|
|
Many small business owners are revamping their content marketing strategy this year. While there are lots of different ways to alter your strategy and stay safe being discussed among the Webmaster and SEO community, one of my favorites is by creating buyer personas. It’s creative and it’s a great way to try something new, so ...
The post How to Create Buyer Personas for Your Content Marketing Strategy appeared first on Small Business Trends.
Punch cards for your repeat customers will soon be a thing of the past. But it’s difficult for small businesses to afford those plastic key cards that you might get from a place like a grocery store or gas station.
Huzzah Media says its new Huzzah Loyalty platform is one solution. In fact, the company is targeting businesses with fewer than 10 employees that are still looking for ways to keep their valued customers coming back.
Huzzah VP of Marketing Greg Garrick told Small Business Trends recently that a company survey found nearly half of all small business owners consider repeat customers key to their business’ success. However, less than 20 percent of them offer their customers a loyalty program. Cost in setting up such a program is a major obstacle. Huzzah says that some custom loyalty programs could cost a small business tens of thousands of dollars.
In a company press release, Huzzah’s VP of Product Development Lance Brown added:
“We know that for all businesses today, increased customer engagement is essential to keep customers coming back, and for smaller merchants, this rings especially true. Huzzah brings deep expertise in the small business market and we are committed to delivering a new set of services that enable them to compete with bigger brands and drive revenue.â€
The Huzzah Loyalty program is fairly simple. Currently, the company is giving small businesses a chance to try it out for six months for a nominal fee: $1. After securing a credit card, Huzzah sends you an iPad to display at your business and a box of loyalty cards to give to your customers.
When customers visit your store after receiving a loyalty card, all they need to do is swipe it or a QR code on their smartphone in front of the iPad to earn points. These points can be accrued toward rewards that you select as the business owner.
In an interview with Small Business Trends, Brown said that his company works with small business owners to set up their unique loyalty program:
“Small business owners can talk to specialists to help them guide on which offers to offer. We walk them through the process. You answer questions, they set up everything.â€
After about five months, Huzzah contacts small businesses that have been using the loyalty program to gauge their interest going forward. Following the trial period, monthly subscriptions to Huzzah’s platform range from $69 to $139. Businesses are required to enter into a one-year contract with Huzzah at that time.
In addition to the loyalty program, Huzzah has also announced several other services aimed at small businesses competing with bigger ones.
Huzzah will design a mobile app for your business, customized with your company’s logo and color scheme. The company’s website claims that you need no coding experience or design skills to get your app active. The company also places it on all the major app stores with a premium plan. Mobile apps designed through Huzzah range from $20 monthly up to $65.
Huzzah also has a mobile ad program designed to drive traffic to your mobile app, website, and eventually your business. The ads are localized so that mobile users in your area are more likely to see your ad. Monthly subscriptions in Huzzah’s mobile ad network get your business between 20,000 and 40,000 impressions for $100 and $200, respectively, the company says. Each level gets your business a banner ad and a mobile landing page when someone clicks on your ad.
Image: Huzzah
Dallas recently passed a citywide 5-cent fee on plastic bags. New York City is considering a 10-cent fee. Similar plastic bag fees (or bans) on plastic bags already exist in Seattle, San Francisco and Los Angeles.
Supporters of the fees and bans say they will help raise awareness about the damage these bags do to the environment. Business groups say the added cost will hurt both consumers and businesses.
In a statement issued to FoxBusiness.com, Brooklyn Chamber of Commerce President and CEO Carlo A. Scissura explained:
“We are reviewing the legislation and speaking to our members, but any additional regulations for businesses and consumers have to be carefully considered before action is taken. This is especially true in light of recently enacted regulations that continue to place additional burdens on the backs of small business owners.â€
But in reality, it sometimes seems as if larger businesses have been complaining the loudest. For example, in the case of the new Dallas plastic bag fee, Kroger, a national grocery chain with 2,640 stores in 34 states, has been one of the most vocal critics.
