Top News: A New Small Business Job Index and New Payment Option Arrive

It’s time for our small business roundup. Here’s our handy guide to the news you may have missed this week. It includes the arrival of a new small business job index, a new payment option and more.

Indexes & Surveys

Paychex and IHS have a new jobs index. The index aggregates payroll data from approximately 350,000 of Paychex’s small business clients with 50 employees or less. The belief is that with these businesses producing about 95 percent of the jobs in  the U.S., using their data will create a much better picture of the economy.

More small business owners will be minorities. A study by the business-for-sale marketplace BizBuySell says more minority buyers are interested in small business ownership. They have a variety of motivations. African Americans have a desire to be their own bosses. And Asian business owners have often already been involved in business ownership.

A poll says businesses are harder to start in Europe. A recent Gallop poll finds Europeans perceive that their governments make it very difficult to start a business. Italians have the worst outlook with 96 percent believing the government makes business ownership difficult. And 93 percent of the population of Greece seems to feel the same. Take a look at the chart for more on European sentiments.

Services

PayStand offers PayPal a alternative without transaction fees. Options like PayPal and Square charge a transaction fee with every payment, but the cost to begin using them is free. In the beginning, that can be helpful, if you make only a few sales a month or year. But as your sales increase, PayStand offers a way to say goodby to those fees with a regular monthly cost.

Skype competitor Viber will become an eCommerce site. The company was bought for $900 million by Hiroshi Mikitani, CEO and Founder of Japanese eCommerce giant Rakuten. He says he wants to use the newly acquired site to eventually sell ebooks, content and games.

Collecting money your business is owed can be difficult. And consumers don’t seem to like being approached about a debt, no matter how delicately it’s done. A recent report by the U.S. Consumer Financial Protection Bureau suggests consumers will file complaints even when you’ve done nothing wrong while trying to collect a debt.

Nimble has a new way to learn about your contacts. Nimble’s Smart Summary uses social intelligence to compile information about your most trusted contacts. The information on your contacts is pulled from publicly available sources which can then be used to create dossier-type profiles. And these continue to be updated as new information becomes available.

Tech

Lenovo has a new Windows tablet. Some are describing the Lenovo ThinkPad 8 as a cross between a tablet and a PC. We report on some of the basic features to help you decide whether this is the device for your business. We’ll also tell you about the latest Lenovo recall.

Microsoft Word users be ware. A vulnerability allows hackers to access your program through a booby-trapped RTF (Rich Text Format). Open one of these files, Microsoft warns, and you may find your computer taken over by hackers. They will be able to use your machine to send spam or even to help commit online fraud. Microsoft says a patch is coming.

Verizon has a new security suite for all your devices. The carrier has partnered with McAfee to introduce the Verizon Internet Security Suite Multi-Device. The security suit is designed to bring more security to mobile devices. McAfee says almost 15 percent of consumers don’t have mobile security. Is your business among them?

Huawei won’t be making a phone with a dual operating system Though the Chinese phone maker had originally talked about plans to make a phone with dual Windows and Android operating systems, those plans were short lived. Those who use Windows for business but love Android would no doubt have been thrilled.

Here are some apps that may work for your taxes. The list includes FreshBooks, Turbo Tax Home & Business. Other apps include MoBu, Mint, inDinero, TaxACT and more. Best of all readers have started sharing some extra ones we missed in the comment section. So this post will be a resource.

Management

Mozilla CEO steps down over opposition. Mozilla CEO Brendan Eich has stepped down over opposition to his promotion. Some of that opposition comes from issues over Eich’s personal beliefs. He apparently donated $1000 to a campaign supporting Proposition 8, a ballot measure banning same-sex marriage in California. It’s a lesson about what can happen when your CEO becomes a source of division.

Taxes

Don’t fall victim to the tax advocacy scam. The IRS is warning about an attempt to lure businesses to a screen that solicits personal information under the guise of the federal agency itself. The IRS says the email tells taxpayers their 2013 earnings have been flagged and claims their cases have been forwarded to the Taxpayer Advocate Service. Don’t be fooled, the agency warns.

