Rethink Your Endpoint Security Strategies

For those reluctant to say goodbye to signature-based malware protection, read on for the first of a four-part series that delves into why small and medium-sized businesses should rethink their current solutions and explore cloud-based strategies for endpoint protection.

 

We are gathered here today, with not-quite heavy hearts, to say farewell to a constant companion. Our “friend” was part of our daily lives, popping up at the oddest times, seemingly just to say “hi,” or – as in any other high-maintenance relationship – demand we drop everything to give it some attention right now.

Imperfect, needy and often intrusive, we nonetheless tolerated its presence as a necessity in this cruel, crazy world full of bad guys – until something radical came along that made our “friend” a casualty in the unceasing conflict that can be called “The Malware Wars.”

The radical new element in the fray? The cloud. So, join us in saying, “Rest in peace, signature-based antivirus program,” and, “Hello, cloud-based endpoint security strategies.”

 

The changing world of web threats

Signature-based antivirus protection arguably peaked in the late 1990s and has been playing catch-up with the blackhats ever since. File injection and other basic virus types were mostly supplanted by Trojans, worms, backdoors and other stealthier nasties, which the big antivirus companies responded to slowly, as these threats did not fit their model of a virus.

Demonstrating how ineffective some solutions are to this day, the notorious 12-year-old Back Orifice 2000 Trojan is still infecting machines, and one out of three web malware encountered in 4Q 2011 were zero day threats, which are completely undetectable by signature-based schemes.

Hackers are also increasingly using social media scams and phishing, with even LinkedIn notifications becoming fair game for delivering exploits. It is clearly a more complicated world in the security space, and only getting worse.

Save money with today secure providers

Just a few short years ago, the image of an IT department for small and medium businesses was one of Dilbert-looking technicians noodling around with Cat 5 cable and speaking in a blend of Klingon and Robot. In other words, IT seemed completely remote, complicated and inaccessible to most employees. Additionally, each new hardware and software deployment, including installing malware protection, could take weeks to manually implement across the enterprise, and rarely went smoothly.

One solution – outsourced IT – has found greater acceptance in the past few years as its benefits have become more tangible to even small businesses. It is estimated that globally, 74 percent of companies use some form of outsourced IT solution, up 25 percent from 2009.

 

Read further for compelling reasons why a small or medium business should consider the IT-outsourcing trend.

 

Cost savings

Moving IT off-site can save an SMB thousands of dollars per year. As most business decisions are predicated on the bottom line, this is often the main driver in the decision to migrate. Areas of savings include:

Reducing hardware expenses. Servers, storage, cabling, cooling, and datacenter square footage expense can now be on a cloud vendor’s dime, not yours.

No salary or benefits expenses for IT employees.

Potential tax savings by converting capital expenditures (servers), that depreciate slowly over time, to a monthly cost which can potentially be deducted in the current tax year.

 

The latest software versions – hassle-free

Outsourcing IT means software, including malware protection for endpoints, can be updated automatically by the provider. This obviates the need for a local tech to run around taking workstations offline for upgrades.

Furthermore, updating software not only unlocks newer features, but also closes exploits in older versions that might allow hacker penetration. So it’sworth exploring any platform that can make this process painless and automatic, such as a cloud service.

 

Focus on your business, not technical issues

Anyone who survived working in Corporate America from the 1980s onwards is familiar with the spectacle and lost productivity that accompanies the proverbial “system going down.”

When outsourcing IT to the cloud, this nightmare occurs less often as data is often distributed redundantly across many servers that are monitored constantly, leading to greater stability and uptime, and less worrying about IT matters.

 

Improved security

Reputable outsourced IT providers are dead serious about security against malware, zero-day hacks and other intrusions and constantly monitor and update their protection schemes.

For most SMBs, outsourcing will provide a more frequent and secure back-up solution than their existing IT setups. Furthermore, as the data is kept off-site, it is well- protected from a local catastrophe, such as a fire or flooding.

 

No new employees to manage when scaling up

Scalability is easy with outsourced IT – simply contact the vendor for more storage, memory and processors as needed. There is no longer any need for job postings, interviews, expensive training, personality clashes, worker’s compensation or other common HR issues and liabilities just to get tech personnel to handle the increased operations.