Store representative Gary Huddleston told a Dallas radio station the new rule would force many hardships on the chain including creating special bags to comply. The Dallas Observer quotes Huddleston as saying:
“In addition, the new ordinance forces Kroger and other retailers to add signs, reprogram cash registers to account for the bags, train staff, and even reprint all of their bags to include their thickness on them. Plus, retailers worry check-out lines could get longer, since bags have to be added to your bill before you pay.â€
But there are some businesses that don’t mind the new rules and some have already started creating incentives of their own to encourage customers not to choose plastic.
Tony Marcano manages Union Market, a small chain of locally owned grocery stores specializing in organic and local produce with three locations in Brooklyn and one in Manhattan.
He recently told FoxBusiness.com:
“I don’t mind if it’s going to help the environment. A lot of places are already charging for bags. To be honest with you, 90% of our customers come with their own reusable bags. . .We don’t go through many bags here, because our customers are conscious.â€
Bag Photo via Shutterstock
Trips to the bank may soon be a thing of the past.
New imaging technology lets you take a snapshot of a check with your smartphone and use that to make your deposit. Mitek Systems says it has partnered with more than 2,000 financial institutions - including the top 10 retail banks in the U.S. - to bring mobile check deposits to customers.
For a lot of small business owners, the ability to deposit a check they receive without having to plan a trip to the bank could save time and money. Provided your bank uses Mitek’s licensed technology, all you have to do with your customer’s check is point and shoot. In about two days, the money is deposited to your account.
Mitek’s patented technology allows customers to use their “Camera as a Keyboard.†The mobile photo technology automatically captures images of personal and financial documents and then extracts relevant data, according to the company’s website. Now that a lot more financial institutions are getting on board, the head of Mitek Systems expects use of the technology to grow exponentially.
Mitek President and CEO James B. DeBello says in a company release:
“We’re excited to see the continued adoption of Mobile Deposit. We continue to support the top 10 banks in the country, and coupled with our 100% customer retention rate, this further solidifies our leadership position in the market. We now estimate that consumers have deposited over $150 billion which represents more than 250% growth in cumulative deposit volume.â€
Several small business owners spoke with Small Business Trends recently to discuss their experiences with and the advantages of depositing checks through a smartphone photo:
Jeff Wolfert is an aspiring professional football kicker. While he’s chasing that dream, Wolfert runs KCKicking camps in the Midwest. His camps aim to get college recruiter exposure for high schoolers. He says that he receives a lot of checks and often, on the road, there isn’t a Bank of America nearby. Another benefit is that, even if there is an error on the check - like the name of his business being spelled wrong - there aren’t delays in making the deposit. Wolfert explains:
“Running a small biz, it’s about time. If I can take 5 pictures in one minute, it saves me a 25-minute run to the bank. I’ve never had a check returned to me because of errors on the check. It’s a little less strenuous.â€
Oleg Korneitchouk is a young Web designer and has been using Mitek’s technology for more than a year. He says that he started depositing checks via his smartphone once he upgraded to a better phone. Like Wolfert, he sees efficiency as the main advantage of the technology. He adds:
“(Going to the bank) took up a lot of my time. The mobile app is super convenient to deposit my money. It’s the most convenient way to deposit checks.â€
Image: Mitek Systems
As Hearbleed slows down the internet, experts say that two-factor authentication may the way forward to protect our web sessions.