Social Media

Eat24 says it is leaving Facebook. The company is among those sick of a growing trend. A study says Facebook continues to reduce the amount of content business page operators can share with their fans. Facebook would clearly like these companies to pay for ads. But businesses resent having helped build Facebook’s audience only to be charged for access.

News tablet image via Shutterstock



As Business Owners Retire and Cash Out, Minorities Step In

Guess who is most likely to sell a business today? According to a recent study by the business-for-sale marketplace, BizBuySell, 86% of those selling businesses are Caucasians. These sellers tend to be Caucasian Baby Boomers who are ready to retire and cash out by selling their businesses.

And when they sell, more minorities these days are stepping in as the buyers.

True, the buyer’s market for businesses is still majority led by whites. But a smaller percentage of Caucasians are interested in buying than in selling a business. So as Caucasians cash out and head for the golf courses and other retirement, more minorities are taking their places.

These minority buyers are different, too, in more than just ethnicity. They tend to be younger than Caucasians.

Here’s another thing: Minorities interested in buying businesses today are more likely to be immigrants who are now naturalized citizens. Hispanics and Asians in particular are likely to be immigrants. Just 40% of Hispanic business buyers and a mere 10% of Asian business buyers report that they were born in the United States.

Here are some other fascinating factoids about those minorities who are interested in buying businesses:

African American buyers want to be their own boss. As a group, they are more likely to be motivated by the freedom to be in charge. African American women are also showing their entrepreneurial leanings, by the way. Among African Americans, a higher percentage of women are seeking to buy businesses than in any other ethnic group, 39 percent.

Asian buyers are most likely to buy multiple businesses. According to BizBuySell:

“43 percent of Asian buyers said they already own a business, meaning their current interest is either based on a desire to own multiple businesses or sell their current business and purchase a new one. “

Hispanic buyers are interested in the restaurant business. A higher percentage hope to buy restaurants than in any other ethnic group, about 35 percent.

The report surveyed more then 2,000 perspective buyers and sellers in the U.S.

BizBuySell is an online business for sale marketplace which claims to have an inventory of at least 45,000 businesses for sale at any one time in 80 countries. The site also has a comprehensive franchise directory and online tools business owners and brokers use to sell businesses. Perspective buyers also use the site to find businesses that might fit their needs.

Closing the Deal Photo via Shutterstock



Inbound Marketing: 3 Content Strategies To Convert Visitors To Customers

You’ve most likely heard the big buzz about inbound marketing - and you want in. You want to be more aggressive with leveraging your content to optimize opportunities. You realize buying email lists and positioning online ads just isn’t cutting it anymore. You are ready to attract inbound traffic.

Congratulations! So now what?

Inbound marketing is a strategy and it’s one that requires a cross-platform approach to diverse forms of marketing, traditional and digital. Inbound marketing is a bit SEO (search engine optimization), a bit analytics, a bit content marketing and a huge chunk of perseverance. Inbound marketing is any content-driven endeavor that attracts visitors to your website and, most critically, converts visitors to leads - turning visitors into customers.

Inbound marketing is content generation with a focus on thought leadership, influencer outreach and organic visibility. Inbound marketing is powered by creativity and deployed with diplomacy.

The reality is, inbound marketing - the use of blogging, social media, strategic keywords, optimized landing pages, custom content and sharp calls to action - is invaluable in today’s marketing campaigns.

If you are blogging consistently, you are doing inbound marketing. If you are publishing white papers and offering them on your website asking only a visitor’s name and email, you are doing inbound marketing. If you are actively engaged in social media marketing and the consistent creation of videos, podcasts and webinars, you are an inbound marketer - maybe.

The key to inbound marketing success is leveraging the right content for your ideal audience. If your clients are interested in the latest trends in cloud computing, publish a white paper. If your customers are interested in responsive websites, offer a download that is a blueprint on the topic. If clients are hungry for the latest on trends in automating business operations, publish scores of content to bring them up to speed.

Content, designed for your customers, will champion any inbound marketing campaign.

Blogging

Inbound marketing is nothing without blogging. A blog is the most elemental, and successful, vehicle to deploy in your quest to be an inbound marketing superstar.

Create a blog that speaks to the needs and wants of your customers and make sure the content is original, creative, educational, entertaining and informative.

