1 2 3 4 Previous Next

Technology Management

52 Posts

It was shocking news really: during the holiday rush of 2013, cyber-criminals hacked into the checkout system of Target and stole the credit card numbers and other personal information of up to 70 million customers.


The crime raises all sorts of questions, but a main one is this: How could a company as big as Target, with undoubtedly oodles of fraud protection systems and people in place, be the victim of such a huge theft?


This is where it gets interesting.


It turns out that a small business was to blame.Steve-Strauss--in-article-Medium.png


The theft occurred after a Target HVAC sub-contractor was hacked. The contractor had access to the Target computer system in order to handle business, and the crooks installed malware onto the contractor’s computer. Then, according to Gizmodo.com, “after lifting the contractor’s login information, the hackers were able to test their malware on a small number of Target’s registers totally undetected between Nov 15 and Nov 28. Two days later, the hacking software spread to ‘a majority’ of Target stores and was actively collecting data from live customer transactions between Nov 27 and Dec 15.”


If you think cyber-crime, identity theft, hacking, and all the rest are the domain of big businesses, you are flat-out wrong. According to a recent survey by Intel Security, 6 out of 10 cyber-attacks are now directed towards small businesses. Why? Because we are easy pickings, that’s why. Just ask Target.


Or, better yet, ask some experts. I did. Recently, I interviewed top cyber-security experts for a video series for the aforementioned Intel Security. What I learned was alarming. It turns out that, for a variety of reasons, cyber-criminals have decided that the easiest way to ill-gotten riches is by hacking small businesses. Here’s why:


Lack of security: The crooks couldn’t get into Target’s system through Target directly, so they focused on the one area where the company was vulnerable – via its 3rd-party small business vendors. By most estimates, more than 75% of small businesses have no cyber-security software installed on their computers or system, despite this being the first line of defense.


Longer shelf life: When a big company like Target gets hacked, it becomes big news, and as a result people immediately begin to close bank accounts and change passwords. This means that the shelf life of the stolen data is pretty short.


But that’s not the case when the victim is a small business. It takes much longer for a small business case to be investigated, for people to be informed, and so on. In this case, the data taken can be used and sold on the black market for a lot longer. Stealing from small business is good business if you are a crook.


Lack of preparation: According to Todd Shipley, author of Investigating Internet Crime, small businesses do not have the know-how or resources to fend off cyber criminals, and as a result, they are more and more the victims of cyber-crime.


Click here to read more articles from small business expert Steve Strauss


So what should you do? Here are four top tips from the experts:


  1. Install software: Cyber-security software is a must-have these days. Do you have it?
  2. Train your staff: The main way that crooks get to small business is by installing malware on the system. They often do this by getting an unsuspecting employee to click on a link in an email that looks perfectly reasonable, but is not. That link installs the malware. Or, the employee downloads an “update” that is no update at all. It’s so important to create some strict security protocols and policies for your small business, and then train your people on how to follow them.
  3. Backup: Have you heard of the CryptoLocker virus? Here, the malware locks up your data and it cannot be unlocked until you pay a ransom of, say, $300 or so. Then the crooks unlock it. Because the amount is not outrageous, many small business people just pay it. But whether you do or you don’t, you know the drill. Backup, backup, backup. The one way to beat malware is to have a good backup system to move forward with.
  4. Beware of social media: While social media platforms like Facebook, LinkedIn, and Twitter are great for networking and promoting your business, putting too much about yourself out there can make you a prime target for hackers. For example, cyber thieves browsing on Facebook could find out your birth date, name, address, and pet’s names…enough to hack into your passwords. Be sensible about what you make public.


The time is now to upgrade your security system because you never know – you just may be the next Target.


About Steve Strauss

Steven D. Strauss is one of the world's leading experts on small business and is a lawyer, writer, and speaker. The senior small business columnist for USA Today, his Ask an Expert column is one of the most highly-syndicated business columns in the country. He is the best-selling author of 17 books, including his latest,The Small Business Bible, now out in a completely updated third edition. You can listen to his weekly podcast, Small Business Success, visit his new website TheSelfEmployed, and follow him on Twitter. © Steven D. Strauss.


You can read more articles from Steve Strauss by clicking here

Outsourcing_body.jpgby Karl Anderson.


