How to Be Proactive About Potential Breache

Are you tiring of users continuously badgering you to get corporate network access for their mobile devices?  Does your corporate management want to buy tablets for the sales team? If so, your small- to medium-sized business (SMB) needs to start proactively addressing mobile security breaches such as malware.

 

Modifying your existing security policies and protocols, establishing new policies and educating your mobile workforce are economically sound frontline solutions for securing your corporate enterprise and trade secrets.

Here are some tips on how to address mobile device security breaches beforethey happen:

  • Establish corporate information access guidelines. It’s important to pre-determine how mobile device users will access corporate information. Will users download data to devices? Will they access the data remotely? The answer will vary from company to company, so be sure to consider your situation uniquely.  If your company has to be in compliance with a regulatory body like PCI Data Security Standards (DSS) or the Health Insurance Portability and Accountability Act (HIPAA), then consult with your auditor before enabling network access to mobile devices.
  • Establish device control policies. Bring Your Own Device (BYOD) can be full of benefits like saving on corporate hardware purchases and increasing productivity for your mobile workforce and SMB. However, the negatives can outweigh all those positives when a BYOD device brings malware into your network. Create a policy that governs how your corporate IT staff can gain control over a personal device, while maintaining your network security. Include information about how to keep personal information private (e.g., via a mobile device backup strategy that doesn’t touch personal data) and define corporate ownership over data and applications.
  • Enforce device-level security.  Both corporate-owned and personal devices should have secure passwords and screen locks; document this requirement in your mobile device policies. In addition, make sure it’s clear that both personal and corporate mobile devices maintain up-to-date corporate-approved (and preferably corporate-managed) antivirus and security software installed to guard against malware and other security risks.
  • Develop and deliver mobile workforce security training. Education can be just as powerful a security tool as technology. Develop and deliver mobile workforce security training built around keeping your mobile workforce productive and prepared to be the first line of defense against malware and other security threats to their mobile devices. Spell out your corporate policies and include a participant sign-off stating that they understand and will abide by the policies.

Never speak with a clueless operator again

Along with enduring root canals and eliminating malware, dealing with customer service call centers probably ranks near the top of the “most painful experiences in life” list for many people.

Causes for the discomfort include: complex telephone trees that require a preposterous number of key presses to get anywhere; interminable hold times; agents who lack all but the most child-like expertise; and, most maddening: when a customer finally connects with someone who might actually help — they are frequently disconnected.

 

There has to be a better way. And, there is… in the cloud.

Cloud-based services and applications are making headway into reducing this customer service mess, allowing small business owners to affordably improve the customer experience with cool features that people love, including social media and mobile device interfaces.

 

The importance of customer service management (CSM)

According to a ClickFox survey

  • More than 50 percent of disgruntled customers will spread negative information to others in their social circles.
  • More than one-third of unhappy customers will completely stop doing business with a company that has wronged them.
  • Even worse, 60 percent of those people exposed to these negative comments in social media are influenced by them, meaning most people will avoid you if their friends say you stink.

Not only does this represent lost revenue from these particular customers, but it can wreak havoc on SMB marketing efforts (and budgets) that now have to overcome not just their competitors’ advertising messages but also the negative perceptions and bad word-of-mouth caused by these unpleasant customer service experiences.

 

Cloud solutions

Placing your customer service in the cloud better meets the expectations of customers who are increasingly connected to the web via mobile devices and, therefore, expect instant answers. Rather than deal with a call center, many even prefer self-service answers for their support issues, searching online to bypass traditional help desks altogether.

Businesses can enable this migration of customer service functions with an ever-increasing list of services, including Zendesk, Service Cloud, Desk.com, Parature, and Zoho. Most provide not only traditional phone, email and chat functions, but also integrate with social networks such as Twitter and Facebook to offer robust self-service options.

Mobile-specific CSM apps include Gripe, available for both iPhone and Android, which enables consumers to vote positively for a company with a “cheer” or complain with a “gripe,” both of which get posted to their Twitter and Facebook accounts while also messaging the company’s customer service department for quick resolution.

Rethink Your Endpoint Security Strategies

For those reluctant to say goodbye to signature-based malware protection, read on for the first of a four-part series that delves into why small and medium-sized businesses should rethink their current solutions and explore cloud-based strategies for endpoint protection.