Trend Micro has warned that the Heartbleed openSSL vulnerability may be slowing down the Internet - to the extent of significantly hitting the Deep Web, including services such as TOR (The Onion Router), which is used by millions of people worldwide as a means of anonymising their web sessions.Â
According to Trend Micro's VP of technology and solutions JD Sherry, the SSL exploit that the Heartbleed open-source coding error has opened up may be causing a slowdown of the Web, especially in the so-called Deep Web, where pay-for anonymous services exist. Â
In parallel with this development news filtered overnight that 19-year-old Canadian Stephen Arthuro Solis-Reyes had been arrested for hacking into the website of the Canada Revenue Agency (CRA). Solis-Reyes has been arrested in connection with hacking into the CRA's website by the Royal Canadian Mounted Police, which alleges that the teenager stole around 900 social insurance numbers.Â
Mike McLaughlin, a senior penetration tester with First Base Technologies, told SCMagazineUK.com that the Heartbleed issue highlights the fact that web users - especially those in business - should really be using multiple players of security when accessing the Internet, including the use of 2FA (two-factor authentication) to better secure their sessions.Â
It is, he explained, turning out to be a very expensive issue for a great many companies, as they scramble to remediate the openSSL vulnerability.Â
The problem that Heartbleed highlights, he says, is that commercial enterprises have placed their faith in open source coding professionals who are not being paid for their efforts. A commercial company, he adds, would have coding professionals in place to ensure their applications are coded securely.Â
"The key takeout for me is that people now need to realise how important the use of 2FA security is," he said.Â
McLaughlin's comments were echoed by Andy Kemshall, technical director with tokenless 2FA specialist SecurEnvoy, who said that users of the tokenless 2FA process would not be compromised by the Heartbleed issue.Â
"This is because, at best, cyber-criminals would only be able to capture single use passcodes from computer memories. But these are valid only once and would have already expired, that is, ceased to be functional," he explained.Â
Tom Cross, Lancope's director of security research, is also in favour of 2FA security to counter Heartbleed security issues, saying that it would be good to see wider use of 2FA on the Web, as attacks that compromise passwords are a frequent event.
"Some 2FA technologies provide additional protection against Heartbleed - in that credentials stolen from a server cannot be replayed, and private keys stored on a smart card are not stored in client memory," he said.Â
Stephen Coty, chief security evangelist for Alert Logic, agreed, saying he is a big believer in the `security in depth strategy.'Â
"On top of using SSL for web browsing, for the average user I would use web reputation tools such as web of trust, Avast Browser Security and Web Reputation Plugin, that will check and verify the site you are going to for reported malicious activity and Internet reputation of the IP space its using." he said.Â
"Sometimes your anti-virus solution will have a plug-in for your browser. So check the tools available in your AV suite. If you are browsing from a corporate space there are Web filters that can be used from a corporate level. There are great tools like Websense and Bluecoat that deliver daily/hourly updates to their filtration that denies traffic to environments that would be reported as malicious by scans, reputation or analysis," he added.Â
Andy Davies, head of researcher with Pentura, the security consultancy, however, argued against the need for extra layers of security such a 2FA technology, saying that, once the Heartbleed vulnerability is fixed, he does not believe an additional layer of security is needed to protect users' browsing.Â
"It is possible to use Heartbleed to grab a server's private encryption key, allowing an attacker to spoof a connection or create a faked, legitimate-looking Web site to collect user data," he said, adding that the user would have to be connected for a long time for an attacker to capture sufficient sensitive information.Â
"And as the Heartbleed fix is being rolled out widely, there are much bigger everyday security risks for users, such as connecting to open WiFi hotspots which could be sniffing traffic," he noted.
As another week in information security zips by, we look at the top stories in our weekly In Case You Missed It (ICYMI) column.
Banksy: Full-time artist, part-time activist
Undercover graffiti artist Banksy's work has often been controversial so when an artwork appeared on the side of a house in Cheltenham - some three miles from the GCHQ's HQ - in typical Banksy style and showing three men wearing sunglasses and using listening devices to “snoop†on a telephone box, it was assumed to be his work.Â
The artist has not yet claimed the work, although the design is strikingly similar earlier works. The picture though is further evidence that government surveillance has become a national issue.Â
NSA knocks back Heartbleed rumours
The reports on Heartbleed keep flowing, with UK website Mumsnet and the Canadian Tax office the first in the public eye to be affected by the Open SSL vulnerability - an implementation bug on the heartbeat extension (RFC 6520), affecting OpenSSL versions 1.0.1 through 1.0.1f. The bug can allow hackers to access the memory of a system over the Internet, and steal information like private encryption keys, passwords and content.