For many entrepreneurs, the word outsourcing brings to mind large corporations shifting jobs to lower-wage workers in foreign countries. While this is a particular type of outsourcing, specifically referred to as offshoring, outsourcing actually is a much broader concept referring to any job functions handed off to a third party. In fact, there are many types of outsourcing that are commonly available to small businesses. If you operate a small business, you’ve no doubt discovered some tasks that can be delegated. While outsourcing certain tasks can provide cost savings, it also can help benefit businesses by helping them to run more smoothly, meet customer demands more efficiently, and build a diverse network of freelancers with specific talents. In 2010, the software company Intuit calculated that, by the year 2020, more than 40 percent of the U.S. workforce will be freelancers.


Whether you call it outsourcing, subcontracting, or hiring freelance work, with a careful approach you can build strong relationships with off-site professionals and achieve your specific project goals on your schedule. Freelance workers can be found in your own community or on the other side of the world, but they can save you time, money, resources, and headaches, and they can help you be the best resource for your customers in a competitive marketplace.


Achieving business goals

Ultimately, outsourcing is a way to garner expertise from business professionals when it is not affordable to hire full-time employees. In the current economic climate, most small businesses find it crucial to be extremely efficient with resources. Furthermore, savvy managers understand that sometimes a job requires an outside expert on a short-term basis.



Matt Amundson, president of First Security Bank in Hendricks, Minnesota, says that outsourcing is particularly valuable to his small business. To be successful, his company needs to work with a wide variety of contract workers, and smaller regional banks are no exception. Amundson always does a cost-benefit analysis to determine when to bring in outsourced labor and for which jobs.


Amundson has found it advantageous to outsource various services, and this has streamlined his business and freed up more time for his full-time staff to meet customer needs. For example, he subcontracts payroll, tax work, accounting, short-term staffing, and IT services, including the development of mobile apps.


“Outsourcing is an industry of its own, and many companies providing workers are small businesses themselves,” he notes. By bringing in outside professionals for individual projects, he is able to support other local businesses.


Outsourcing is evolving

As technology advances and economic trends change, businesses are turning to outsourcing to help meet new demands and solve new problems.


“Electronic media transformation has been huge,” Amundson says, and he points to small startup services that can now be developed and implemented very quickly. “The speed has come up exponentially.” As a result, businesses like his are able to meet customer demand for faster services.


Jason Krapf owns and operates Today’s Vibe, a boutique creative marketing agency in Philadelphia. His business focuses on strategic web development and design, search engine optimization (SEO) and online marketing, as well as less traditional marketing campaigns for all types of clients. While much of the work is handled in-house, Krapf occasionally outsources some types of jobs, including SEO. “We also outsource some data entry, whiteboard animation creation, very basic graphic design, and other coding projects,” he adds.


Krapf points out that, for small businesses looking to outsource, there are now numerous web-based communities connecting domestic firms with outsourced work from all over the world. “This has helped streamline the process, and the mediation role of these companies takes some of the frustration out of outsourcing work,” he explains. “Many sites will require services be packaged in much smaller increments, allowing small businesses à la carte access to outsourcing many of their daily demands, with short turnaround time, no retainer fees, and some of the cheapest labor available in the world. Now a roofing contractor in Maine can order SEO services from India in $5 bundles, rather than paying a domestic firm $500 for the same work.”


At the same time, Krapf expresses some unease about using the current online freelance marketplaces. The quality of the work has not been consistently reliable, and he is concerned about the type of living the international freelancers are earning. “Still, I didn’t have a choice but to use it,” he says. “It hurts domestic creative companies too. It’s hard to stay competitive in the market share I was targeting with Today’s Vibe.” Krapf is currently launching a new company with his business partner, and says he wants to try to phase out internationally outsourced SEO, if possible.


How can small businesses find freelance help?

There are a number of marketplace websites where small business owners can find third-party professional resources online. Some of the most popular sites to find freelance assistance for small projects include:

  • Freelancer.com (one of the largest online marketplaces for outsourcing work)
  • Fiverr.com (a site to recruit help for $5 "micro-jobs," including basic IT assistance)
  • GURU.com (another large outsourcing marketplace, where freelancers are "matched" to job needs)

On the other hand, sometimes the best way to find quality assistance is through existing networks of business associates. Amundson has had success simply by calling up industry peers and seeing if they have any recommendations. He has also networked local trade associations to look for external help. However, due to the sensitivity, regulations, and security concerns inherent in his industry, Amundson is always careful to do thorough vendor assessment.