 

We are gathered here today, with not-quite heavy hearts, to say farewell to a constant companion. Our “friend” was part of our daily lives, popping up at the oddest times, seemingly just to say “hi,” or – as in any other high-maintenance relationship – demand we drop everything to give it some attention right now.

Imperfect, needy and often intrusive, we nonetheless tolerated its presence as a necessity in this cruel, crazy world full of bad guys – until something radical came along that made our “friend” a casualty in the unceasing conflict that can be called “The Malware Wars.”

The radical new element in the fray? The cloud. So, join us in saying, “Rest in peace, signature-based antivirus program,” and, “Hello, cloud-based endpoint security strategies.”

 

The changing world of web threats

Signature-based antivirus protection arguably peaked in the late 1990s and has been playing catch-up with the blackhats ever since. File injection and other basic virus types were mostly supplanted by Trojans, worms, backdoors and other stealthier nasties, which the big antivirus companies responded to slowly, as these threats did not fit their model of a virus.

Demonstrating how ineffective some solutions are to this day, the notorious 12-year-old Back Orifice 2000 Trojan is still infecting machines, and one out of three web malware encountered in 4Q 2011 were zero day threats, which are completely undetectable by signature-based schemes.

Hackers are also increasingly using social media scams and phishing, with even LinkedIn notifications becoming fair game for delivering exploits. It is clearly a more complicated world in the security space, and only getting worse.

Save money with today secure providers

Just a few short years ago, the image of an IT department for small and medium businesses was one of Dilbert-looking technicians noodling around with Cat 5 cable and speaking in a blend of Klingon and Robot. In other words, IT seemed completely remote, complicated and inaccessible to most employees. Additionally, each new hardware and software deployment, including installing malware protection, could take weeks to manually implement across the enterprise, and rarely went smoothly.

One solution – outsourced IT – has found greater acceptance in the past few years as its benefits have become more tangible to even small businesses. It is estimated that globally, 74 percent of companies use some form of outsourced IT solution, up 25 percent from 2009.

 

Read further for compelling reasons why a small or medium business should consider the IT-outsourcing trend.

 

Cost savings

Moving IT off-site can save an SMB thousands of dollars per year. As most business decisions are predicated on the bottom line, this is often the main driver in the decision to migrate. Areas of savings include:

Reducing hardware expenses. Servers, storage, cabling, cooling, and datacenter square footage expense can now be on a cloud vendor’s dime, not yours.

No salary or benefits expenses for IT employees.

Potential tax savings by converting capital expenditures (servers), that depreciate slowly over time, to a monthly cost which can potentially be deducted in the current tax year.

 

The latest software versions – hassle-free

Outsourcing IT means software, including malware protection for endpoints, can be updated automatically by the provider. This obviates the need for a local tech to run around taking workstations offline for upgrades.

Furthermore, updating software not only unlocks newer features, but also closes exploits in older versions that might allow hacker penetration. So it’sworth exploring any platform that can make this process painless and automatic, such as a cloud service.

 

Focus on your business, not technical issues

Anyone who survived working in Corporate America from the 1980s onwards is familiar with the spectacle and lost productivity that accompanies the proverbial “system going down.”

When outsourcing IT to the cloud, this nightmare occurs less often as data is often distributed redundantly across many servers that are monitored constantly, leading to greater stability and uptime, and less worrying about IT matters.

 

Improved security

Reputable outsourced IT providers are dead serious about security against malware, zero-day hacks and other intrusions and constantly monitor and update their protection schemes.

For most SMBs, outsourcing will provide a more frequent and secure back-up solution than their existing IT setups. Furthermore, as the data is kept off-site, it is well- protected from a local catastrophe, such as a fire or flooding.

 

No new employees to manage when scaling up

Scalability is easy with outsourced IT – simply contact the vendor for more storage, memory and processors as needed. There is no longer any need for job postings, interviews, expensive training, personality clashes, worker’s compensation or other common HR issues and liabilities just to get tech personnel to handle the increased operations.

Opportunity for businesses of all sizes

The Apple iPad and its many Android “sincere flatterers” have comprehensively shaken up the market for mobile computing; in fact, the late Steve Jobs coined the phrase “post-PC for just this situation.