You control your blog - make it count. If you blog consistently, and hit topics that appeal to your client base, you are creating opportunities.

Publish & Promote

Publishing white papers and informative marketing-driven pieces shows your clients that you want to convey in-depth information. Featuring these publishing elements on your website, along with serious calls to action, seals the deal.

Tags such as Register for Webinar, Download Today, Join Our Newsletter, Click Here, Request A Demo and more are welcome statements in the push to convert prospects to clients.

Keep your calls to action enticing and position them obviously on landing pages, forums, blogs or any platform reflecting your publishing power.

Email Marketing

All that great content you are publishing deserves to get noticed. Generate inbound results by providing existing clients with email updates showcasing your content and the dedicated links to access the content in detail.

One email could revitalize a stagnant client relationship, creating a new opportunity to serve a client that may have fallen off the radar. Perhaps a client did business with you two years ago. With the project completed, you and the client drifted apart.

Reaching out with branded, substantial content may wash that adrift client back to you, encouraging them to revisit your website, review your new services and perhaps even realize they could use your products or expertise once more.

Buying Photo via Shutterstock



Dangerous new Zeus Trojan fools anti-virus

A new and "extremely dangerous" version of the notorious Zeus malware has been discovered that can fool detection systems by hiding behind an apparently legitimate digital signature.

The new virus was revealed by US vendor Comodo Antivirus Labs in a blog on April 3. The company has found over 200 unique hits by the malware on its customers.

Comodo blog post author Kevin Judge said the Zeus variant disguises itself as an Internet Explorer document, which is served via a web page or a phishing email. This downloads data-stealing malware hidden by a rootkit component. It aims to steal login credentials, credit card and other information that the user keys into a web form.

Judge said the IE file disarms the user - and web browsers and anti-virus systems - “by being digitally signed with a valid certificate, making it appear trustworthy at first glance. The digital certificate is issued to ‘isonet ag'.”

He explained: “Versions of Zeus have been around for several years, but with a valid digital certificate a browser will not display warning messages and anti-virus systems are much less likely to take action or will give lower levels of warning. Malware with a valid digital signature is an extremely dangerous situation. A digital signature assures browsers and anti-virus systems that a file is legitimate and not a threat.”

UK-based security expert Richard Moulds, vice president of strategy at Thales e-Security, confirmed: “If an attacker can sign their malicious code in a way that passes the validation process, they are a huge step further in mounting an attack.”

Moulds explained the process in an email to SCMagazineUK.com: “Windows, iOS, Android and Linux all use code-signing to ensure that only legitimate, signed code is installed and executed. Code-signing provides the best mechanism for proving that code hasn't been modified and therefore is a way of spotting malware infected software and rejecting it.”

To prevent malware like the new Zeus code defeating the validation process, Moulds said software publishers need to strongly protect the secrecy of the cryptographic keys used to create each signature, and strongly enforce the signing authorisation process - typically using hardware security modules (HSMs) which create a tamper-resistant environment for managing and using keys.

But without an HSM, Moulds said: “Keys and processes are subject to a host of attacks since they can be ‘seen' in the processor's memory, easily copied and modified.”

He said: “Code-signing systems must be designed to ensure that only legitimate code is signed and that the signature can be trusted, otherwise the system delivers little value and provides cover for malicious attacks such as those we have witnessed in this case.”

Lancope chief technology officer, Tim Keanini, said in an emailed comment to journalists: "Zeus and its family of malware continues to evolve in two dimensions: how it remains hidden and how it remains effective as a keystone in crimeware activities. I continue to be impressed with each phase of its evolution and Zeus with a valid digital certificate is trouble for everyone.

“The executable part of Zeus resides on the victim's machine where the primary detection capabilities are provided by an anti-virus suite. Having the valid certificate means that it will likely go undetected by the AV protection.”

The Zeus or Zbot Trojan is designed to steal online banking and other sensitive user data. In February, SCMagazineUK.com reported that research from Dell SecureWorks showed Zeus and the related Citadel malware were the two biggest banking botnets of 2013, targeting 900 financial institutions worldwide. Zeus is also used to install the Gameover malware, the CryptoLocker ransomware and it's more recent but flawed lookalike CryptoDefense.