If you operate a small business, it may be well worth your time (and money) to consider outsourcing particular tasks or individual projects. Given the acceleration of communications technology and the trend toward specialized freelancing, the best person for the job might be someone in another country, or just someone down the street. Whether you need help developing a polished website, processing company payroll, manufacturing and printing, or publishing content that adds value for your customers, there is almost certainly someone out there who can help you achieve your business goals.

Business_Apps_body.jpgby Jennifer Shaheen.

Every day, hundreds of new apps are released. Many of them sound exciting, but which ones have proven to be truly valuable to the busy small business owner? Here are five apps you can use to accomplish more in less time.

To help you stay informed and organized

Information is power, which is why so many small business owners are voracious consumers of articles and blogs. Managing the flow of information and keeping track of the most valuable content is a daunting task, but it becomes much easier with the right apps.

1. Feedly

"Feedly helps me keep up with all the news in our industry, and actively share information through social media,” says Adam Ware, CEO at SwellPath, a digital marketing agency. Feedly is one of the most popular news aggregators available today and replaces Google Reader. It has highly customizable layouts and a recommendations feature that makes it extremely simple to find more information on subjects of interest to you. According to Ware, “It's a must-have for anyone who likes to scan and read articles from many blogs or publications.”

Feedly works on the iOS and Android Platform.

2. Evernote

Forbes calls Evernote “one of the most essential apps”. Its users can store notes, ideas, lists, and even complete webpages, and then access that data from any of the devices they’ve synced to the app. It’s easy to organize, edit, and share your information.

Chris Murphy, owner of MFX SalonSpa, recommends that business owners use the Evernote Hello feature as an integral part of their recruiting process. “Using Evernote as the central hub for our recruiting has allowed us to be a lot more efficient and provided more clarity around the recruitment process.” During the recruiting process, Murphy uses Evernote to make notes on potential applicants, which his managers can see in real time. “Plus, they can add their comments to all of the notes, so the interview and hiring process is really collaborative.”

Evernote works on the iOS, Windows phone and Android platforms.


To let you do business anywhere

With the right technology, we’re free to live, work, and do business anywhere we’d like. This app enables the entrepreneur to do exactly that, by erasing the need for an on-site staff.

3. Basecamp

This project management app has proven to be essential in working with an almost-entirely remote staff. “We use Basecamp from 37 Signals to coordinate with our editors, proofers, and book scheduling,” says Lorna Hinson, publisher at Torquere Press in New Mexico. “We love that it can host files, message boards, calendars, chats and more. We use it on the web, but it has also recently revamped its iPhone and iPad usage to be fully featured.”

Basecamp has an iPhone app and mobile websites optimized for smartphones running the Android or Windows phone operating system.

To help you connect

Running a business means a lot of time interacting with people, both in person and over social media. The smart use of technology minimizes the amount of time devoted to the administrative end of networking so you can focus on building meaningful connections.

4. Hootsuite

“My favorite app is Hootsuite Mobile,” says Tristan Bishop, senior director of social marketing at Informatica. “It allows me to manage multiple social media networks and accounts, on the go, from a single mobile app.” In other words, if your business has a Facebook, Twitter, and Pinterest account, you can monitor and manage all those accounts from a single dashboard. It’s a free, fast, and simple way to streamline social media.

Hootsuite Mobile runs on iOS, Android, Blackberry, and Windows phone.

5. Cardmunch

Cardmunch is an app developed by LinkedIn. Here’s how it works: You go to a trade show, convention, or networking event. You come away afterward with dozens of business cards in your pocket. Use your iPhone to snap a picture, and Cardmunch instantly uploads the data from the card into your LinkedIn network. It’s reliable and super simple: more than two million cards have officially been “munched”, according to LinkedIn’s blog.

Cardmunch is currently available for the iPhone, but versions for Blackberry and Android are said to be coming soon.


Document_Sharing_body.jpgby Erin McDermott.


Plenty of services let you share documents online. How can you keep your staff on the same page while using them?


It’s one of the modern wonders of the Internet—more than one person in more than one place all working together on one file. Cloud computing has enabled on-the-go users to make a change on an office laptop that can simultaneously appear via an app on a smartphone.


