack which took the Kremlin website offline was a distributed denial of service (DDoS) attack and was not related to the troubles between the country and Ukraine.

This news comes after pro-Russian forces took control of Ukraine's Crimea region. In recent weeks, the Russia-Ukraine conflict has played out in cyberspace, with hackers also recently defacing pro-Putin website RT.com.

Meanwhile, the Russian government also appears to have been blocking websites that are anti-Putin.

The Prosecutor General's office ordered Russian internet service providers to block a list of websites which, it claimed, were inciting illegal activity.



Meet the new DoS - not the same as the old DoS

Distributed Denial of service attacks (DDoS) used to be a way to throw down the gauntlet, demonstrating tech cred, or expressing dissatisfaction with someone or something.  Today the primary motivation for DDoS is money, and services are readily available to disrupt just about anything. All that's needed is a credit card, or bitcoins. 

DDoS is all about asymmetry; carefully crafted attacks exploit protocols and/or use other Internet resources expending relatively modest energy while still getting impressive results.  Domain Name System (DNS), amplification attacks have been receiving attention lately. They rely on the fact that DNS requests of a few tens of bytes can result in responses of thousands of bytes.  Traffic can be amplified 50 times or more and there's often considerable collateral damage to servers used for amplifying traffic, and networks in the path of the ultimate target. 

In 2013 the largest DDoS attack ever recorded used DNS servers to amplify queries and generate a massive 300Gbps wave of traffic intended to swamp Spamhaus, one of the unsung heroes of the Internet that busily battles spam.  Over the years attacks have taken many forms. In some cases Authoritative servers are targeted because they're widely available and by design deployed to answer queries coming from any IP address.  “Open” DNS resolvers have been targeted for similar reasons: they're also configured to answer queries from any IP address. 

What this means is that literally anyone, anywhere on the Internet can send a query and get an answer. With amplification an attacker can send thousands, or even millions of queries, and turn them into gigabits of traffic.  The only constraints are the capacity of the server and network link.  The last trick is to spoof the source IP address (IP SA) of DNS queries so the wave of traffic can be sent absolutely anywhere on the Internet - webservers, enterprise gateways, hosting facilities.

A new attack exposes ISP resolvers to DNS amplification.  ISP resolvers tend to be generously provisioned with network bandwidth and deployed on high performance hardware so they're always responsive and highly available.  For attackers it's like a free lunch, they get to use someone else's carefully tended infrastructure to enhance their exploits. 

This new variant of DNS amplification attacks exploits the fact that consumer Internet services are nearly always provisioned with home gateways which have open DNS proxies that answer DNS queries on their WAN interface and forward them to whatever resolver they're configured to use.  In most cases this is an ISP resolver and if it is in a network with a home gateway it can become a resource readily available to attackers.  

Nominum research undertaken with openresolverproject.org shows there are more than 28 million open DNS proxies on the Internet, located in every region of the world.  And it reportst that attackers are registering domains exclusively for amplification - they have no legitimate purpose.  With answer sizes of 4k bytes and greater, these “purpose built” domains are actively used across the Internet and new ones are added constantly.  Additional research data reveals attackers continuously adapt their tactics to ensure maximum impact: regularly changing domain names, using different query types, and combining “purpose built” domains with legitimate domains offering good amplification.  

The biggest problem with these new developments is even providers who go to great lengths to protect their networks using best practices, are exposed.  Most ISP resolvers are already “closed”; IP ranges the resolver responds to are restricted.  But in this case attack-related queries appear to come from legitimate clients - the proxy obscures the spoofed IP SA.  Anti-spoofing protections don't work either because the spoofed DNS traffic enters at the network border where it is extremely difficult to detect spoofed addresses. It is also not practical to separate (filter) malicious DNS traffic from legitimate DNS traffic at the border.

To address today's amplification attacks additional protections and best practices are needed for DNS servers:

1.      Fine grained rate limits to target legitimate domains used for amplification

2.      Dynamic threat lists to block “purpose built” amplification domains, vetted to eliminate false positives

3.      Rate limits based on response size to catch malicious traffic not caught by other filters

4.      Use of truncated responses to ensure legitimate clients will get answers

5.      Logging of DNS data for forensics, reporting

Everyone needs to contribute to minimise the impact of DDoS. Network security has always been important to ISPs because it directly impacts reputation and network availability, and security is increasingly viewed as part of brand equity because subscribers expect an Internet service that always performs flawlessly and provides a safe experience.  A modest investment in additional DNS protections and processes yields big returns. Providers can preserve the subscriber experience, protect their networks and ensure their peers, and the greater Internet, aren't subjected to torrents of useless DNS traffic.