Maggie Lang, Kimpton Hotels: Creating Great Experiences Online and Off

As lead analyst on the recently released Social Customer Engagement Index from Social Media Today, one of the key findings was that 81% of the 1,200 people surveyed said their companies social customer service strategy was aligned with the company’s overall social strategy. And it’s this alignment of social, culture and strategy that is helping companies create better customer experiences in hopes of extending relationships they have with them.

Maggie Lang, Senior Director of Guest Marketing for Kimpton Hotels & Restaurants, shared with me how the boutique hotel chain is taking a strategic, unified approach to customer experience development to take on the big hotel chains in the battle for the modern day traveler. Below is an edited transcript of our conversation. To hear the full interview click on the audio player below. And to get a free copy of the 2014 Social Customer Engagement Index you can click on this registration link.

* * * * *

great customer experiencesSmall Business Trends: Can you tell us a little bit about your personal background?

Maggie Lang: I’ve been at Kimpton’s for two years now and responsible for a variety of areas including loyalty, the loyalty program, direct marketing, social media strategy as well as our member and guest customer service. Prior to joining Kimpton, my passion for the travel industry actually arose when I was with United Airlines for six years.

Small Business Trends: Can you tell us more about Kimpton?

Maggie Lang: Kimpton Hotels and Restaurants is a little over 30 years old now and it was started by Bill Kimpton. He travelled throughout Europe and discovered boutique hotels and fell in love with the boutique hotel experience. He was the first to bring it to the United States.

He started in San Francisco in one hotel. We’re experiencing record growth right now and just hit over 60 hotels throughout the country, with our first international expansion announced last year.

Small Business Trends: What kind of expectations do your customers have for Kimpton and how different are the expectations for a boutique hotel compared to the bigger known brands?

Maggie Lang: What’s really neat is that we’re actually competing with some of these really large global brands, but we put customer service first and foremost. We’re near obsessed with customer service. From everybody who knows Kimpton and loves Kimpton, what we hear consistently is how much they love our customer experience. Such as the general manager being out at wine hour. Every night at five o’clock we serve complimentary wine in our lobbies or there will be pet greetings.
We accept pets of every size for no additional fee.

Our general managers and our people are out there - engaging. They’re hanging out with our guests. They are forming really personal relationships. I honestly think that that is part of what sets us apart.

Small Business Trends: What is your company’s most effective engagement channel from a service or experience perspective?

Maggie Lang: We look at it depending on the life cycle of where our guests and numbers fall in their travel cycle. I often see that while you’re in your travel cycle, so as you’re travelling, Twitter tends to be a more real time way to connect with us. You’re either checking in on Foursquare or maybe you want to give a shout-out on Twitter. It’s a faster, more real time channel. God forbid, if something went wrong, you might just tell us about it on Twitter and have a very real-time response . We definitely pride ourselves on our response time on twitter. We listen all the time.

Facebook is a much larger channel because that’s where they’ll go to maybe get a sense of the brand. They want to see visuals more. They want to look at pictures. They want to see who we are as they’re researching brands. But what I think is so unique to us is I think we’re beyond fortunate to enjoy this kind of a relationship. Once they’re done travelling and maybe they’re in their off-travel cycle - they actually hang out with us on Facebook.

They enjoy looking, whether it’s our dog community or just our wine hour, our recipes. We post things from our chefs in our restaurants. We’re actually a lifestyle brand that is a part of their life even when they’re not staying with us or dining with us, which I think is just really, really unique.

Then Instagram and Pinterest are emerging channels for us. But I will say Instagram is probably also another one of those that’s relevant while you’re in the travel cycle because you might’ve gotten to your hotel room and there was a great bottle of wine and some snacks and something fun waiting for you.

Small Business Trends: You mentioned that you’re really focused on the speed of the response. Can you give us some ideas of how quickly you are able to respond?

Maggie Lang: If it’s during business hours when we have many eyes on, we make it a habit of responding within an hour. If it’s during off hours, our social media listening agents make it a point of responding very quickly. I think it’s extremely rare for a guest to post something and then have three hours go by without a response from us.

Small Business Trends: It sounds like you have a very rich in-hotel experience. How do you go about creating that kind of online experience that helps get folks in there?