Yet this marvel of synchronicity can also mean utter chaos if a business doesn’t establish rules for how to use the technology. How can you get everyone to collaborate on file sync and share platforms in some semblance of harmony? Here are a few things to consider:


Safety first

Nonstop headlines about hackers and surveillance have made data protection a top concern among even casual users. While some may be able to live with the risks that come with free or inexpensive cloud-based services, most clients can’t. Handling classified material, market-moving financial data, sensitive legal or health records, or anything a competitor could benefit from demands reliable security. You’ll need a sharing system that can pass a security compliance audit, allow control over who sees what information, and an ability to revoke access from any user or a device that’s gone missing.


A few options: nCrypted Cloud has an enterprise product that works as a privacy layer to cloak the most popular services and keeps work environments intact. Or there’s the new Intralinks VIA, a secure environment from the file-sharing market leader that’s aimed at businesses of all sizes. (One cool feature: the UNshare button, which can make a document disappear, even those that have been downloaded, via digital rights management.) Whatever you decide, pick one platform and stick with it: Utilizing too many sharing systems is bound to be confusing for clients and staffers.


Set rules of engagement

Technically speaking, many experts warn users to not edit or write directly in Dropbox or Box or Google Drive and the like. Doing so creates havoc with various parallel versions in use at the same time. To keep everyone in line, create an operations manual, including a flowchart or outline of the filing hierarchy, explicit conventions for each level of the filing system, and instructions on how to safely use applications. If staffers or clients have access to a live system, warn that edits or deletions are permanent.


Thursday Bram, a writer, editor, and founder of Portland, Ore.-based Hyper Modern Consulting, says her group writes out workflows for each project and requires everyone involved to sign off on the steps necessary to complete each project. This makes it easier for team members across the country to stay up to speed. Bram’s rule for the comments connected to each file: Keep discussion of each document tied to that document only.


Enforce naming conventions

Your document repository will quickly become confusing if you don’t ensure both directories and documents are named in a commonly understood way. “You can make document management as simple or as elaborate as your group requires, though simpler is often better,” says Dara Young, a computer systems configuration specialist in Southern California. “Each organization must identify what works best for their needs.”



Using the date of creation? That information might not matter so much a month or a year down the road. Best practices include using a labeling system that mirrors your process and keeps file names consistent and easily searchable. Much depends on the size of the group with access to the documents. One simple prefix system: Draft; Ready For Comments (RFC); Ready For Approval (RFA); Approved. Young is an advocate of numbering versions if there’s no software feature to track a history of changes. For example, a method that utilizes a decimal (such as 1.0, 2.1, 6.12, etc.) is often helpful. The first digit could indicate a major change, reworking, or publication of the document. The second and third digit would reflect minor or administrative changes.


Other advice: Name folders after clients, and be sure to keep external and internal documents in separate files. Whatever you decide, make sure outside collaborators or clients are crystal-clear on which file is the most up-to-date—to avoid losing precious time in older or outdated versions.


But mostly, the best guidance starts off-line, collaborating to make everyone happy. “A lot comes down to the ability to discuss the qualities of your platform with your client,” she says. “We’ve seen long-outdated constraints written by people who aren’t exactly tech-savvy, so we work with them to understand our process. There’s not a lot carved in stone for this right now.”

TechEmergency_Body.jpgby Erin McDermott.


On a recent visit to my son’s pediatrician, we arrived to find a frantic staff. Their Internet connection and phones had suddenly gone down, cutting off calls and access to patients’ charts. They’d rigged a paper-and-pencil system that still adhered to HIPAA privacy rules, cellphones were buzzing with emergency requests, and our checkup was old-school, without the usual long computerized checklists of developmental goals.


This service interruption went on for two days—a road-construction crew 10 miles away had accidentally severed the fiber-optic line to their office, which is part of a major university system. Our doctor later told us the outage had “finally gotten everyone’s attention” about the need for tech emergency plans.


So, what is your company doing to prepare for the unexpected?


No one can think of every possible eventuality, and business owners know Murphy’s Law often rules the day. But everything from wild weather events and service interruptions from a fragile power grid and persnickety telecom networks have forced companies to start coming up with backup plans for their offices and employees.