Contributed by Bruce Van Nice, director of product marketing at Nominum 



Phishing email says you have cancer

Cyber criminals have reached a new low with a Trojan attack based on a hoax email that tells its UK-based victims that they have cancer.

The attack, launched on 13 March, uses an email purporting to come from the UK health watchdog, the National Institute for Health and Care Excellence (NICE), to tell the recipient that their blood sample tests show signs of cancer.

People who click on the attached ‘test results' are landed with a Trojan that researchers believe is a variant of the notorious Zeus banking malware family.

NICE says it was flooded with calls, emails and tweets from concerned recipients of the email on 13 March. Based on this, a NICE spokesperson told SCMagazineUK.com that “it's likely that there are thousands that would have got it. We're still looking into the matter and we've reported it to the police to see if there is something they can do to investigate.”

But security specialist AppRiver said it tracked around 300,000 “individual pieces from this campaign” and said the entire campaign would have been much larger.

NICE has posted highly visible warnings on its website that confirm: “NICE is aware that a spam email is being sent to members of the public regarding cancer test results. NICE is advising people who have received the email - the subject line of which is, important blood analysis result, to delete it without opening it and not to click on any links. We are currently investigating the origins of the message with the police.”

Security researchers have leapt on the email to analyse its payload. Josh Cannell, a malware intelligence analyst with Malwarebytes, blogged on 13 March that the malware is a variant of the Fareit Trojan that can steal passwords and launch denial of service (DoS) attacks.

Malwarebytes identified two of its files as “Spyware.ZeuS.GO” and speaking to SCMagazineUK.com on 14 March, Cannell said the download “looks very similar to Zeus in its behaviour so I can almost guarantee it came from similar source code”.

Commenting on the attack, he told us: “It just goes to show that cyber criminals aren't afraid to use anything sensitive like cancer, or anything else that could be life-threatening, to instil fear in the victims, to deliver their malware. It's pretty low to resort to something like ‘hey you might have cancer' just so they can get their password stealer on your computer.”

Cannell added: “It really goes to show that they have no boundaries, they have no limits. They use whatever will get the job done.”

Meanwhile AppRiver senior security analyst Fred Touchette told journalists on 14 March that the email zip file download takes control of the victim's PC, checks to see if it is being analysed, duplicates itself, and steals and transmits browser cookies and MS Outlook passwords - “all very common behaviour for the Zeus family”.

Touchette described the attack as “a rather disturbing attempt to get users to click on malicious attachments”.

He agreed with Malwarebytes' analysis of the sample, telling SCMagazineUK.com via email: “Yes, some AV engines recognise this sample as Fareit. Other scan engines are also recognising it as Bredo and/or Artemis. This malware mimics a certain behaviour of Zeus, however it doesn't appear to be Zeus, nor does it currently act as a downloader of Zeus.”

According to AppRiver, the campaign was directed solely at domains with a “.co.uk” address so the targets were all meant to be in the UK. The attack began at around 9am GMT on 13 March, peaking at about 11am.

Touchette advised anyone targeted by this or related Zeus-based campaigns: “Watch out for some of the common flaws that these malware campaigns employ - such as addressing people by their email addresses as opposed to their actual names. Often, generalities are used in the greeting with no names at all. This is a big red flag, especially when the content is trying to appear so personal. If there are any questions as to the legitimacy of any email, contact the supposed sender directly to authenticate.”

Last month (12 February), SC UK reported that research from Dell SecureWorks shows that Zeus and the related Citadel malware were the two biggest banking botnets of 2013, targeting 900 financial institutions worldwide. Zeus is also used to install the CryptoLocker ransomware.



Why Hyper Niche Marketing Is Best For Small Business Marketing (Google Hangout with Casey Graham of Business Rocket)

Casey Graham founder of Business Rocket and The Rocket Company shares his top marketing best practices for small business owners.

  • Niches are where the riches are - instead of marketing broadly and serving a large segment, focus on going more niche and more focused.
  • Dominate your market and nail it before you scale it - instead of adding more products and services focus on dominating and adding value to a smaller market segment.
  • People will pay more than you think - If you offer intense value to your customers, they will pay a premium. If a customer spends $10,000 with you, ensure they get $50,000 (or whatever your numbers are) value from it.
(see more interviews of master marketers in our Infusionsoft marketing series here)

Watch our discussion here https://www.youtube.com/watch?v=-QjyPQ8dULQ#t=44 or below:



Cyber gang behind £1.25m \'KVM\' bank fraud convicted

Members of a cyber crime gang that stole more than £1.25 million from Barclays Bank using a 'KVM' device have been convicted at Southwark Crown Court.