How to Be Proactive About Potential Breache

Are you tiring of users continuously badgering you to get corporate network access for their mobile devices?  Does your corporate management want to buy tablets for the sales team? If so, your small- to medium-sized business (SMB) needs to start proactively addressing mobile security breaches such as malware.

 

Modifying your existing security policies and protocols, establishing new policies and educating your mobile workforce are economically sound frontline solutions for securing your corporate enterprise and trade secrets.

Here are some tips on how to address mobile device security breaches beforethey happen:

  • Establish corporate information access guidelines. It’s important to pre-determine how mobile device users will access corporate information. Will users download data to devices? Will they access the data remotely? The answer will vary from company to company, so be sure to consider your situation uniquely.  If your company has to be in compliance with a regulatory body like PCI Data Security Standards (DSS) or the Health Insurance Portability and Accountability Act (HIPAA), then consult with your auditor before enabling network access to mobile devices.
  • Establish device control policies. Bring Your Own Device (BYOD) can be full of benefits like saving on corporate hardware purchases and increasing productivity for your mobile workforce and SMB. However, the negatives can outweigh all those positives when a BYOD device brings malware into your network. Create a policy that governs how your corporate IT staff can gain control over a personal device, while maintaining your network security. Include information about how to keep personal information private (e.g., via a mobile device backup strategy that doesn’t touch personal data) and define corporate ownership over data and applications.
  • Enforce device-level security.  Both corporate-owned and personal devices should have secure passwords and screen locks; document this requirement in your mobile device policies. In addition, make sure it’s clear that both personal and corporate mobile devices maintain up-to-date corporate-approved (and preferably corporate-managed) antivirus and security software installed to guard against malware and other security risks.
  • Develop and deliver mobile workforce security training. Education can be just as powerful a security tool as technology. Develop and deliver mobile workforce security training built around keeping your mobile workforce productive and prepared to be the first line of defense against malware and other security threats to their mobile devices. Spell out your corporate policies and include a participant sign-off stating that they understand and will abide by the policies.

A Good BYOD Enterprise Program

The corporate workforce is changing: Employees used to stay chained to their cubicles, plugging away on company-issued PCs. Today, remote workers perform the same tasks on their own high-tech tablet or laptop while soaking up the atmosphere at their local coffee shop.

 

Employees are increasingly using their own devices as the mobile workforce grows in importance. A Computing Technology Industry Association study found that 84 percent of professionals surveyed use their smartphones for work, but only 22 percent of their companies had a formal mobility policy. The upshot of this mobile shift is that corporate networks will be increasingly vulnerable, unless these devices are reined in with a BYOD enterprise program.

If your company lacks a mobility policy, consider incorporating the following five elements into your BYOD program to save time and money.

 

1. Include clear, written rules

Eliminating risky end user behavior through clear BYOD policies saves IT expenses right off the bat. Some of the most salient points to cover in writing include:

  • Prohibited devices, such as jailbroken phones
  • Blacklisted applications
  • Procedures for lost or stolen devices, including the possibility of wiping out all data on a device
  • Privacy disclosures, such as what personal information the enterprise has access to on a device

Some of these issues, like whether the company can legally wipe out data on a device they do not own, should be cleared with your human resources and legal departments to minimize the risk of lawsuits.

 

2. Make sure it’s formally presented

It is not enough to have employees sign off that they have read the policies – formal classroom or online training is recommended to ensure comprehension and compliance – especially for less tech-savvy workers who might not understand that seemingly innocent actions can expose the company to risks.

 

3. Ensure that it’s scalable and flexible

Make sure your security software can be painlessly installed on new devices. Cloud-based services do this particularly well and are typically available on a per-user subscription model, which saves money by protecting only what is needed at any given time.

Also, consider exceptions to rules, such as allowing peer-to-peer networking programs for certain users who might benefit from these tools. Otherwise, employees may risk bypassing your security protocols in order to use forbidden applications.

 

4. Secure against the greatest number of threats possible

Risky behavior such as opening email attachments from strangers or visiting dubious sites on BYOD devices should be addressed in the written policies and further safeguarded via antivirus software.