The main reason: the rising toll from some notable disruptions. For 2012’s Hurricane Sandy, economists at IHS Global Insights calculated $25 billion in lost business activity in just the first month after the storm. Raising the stakes, a 2011 Insurance Information Institute study found that 40 percent of businesses affected by natural and man-made disasters never reopen.


It’s also part of a greater emphasis on preparedness. Since 2004, September has been designated as National Preparedness Month—a move to educate the American public about how to be ready for, and respond to, emergencies.


While a poor online connection or a downed pole aren’t exactly super-storm material, having a Plan B ready can keep your company running smoothly during unexpected everyday disruptions. And being prepared for the worst can help lessen the bigger risks. Here’s a look at a few things to do to help protect your business in case disaster strikes.


TechEmergency_PQ.jpgDevelop a contingency plan

Fail to plan, plan to fail. Since the summer 2003 blackout that left tens of millions without power on the East Coast, the federal government got serious about having individuals and businesses prepared for the unexpected. Along with a bipartisan mandate to upgrade the nation’s antique power grid, FEMA and the Small Business Administration started to push for companies to develop and practice backup plans to keep their staffs and shops safe (and hopefully running) in case of emergency.


It’s also given rise to an entire industry: business continuity planning. Experts in this field have the task of thinking of anything that could go wrong, from a shutdown by hackers to where to keep documents stored in case of a catastrophic event. An excellent and free resource for those getting started: Ready.gov, which has a step-by-step guide to help assemble a plan and get employees working on everything from crisis-communication details and tornado warning text message alerts to running drills and getting hard-copy contact information in case an IT meltdown cripples an office.


In late December 2006, business coach Craig Hohnberger watched helplessly while an ice storm crippled his Columbus, Ohio, office building (along with much of the Midwest). The power was out, phone lines were severed, backup generators weren’t working, and much of everything else was shut down. “Even the local Walmart closed for the week,” he says. Yet he and his team had landed a big deal, and were dependent on getting the contracts out and signed before the end of the year. They ended up driving some 20 miles before finding a suburban FedEx Kinko’s copy shop that was operating. His outsourced IT provider managed to get them into their files. They downloaded, modified, printed, bound, and shipped on the spot. “It was a close call,” Hohnberger says. These days, his files are routinely saved to cloud computing storage spots and he’s added a routine test process in case disaster strikes again. “As long as I have power and my laptop, I can get anything now,” he says.


Review your insurance policies

What exactly is covered? Insurance can be tough to navigate, and it’s tempting to focus just on the cost of the premium, but what’s covered is far more important. One type to consider for extended emergencies: business interruption insurance. While most standard policies cover only losses to tangible items—like a building, equipment, or inventory—they don’t address the profits you’re losing if you can’t operate. Buyers should expect to document several months of net income. Policies range in price from less than $1,000 to $10,000 a year, depending on the size of the company. And one spot to watch: the exclusions at the end of the policy. Review each carefully with your agent and business attorney—this is the part of the contract where coverage can be revoked for certain events and situations—and add a rider if necessary. In the case of Hurricane Sandy, some business owners found their policies specifically didn’t cover losses caused by downed utility services.  


Invest in a generator

If electric service gets knocked out, be your own power supply. With the right modern technology, the changeover to a standby generator can be nearly seamless. Long a staple of rural operations where utility services can be an issue, repeated outages have been making generators far more common in metro areas. The hard-wired equipment isn’t inexpensive—anywhere from $2,000 to more than $15,000, plus installation, depending on the machine’s capability—but the benefits it brings during an outage can be priceless.


“There are certain small businesses that clearly have a return on investment, where the payback is much shorter,” says Aaron Jagdfeld, chief executive of generator maker Generac. “With a restaurant, if you lose a weekend night, it’s like losing an entire week,” he says. “No one can really afford to not be up and running.” He says much of the company’s past year has been dedicated to educating businesses on what they would need to provide an alternate energy supply to keep their operations going, and what could be lost if they go dark for too long. “The big part is understanding the financial ramifications of an outage. We’ve been hearing from many companies that it’s become too critical to take a chance anymore,” Jagdfeld says.


