Category Archives: Business

How to Rethink Your Endpoint Security

For those reluctant to say goodbye to signature-based malware protection, read on for the first of a four-part series that delves into why small and medium-sized businesses should rethink their current solutions and explore cloud-based strategies for endpoint protection.

We are gathered here today, with not-quite heavy hearts, to say farewell to a constant companion. Our “friend” was part of our daily lives, popping up at the oddest times, seemingly just to say “hi,” or – as in any other high-maintenance relationship – demand we drop everything to give it some attention right now.

Imperfect, needy and often intrusive, we nonetheless tolerated its presence as a necessity in this cruel, crazy world full of bad guys – until something radical came along that made our “friend” a casualty in the unceasing conflict that can be called “The Malware Wars.”

The radical new element in the fray? The cloud. So, join us in saying, “Rest in peace, signature-based antivirus program,” and, “Hello, cloud-based endpoint security strategies.”

 

The changing world of web threats

Signature-based antivirus protection arguably peaked in the late 1990s and has been playing catch-up with the blackhats ever since. File injection and other basic virus types were mostly supplanted by Trojans, worms, backdoors and other stealthier nasties, which the big antivirus companies responded to slowly, as these threats did not fit their model of a virus.

Demonstrating how ineffective some solutions are to this day, the notorious 12-year-old Back Orifice 2000 Trojan is still infecting machines, and one out of three web malware encountered in 4Q 2011 were zero day threats, which are completely undetectable by signature-based schemes.

Hackers are also increasingly using social media scams and phishing, with even LinkedIn notifications becoming fair game for delivering exploits. It is clearly a more complicated world in the security space, and only getting worse.

 

New devices, greater risks

Apart from this ever-present development of increasingly sophisticated malware, endpoint security strategies must take into consideration the proliferation of mobile devices used to access workplace email accounts, enterprise Wi-Fi connections and even corporate VPN tunnels. From a security viewpoint, this is a nightmare, especially because mobile devices are fast becoming the number one target for hackers, with both the iPhone and Android devices being compromised in greater numbers.

As downloading antivirus software and updating signatures on every single employee-owned device by IT personnel can prove impossible even for SMBs, it demonstrates that the signature-based approach is broken, and any solution needs to be easy to implement on both current and future endpoints for it to be considered viable.

 

How does the cloud fit in?

Cloud-based endpoint solutions protect devices by installing a small agent on them while keeping all of the detection algorithms on the cloud provider’s hardware. They protect against viruses, rootkits, zero-day threats, packet and port sniffing, and other intrusions by auto-detecting suspicious behavior and delivering a preemptive strike against exploits rather than react to an already-infected situation.

Superior Customer Service

Along with enduring root canals and eliminating malware, dealing with customer service call centers probably ranks near the top of the “most painful experiences in life” list for many people.

Causes for the discomfort include: complex telephone trees that require a preposterous number of key presses to get anywhere; interminable hold times; agents who lack all but the most child-like expertise; and, most maddening: when a customer finally connects with someone who might actually help — they are frequently disconnected.

 

There has to be a better way. And, there is… in the cloud.

Cloud-based services and applications are making headway into reducing this customer service mess, allowing small business owners to affordably improve the customer experience with cool features that people love, including social media and mobile device interfaces.

 

The importance of customer service management (CSM)

According to a ClickFox survey

  • More than 50 percent of disgruntled customers will spread negative information to others in their social circles.
  • More than one-third of unhappy customers will completely stop doing business with a company that has wronged them.
  • Even worse, 60 percent of those people exposed to these negative comments in social media are influenced by them, meaning most people will avoid you if their friends say you stink.

Not only does this represent lost revenue from these particular customers, but it can wreak havoc on SMB marketing efforts (and budgets) that now have to overcome not just their competitors’ advertising messages but also the negative perceptions and bad word-of-mouth caused by these unpleasant customer service experiences.

 

Cloud solutions

Placing your customer service in the cloud better meets the expectations of customers who are increasingly connected to the web via mobile devices and, therefore, expect instant answers. Rather than deal with a call center, many even prefer self-service answers for their support issues, searching online to bypass traditional help desks altogether.