There are other exploits to be aware of, which might not be as obvious, such as fake antivirus scanners that users might innocently install, and social engineering (or phishing) threats. A good endpoint protection program will keep employees up-to-date on these lesser-known attack vectors and continually inform them on how to best protect their devices. This does not require much expense but does involve staying abreast of threats and implementing a solid communication plan.

Business Planning Is Not Just for Startups

One of the greatest misconceptions about business planning is that a business plan is useful only for start-ups. While start-up companies are indeed one significant segment of business planners, business planning is being utilised by an increasing number of companies as a means to manage growth better, to ensure new ideas have been assessed for commercial viability, and to value a business on exit.

Secondly, the importance of the business planning process is often under-emphasized relative to the primary focus on the final output, the business plan. The very process of producing a business plan enables management to take a holistic view of their organization. It helps them give due consideration to the various factors that mesh together to create the opportunity they are seeking to explore, as well as the resources required and the key drivers needed for success. This article aims to justify a more expansive remit for the business plan, by highlighting a number of key areas where its application is of considerable benefit for all companies.

1. Intrapreneurship
Companies are increasingly encouraging employees to create new growth opportunities as competition intensifies in their core (mature) business lines. Mature invariably means competitive, so the focus on growth opportunities is via innovation and creativity, especially in emergent areas. The term intrapreneurship thus refers to “inside entrepreneurs”; where intrepreneurs personify the key characteristics of an entrepreneur, but do so within the company bounds.

Intrapreneurship is not new – 3i, a venture capital/equity investment company, has been one obvious practitioner for many years – and its application of intrapreneurship has helped to spawn a number of new products. Google, a company renowned for innovation, operates a 70 percent rule, whereby employees are expected to spend 70 percent of their time on the core business, 20 percent on related projects, and 10 percent on unrelated new business opportunities. While the generation of new ideas is paramount, ensuring their commercial viability is of critical concern, and writing a business plan is one key way to assess the merits of an innovative proposal in a more rigorous fashion. The plan can thus be produced for an internal opportunity as if it were a stand-alone entity, with the author being required to detail both the opportunity and the resource implications of pursuing it.

2. Managing performance
A business plan can also be used as a management tool to assess ‘actual results’ against ‘planned results’. Using these figures in conjunction with an assessment of year-on-year performance can ensure that managers reflect on performance not just based on the previous year’s achievements, but also in relation to the original planned figures. This enables managers to analyse deviations from plan so as to understand what figures are materially different from the planned ones and what drivers shaped the disparities. It also helps to shift the focus away from solely historic comparisons –instead the manager is tasked with planning for the year ahead and hence there is an agreed goal up front and greater transparency on a month by month basis when ‘actuals’ can be compared with ‘planned’.

Such analysis helps to enhance a manager’s understanding of the changes that have impacted recent performance. If planned results and actual results are considered on a monthly basis, this analysis may also help the manager take remedial action in a more urgent time frame.

3. Planning strategically
The process of business planning is, in and of itself, a worthwhile pursuit as it forces the authors to remove themselves from the day-to-day tactical/responsive mode in which many managers operate. The planning process forces any manager to consider the future. In particular, they must take into account the resources at the company’s disposal and plan to maximise the return on capital, as limited by the wider context.

For many companies, a desire on the one hand to maximise the return from the existing product/service revenue stream, needs to be balanced on the other by a desire to develop new additional revenue streams. By putting a business case together for a particular course of action, a manager ensures that the proposal is financially robust (i.e., worthy of pursuit), that the goals are kept in focus and that resources are allocated accordingly.

Hence, a business plan can support a company’s focus on exploiting a particular market segment, creating a new product, promoting a new use for a product, etc. Once the plan is committed to paper, it is easier to ensure that there is consensus, ownership of the plan, and a breakdown of tasks, milestones and deliverables to help achieve the goals set out in the plan.

4. Preparing for a future exit
At some point in the life cycle of a business, the founders/investors may decide that they want to cash out of the business. The exit strategy will typically focus on extracting the highest value possible from the sale. An up-to-date business plan detailing the opportunity for new buyers will support any valuations put on the business by its current owners.