The gang gained notoriety last year when they launched three cyber attacks on Barclays and Santander bank branches, using a keyboard, video, mouse (KVM) switch device to try to access bank accounts remotely. Details of their attacks have now been revealed, including the police raid that caught gang members red-handed trying to access online bank accounts.

In verdicts returned on 13 March at the Southwark court, 25-year-old Lanre Mullins-Abudu (pictured) and Steven Hannah, 52, were convicted for their parts in the cyber crime. Mullins-Abudu was found guilty of conspiracy to commit fraud, two counts of conspiracy to steal, possession of articles for use in fraud, and concealing criminal property. Hannah was found guilty of conspiracy to commit fraud, and had previously pleaded guilty to possession of Crystal Meth Class A drugs with intent to supply.

A third man. Duane Jean-Jacques, 25, was found not guilty of conspiracy to steal and concealing criminal property.

A total of 11 other men have already pleaded guilty at earlier court hearings to their role in the crimes. And following the latest convictions, details have now emerged of how the attacks were carried out, and the arrests.

The first attack took place on 4 April 2013 when Darius Bolder, 34, got inside Barclays' back office, enabling the gang to access the IT system at the bank's Swiss Cottage branch. They used a KVM device to transfer out over £1.25 million. Barclays reported the attack the same day and recovered more than £600,000.

The Met Police's Central e-Crime Unit (PCeU) were called in and began investigating. But on 17 July, 32-year-old Dean Outram managed to access computers at a Lewisham branch of Barclays where £90,000 was stolen. Barclays again reported the attack and this time the MPS recovered the KVM switch.

Then, on 12 September last year, the gang were caught in the act of trying to steal from Santander Bank. Outram got into Santander's Surrey Quays branch and fitted a KVM switch. Meanwhile Mullins-Abudu and Asad Ali Qureshi, 26, tried to access the Santander banking system to transfer what police believe would have been substantial funds.

But Met Police detectives, supported by Territorial Support Group officers, raided a property in Hounslow and arrested Mullins-Abudu, Qureshi and eight other gang members, and recovered computers that were logged into the KVM and Santander bank accounts. No money was stolen and Outram was arrested nearby, having left the bank.

In earlier hearings, on 13 January Bolder pleaded guilty to fraud and conspiracy to steal and Qureshi pleaded guilty to conspiracy to money launder, while on 18 December 2013 Outram pleaded guilty to conspiracy to steal.

Mullins-Abudu and Hannah were also involved with seven other men in stealing more than £1 million in a fraud that involved using SIM cards to make automated ‘spoof caller-ID' calls to victims purporting to come from their bank's phone number, and fooling them into providing their personal details and PIN numbers.

Industry experts believe there are lessons to be learned from the convictions - including guarding against the social engineering aspect of cyber attacks that many organisations ignore.

PA Consulting information security expert Mark Stollery told SCMagazineUK.com: “It's a very important reminder that cyber security is not just about equipment - because crucial to this case was somebody conning their way in to have physical access to very important systems holding large amounts of critical data. There was an element of social engineering which is not something that many organisations automatically think of when they think about cyber security.”

Stollery added: “Computers don't go wrong by themselves and if the gang had not had direct access to plug their KVM device into the systems of the banks, this massive potential theft - quite big as it was - simply would not have happened.”

Adrian Culley, a former Met Police Computer Crime Unit detective and now a global security consultant with Damballa, also highlighted social engineering among the multi-pronged attack used by the gang.

He told SCMagazineUK.com via email: “It is interesting that this significant serious and organised crime gang deployed such a range of methods. The techniques they used included social engineering, backed up with caller-ID spoofing, hardware attacks and old-fashioned physical theft of post and credit cards.”

Culley added: “In this context, successful prosecutions represent an encouraging success for both the police and their industry partners. Both policing and commercial cyber security are evolving to match a multi-faceted threat posed by organised crime.”

In a media statement Alex Grant, managing director of fraud prevention at Barclays, said: “We are grateful to the Metropolitan Police for their support in bringing this matter to court and achieving a successful outcome. Barclays has no higher priority than the protection and security of our customers against the actions of would-be fraudsters. We identified the security breach and acted swiftly to recover funds on the same day, thereby ensuring no customers suffered financial loss as a result of this action.”