Businesses can enable this migration of customer service functions with an ever-increasing list of services, including Zendesk, Service Cloud, Desk.com, Parature, and Zoho. Most provide not only traditional phone, email and chat functions, but also integrate with social networks such as Twitter and Facebook to offer robust self-service options.

Mobile-specific CSM apps include Gripe, available for both iPhone and Android, which enables consumers to vote positively for a company with a “cheer” or complain with a “gripe,” both of which get posted to their Twitter and Facebook accounts while also messaging the company’s customer service department for quick resolution.

Handle for passive consumers

The Apple iPad and its many Android “sincere flatterers” have comprehensively shaken up the market for mobile computing; in fact, the late Steve Jobs coined the phrase “post-PC for just this situation.

The days of the traditional laptop computer may not be totally over, but is a hinged screen-keyboard combo the only tool for serious mobile work? Nope. Here are five reasons why….

 

1. For content creation, just add keyboard

Tablets are great for content consumption. Hit the button, and you’re immediately scrolling through Web pages, YouTube videos, annoyed avians and the like. This can lead to the impression that tablets are only good for passively consuming; that they’re no use for creating content, such as documents, spreadsheets and other staples of business life, but that’s short-sighted.

Obviously, tablets’ on-screen keyboards aren’t easy or ergonomic typing tools. However, there’s a wide range of Bluetooth options available that can turn an iPad or Android tablet into a lean, mean, writing machine.

 

But if you’re going to add a keyboard to your tablet, why wouldn’t you just buy a laptop? The next three reasons answer that…

 

2. ARM = light weight + long battery life

PC and Mac laptops are built around the Intel processor architecture, using chips from either Intel or AMD. Often known as x86, the architecture is great for compatibility with the PCs we’ve used for years, but it’s encumbered with historical baggage that makes x86 machines hot, heavy and hungry for battery juice. Modern laptops have improved but are still a world away from today’s tablets.

Most tablets break from Intel’s historical hegemony by using chips designed by ARM. These so-called system-on-a-chip architectures use much less power than x86 – especially when idle. This and modern battery technology can give tablets a 10-hour life and weeks of standby readiness, which means you can get more work done on the go.

Intel is fighting back, though the jury’s still out on whether it can compete. Intel tablets will at least be able to run the full version of Windows 8, as opposed to the cut-down, ARM-only Windows RT.

 

3. Cellular data: a first-class citizen

Today’s tablets often include access to 3G and 4G/LTE networks. The data networking technology is seamlessly integrated, so that you can switch between it and Wi-Fi with no noticeable interruption.

That’s much cleaner than the typical Windows or Mac laptop with an add-on 3G dongle; the difference being that cellular data was designed into tablets from the get-go. So there’ll be fewer excuses to not get the presentation finished on time.

 

4. Seriously cool sci-fi toys today

Who can forget countless Star Trek episodes where an impractically uniformed ensign brought a portable device to Capt. Kirk for him to sign off on some Starfleet paperwork? These sort of science-fiction visions drive gadget designers to invent the future… and who doesn’t want to live in the future?

Don’t deny tablets’ “cool factor.” Your users want to use them, they want to be seen using them, and they’ll thank you for letting them use tablets in business. (However, make sure you stay safe by protecting against Romulan malware and the Klingon drive-by.)

Businesses can take advantage of BYOD

The corporate workforce is changing: Employees used to stay chained to their cubicles, plugging away on company-issued PCs. Today, remote workers perform the same tasks on their own high-tech tablet or laptop while soaking up the atmosphere at their local coffee shop.

Employees are increasingly using their own devices as the mobile workforce grows in importance. A Computing Technology Industry Association study found that 84 percent of professionals surveyed use their smartphones for work, but only 22 percent of their companies had a formal mobility policy. The upshot of this mobile shift is that corporate networks will be increasingly vulnerable, unless these devices are reined in with a BYOD enterprise program.

If your company lacks a mobility policy, consider incorporating the following five elements into your BYOD program to save time and money.