Maggie Lang: We don’t just offer a hotel stay. We don’t just offer a meal. We offer an experience - and we offer a lifestyle brand. When you’re looking for yoga tips or you’re looking for design ideas, we have Ava Bradley who’s our SVP of design. She offers design tips on our blog. Emily Wines, our master sommelier, offers wine tips for when you’re hosting a dinner party, parings, etc.

We don’t want to stop with just saying, ‘Okay, you stayed with us and you dined with us. Thank you. Goodbye.’ We want to continue providing tips and form a relationship so that when you are thinking about travelling again, we would be your natural choice because we’re friends.

Small Business Trends: How are you able to measure the impact of your social initiatives?

Maggie Lang: It’s interesting because I think metrics come into play in different ways. There’s revenue driven metrics obviously. We have holistic tracking from our website to close the loop to see if the social channels drive sales. We have all of the traditional KPI’s that you can think of with pretty advanced analytics.

When it comes to social in particular, our main focus there is customer service and customer engagement. That’s really where we look at things that don’t all tie into revenue. But if I have to look at the specific metrics in that channel, I’m going to look at content. We react real time to that.

We also look at depth of engagement as opposed to breadth of engagement. An example of that would be we don’t necessarily obsess about how many friends or followers we have. What we do obsess over is how often the friends and followers we have engage with us.

If you think about it, it’s traditionally like acquisition and retention. We believe that by deepening the retention, by deepening the relationship, organic growth will come because that’s how we’ve grown our business.

This interview on great customer experiences is part of the One on One interview series with thought-provoking entrepreneurs, authors and experts in business today. This transcript has been edited for publication. To hear audio of the full interview, click on the player above. 



Millions of consumers at risk from mobile POS flaws

Mobile point-of-sale (MPOS) terminals being used at thousands of retail outlets in the UK and worldwide can be hacked using multiple cyber-attack techniques.

MPOS is an emerging technology that enables retailers to process card payments using mobile phones or tablets, instead of traditional cash registers and point-of-sale terminals. It is currently used in Apple Stores and mainly small retailers.

But at Singapore's SyScan security conference on 4 April, two MWR InfoSecurity researchers showed how MPOS terminals can be comprised via multiple attack techniques using micro USBs, Bluetooth and a malicious programmable smartcard.

The researchers - Jon Butler, head of research at MWR, and a security researcher who prefers to be known as ‘Nils' - displayed how an attacker could gain full control of the MPOS terminal, allowing them to display ‘try again' messages, switch the device into insecure mode, capture PIN and credit card data, and even enable the device to accept illegitimate payments from stolen credit cards.

Butler explained: ““This shows that card holders paying at MPOS terminals worldwide are potentially at risk. Banks and retailers should also be wary when implementing this technology as it could leave them open to serious fraud.”

MWR said the vulnerabilities affect “the most popular” MPOS device but declined to provide more specific details on the flaws, as the devices concerned are currently in use at thousands of retail outlets in the UK and elsewhere.

MWR has notified the vendors concerned and provided information to address the issues. Because MPOS is typically used by smaller businesses, it said it is difficult to ascertain the numbers affected.

MWR's two researchers even used a hijacked MPOS device to play a simplified version of the game Flappy Bird. A video of the game, dubbed ‘Chippy Pin', is available here: http://mwr.to/chippy-bird.

Butler explained the purpose in an email to SCMagazineUK.com: “Aside from being entertaining, the Flappy Bird game demo showed that the attacker would have full control over the device, including the screen and the input from the keypad. A malicious attacker is likely to require this level of control to leverage these issues for financial gain - we wanted to demonstrate this level of control without fully weaponising the exploit.”

UK cyber security specialist Adrian Culley confirmed the scale of problems exposed by MWR, telling SCMagazineUK.com via email: “MPOS devices will soon be ubiquitous. It's rare to find any business which only accepts cash anymore. Whilst the attack found by MWR requires some detailed specialist knowledge and insider access, those are both within the grasp of organised crime and hostile foreign governments.”