John Lawson: Social Commerce Isn’t About Likes, It’s About Sales

While more people are important to leverage the power of social to engage customers and prospects, you can’t forget about the main reason you’re on Facebook, Twitter, and other networks - to build profitable relationships with them. John Lawson, eCommerce expert and author of the new book “Kick Ass Social Commerce,” discusses why you may have to re-think how you’re using social today in order to be more effective in your efforts to turn clicks into cash, and likes into sales.

Below is an edited transcript of the conversation. To hear the full interview click on the player below the transcript.

* * * * *

social commerce salesSmall Business Trends: “Kick Ass Social Commerce for E-Preneurs,” it says at the top, “It’s Not About Likes-It’s About Sales.” So, before we jump into the book, can you give me a little bit of your personal background?

John Lawson: I started my business on eBay, and that was about 2001. I got serious about it and left my job in 2004, and really never looked back. We’ve sold tens of millions of dollars on the platforms of eBay, Amazon, our own website, and eCommerce is something that I’ve always been passionate about.

Small Business Trends: But now we’re talking about social commerce. Maybe you can tell me a little bit about the difference between what eCommerce was back then, and what social commerce is today?

John Lawson: You know, I think you’ve made a good bridge here. Because honestly, social commerce, as we know it today, using not a platform - but the term “social”, right? Amazon itself was always about social commerce, because Amazon started literally because one person bought something and wrote a review about that something, and that’s social, you know? That was commerce.

For me, eBay was that same way. A lot of the principles that I learned for social commerce today, I learned from the eBay of old, before there was a platform. So, today, social is really like a platform that you can actually spread that messaging over. Back when it really got started for eCommerce, for me, eBay was that social platform and people were in chat rooms on eBay.

Commerce has always been social. What we have today though, is a platform that we can do this kind of marketing engagement with our clients and potential clients on. That’s the only difference.

Small Business Trends: In the book you talk about “Me-Commerce.” Can you explain that term and what it means?

John Lawson: Social media has made us a very vain public. So, we’ve always been about me, me, me. I take a selfie, that’s me. I’m going to some place on a trip, that’s about me. I’m eating this food, I take a picture of it, here’s what I’m eating! It’s become very vain for the user.

Well, if we are trying to get to those people to actually do commerce with us, to actually do business with us, then when I refer to ‘Me-Commerce,’ it’s really about them, and not about you and I. So, we’re almost playing into what is feeding them on social media. You have to be aware of what ‘Me-Commerce’ is, and you have to use that for the benefit of marketing.

Small Business Trends: What are some of the best social platforms from a social commerce standpoint?

John Lawson: You know what? I want to say that there is none. I want to add to that question, because if you’re listening to this today, and you say, ‘Wow, there’s 1.3 billion people on Facebook, on average, and 700 million of them log-in every day,’ then obviously, I might say Facebook is the best, right?

But that might not necessarily be the case. When I was selling bandanas, the best place for me to actually go and find people that were interested in bandanas, would be a chat board about motorcycles, or a chat board about skateboarding.

So, it depends on where your customer is. For some of us, it might be on Pinterest. For others that are B2B or B2C, it still might be on LinkedIn. So, the first thing I tell people to do is: Start listening to the conversations on these platforms, and find out where the conversation is happening. Then, you jump into that conversation and listen. You want to listen to what they are saying way before you start talking.

Small Business Trends: A lot of folks are pretty savvy when it comes to social channels. But how difficult is the transition to get to the commerce part for folks? Because a lot of times, you’re kind of trapped on the social side, and don’t necessarily know the best way to get the sale.

John Lawson: So, all of us started, possibly, with the wrong mentality. We started with the wrong business plan. I know we’ve been taught from the old school marketing that people buy from people they know, like, and trust. And that is true. But the problem is that all we took from that statement was ‘like.’ Now, we haven’t let anybody know us, and nobody trusts us. So, the first thing you’re going to have to figure out is. ‘Okay, I’ve got these people liking me, how do I get them to know my company and trust my company?’

Look, Amazon is not the lowest price in the game. Pretty much any time you go and look for something on Amazon, you can probably find it somewhere lower. But the deal is, people trust Amazon. So, stop making it a race to get the most “likes,” or being the lowest price. You need to be the most trusted. Once people trust you, they will spend money with you.