More recently, it's been claimed that it can be used to identify Tor users or even slow down the Internet, and that 95 percent of the detection tools are inadequate in picking up on the vulnerability. The NSA, meanwhile, has been forced to deny reports that it knew about the Heartbleed flaw for two years.Â
Meanwhile, some thousands of miles away in Moscow, former CIA contractor Edward Snowden - the man who leaked the first documents on NSA surveillance - was interviewing Russian president Vladimir Putin.Â
He asked: “I've seen little public discussion of Russia's own involvement in the policies of mass surveillance," he said. "So I'd like to ask you: Does Russia intercept, store or analyse, in any way, the communications of millions of individuals?"
Putin, of course, denied any involvement and while some will applaud Snowden for his line of questioning, the sceptics are likely to point to bias - he is, after all, currently living in asylum in the country.Â
Google to protect Android apps from malware
Malware authors are increasingly turning their gaze to mobile platforms and no more so than Google's Android. Indeed, a report from Arxan Technologies indicates that 100 percent of the top paid Android apps have been compromised.
But the search giant is at least making strides in hardening these apps, announcing recently that it is expanding its app verification service to monitor all apps on the users' devices - including those downloaded from Google Play.
Previously, the firm only scanned apps from third-party stores upon installation, but now Verify Apps will check every app before its installed. It will also regularly check apps to ensure they are “behaving in a safe manner.â€
This is good news for Android in its quest to battle iOS, and for businesses embracing the open-source operating system on a BYOD basis.Â
Cloud report reveals management chaos
SCMagazineUK.com met with Skyhigh Networks recently to discuss its latest report on cloud adoption in Europe, and it made for an eye-opening read - not least if you're a CISO or CSO charged with managing this chaos.
The report revealed - among other things - that the average European organisation had 588 cloud services in operation, while founder Rajiv Gupta and EMEA director Charlie Howe told SC that one unidentified bank CISO was running 966 services, of which only 46 were approved.
Other interesting findings from the study: employees need educating on data protection and privacy laws, and petabytes of data still stored in US data centres despite the Snowden revelations on NSA surveillance (72 percent of cloud services used in Europe store data in US). There's a lot of concern too around cloud security, with 12 percent encrypting data at rest, 21 percent providing MFM and 5 percent being ISO 27001 certified.
Start of Bring Your Own Security?
As ZDNet reports, Apple, Samsung, Google, Microsoft and Samsung are just some of the tech vendors that are pushing for an anti-theft smartphone kill switch to be implemented on newer devices.
This would see anti-theft tools included for free on devices, and would allow contacts, emails, images and personal data to be wiped remotely.Â
There have of course been numerous attempts already to secure devices from theft, from Find My iPhone/iPad on iOS 7 to Android Device Manager, and this is perhaps the next sign that end-users, including employees, themselves should be controlling their security.
Money, Money, Money
Slowly but surely business leaders are getting the message; you need to splash the cash on cyber security if you're to avoid even bigger financial losses from data breaches and jurisdiction fines.Â
The US Federal Emergency Management Agency (FEMA) has just awarded an £476,000, three-year grant to a trio of American universities that will combine their efforts to help US states and communities to prepare against cyber attacks (via Digital Trends), while  JPMorgan is reportedly spending £150 million on cyber security (via Computerworld).Â
This follows a report from Trustwave revealing that cyber security is now mentioned in 6 in 10 FTSE 100 company reports.Â
First the iPhone 5's touch sensor was hacked, now Samsung's new Galaxy S5 has suffered the same fate. Earlier this week, German researchers revealed that they were able to spoof the system by photographing a fingerprint on a smartphone screen (ironically using an iPhone) and then developing an etched PCB image.
From there, the researchers at Security Research Labs were able to create a mould of the fingerprint, swipe it across the sensor and fool it into thinking it's the real thing. And since the Android PayPal app allows for this as an authentication method, hackers could then access digital payments.Â
In related news, the Electronic Frontier Foundation have complained - after submitting an FOI act - of FBI rolling out a plan to store biometric (facial, iris, palm and fingerprint) templates on at least a third of all American citizens.
Privilege controls can work, but cannot cater for all eventualities, says Quocirca analyst Rob Bamforth.