SBC newsletter logo.gifBack up everything that’s important

Greg Wiszniewski’s midtown Manhattan Busy Bee Cleaning Services was bustling last October, with 130 employees fanning out to New York City’s homes and offices. Then came Hurricane Sandy, which knocked out Wiszniewski’s access to his office for a few days while he was stranded in Queens thanks to the flooded subway system. In the meantime, he lacked contact information for staffers and clients; nor could they reach him. Appointments were missed for days. “It was a mess. A total mess,” he recalls. “It wasn’t just that I couldn’t speak to my cleaners, I couldn’t talk to my customers. I didn’t have a backup plan, and with the hurricane that was made obvious.” Some customers never called back, and a few employees didn’t return either—tough losses in an already trying time.


Flash forward a year, there’s an entirely different routine. Every Friday without fail, Wiszniewski makes a printout of contact information for everyone involved—clients and cleaners alike—for the appointments for all of the upcoming two weeks. It may seem like the bare minimum, but it’s peace of mind that helps minimize the risk of a similar disruption in the future. “You realize that you sometimes need to rely on paper, on physical copies, because you don’t know when a system is going to fail,” he says. “I seriously have not failed to print out that list of events, and even potential events, ever since.”

CloudSecurity_Body.jpgby Jennifer Shaheen.

If you’re a small business owner who’s looking for assurances that it’s possible to keep your business information or client data absolutely confidential, no matter what, Patrick Weir has some news that you’re not going to want to hear.

“There is nothing that’s 100-percent secure, whether you’re on the cloud or completely offline,” says Weir, the CEO of EZTrackIt, a cloud based package management system. “Nuclear power plants and high-powered government installations have tried to secure their operations by cutting off all access to the web, and even they discovered that they were still vulnerable.” So once you acknowledge that no type of data storage is perfectly secure, Weir says the issue then becomes how much should you trust the web, or store your data locally?

Where’s the safest place to keep your data?

Even local, on-site storage is no guarantee of data security. “Recently, the onslaught of natural disasters, the latest being Hurricane Sandy on the East Coast, has taught some of us a very harsh lesson,” says Natalie Sulimani, founding partner of Sulimani and Nahoum, PC, a New York City-based law firm. “Redundancy is important. Maintaining files in multiple locations is a must.

How many files were lost due to flooding or a server going underwater? If it was even one, then it was too many.“

One of the primary advantages of the cloud for small business owners is that your data is stored remotely, hundreds or even thousands of miles from your place of business. This puts it safely beyond the reach of any localized natural disasters.

Weather is only one of the factors that could compromise your data security. Data theft can be an internal threat, if unscrupulous employees steal customer information for nefarious purposes, or your data can be among that targeted if a cloud-based system like Gmail, DropBox, or Salesforce is hacked. Ironically, it’s easier to defend against the latter problem.


“Cloud computing puts your files in the hands of competent IT professionals who will secure your information and provide the necessary redundancy so that if a server goes down, your files will live on and be available when you need them from another server,” Sulimani explains. “Their major, if not sole, purpose—and the reason you pay them—is to safeguard your files and ensure that you will always have access to them when necessary, so they are highly motivated to do it well and properly.”

If someone tries to hack into a major cloud-based system, to try to steal confidential information, for example, their security teams are continually watching. “They’re going to be all over that like a swarm of angry bees,” Weir notes. By contrast, backing up your data locally with a small company that manages many things means there’s a chance any vulnerability of theirs may be missed for quite some time.

What happens if something goes wrong?

“Part of the reason we’re so comfortable with cloud at the moment is there hasn’t yet been a breach,” says Lori Mac Vittie, senior product manager of emerging technologies for f5, an Internet security firm. Mac Vittie is a subject matter expert on cloud computing, cloud and application security, and application delivery. “But it’s not a question of ‘if,’ but rather ‘when’ there will a breach.” Rather than going forward in the expectation that a security breach would never occur, it’s smarter for small businesses to develop practices that would minimize the damage if there was a problem.

Reduce risk by being selective about what information you entrust to cloud storage. “The type of data you give a cloud-based company is entirely up to you,” Weir says. “If there’s no compelling reason to put extremely sensitive data like social security numbers or client birthdates into the cloud, don’t put it there.”

“The answer to ‘Should we store data in the cloud?’ depends on the answer to ‘What are the consequences of this data getting into the hands of competitors or thieves?’ combined with ‘Is that an acceptable risk?’” Mac Vittie adds.