The days of the traditional laptop computer may not be totally over, but is a hinged screen-keyboard combo the only tool for serious mobile work? Nope. Here are five reasons why….

 

1. For content creation, just add keyboard

Tablets are great for content consumption. Hit the button, and you’re immediately scrolling through Web pages, YouTube videos, annoyed avians and the like. This can lead to the impression that tablets are only good for passively consuming; that they’re no use for creating content, such as documents, spreadsheets and other staples of business life, but that’s short-sighted.

Obviously, tablets’ on-screen keyboards aren’t easy or ergonomic typing tools. However, there’s a wide range of Bluetooth options available that can turn an iPad or Android tablet into a lean, mean, writing machine.

 

But if you’re going to add a keyboard to your tablet, why wouldn’t you just buy a laptop? The next three reasons answer that…

 

2. ARM = light weight + long battery life

PC and Mac laptops are built around the Intel processor architecture, using chips from either Intel or AMD. Often known as x86, the architecture is great for compatibility with the PCs we’ve used for years, but it’s encumbered with historical baggage that makes x86 machines hot, heavy and hungry for battery juice. Modern laptops have improved but are still a world away from today’s tablets.

Most tablets break from Intel’s historical hegemony by using chips designed by ARM. These so-called system-on-a-chip architectures use much less power than x86 – especially when idle. This and modern battery technology can give tablets a 10-hour life and weeks of standby readiness, which means you can get more work done on the go.

Intel is fighting back, though the jury’s still out on whether it can compete. Intel tablets will at least be able to run the full version of Windows 8, as opposed to the cut-down, ARM-only Windows RT.

 

3. Cellular data: a first-class citizen

Today’s tablets often include access to 3G and 4G/LTE networks. The data networking technology is seamlessly integrated, so that you can switch between it and Wi-Fi with no noticeable interruption.

That’s much cleaner than the typical Windows or Mac laptop with an add-on 3G dongle; the difference being that cellular data was designed into tablets from the get-go. So there’ll be fewer excuses to not get the presentation finished on time.

How to Secure Mobile Workforce Devices

Bluetooth is best known as the wireless technology that powers hands-free earpieces. Depending on your point of view, people who wear them either:

a) Look ridiculous (especially if shining a bright blue LED from their ear);
b) Appear mad (when apparently talking to themselves); or
c) Are sensible, law-abiding, safety-conscious drivers.

 

Whichever letter you pick, insidious security issues remain around Bluetooth attacks and mobile devices. While most of the problems identified five to 10 years ago have been straightened out by now, some still remain. And there’s also good reason to be cautious about new, undiscovered problems.

 

Here are a few examples of the mobile security threats in which Bluetooth makes us vulnerable, along with tips to secure your mobile workforce devices.

 

General software vulnerabilities

Software in Bluetooth devices – especially those using the newer Bluetooth 4.0 specification – will not be perfect. It’s unheard of to find software that has zero security vulnerabilities.

As Finnish security researchers Tommi Mäkilä, Jukka Taimisto and Miia Vuontisjärvi demonstrated in 2011, it’s easy for attackers to discover new, previously unknown vulnerabilities in Bluetooth devices. Potential impacts could include charges for expensive premium-rate or international calls, theft of sensitive data or drive-by malware downloads.

To combat this threat: Switch off your Bluetooth when you’re not using it.

 

Eavesdropping

Bluetooth – named after the Viking king, Harald Bluetooth Gormsson, thanks to his abilities to make 10th-century European factions communicate – is all about wireless communication. Just like with Wi-Fi, Bluetooth encryption is supposed to stop criminals listening in to your data or phone calls.

In other words, eavesdropping shouldn’t be a problem. However, older Bluetooth devices use versions of the Bluetooth protocol that have more security holes than a tasty slice of Swiss. Even the latest specification (4.0) has a similar problem with its low-energy (LE) variant.

A Good BYOD Enterprise Program

The corporate workforce is changing: Employees used to stay chained to their cubicles, plugging away on company-issued PCs. Today, remote workers perform the same tasks on their own high-tech tablet or laptop while soaking up the atmosphere at their local coffee shop.