Research just published claims to show that Microsoft SharePoint users are breaching their own company security policies.Â
Originally launched in 2001, SharePoint is a web application framework and platform that integrates intranet, content management and document management under a broad Internet collaboration umbrella. The platform - which is designed for use by non-technical staff in major enterprises - integrates closely with Microsoft Office.Â
The SharePoint Security Report report - sponsored by Cryptzone - is based on an anonymous survey of 100 attendees at the March SharePoint Conference in Las Vegas. Researchers found that 36 percent of SharePoint users are breaching security policies, and so gaining access to sensitive and confidential data to which they are not entitled.Â
In addition, of the 19 percent of respondents whose organisations do not allow sensitive information to be stored within SharePoint environments, nearly a quarter of them later said they knew of individuals who had accessed content that they were also not entitled to - showing that users are ignoring their security directives.Â
The real eye-opener is arguably that the majority of administrators perceive their ‘permissions' to be unrestricted - responding with comments anecdotally that included ‘I am entitled to see everything' and ‘administration access is God mode.'Â
HÃ¥kan Saxmo, CTO of Cryptzone, said that the report highlights the need for a separation of duties, so that SharePoint admins are only responsible for performing normal administrative functions in SharePoint.Â
In addition, he explained, using technical controls that enforce information security policies automatically - without changing the user experience - is fundamental to the security rules being maintained, as users will not follow the rules, just because they are there.Â
The report concluded that the risk of SharePoint admins abusing access privileges without the knowledge of their employers remains extremely high - and that a high proportion of enterprises do not audit their system for compliance. Because of this, the report says the company cannot be sure they are not putting sensitive and confidential data at risk.Â
Solutions to the security challenges identified in the report include recommendations to establish rule based encryption and access rights management to automate SharePoint security controls, and ensuring that encryption plus access management stays with the document - regardless of whether SharePoint content is moved, copied or changed in any way.Â
In addition, the report recommends that, when granting access to external parties, admins ensure those users are only able to access the SharePoint resources that they need and that the content shared with them remains protected.Â
Commenting on the report findings, Rob Bamforth, a principal analyst with Quocirca, the business research analysis house, said that, because SharePoint is a high-end business environment, the findings are very revealing - and highlight the fact that the human element is letting enterprise security down.Â
"I think responses to Q4 - `Does your organisation store sensitive information in SharePoint - are most revealing, as 79 percent said they stored sensitive or confidential information on the SharePoint platform," he said, adding that shows the clear need for a security police enforcement technology in these organisations.Â
Separation of duties, he says, is a possible solution, but this could be difficult to arrange in most companies.Â
"The problem here is that a security policy enforcement solution is not always going to be able to keep up with changes caused by staff holidays and sickness. Privilege controls can work, but cannot cater for all eventualities," he explained.Â
Adrian Davis, EMEA managing director with (ISC)2, the not-for-profit IT security association, said the research highlights the importance of management in a technical context.Â
"Managers cannot assume that ‘IT will take care of it' and leave administrators to implement suitable controls to protect information and manage access by users. Additionally, managers cannot leave privileged users, such as system admins to work without supervision or at least regular review of what those privileged users are doing," he said.Â
"The key to a successful deployment is having business, IT and information security working together to build the right architecture and environment so that the benefits of a SharePoint deployment can be maximised, whilst the risks of deliberate or accidental compromise of the confidentiality, integrity or availability of information are minimised," he added.
Let’s say you’ve amassed years worth of mostly positive reviews on your Yahoo Local listing. Then, all of a sudden, your Yahoo Local reviews disappeared and they aren’t showing - but Yelp reviews are showing instead.
This is exactly what happened to Dan Tringale, owner of Colonial Hardwood Flooring of Lexington, Mass. Tringale says his company had amassed six years of mostly positive reviews on Yahoo Local. But when a new deal between Yahoo and Yelp went into effect, all that changed.