 

1. Include clear, written rules

Eliminating risky end user behavior through clear BYOD policies saves IT expenses right off the bat. Some of the most salient points to cover in writing include:

  • Prohibited devices, such as jailbroken phones
  • Blacklisted applications
  • Procedures for lost or stolen devices, including the possibility of wiping out all data on a device
  • Privacy disclosures, such as what personal information the enterprise has access to on a device

Some of these issues, like whether the company can legally wipe out data on a device they do not own, should be cleared with your human resources and legal departments to minimize the risk of lawsuits.

 

2. Make sure it’s formally presented

It is not enough to have employees sign off that they have read the policies – formal classroom or online training is recommended to ensure comprehension and compliance – especially for less tech-savvy workers who might not understand that seemingly innocent actions can expose the company to risks.

 

3. Ensure that it’s scalable and flexible

Make sure your security software can be painlessly installed on new devices. Cloud-based services do this particularly well and are typically available on a per-user subscription model, which saves money by protecting only what is needed at any given time.

Also, consider exceptions to rules, such as allowing peer-to-peer networking programs for certain users who might benefit from these tools. Otherwise, employees may risk bypassing your security protocols in order to use forbidden applications.

 

4. Secure against the greatest number of threats possible

Risky behavior such as opening email attachments from strangers or visiting dubious sites on BYOD devices should be addressed in the written policies and further safeguarded via antivirus software.

There are other exploits to be aware of, which might not be as obvious, such as fake antivirus scanners that users might innocently install, and social engineering (or phishing) threats. A good endpoint protection program will keep employees up-to-date on these lesser-known attack vectors and continually inform them on how to best protect their devices. This does not require much expense but does involve staying abreast of threats and implementing a solid communication plan.

Are you need mobile device on your business

Visions of kicking back and working from the beach with a piña colada in one hand and an iPad in the other are no longer just flights of fancy for many workers. Businesses are finding that it really is possible for employees to work remotely on their own devices without losing any productivity.

As a result, many companies are measuring the benefits of employees working remotely against the logistical issues inherent in developing a mobile device management plan.

There are many tangible benefits of BYOD (Bring Your Own Device), including:

  • Reduced equipment costs
  • Increased employee satisfaction and efficiency
  • Decreased IT staff burden (since employees maintain their own equipment)
  • Reduced office space square footage (as workers are mostly off-site)

The risk in BYOD is that these devices can potentially expose security vulnerabilities not directly supervised by IT staff or addressed by corporate antivirus solutions. This is where the need for mobile device management comes in.

 

A new landscape of threats

Tablets and smartphones are arguably less secure than desktop PCs and laptops because they lack pre-installed malware protection. Most computers include at least a trial version of an antivirus suite, but for the newest mobile gadgets, individual users and IT managers are on their own to search for and install mobile endpoint security management.

This vulnerability has not escaped the attention of hackers, who unleash creative new threats like SMS text messaged-based attacks on a daily basis. The old-school virus, while still annoying, does not hold a candle to the damage caused by these new approaches in cybercrime, which include more sophisticated Trojans, keyloggers, phishing attacks and malicious apps than ever before.

 

Maintaining security while not breaking the bank

Enforcing a ban on these devices is a near impossibility, but there are options for businesses on a tight budget to maintain security:

  1. The first cost-effective step is to immediately establish protocols regarding these devices in the workplace, including guidelines for acceptable use, forbidden applications and how to avoid dangerous activities, such as browsing certain questionable sites while connected to the company’s Wi-Fi.
  2. Next, evaluate your current solutions to see if they can be modified to protect BYOD devices through password enforcement, remote wiping or other protective measures.
  3. If the quantity of devices or sensitivity of data requires a more robust solution, explore whether the use of Mobile Device Management (MDM) software makes sense. MDM provides a centralized platform to manage all BYOD devices and is recommended if IT personnel are spending an inordinate amount of time securing tablets and smartphones – or if the sheer variety of devices and new threats tests their expertise.

How to Secure Mobile Devices

Bluetooth is best known as the wireless technology that powers hands-free earpieces. Depending on your point of view, people who wear them either:

a) Look ridiculous (especially if shining a bright blue LED from their ear);
b) Appear mad (when apparently talking to themselves); or
c) Are sensible, law-abiding, safety-conscious drivers.