Small Business Trends: Can you talk a little about the important metrics, the indicators that are really important for people to drill into, as they get involved with social commerce?

John Lawson: Number one is pretty simple, right? If you want to be in the mode of “Kick Ass Social Commerce”, then guess what? You want to hear the cash register go “cha-ching!” I think that is the bottom line. You should be able to find transactional value going up - top line and bottom line - by the things you are doing.

Because who cares if they like you? I don’t really care if they like me. If they’re not spending money with me, then I’m wasting my time. So, that’s one of the things. But other things like time on a page is important and making sure you’re also having call-to-actions on a lot of your social. Not all of your social, but a lot of it, at least one-fifth.

Start thinking about ways to have calls-to-actions. Getting people engaged with you and your brand is really one of the biggest and most important things.

Small Business Trends: This book is really full of lots of information. It’s 200+ pages. What do you want people to walk away with after reading the book?

John Lawson: The book is actually broken down into two distinct parts. One part is called “the meat,” and that is basically the structure of how to persuade people to purchase with you. No matter what platform you’re on, these are the principles you really need, no matter where you go, what you do, or how you do it. If you take these principles, they will work.

The second half of the book is called “the gravy,” and that’s where I go into the actual platforms - WordPress - because a lot of people overlook the fact that the blog was really the biggest social channel out there, and it’s still very valuable. Then I go into the Facebook, Pinterest and all of that.

But I don’t want people to just jump in and say, ‘Oh, I want to do Pinterest’ and go to the back of the book. You really want to get “the meat” first, because that is really going to make a difference. I think that’s the difference from other books that I’ve read on social.

Small Business Trends: Where can they get all of this great information in the book?

John Lawson: They can get the book at any place books are sold. So, any book store and of course online at Amazon, you can get “Kick Ass Social Commerce.” Just search that, “Kick Ass Social Commerce,” it’ll come up.

The other thing, though, if people want a signed copy of the book, you can go to Bit.ly/KickAssSocialBook and I will personalize it, sign it, and ten percent of the proceeds will go to Saint Jude’s Children’s Hospital. So, you can get a signed copy and you can help out a great charity.

This interview on social commerce sales is part of the One on One interview series with thought-provoking entrepreneurs, authors and experts in business today. This transcript has been edited for publication. To hear audio of the full interview, click on the player above. 



One Reason Why Twitter Advertising Beats Facebook Advertising: Postmortem Adv Analysis

I’ve advertised on both Twitter and Facebook, to promote various projects. Yesterday, I paid $100 to promote my post about #ICON14 speakers , I used Twitter to advertise. The $100 spent generated 32,000 views, about 700 clicks and 4 engagements (reTweets). The engagement is where you can see if your campaign resonates - mine clearly did not (my fault).

However, what I like is that Twitter sent me a series of emails sharing the data with me and suggesting ways to improve. Facebook does not have this degree of “after advertisement” communication, at least as far as I can tell.

Twitter sent me the best performing user names to target and suggested more:

I like how Twitter displays the overall results of your campaign, very easy to understand

So overall I  like how Twitter does not just show you the data but makes suggestions and helps you build a better advertising campaign. I plan to experiment with more advertising for RamonRayLive (launching next week), 3TechGuys (with Gene Marks and Brent Leary) and a few other projects I’m working on.



Do You Mind If I Put You On Hold?

short attention span cartoon

This cartoon came to me on a phone call with a decidedly disinterested customer service rep.

The monotone monosyllabicist monopolized my time for the good part of an hour, much of which I was on hold for while he “consulted with his manager.”

Uh-huh.

More likely, I think, was some Facebook browsing, chatting with co-workers, a coffee refill and maybe a smoke break.

When I did get an answer it wasn’t helpful. But I did get a good cartoon out of it.



Do You Mind If I Put You On Hold?

short attention span cartoon

This cartoon came to me on a phone call with a decidedly disinterested customer service rep.

The monotone monosyllabicist monopolized my time for the good part of an hour, much of which I was on hold for while he “consulted with his manager.”

Uh-huh.

More likely, I think, was some Facebook browsing, chatting with co-workers, a coffee refill and maybe a smoke break.

When I did get an answer it wasn’t helpful. But I did get a good cartoon out of it.



15 Things That Could Cause Small Business Failure

15 days of giveaways

It’s sad. 8 out of 10 businesses fail. And many of the causes can be prevented. This list can help you put together a plan to make sure your business is around next year. If you are guilty of any of these, make the necessary changes to get your small business going in the right direction.