SBC newsletter logo.gif

The questions you need to ask about the cloud

Before you commit to placing your data with any cloud-based service, Sulimani recommends doing your due diligence. “Investigate the online storage site’s security measures, policies, recoverability methods and other procedures,” she says, “and ensure that the online storage provider has available technology to guard against breaches.” Doing this will let you know what steps the service provider does to protect your data, as well as what steps they’ll take to get your data back should it be lost for any reason.

It’s also important to understand your legal relationship with the service provider. Do they have a legal obligation to keep your data confidential? Will they notify you of any subpoenas regarding your information? If you decide to stop working with that service provider, what happens to your data? To find the answers to these questions, you can read the terms of service, ask the provider directly, and consult your business attorney.

FreeWiFi_Body.jpgby Iris Dorbian.


One year ago, when Susana Fonticoba launched Right Click Advantage, an e-mail marketing and communication services company in East Hanover, N.J., she ordered cable Internet that included a WiFi hotspot as part of the provider’s regular subscription package. And because Fonticoba offers seminars at her place of business, she opted to offer visitors free WiFi as opposed to creating password-protected accounts.

“I felt it would be an advantage to the seminar attendees and my clients to use the free WiFi while they’re here,” she says. Since installing this feature, Fonticoba has seen healthy client traffic at her studio. Rather than view the free WiFi as a distraction from her company’s mission in serving other small business owners/entrepreneurs, Fonticoba embraces it as a perk that has yielded considerable benefits to her bottom line, particularly in the wake of the devastation wrought by Hurricane Sandy. 

“When Sandy hit last year and our area had electricity while many other communities did not, I put out the word that I welcomed fellow business owners to come to my studio and get some work done, offering my free WiFi,” she recalls. “Why shouldn’t we want to make life convenient and comfortable for our customers? They are why we are in business.”

To her surprise, no one took Fonticoba up on her offer. However, she did receive many thanks from people for it when she saw them.

“I believe it benefited my business by silently growing the bond of trust in the relationship,” she says. “The unsaid message was, ‘You can count on me to help.’ That is a message I wanted to communicate about my business in a quiet, graceful way.”

Fonticoba is an example of a growing contingent of small business owners who view having free WiFi at their venue as both a perk and necessity. Although she does acknowledge the drawbacks—customers abusing the WiFi without patronizing the business—Fonticoba is an ardent proponent of its advantages, feeling they outnumber the negatives.

Kristin Fintel, owner of the six-year-old Chehalem Ridge Bed & Breakfast, an inn located in Newberg, Oregon, also views having free WiFi at her place of business, as an imperative. Fintel says she has offered free WiFi at her business from its inception. The decision to include this feature as a customer amenity was informed largely by the experience she and her husband, who’s in charge of IT operations at the B & B, have had while on the road.

FreeWiFi_PQ.jpg“When we travel, WiFi is important to us,” Fintel explains. “If it’s checking e-mail for work or checking on area attractions, [free WiFi] makes things easier. With both of our jobs, if we stay connected enough to solve small problems while traveling, there are fewer issues to deal with when we get back. Since we designed our B&B, it had to come with WiFi. It never crossed our mind to charge for something that we feel is a basic service.”

Not that offering free WiFi has come without snags.

Louis Rosas-Guyon, president of R-Squared Computing, a North Miami-based technology consulting firm that works with clients that offer free WiFi, says there are negatives that small business owners need to be aware of before they go this route. “Once you offer it, people will complain when it’s unavailable,” he says. “The airlines are experiencing this phenomenon when in-flight WiFi is down.”

He also adds that sometimes it might be hard for retail shops and food-service companies to justify the expense, particularly if the feature brings in “squatters who sit and use your connection without buying.”

Still, the pros might greatly outweigh the cons. Unlike some business owners that may be wary of offering this feature for fear it could deflect attention from their business, Fonticoba and Fintel express little reservation.

“I believe in creating the atmosphere for my clients that I would appreciate for myself,” Fonticoba says. “And hey, that hotspot didn’t cost me anything, so why not? This way, [my clients] leave my secure connection alone and I don’t have to worry about passwords. For returning clients, I do have a guest account on my own Internet connection with a password.”

For small business owners contemplating adding free WiFi as a customer perk, consider these tips.

Do your research

As with anything costly, be it a car, a house or computer equipment, never buy anything unless you do your research (which may include cost comparisons) first. Similarly, you should never sign up with any Internet provider unless you do your due diligence and find out the features they’re offering in their subscription package.