A few weeks ago, Tringale estimates about 50 of his reviews on Yahoo Local disappeared in search as Yahoo started displaying Yelp reviews instead. Tringale tells the Wall Street Journal:
“It’s a slap in the face that they took all those reviews down overnight…It’s not easy to get 50 great reviews.â€
If you were this business, you wouldn’t be happy. Yahoo says it’s in the interest of users. A spokeswoman told the Wall Street Journal:
“We partnered with Yelp, one of the most trusted, relevant sources of consumer business reviews, to provide a richer search experience for Yahoo users. . . That’s why when Yelp’s reviews are available for U.S. businesses, they will replace Yahoo Local reviews.â€
But is this really in the interest of users of the site, if six years of good reviews are hidden from view just because of a deal Yahoo made with Yelp?
If you’re focused on getting online customer feedback, be sure to direct satisfied customers to Yelp, rather than other online feedback like Yahoo Local listings, for example.
In the first place, Yelp reviews are now featured prominently on major search engines including Google and Bing.
In the second, small businesses are discovering that, since the deal giving Yelp reviews a more prominent place in Yahoo search, Yelp reviews trump Yahoo’s own.
The National Retail Federation in the United States has announced plans to establish the Information Sharing and Analysis Center (ISAC), so that retailers can work together on incoming cyber security threats.
Following in the wake of serious attacks against some of the world's leading retailers - not least big-box store Target, which lost 40 million credit card details and almost 120 million customer records at the end of last year, the industry body has confirmed plans to launch the group June.
The aim of ISAC, according to the Reuters newswire - which broke the story, will be to help retailers share tips on fighting hackers, as well as share intelligence provided to them by law and government agencies.
The financial services industry ISAC, which is believed to be one of the more successful such bodies, is reportedly helping retailers to set up the new organisation.
"It will allow them to talk to each other about things that are hitting them, to know quickly if other people are experiencing the same things and if they've found good defences that they can tell each other about," Alan Paller, founder of SANS Institute, told the newswire.
This action seems to have come about partly on the back of the Target data breach, which occurred as a result of vulnerability on the point-of-sale solution. According to Reuters, companies privately complained in the aftermath of that incident that they had issues regarding obtaining information from law enforcement about the attack and how to prevent future action.
Alan Carter, cloud services director at SecureData, an independent IT security service provider, said that the formation of ISAC is a move in the right direction.
“The ISAC formation is a positive step, much like the recent launch of CERT and the long-term goal should be for it to expand internationally, with other industries hopefully following suit and taking cyber-security more seriously,†he told SCMagazineUK.com.
“We're all very aware of big data and its benefits, but soon enough this is going to be the only sure-fire way (if such a thing exists) of detecting new threats. Unfortunately the bad guys already have access to the technologies like firewalls and other point solutions, and are able to spend time analysing those platforms for vulnerabilities and back doors, meaning the only real option we're left with is this collaborative approach.â€Â
He added that industry collaboration is essential for the group to succeed: “It is understandable that companies will be reluctant to share this data with competitors, but on the whole it will be anonymous. Many vendors and resellers already have access to huge amounts of traffic every day and analyse this to improve threat detection; a collaborative approach should be viewed as a mere extension of this."
Marta Janus, security researcher at Kaspersky Lab, says that the movement could act as a step for other industries to collaborate on cyber threats.
“Sharing information about cyber threats between potentially threatened industries and law enforcement agencies should be one of the most important factors in the never-ending fight against cyber-crime,†she told SCMagazineUK.com. This cooperation should be bi-lateral to ensure the benefits for each party. Of course, some information may be too sensitive to disclose to the industry as a whole, but I believe that all affected parties should at least have access to details that might help them in the process of improving security and protection against future attacks.
“On the other side of the agreement, in the event of a security breach, private sector organisations should provide any relevant information to the law enforcement agencies working on the formal investigation.
“By working together with other businesses within the industry, and alongside government agencies, retailers can not only strengthen their protection against data theft and mitigate the risk of financial loss, but also contribute to the general security of their industry. Establishing an ISAC by the National Retail Federation is a big step towards this direction.â€
There's also the hope that this US directive can fuel further action in the UK, although this work is essentially being carried out by the CISP Cyber-Security Sharing Partnership - which is part of CERT-UK.