Not Keeping a Budget

If you’re not in the habit of running your household with a budget you’re not likely to run your business with one. Mismanagement of funds is hands down one of the number one causes of business failure. You don’t have to do it all yourself. Purchase a copy of Quickbooks and hire a bookkeeper to help.

No Customer Attraction Plan

If your business is not making money, it is likely that you don’t have a proven plan to attract customers. While, marketing and sales are not the same, one is certainly a result of the other. You must make time every week for sales activity, otherwise you could end up with a glorified hobby.

Doing it All Yourself

Imagine a catering business owned by a trained chef. They spend all their time cooking for catering clients, instead working on business strategy, operations and marketing. Read the E-myth, by Michael Gerber. This book will help you build systems around the business and stop thinking that no one can do the work better than you can.

Focusing on the Wrong Thing

Are you spinning your wheels focusing on activities that aren’t driving business? Remember your core function as the business owner is to solve a problem for your customer, and that means create “real value” and then delivering on it. Spending capital on developing graphics and other design elements are important, but only once you have customers. Create your minimum valuable product first.

Not Signing the Checks

Even if you have a bookkeeper or accountant to assist with managing the money, you should always sign the checks. There are countless stories of businesses that ended up with missing funds or unpaid taxes because they were not signing off on how the money was being spent in their business.

Dysfunctional Management

It’s hard for a business to survive if the management team can’t see eye-to-eye. Read Built to Last by Jim Collins for strategies that can help build your management team on a solid foundation.

Not Retaining Earnings

Retained earnings are the net money that is kept in the business and not paid out to shareholders. Think of this as your business savings. Have 3-6 months of your payroll and operating expenses in a separate account. Business is cyclical there are ups and downs. You want to be prepared not if - but when - a slow sales season hits.

Not Paying Taxes

You can’t get around paying the IRS. Learn the guidelines for paying your federal taxes on a quarterly basis. Keep in mind that each state also has its own regulation. Know the local laws and tax requirements so you don’t get an audit or unwanted visit from Uncle Sam.

No Unique Value Proposition

There are not a lot of new industries being created, which is more reason why you have to differentiate from the competition. A few years ago when Netflix entered the video market they weren’t developing a new industry, home videos had been around for years. But they were different because they offered direct home delivery and it completely changed the home video business. How are you different from the competition?

Not Incorporating the Business

Depending on your states laws, you can operate as a sole proprietorship.  But it’s better to set up your small business as an S-corporation or an LLC. You want to incorporate to protect your personal assets in case a client decides to take you to court. You can read more on how to use the law as a protective shield for your small business.

Co-Mingling Funds

If you are not a barbershop, hair salon or similar business, a cable bill should not be a part of your monthly expenses. If you’re found to be mixing personal and business funds in the same bank account your business can lose its corporate protections and a debtor could collect against your personal assets. Be sure to pay yourself every month from the business and pay all personal bills from your personal account.

Providing Bad Service

To thrive as a company, you need repeat customers to pay for your products and services. Create a plan to exceed customer expectations and train your staff in your customer service procedures. Remember, it’s easier to keep a current customer than it is to find a new one. Use these tips on avoiding customer service mistakes in business.

Not Closing Sales

If you want to close the business, you have to make the ask. Selling can sometimes be difficult for business owners, but whether it’s effective social media, corporate or direct to consumer, we still have to do it. If you’re still not feeling confident download a free e-book on the Art of Selling.

No Succession Plan

You can’t live forever and your business needs a plan for when you’re ready to retire or move on. Here’s an interview with Keri and Anita Conner who, after a cancer diagnosis, discovered that they had to prepare for a health disaster in their small business. Are you prepared?

Not Watching Your Spending

Don’t overextend your overhead expenses with office rent, equipment leases and long-term contracted services before you’re ready. Carrying too much overhead without having the cash to support it can put anyone out of business. You must watch your spending.

What Do You Believe Causes Small Business Failure?

Don’t miss out on SmallBizLady’s 15 Days of Giveaways Contest March 5th through March 25th. Every business day, a great prize worth $250 or more is given away to help you in your small business.

To participate, you must be a legal U.S. resident and signed up for the email list. Each day an email will be sent with the #15DaysofGiveaways link of the day. Between Noon and 6PM EST you can post the link on Twitter or the Facebook Fan Page to qualify. One winner will be selected per day. Be sure to use the hashtag #15DaysofGIveaways.

There are a ton of great prizes from sponsors including Sam’s Club, Google, and Staples so stay tuned.