Security expert Brian Honan, head of BH Consulting, agreed about threat level, telling us via email: “MPOS systems are vulnerable to various unique attacks due to their size and mobility, that would not be associated with traditional POS systems. Typically as the technology becomes more widespread, it will become more of a target for criminals - especially technology that processes financial details such as MPOS devices.  As these systems become more popular, the importance of ensuring consistent and effective security across all these devices will grow.”

Culley advised: “Those using and administering MPOS systems should make sure they are using the latest firmware, and that they also have physical security measures around the device - i.e., CCTV, kept under lock and key when not in use. MPOS is not of itself insecure, this situation just reflects that all security is an ongoing arms race, and a determined third party with sufficient skills, motivation and resources may often find flaws.”

Jon Butler, meanwhile, said that retailers need to asses if the MPOS solution being deployed is suitable for its environment.

“Those assessing or implementing MPOS systems should be aware that the underlying platform is not guaranteed to be free of vulnerabilities. It is important to appropriately assess the platform to ensure it is well-suited to provide a secure base for any payment application being developed.”

Nils added: “MPOS is a promising technology with a growing market uptake, but current implementations are not well-designed from a security perspective. It is critical to get security right early as there is a huge potential for fraud around the world. Lessons that have been learned from desktop computers and servers are yet to be applied to embedded systems."

MWR found the MPOS flaws during ongoing research into secure payment technologies. In 2012, it revealed critical vulnerabilities in chip-and-pin devices.

Problems with traditional POS systems gained global attention at the start of this year when major US retailer Target and others were hacked, and payment card and other data on tens of millions of customers was stolen.



You’ve Been Traded - For Big Data

business baseball cartoon

I’m not a huge sports fan, but over the past decade I’ve found it more interesting with the rise of number crunching in sports.

Sure, baseball has always been a game of stats, but it and others have really upped why and how they interpret their data - and it just really fascinates me.

With that in mind, and with the season having just begun, this cartoon felt like a home run.



You’ve Been Traded - For Big Data

business baseball cartoon

I’m not a huge sports fan, but over the past decade I’ve found it more interesting with the rise of number crunching in sports.

Sure, baseball has always been a game of stats, but it and others have really upped why and how they interpret their data - and it just really fascinates me.

With that in mind, and with the season having just begun, this cartoon felt like a home run.



More jobs but cyber security skills gap widens

There's an increasing demand for cyber security specialists in information security, but the challenge remains bringing the right graduates into the fold.

The information security world is facing a skills shortage. We know that because it's been widely reported, and because numerous studies tell us that the rise in the numbers of jobs is not being met by the number of people adept at filling those roles. 

(ISC)2's 2013 Global Information Security Workforce Study revealed there to be an “acute gap” between the supply and demand of qualified cyber-security professionals. It detailed there would be 3.2 million information security professionals employed in 2013, and says that this demand is growing at a compound annual growth rate (CAGR) of 11.3 percent through 2017. Some 56 percent of IT decision makers said that they had 'too few' information security workers.

A separate study, from the US Bureau of Labor Statistics, showed that demand for graduate-level information security workers is to rise by 37 percent in the next decade - twice the predicted rate.

It was to no surprise then when the BBC recently reported that cyber security jobs are on the rise, while noting some encouragement in the fact that interest appears to be filtering in from university courses. 

There certainly is no shortage in these types of courses. Unistats.direct.gov lists 98 university courses as having a cyber security element, and this figure seems to be backed up by Professor Fred Piper, of the information security group at Royal Holloway, University of London, who recently told SC Magazine UK: “There are now 40 to 50 MSC degrees that could claim to be cyber security, and as many as that partially cover the topic.”

Despite this, it would seem that this demand isn't being met by the appropriate personnel. HESA has previously reported that IT graduates find it notoriously difficult to find employment within six months, while data from Google Trends seems to suggest that more people are searching for jobs (and perhaps these are already in the industry) than searching for the relevant courses. A twin-axis search for ‘cyber security jobs' and ‘cyber security training' reveals growing interest in the former, although both are forecast to increase significantly through to 2015.

There is subsequently a knock-on effect in business. Sean Smyth, director at CyberSecurityJobsite, reveals to us that while 50 percent of his firm's 60+ job advertisers are now looking for cyber security skills, only a third of applicants currently meet this requirement. 