The group, which celebrated its first anniversary in March and which has 378 organisations and more than 1,000 individuals signed up, said that it continues to work with numerous sectors, and says that cyber awareness is gradually improving.
“By joining CiSP, organisations are aware of the potential for cyber threat - we are working across sectors to enhance this awareness further and to encourage collaboration across sectors. It is up to individual organisations to protect their own infrastructure but awareness of cyber threats is growing and they are taking it seriously,†said a spokesperson.
Last year's Retail Crime Survey, carried out by the British Retail Consortium, revealed that the ‘majority' of retailers see cyber attacks as a critical threat to their business, with hacking and denial of service attacks the most serious in the preceding 12 months. As a result, BRC encouraged retailers at the time to work closely with the National Crime Agency and the National Cyber Crime Unit, as well as collaborate with fellow retailers and law enforcement agencies.
You could be implicated as a criminal suspect, just by virtue of having that image in the non-criminal file, says the Electronic Frontier Foundation (EFF).
A simmering row between EFF and the FBI is developing over a rolling plan to store biometric (facial, iris, palm and/or fingerprint) templates on at least third of all American citizens by the end of next year.Â
After filing a Freedom of Information (FOI) request, the Foundation - a privacy and advocacy organisation set up back in 1990 - discovered that the NGI (Next Generation Identification) programme is a lot more advanced than many people realised.Â
The NGI seeks to build on the FBI's existing fingerprint database - which is thought to have data on 100 million people - almost a third of the 318 million population of the US - adding facial recognition to the biometric mix.Â
Perhaps more importantly from a privacy perspective, the plans call for the NGI database to incorporate both criminal and non-criminal records together under a single master system, with each person allocated a UCC (Universal Control Number) that is used across multiple government and allied agency databases.Â
The EFF says that NGI database has been expanding rapidly over the last two years - and may reach 52 million facial templates by the end of next year.Â
In 2012, the privacy organisation says that the NGI system held 13.6 million templates on between 7 million and 8 million people - a figure that doubled to 16 million by the end of last year, driven mainly by the fact that the system can process 55,000 photo images every day.Â
According to the EFF, the NGI actively combines facial, iris, palm and/or fingerprint biometric data - and links personal and biographic data such as name, home address, ID number, immigration status, age, race and so on.Â
"This immense database is shared with other federal agencies and with the approximately 18,000 tribal, state and local law enforcement agencies across the US," says the Foundation, adding that its primary concern is that the database will include non-criminal as well as criminal face images.Â
"Currently, if you apply for any type of job that requires fingerprinting or a background check, your prints are sent to and stored by the FBI in its civil print database. However, the FBI has never before collected a photograph along with those prints. This is changing with NGI. Now an employer could require you to provide a `mug shot' photo along with your fingerprints. If that's the case, then the FBI will store both your face print and your fingerprints along with your biographic data," the Foundation's analysis of the situation adds.Â
The problem here - as the EFF says - is that, even if you have never been arrested for a crime, if your employer requires you to submit a photo as part of your background check, your facial image could be searched â€" "and you could be implicated as a criminal suspect, just by virtue of having that image in the non-criminal file."Â
The big question is whether such a database is feasible in the UK, as the technology is obviously already here today.Â
For the answer to this question, SCMagazineUK.com turned to digital forensics specialist Professor Peter Sommer - a visiting professor with de Montfort University - who said we also have a similar issue here in the UK.Â
The challenge, he explained, is that data of all kinds is collected - including from CCTV Automatic Number Plate Recognition and communications data - on an initial individual from a worthy scenario, but is then retained and used for other reasons.Â
This process, he says, is carried without the tests of necessity and proportionality - and competent independent oversight.Â
"Several different streams of data are then aggregated to make the intrusion even greater. Data aggregation has a very important role in modern investigative practice, but the oversight mechanisms to limit abuse and collateral intrusion into the lives of the wholly innocent are largely weak or absent altogether," he said.Â
"Very soon we will have to worry that a combination of high resolution cameras and improved facial recognition techniques may be adding to his toxic mix," he warned.