 

Whichever letter you pick, insidious security issues remain around Bluetooth attacks and mobile devices. While most of the problems identified five to 10 years ago have been straightened out by now, some still remain. And there’s also good reason to be cautious about new, undiscovered problems.

 

Here are a few examples of the mobile security threats in which Bluetooth makes us vulnerable, along with tips to secure your mobile workforce devices.

 

General software vulnerabilities

Software in Bluetooth devices – especially those using the newer Bluetooth 4.0 specification – will not be perfect. It’s unheard of to find software that has zero security vulnerabilities.

As Finnish security researchers Tommi Mäkilä, Jukka Taimisto and Miia Vuontisjärvi demonstrated in 2011, it’s easy for attackers to discover new, previously unknown vulnerabilities in Bluetooth devices. Potential impacts could include charges for expensive premium-rate or international calls, theft of sensitive data or drive-by malware downloads.

To combat this threat: Switch off your Bluetooth when you’re not using it.

 

Eavesdropping

Bluetooth – named after the Viking king, Harald Bluetooth Gormsson, thanks to his abilities to make 10th-century European factions communicate – i

all about wireless communication. Just like with Wi-Fi, Bluetooth encryption is supposed to stop criminals listening in to your data or phone calls.

In other words, eavesdropping shouldn’t be a problem. However, older Bluetooth devices use versions of the Bluetooth protocol that have more security holes than a tasty slice of Swiss. Even the latest specification (4.0) has a similar problem with its low-energy (LE) variant.

To combat this threat: Ban devices that use Bluetooth 1.x, 2.0 or 4.0-LE.

 

Denial of service

Malicious attackers can crash your devices, block them from receiving phone calls and drain your battery.

To combat this threat: Again, switch off your Bluetooth when you’re not using it.

 

Bluetooth range is greater than you think

Bluetooth is designed to be a “personal area network.” That is to say, devices that are more than a few feet away should not be accessible via Bluetooth.

However, you’re not safe if you simply ensure there’s distance between you and a potential attacker; hackers have been known to use directional, high-gain antennae to successfully communicate over much greater distances. For example, security researcher Joshua Wright demonstrated the use of such an antenna to hack a Bluetooth device in a Starbucks from across the street.

The Success Tips

Starbucks has an angel on one shoulder and a devil on the other.

The angel works to guide Starbucks toward its better instincts: to retain the vision that impresario Howard Schultz had of re-creating a European café for an American (and now a worldwide) clientele, a “third place” that’s neither work nor home, where you can take your time, and where you pay more for coffee than you would at the deli down the street.

On the other shoulder, a devil whispers of the temptations of growth. The desire to grow pulls Starbucks, and all companies, toward the logic of scale — repeatability, robust processes, efficiency, speed. Growth in and of itself is a good thing; but it can go wrong if growth and scale come at the expense of vision, identity, or customer experience.

Few companies have resolved the tension between identity and growth as successfully as Starbucks. So as Schultz prepares to leaves the CEO post to head up the company’s new, ultra-upscale Starbucks Reserve venture, it’s worth reflecting on what he has accomplished — not just for coffee drinkers but for business thinkers — and why his vision can endure beyond his tenure.

 

Beyond Beans

Schultz was a master of what is now called service design long before the phrase came to be. Like the cafés Schultz sought to emulate, service design — what a business does to set and meet the expectations of the customers it wants — has its roots is Europe.

Everything about Starbucks — from the Italian names for small, medium, and large-size drinks to a carefully considered counter height that lets you see the baristas work to hundreds of combinations like half-caf-latte-with-two-shots that let you personalize your beverage to the nth degree — was designed to make the customer slow down and smell the coffee, in a distinctly European way.

Write Your Personal Business

It’s that time of year again. The pressure is on to make New Year’s resolutions: Lose weight. Get to meetings on time. Interact more with your direct reports. A few goals are put on a list…and are forgotten by January 3rd. While this annual ritual of reflection is well intentioned, it rarely changes behavior because it focuses on what you do (or should do), not the deeper question of why you do it.

I’ve discovered an alternative to New Year’s resolutions, one that addresses that disconnect between the what and the why and can spark real change. It’s the personal manifesto, and it particularly valuable for those who aspire to lead.