 

Employees are increasingly using their own devices as the mobile workforce grows in importance. A Computing Technology Industry Association study found that 84 percent of professionals surveyed use their smartphones for work, but only 22 percent of their companies had a formal mobility policy. The upshot of this mobile shift is that corporate networks will be increasingly vulnerable, unless these devices are reined in with a BYOD enterprise program.

If your company lacks a mobility policy, consider incorporating the following five elements into your BYOD program to save time and money.

 

1. Include clear, written rules

Eliminating risky end user behavior through clear BYOD policies saves IT expenses right off the bat. Some of the most salient points to cover in writing include:

  • Prohibited devices, such as jailbroken phones
  • Blacklisted applications
  • Procedures for lost or stolen devices, including the possibility of wiping out all data on a device
  • Privacy disclosures, such as what personal information the enterprise has access to on a device

Some of these issues, like whether the company can legally wipe out data on a device they do not own, should be cleared with your human resources and legal departments to minimize the risk of lawsuits.

 

2. Make sure it’s formally presented

It is not enough to have employees sign off that they have read the policies – formal classroom or online training is recommended to ensure comprehension and compliance – especially for less tech-savvy workers who might not understand that seemingly innocent actions can expose the company to risks.

 

3. Ensure that it’s scalable and flexible

Make sure your security software can be painlessly installed on new devices. Cloud-based services do this particularly well and are typically available on a per-user subscription model, which saves money by protecting only what is needed at any given time.

Also, consider exceptions to rules, such as allowing peer-to-peer networking programs for certain users who might benefit from these tools. Otherwise, employees may risk bypassing your security protocols in order to use forbidden applications.

 

4. Secure against the greatest number of threats possible

Risky behavior such as opening email attachments from strangers or visiting dubious sites on BYOD devices should be addressed in the written policies and further safeguarded via antivirus software.

There are other exploits to be aware of, which might not be as obvious, such as fake antivirus scanners that users might innocently install, and social engineering (or phishing) threats. A good endpoint protection program will keep employees up-to-date on these lesser-known attack vectors and continually inform them on how to best protect their devices. This does not require much expense but does involve staying abreast of threats and implementing a solid communication plan.

Risks of managing remote workers

Visions of kicking back and working from the beach with a piña colada in one hand and an iPad in the other are no longer just flights of fancy for many workers. Businesses are finding that it really is possible for employees to work remotely on their own devices without losing any productivity.

 

As a result, many companies are measuring the benefits of employees working remotely against the logistical issues inherent in developing a mobile device management plan.

There are many tangible benefits of BYOD (Bring Your Own Device), including:

  • Reduced equipment costs
  • Increased employee satisfaction and efficiency
  • Decreased IT staff burden (since employees maintain their own equipment)
  • Reduced office space square footage (as workers are mostly off-site)

The risk in BYOD is that these devices can potentially expose security vulnerabilities not directly supervised by IT staff or addressed by corporate antivirus solutions. This is where the need for mobile device management comes in.

 

A new landscape of threats

Tablets and smartphones are arguably less secure than desktop PCs and laptops because they lack pre-installed malware protection. Most computers include at least a trial version of an antivirus suite, but for the newest mobile gadgets, individual users and IT managers are on their own to search for and install mobile endpoint security management.

This vulnerability has not escaped the attention of hackers, who unleash creative new threats like SMS text messaged-based attacks on a daily basis. The old-school virus, while still annoying, does not hold a candle to the damage caused by these new approaches in cybercrime, which include more sophisticated Trojans, keyloggers, phishing attacks and malicious apps than ever before.

 

Maintaining security while not breaking the bank

Enforcing a ban on these devices is a near impossibility, but there are options for businesses on a tight budget to maintain security:

  1. The first cost-effective step is to immediately establish protocols regarding these devices in the workplace, including guidelines for acceptable use, forbidden applications and how to avoid dangerous activities, such as browsing certain questionable sites while connected to the company’s Wi-Fi.
  2. Next, evaluate your current solutions to see if they can be modified to protect BYOD devices through password enforcement, remote wiping or other protective measures.
  3. If the quantity of devices or sensitivity of data requires a more robust solution, explore whether the use of Mobile Device Management (MDM) software makes sense. MDM provides a centralized platform to manage all BYOD devices and is recommended if IT personnel are spending an inordinate amount of time securing tablets and smartphones – or if the sheer variety of devices and new threats tests their expertise.