Dealing with the ebb and flow of workloads can be challenging for small businesses. How do you address those extra busy times without adding regular employees? And what happens when things slow down again?
Subcontractors can often help provide a great solution. Below are some benefits of using subcontractors and considerations for bringing subcontractors on board.
Without creating a lot of additional overhead, you can bring subcontractors (or independent contractors, freelancers, etc.) on board to handle extra work.
Hiring a new employee can cost you 25 percent more than if you bring a subcontractor on board for the same purposes. Why? Because for an employee, you’d likely pay Social Security and Medicare tax, worker’s compensation insurance, liability insurance, employee benefits, training, and so on.
Subcontractors can bring with them a unique skillset that can enhance your business’s work. From design efforts to technical writing tasks and beyond, you can keep clients happy by meeting their needs with specialists you might not have in-house already.
This also keeps your existing team members focused on their areas of expertise, so their primary work doesn’t suffer if there’s an assignment that doesn’t play to their strengths.
Is there a particular time of year that sees a surge in business?
Subcontractors can provide the extra manpower when you need it temporarily. Whether it’s around the holidays in the winter months or tourist season during the summer, subcontractors can be the answer to meeting those seasonal needs without bringing folks on board for the long haul.
So, what’s next if you decide this could be a good path to take for your business?
Use your existing networks - word-of-mouth, social media, etc. - for trusted recommendations and referrals. Check out portfolios or samples to get an idea of a person’s work.
Formalize the basic terms and conditions of this new working relationship. Include a description of the professional services delivered, quality expectations, termination conditions, invoicing terms, tax reporting requirements, non-compete language and an intellectual property agreement.
This legal document establishes the confidentiality of shared knowledge or materials. It can restrict subcontractors from speaking about or divulging private company information to outsiders.
The law is strict when it comes to how businesses classify subcontractors/freelancers versus employees  - and violations can be costly. Check out these articles about contracts and tax forms for more information.
Subcontractors Photo via Shutterstock
If you have a business website, you’ve probably already heard, and are worried, about the Heartbleed Bug.
Simply put, the Heartbleed Bug is a flaw in the SSL certificate used by some websites. That flaw might allow passwords, credit card numbers and other data to be leaked as a result.
SSL certificates are usually limited to websites that deal with online financial transactions. Websites that use it can be distinguished because they include an “https†instead of “http†in their URL. A lock can also often be seen in the search window in front of the URL while visiting the site.
Mashable recently published a hit list of some big sites and services affected. These include:
There has already been a Chrome extension (and probably other tools out there) claiming to help determine whether your site is affected. Of course, it’s important to be careful when using such tools and perhaps make some tests to be sure they are reliable. For example, you might test them to see whether you get any false positives.
Since only “https†sites can potentially be affected for example, test to see whether you get positive reads off “http†sites, too. If so, the tool your using might not be trustworthy.
Dominic Lachowicz, Vice President of Engineering at Merchant Warehouse, also cautions that not all SSL certificates are flawed. Merchant Warehouse provides electronic sales tools for mobile, ecommerce and storefront sales, but Lachowicz says the company was not affected by the bug.
Lachowicz spoke with Small Business Trends recently about some of the issues of most concern with Heartbleed. He acknowledged:
“This is indeed a serious problem on the Web. The first thing I’d like to advise everyone is to not panic.â€
He says the first step is to determine whether your site has been affected. If you maintain your own site, Lachowicz recommends testing it for the bug using a tool built by encryption consultant Filippo Valsorda.
If your site has been affected, you will need to reinstall your site’s SSL certificate. For example, Lachowicz writes in a recent post on the official Merchant Warehouse Blog that a new fixed version of OpenSSL has already been released.
If you don’t manage your own website, Lachowicz recommends reaching out immediately to your Web development team or online provider. They will be able to tell you whether they have been affected.
If they have, chances are a fix has already been installed, in which case you will simply need to change any passwords associated with the site. That should be enough to protect against any future exposure.
Concerned Photo via Shutterstock