Before a company reaches the point of sale, it is important to get everything ready by making sure that all historic accounts, cash flow statements and business plans are up-to-date. It is generally accepted that thorough preparation for a sale, well in advance of the sale date, improves internal management focus, aids performance, and ultimately serves to increase the final valuation.

Once management identifies the key drivers for a typical potential acquirer, a business plan can be put in place to focus the minds of employees and ensure that the sale value is maximized. For example, if the general bases for valuation for the industry are focused more on cash generation than profit, a company can drive short term revenues by undercutting sales prices of competitors by selling at cost + 5{46cbdaa9574ea8899b0201fb6b3eb3f449dd88df0720989ea5a226166fd40fc9}. While such activity may not be sustainable in the long run, it can serve to help cash flow when a sale is being considered and prospective acquirers are reviewing performance. While some managers are not that comfortable with planning and projections, the preparation of a thorough business plan plays a vital role in extracting the maximum value from a sale.

Never speak with a clueless operator again

Along with enduring root canals and eliminating malware, dealing with customer service call centers probably ranks near the top of the “most painful experiences in life” list for many people.

Causes for the discomfort include: complex telephone trees that require a preposterous number of key presses to get anywhere; interminable hold times; agents who lack all but the most child-like expertise; and, most maddening: when a customer finally connects with someone who might actually help — they are frequently disconnected.

 

There has to be a better way. And, there is… in the cloud.

Cloud-based services and applications are making headway into reducing this customer service mess, allowing small business owners to affordably improve the customer experience with cool features that people love, including social media and mobile device interfaces.

 

The importance of customer service management (CSM)

According to a ClickFox survey

  • More than 50 percent of disgruntled customers will spread negative information to others in their social circles.
  • More than one-third of unhappy customers will completely stop doing business with a company that has wronged them.
  • Even worse, 60 percent of those people exposed to these negative comments in social media are influenced by them, meaning most people will avoid you if their friends say you stink.

Not only does this represent lost revenue from these particular customers, but it can wreak havoc on SMB marketing efforts (and budgets) that now have to overcome not just their competitors’ advertising messages but also the negative perceptions and bad word-of-mouth caused by these unpleasant customer service experiences.

 

Cloud solutions

Placing your customer service in the cloud better meets the expectations of customers who are increasingly connected to the web via mobile devices and, therefore, expect instant answers. Rather than deal with a call center, many even prefer self-service answers for their support issues, searching online to bypass traditional help desks altogether.

Businesses can enable this migration of customer service functions with an ever-increasing list of services, including Zendesk, Service Cloud, Desk.com, Parature, and Zoho. Most provide not only traditional phone, email and chat functions, but also integrate with social networks such as Twitter and Facebook to offer robust self-service options.

Mobile-specific CSM apps include Gripe, available for both iPhone and Android, which enables consumers to vote positively for a company with a “cheer” or complain with a “gripe,” both of which get posted to their Twitter and Facebook accounts while also messaging the company’s customer service department for quick resolution.

Returnships for Retaining Women

It started as a whisper. Back in 2008, Goldman Sachs, which originally coined the term returnships, began a high-level, paid internship program for professionals returning to the workforce after an extended absence, with the opportunity for a permanent role. The participants were mostly women who had dropped out to raise children and now wanted to restart their careers.

That whisper is now growing louder. Returnships have become more common; they are a part of the conversation in business and media circles. The U.K. prime minister is even getting in on the act: The day of the country’s 2017 budget announcement, Theresa May unveiled a £5 million (US$6.2 million) fund to identify opportunities for — guess what? — returnships.

iRelaunch, a U.S.-based business specializing in returnships, has identified more than 100 active programs globally, in sectors as diverse as construction, advertising, and financial services. They’re clearly making a mark: Many corporate heads of diversity, when asked what they’re doing to create senior-level opportunities for women, will reply, “We’ve got this covered — we have a returnship program.” But the situation is not that simple. Both organizations and women seeking to return to the workforce should be aware that these programs aren’t a panacea.

How to Secure Mobile Workforce Devices

Bluetooth is best known as the wireless technology that powers hands-free earpieces. Depending on your point of view, people who wear them either:

a) Look ridiculous (especially if shining a bright blue LED from their ear);
b) Appear mad (when apparently talking to themselves); or
c) Are sensible, law-abiding, safety-conscious drivers.