Tips for Write a Business Plan

If you, like many entrepreneurs, are time rich and cash poor, option 1 quickly removes itself from the equation, given the cost of having someone write a plan for you.

You are then faced with the choice between using Business Plan Pro or building everything yourself, from scratch, in Microsoft Word and Excel. Why are we not recommending other business plan software options? Because Business Plan Pro is the best business planning software available – without exception. Palo Alto Software (the maker of Business Plan Pro) has a proud history, has had category leadership for years and has extensive lists of testimonials and independent reviews on the website, all corroborating this view. By all means, consider other software options; however, we are confident that your own analysis will reveal that Business Plan Pro stands head and shoulders above the alternatives.

When it comes to using Word and Excel there are undoubted benefits – not least the fact that they are ‘free’ in the sense that they are bundled on most PCs. The interface is also familiar, given the popularity of their use. However, while these tools are excellent when you know exactly what you need to produce, they offer negligible assistance when it comes to producing specific content, such as that required for a business plan. If the purpose of the business plan were simply to jot down a few notes to keep you on track, they would suffice. However, if you intend to circulate the plan to peers, colleagues or prospective investors, you will need to produce a plan worthy of your name. After all, you are the author!

Here are the reasons why we believe that using Business Plan Pro is the easiest way to write a business plan:

1. Offers significant time saving

Business Plan Pro was designed to help you write a plan as efficiently as possible. It comes with extensive help, lots of examples and expert advice.

2. Provides the structure

Business Plan Pro walks you through a list of specific tasks, step by step, in stark contrast to the blank screen and flashing cursor you face when you create a new document in Microsoft Word.

3. Includes hundreds of examples

Business Plan Pro includes over 500 sample plans so you can browse plenty of examples to help give you ideas.

4. Ensures you do not leave out any sections

Over ten years of history means that we know what sections to include, where they should appear in the document and what you need to put in them.

5. Makes the numbers part easy

We recognise that while compiling the financials is an essential part of any plan, it is a very challenging area. We have simplified this process with the inclusion of easy-to-use financial wizards and automatic calculations, linking together all the financials from Start-up costs to Sales Forecast to Personnel Expenses to Cash Flow to Profit and Loss.

6. Free support available

Alongside the extensive in-product help, we also offer a free support line and a comprehensive help facility on our website.

7. Signposts relevant resources at appropriate points

The software also includes links to relevant local resources where you can read specific advice on any areas with which you need further assistance, including trademarks, company formations, and more.

8. Designed specifically for producing a business plan

Whereas Microsoft Word is a general purpose tool, Business Plan Pro is designed specifically to help you write a business plan with the least amount of hassle.

Reduce Your Investment In Endpoint Security

Trojans, worms and spyware sound like elements straight from a summer blockbuster, but the kind of action/adventure they provide on your PCs, Macs, smartphones and tablets make them more like a horror movie.

By deploying effective endpoint security, you can help prevent attacks and keep your users safe from viruses and other malware, such as spear phishing and advanced persistent threats. Today’s  state-of-the-art endpoint security has come a long way from its early roots in “antivirus” and has morphed into a complex suite of sophisticated protections against modern threats.

 

But good protection isn’t free; so, how can you save money, while still protecting your computers? Here’s how to reduce your investment….

 

Keeping users safe

In an ideal world, users would be perfectly security conscious. These mythical users wouldn’t:

  • Click on suspicious links.
  • Open file attachments emailed by criminals pretending to be their friends.
  • Respond to phishing messages that appear to be from a bank.
  • Disable software updates because warnings and reboots are annoying.
  • Disable a security product because it slows down their PC.
  • Install free software from an untrustworthy developer, because their friend liked it on Facebook.

Sadly, our world is less than ideal. Much, much less: A recent report said that 86 percent of U.S. businesses surveyed had lost sensitive data during the previous year.

User awareness training helps, but it isn’t sufficient. That’s why your endpoints need securing. Doing so helps prevent your users from accidentally exposing sensitive business information, such as your  banking credentials, secret-sauce recipes or future product plans.

 

Save time and money on endpoint security

Your challenge is to protect your users while minimizing costs: How do you save time and money, while keeping your company safe?

Look for a modern endpoint security solution – not one thrown together from an old antivirus program and a fresh coat of paint.