Michael Hess, founder of sales management firm Core 6 Advisors, introduced me to the idea. The manifesto is a tool that he uses with sales managers and salespeople to help them focus on their true personal and professional aspirations as well as what it will take to achieve success.

The genesis for Hess was a collection of quotes and thoughts he had written on Post-its and stuck on his computer monitor. As Hess began to spend less time at his desk, he put all those notes on a sheet of paper, kept folded in his wallet, so that could reflect on them wherever he was. Along the way, he realized what an essential compass these scribbled words had become. They weren’t just notes, they were the fodder for his personal manifesto.

A manifesto is a rigorous written account of where you are, where you would like to be, and why. Unlike New Year’s resolutions, the personal manifesto isn’t tied to the time of year or to specific acts. It is a way to keep yourself focused, thoughtful, and on-track through the ups-and-downs of a busy life. And it can be amended as needed.

Talk about costs that you need to know

“Everything went quiet.” That’s how one manager described the workplace immediately after his company announced a large-scale restructuring — and it’s an all-too-familiar scenario to employees whose companies have engaged in a cost reduction initiative. Decisions are being made at the highest level of management, but little is known outside that inner circle. Employees still need to do their jobs: serving their external and internal clients, meeting deadlines, and moving existing projects and plans forward. But that’s easier said than done in the face of uncertainty. Worse still, no one can be sure that a slash-and-burn cost-cutting exercise will accomplish its intended result. Often, these efforts weaken a company instead of positioning it to grow effectively.

Restructuring initiatives can have a debilitating effect on the hearts and minds of employees, affecting those who stay as well as those who are let go. In our work with dozens of organizations implementing sweeping cost-cutting programs, we have observed firsthand the turmoil that employees experience — and how frequently their needs are forgotten during the crucial work of planning for the transformation.

But what if the restructuring were more than a slash and burn? What if it appealed to hope instead of fear? What if it not only promised, but actually delivered, a stronger company and a better place to work? Cost management is effective only when it leads to a less sclerotic, more aspirational enterprise — one without suffocating bureaucracy or micromanagement, in which initiative and entrepreneurship are encouraged and rewarded, internal processes serve the customers and employees instead of “the process” itself, and the company outperforms the competition consistently. If the restructuring doesn’t help the company get stronger — if it doesn’t lead to a better way of working for everyone in it — then it probably wasn’t worth conducting the exercise in the first place, because the effects won’t last.

Big Data Mean on Business

Big data is the term used to describe the enormous datasets that have grown beyond the ability for most software to capture, manage and process the information.  But volume is not the only way to define big data. The three Vs generally used to describe big data also include the multiple types – and sources – of data (variety) as well as the speed (velocity) at which data is produced.

 

If you need more perspective, think about this for a second: According to IBM, 90 percent of the data in the world today has been created over the past two years. That amounts to 2.5 quintillion bytes of data being created every day.

 

How can big data help me?

Big data may seem to be a bit out of reach for SMBs, non-profits and government agencies that don’t have the funds to buy into this trend. After all, big usually means expensive right?

But big data isn’t really about using more resources; it’s about effectively using the resources at hand. Take this analogy from Christopher Frank of Forbes who likened big data to the movie Moneyball: “If you have read Moneyball, or seen the movie, you witnessed the power of big data – it is the story about the ability to compete and win with few resources and limited dollars. This sums up the hopes and challenge of business today.”

Specifically, it shows how organizations with limited financial resources can stay competitive and grow. But first, you have to understand where you can find this data and what you can do with it.

 

Big data strategies

Ideally, big data can help resource-strapped organizations:

  • Target their market
  • Make better decisions
  • Measure feelings and emotions

Targeted marketing

Small businesses can’t compete with the enormous advertising budgets that large corporations have at their disposal. To remain in the game, they need to spend less to reach qualified buyers. This is where it becomes essential to analyze and measure data to target the person most likely to convert.

There is so much data freely accessible through tools like Google Insights that organizations can pinpoint exactly what people are looking for, when they are looking for it and where they are located. For example, the CDC used big data provided by Google to analyze the number of searches related to the flu. With this data, they were able to focus efforts where there was a greater need for flu vaccines. The same can be done for other products.