 

Whichever letter you pick, insidious security issues remain around Bluetooth attacks and mobile devices. While most of the problems identified five to 10 years ago have been straightened out by now, some still remain. And there’s also good reason to be cautious about new, undiscovered problems.

 

Here are a few examples of the mobile security threats in which Bluetooth makes us vulnerable, along with tips to secure your mobile workforce devices.

 

General software vulnerabilities

Software in Bluetooth devices – especially those using the newer Bluetooth 4.0 specification – will not be perfect. It’s unheard of to find software that has zero security vulnerabilities.

As Finnish security researchers Tommi Mäkilä, Jukka Taimisto and Miia Vuontisjärvi demonstrated in 2011, it’s easy for attackers to discover new, previously unknown vulnerabilities in Bluetooth devices. Potential impacts could include charges for expensive premium-rate or international calls, theft of sensitive data or drive-by malware downloads.

To combat this threat: Switch off your Bluetooth when you’re not using it.

 

Eavesdropping

Bluetooth – named after the Viking king, Harald Bluetooth Gormsson, thanks to his abilities to make 10th-century European factions communicate – is all about wireless communication. Just like with Wi-Fi, Bluetooth encryption is supposed to stop criminals listening in to your data or phone calls.

In other words, eavesdropping shouldn’t be a problem. However, older Bluetooth devices use versions of the Bluetooth protocol that have more security holes than a tasty slice of Swiss. Even the latest specification (4.0) has a similar problem with its low-energy (LE) variant.

Need to Know About Business Plan Mistakes

The importance of business planning is widely documented; however, guidance as to what constitutes good business planning is less clearly defined. This article aims to redress that imbalance by describing 10 of the most common mistakes that occur in business plans.

While the business-planning process is in itself a very worthwhile pursuit, most business plans are produced for a specific purpose. The plan is used as a means to convey an idea with a view to achieving a specific goal, e.g. securing funding. Hence the plan needs to be tailored with the audience in mind, and good knowledge of their requirements will help shape a winning plan.

For example, the requirements a Venture Capitalist will have in assessing a plan seeking to secure a million-pound investment will differ considerably from those of a local bank manager who needs a plan to support a small-loan application. While the former will be primarily looking for capital growth, the latter will be more concerned with security. Regardless of the specific purpose of the plan, these following business plan lessons will apply.

1. Incredible financial projections

One of the key areas business plan readers will focus on will be ‘the numbers’. Specifically, they will concentrate on the projected Income Statement or Profit & Loss. The fact that numbers are projected does not mean that those figures can be included without due rigour or process. They need to be credible, defensible and consistent. Of course forecasting is not an exact science, and the use of proxies can help the author ensure that the figures included are plausible and consistent with the story being told in the other areas of the business plan. The figures must also show an ability of the company to generate free cash flows so that the business can be run profitably while satisfactorily servicing their debts at the same time.

All costs should be recorded including salaries to owner managers who run the company. It is not credible to generate P&L projections where expenses such as salaries are omitted to demonstrate managerial commitment or to artificially reduce losses, etc. By the same token, no investor will be prepared to fund a business where the projected salary payments are excessive. While dealing with finances is not everyone’s strong point, there has to be someone on the management team who is cognizant with the maths. A business plan will need to include everything from break-even projections to proposed return on investments to cash flow forecasts, and one of the key players will have to converse on these subjects in a convincing manner. They will also need to justify the numbers.

2. Lack of a viable opportunity

A business plan needs to not only describe an opportunity, it must also detail how the opportunity can be exploited profitably and demonstrate the company’s ability to deliver what is required. In recent years there has been a significant increase in plans that are inaccessible to the average reader because they are couched in technical jargon and unfamiliar terms. If the reader of the plan cannot fully grasp who the prospective customer is, how that customer will be targeted, and the prospective benefits from the proposed solution, the reader will not invest. In an increasingly time-pressed world, people crave simplicity. Many business plan recipients will only scrutinize the Executive Summary and the financials, using these as the decision points as to whether to read further or not. Hence it is of paramount importance that both the executive summary and the wider plan describes the opportunity in readily understood terms, such as:

  • What is the issue or pain point?
  • What is the proposed solution?
  • What are the benefits of the solution?
  • Why are these benefits compelling?
  • Who will benefit the most from these?