Part of this problem, seemingly, is down to courses which are too steeped in academia and not in keeping with the true demands of the cyber security field. 

Smyth told SCMagazineUK.com that the right practical skills aren't being taught, such as configuring and reconfiguring systems, trying out exploits, compromising the security of boxes and hardening defences.

“The courses aren't right…they're great but not quite who the employer is looking for,” said Smyth, who notes that most of his company's advertisers are in the defence sector (including GCHQ). He adds that too many of graduates have learnt reactive skills and not the stuff that “comes up in real life” (although some professors say that these are often taught on industry placements.

Mark Harris, assistant professor at the University of Southern Carolina, seems to agree and told the BBC that while a surge of student interest in cyber-security courses is apparent, the courses themselves are in danger of being left behind. 

"Textbooks on the subject are out of date before they're published," he said at the time.

Such concern comes at a time when the UK government is making strides with numerous cyber security initiatives to improve awareness and interest. In recent times, it has participated actively in the Cyber Security Challenge, introduced the Cyber Streetwise Initiative, and launched the Cyber Security Information Sharing Partnership (CSISP) and CERT-UK. This is perhaps unsurprising given cyber-crime costs the UK economy £27 million a year with businesses shouldering £21 million of these losses.

The government is also looking for cyber security to become “integral to education at all ages”. It is announcing this month that there will be lessons from the age of 11 as well as plans for cyber security apprenticeships. Furthermore, it's planning for e-Skills UK to roll-out the Secure Futures school campaign in London, Greater Manchester and Sussex this year. There's some hope that this can improve take-up of cyber security courses at graduate level - and lower down the chain - of STEM (science, engineering, technology and maths) subjects in schools.

Alan Woodward, industry veteran and now Visiting Professor at the department of computing at the University of Surrey, is encouraged by the government action and says that the “vast majority” of graduates at his university are in employment within six months. However, he worries if the right people are being enticed into cyber security, with computer scientists, in particular, having an array of career options. 

“We're trying to work out what the ‘missile gap' is but don't know where we are at the moment,” he told SCMagazineUK.com. He notes a study from eSkills, which states that just over half of workers are IT graduates, the majority are over 35 years of age and 85 percent are men. “The demographics are not encouraging.” 

“We're not training people from the outset to be security people,” he added. 

Interestingly, both Woodward and John Colley, managing director of (ISC)2 EMEA, are keen to stress that the ideal cyber security professional doesn't necessarily have to have deep technology attributes. Instead, both men attribute project management, and an ability to communicate - something Woodward touches upon as ‘softer skills - as essential to a cyber security expert. Woodward adds that young women are ‘often better' at softer skills than young men, and said that it's important in an age when 80 percent of attacks stem from social engineering. 

“What we need in cyber security is not necessarily deep technology skills, but puzzle solvers who can take something apart,” says Woodward. 

Stephanie Daman, chief executive of the Cyber Security Challenge UK, recently said that there are people out there with the right skills, it's just a case of finding them. 

"We know they have the right sorts of skills, but none of them are currently in the cyber-security profession.” 

Woodward admits that potential undergraduates can be put off cyber-security courses by thinking they will heavily reliant on programming, maths, science - or even worried by the never-ending flurry of provocative headlines. But he says that educating these people on the difference they can make is key. 

He says that he often demonstrates basic operations, like the data being recorded from a smartphone (such as geolocation tracking), or beacons from a public WiFi network, to get people engaged with cyber-security, and the risks that people face on a daily basis. 

“People want to get into careers where they realise that they doing something that has some meaning, a daily impact that affects everybody, like a doctor or in the military. But there's a long way to go.” 

John Colley told SCMagazineUK.com that the cyber security skills boom has been coming for “seven to eight years” and admits the key question is “where do the people come from?” 

He notes there being two issues on education - getting the right people through the door in the first place, but also ensuring that employed staff keep up with technological changes like social networking, mobile, BYOD and the cloud (indeed, a study from ESG from RSA 2014 suggests that infosec professionals are falling behind in this regard).