Once these are detailed, there will be greater transparency regarding the viability, or otherwise, of the proposed opportunity in terms of the company’s ability to profitably serve the target market.

3. No clear route to market

All opportunities are only prospective ones without evidence that the target market can be accessed profitably. Many entrepreneurs are inherently product focused, concentrating their energies on ‘the idea’ to the exclusion of many other important elements such as how they intend to access their customer base. The growth in popularity of the Internet has certainly helped niche producers find geographically dispersed customers, making many more ideas commercially viable. However, it does not come without its challenges, as creating awareness online is both costly and intensely competitive. The business plan must include a comprehensive and credible analysis of how the company intends to secure access to their target market in a cost-effective manner. The low cost and barriers to entry for websites have resulted in the creation of hundreds of thousands of sites. Ensuring that a site stands out from the crowd is easier said than done. Knowledge of who the customer is and how they buy is very important, but identifying them and accessing them on an individual basis is much more challenging and costly.

4. Overestimation of revenues

Another key element of the plan will relate to the size and value of the opportunity. Does the business plan describe a small local business-to-business opportunity with limited scalability/ return or is it a concept with widespread or even potentially global consumer appeal? While the description of the market opportunity will undoubtedly be couched in positive terms, an obvious danger relates to the innate optimism of entrepreneurs and their tendency to exaggerate every business opportunity. Hence the general interpretation of sales forecasts is that they will be optimistic but not excessively optimistic. Admittedly what constitutes ‘excessive’ is subjective, but the numbers will need to be justified and if it emerges that the figures are mere fantasy, the author will lose all credibility and it will significantly undermine any confidence the potential investor might have in the plan.

Opportunity for businesses of all sizes

The Apple iPad and its many Android “sincere flatterers” have comprehensively shaken up the market for mobile computing; in fact, the late Steve Jobs coined the phrase “post-PC for just this situation.

The days of the traditional laptop computer may not be totally over, but is a hinged screen-keyboard combo the only tool for serious mobile work? Nope. Here are five reasons why….

 

1. For content creation, just add keyboard

Tablets are great for content consumption. Hit the button, and you’re immediately scrolling through Web pages, YouTube videos, annoyed avians and the like. This can lead to the impression that tablets are only good for passively consuming; that they’re no use for creating content, such as documents, spreadsheets and other staples of business life, but that’s short-sighted.

Obviously, tablets’ on-screen keyboards aren’t easy or ergonomic typing tools. However, there’s a wide range of Bluetooth options available that can turn an iPad or Android tablet into a lean, mean, writing machine.

 

But if you’re going to add a keyboard to your tablet, why wouldn’t you just buy a laptop? The next three reasons answer that…

 

2. ARM = light weight + long battery life

PC and Mac laptops are built around the Intel processor architecture, using chips from either Intel or AMD. Often known as x86, the architecture is great for compatibility with the PCs we’ve used for years, but it’s encumbered with historical baggage that makes x86 machines hot, heavy and hungry for battery juice. Modern laptops have improved but are still a world away from today’s tablets.

Most tablets break from Intel’s historical hegemony by using chips designed by ARM. These so-called system-on-a-chip architectures use much less power than x86 – especially when idle. This and modern battery technology can give tablets a 10-hour life and weeks of standby readiness, which means you can get more work done on the go.

Intel is fighting back, though the jury’s still out on whether it can compete. Intel tablets will at least be able to run the full version of Windows 8, as opposed to the cut-down, ARM-only Windows RT.

 

3. Cellular data: a first-class citizen

Today’s tablets often include access to 3G and 4G/LTE networks. The data networking technology is seamlessly integrated, so that you can switch between it and Wi-Fi with no noticeable interruption.

That’s much cleaner than the typical Windows or Mac laptop with an add-on 3G dongle; the difference being that cellular data was designed into tablets from the get-go. So there’ll be fewer excuses to not get the presentation finished on time.