That aside, he and (ISC)2 - which has just partnered with the University of Phoenix to offer nine full-tuition scholarships on cyber security - have been talking with the Council Professors Heads of Computers - lecturers and other leaders at many of the leading universities- and he believes that there is an issue on how many computer science courses have a security element. 

“Most computer courses have very little security [focus] in them, so graduates have no security skills whatsoever.”

He agrees that there are too many avenues for computer science graduates to go down - something Woodward refers to as cyber needing to “wave its hands” at prospective employees - and raises other issues that need addressing. 

"There are three things that need doing. We need to educate that information security profession can be rewarding, plus very well paid. We need to raise awareness.

"The second thing is to turn out cyber graduates who have core security skills, so that they're more marketable. The third thing, as an industry, is that we have to take a risk and give [graduates] the opportunity to work and develop the right skills.” 

Ways to improve

1) Continued initiatives to teach young children about online risks. Teach them the risks, and the importance of cyber security, while gently opening their eyes to future career opportunities.

2) Debunk the myths around cyber-related courses - it's not scary and reliant solely on maths and programming skills. All types of skills are needed, whether you're young or old, male or female. 

3) MSc courses need to have a greater security focus, which will have a two-fold effect. It will make potential employees aware of the career path but also of the risks should they venture into 'other careers, such as application development.

5) Better target those with computer science degrees - commentators here admit that there's a lot to choose from and that cyber security needs to be a viable route for employment.



PayPal Alternative PayStand Launches — No Transaction Fees

pay stand

A new online payment system promises its users no transaction fees.

Instead, a monthly fee from PayStand will allow your small business to accept credit cards, e-cash, e-checks, foreign currencies, and even Bitcoins. And you won’t lose a penny off your sale price. PayStand CEO Jeremy Almond spoke about PayStand in an interview with Small Business Trends recently. He says his company’s platform is one way for merchants to begin testing new currencies and expanding their customer base.

After being tested in beta, PayStand is now open to all. If your business sees profits consumed by per-transaction fees charged by other services like PayPal, Stripe, or Square, PayStand could compete with those well-known brands. The difference could be in the thousands saved in transaction fees by year’s end.

For example, if your business conducts $300,000 in credit card sales a year and is charged 3 percent in fees, that’s $10,000 a year directly to the payment platform. A $50 per month plan with PayStand would cost your business $600 a year instead. Almond says businesses considering a flat monthly fee over a per-transaction fee would need to be making at least $12,000 in annual credit card sales to see savings.

PayStandPriceComparison

PayStand offers four different pricing tiers, based on your sales volume and other options, the company’s official website explains. Plans start at $24 per month but range up to $299 a month. The premium pricing tiers have more options available. They include live technical support, more customizable platform design, and more product listings and variations.

This may not be the right service for some business, though. If you’re a hobby business or a micro-business, Almond says PayStand’s monthly fee may eat away at more of your profits. But businesses that deal in big-ticket items, like a technical support specialist or other professional service, would likely see a benefit from a monthly fee. Non-profit groups that accept online donations and artists selling digital products could also benefit.

Almond says the key consideration is the amount of sales you make, explaining:

“Anything dealing in volume, this is the way to go.”

Here is how PayStand works and what your customers would experience in a transaction:

You enter your inventory on the PayStand dashboard.  Embed codes let you share the products you’ve entered into inventory on your website or in an email. There are also links that allow you to share the inventory you’ve entered on PayStand on your social media feeds. There’s even a free Facebook app that syncs with your business’ Facebook page. The code adds a button with each product which allows customers to place an order.

Customers on your site, social media pages or reading your email will not be taken to another site to complete the transaction. Instead, a pop-up window featuring your company logo appears to allow the transaction to be completed.

Almond compares this to the experience merchants may have had with other online payment systems, saying:

“The general PayPal experience is obtrusive. They’re your customers and coming to your site. Why does the payment company interject themselves in your transaction?”

All PayStand’s payment templates are optimized for PCs, tablets, and smartphones so your customers can access and pay for your products from any device. The company also offers all users a free online storefront if you wish to use that to generate sales.

Sales are linked to the bank account you provide through your PayStand account. Users have options to have earnings deposited daily or weekly. And unlike PayPal and others, there are no freezes or holds on the money your customers pay you.

Images: PayStand