Fintel says it’s also important that any connection provide enough Internet broadband and router security for customers to perform a slew of activities such as watching videos or checking e-mails.

Establish a good understanding of your IT infrastructure

This will be invaluable when your WiFi service is experiencing a blackout or massive glitch. Fintel admits that having her husband act as the IT troubleshooter has been a key asset to her. “If I had to pay for that, I might look to establish a contractual relationship with someone who understands my guest needs,” she says.

Keep your business connection secure from intrusions

Offering free WiFi can be an excellent way of fostering a climate of good will at your business. But it cannot be at the expense of putting your business at risk by affording customers unwanted access to confidential information. Protect your business by having a separate WiFi network that is password-protected and up-to-date with other IT safeguards.

Fonticoba agrees. “What small business owners should not do is open up their own Internet connection and let the world hop on,” she advises. “Keep that password secure for yourself and your staff.”

Know your customers

Since launching her business, Fonticoba has made this a best practice. “If you want your customers to feel welcome and to encourage them to come back on a regular basis, make it as comfortable and convenient as possible for them,” she advises. “Anticipate what the average customer might want. I work with entrepreneurs and they have harrowing days like I do. So I keep simple refreshments on hand as well as phones and Internet for their use.”

Offering free WiFi at your business can be an excellent way of securing customer buy-in. But it must never be done at the expense of your business’s long-term security and success.

TrackCashflow_Body.jpgBy Iris Dorbian.


For business owners, tracking cash flow is one of the most tedious, yet necessary tasks. Just one simple misstep can cause a massive operational and financial challenge, leading to delays that could culminate in shutting down the business.


Small wonder then that more business professionals are now turning to real-time business dashboards to gauge cash flow, rather than rely upon on-the-fly calculations or out-of-date ledger statements. But because computers, like human beings, are not infallible, there are guidelines that small business owners should follow to increase the effectiveness of using dashboards to track their money. The following are several tips courtesy of experts:


Identify key metrics

To better track your business cash flow via a dashboard, it’s imperative that you first pinpoint key metrics that are critical to your fiscal operations. Alex Gassey, founder of StratPad, a financial planning and management app for the iPad, says: “Set goals for these values and track them on a business dashboard, at least monthly.”


According to Gassey, whose StratPad includes a business dashboard called StratBoard, some commonly used metrics that influence cash flow are: accounts receivable days (how long it takes customers to pay you), accounts payable days (how long it takes you to pay suppliers), and cost of goods sold versus inventory ratio. 


Be accurate with your data

There’s nothing that will wreck your goal of trying to gauge your cash flow more than entering wrong or outdated information into your dashboard. Always be extremely vigilant and careful when entering data.


Caroline Cummings, vice president of business development at Palo Alto Software, a maker of LivePlan software, which offers a dashboard feature that can be used to track cash flow, strongly endorses this best practice.


TrackCashflow_PQ.jpg“Make sure that whoever is entering data [into your dashboard] or wherever you’re pulling the data from, that it’s the most up to date so that you are looking at true numbers,” she says. “Otherwise you’ll be making decisions that could end up hurting your business because you think you’re looking at your expenses correctly, but you’re not.”


Increase speed of money flowing into the company and slow speed coming out of it

To help streamline your cash flow operations via your dashboard, you might want to deliberately modulate the movement of money going to and from company coffers.


Gassey cites a hypothetical example: “Say your accounts receivable days are currently at 67, you might set a goal to get that down to 30 days within six months,” he explains. “Customers are paying you sooner, thereby increasing the speed at which money comes in.”


At the same time, he adds, you might want to enhance this faster infusion of cash by negotiating with your vendors to increase your accounts payable days. “This will increase the amount of cash you have on hand,” he says.


Track cash flow from day one

Don’t wait until a few months after you launch your business to gauge how much money is flowing into and out of your register. Do it immediately after you set up shop, otherwise all the passion and hard work that you’ve invested in your startup might be for naught.


Cummings concurs. “Most small businesses fail because they run out of cash,” she says. “But really that’s just the symptom. They run out of money because they’re not watching their cash flow. They’re not tracking which product is under-performing. They’re too busy working in their business and not on their business.”


To remedy this, Cummings recommends every small business owner review his or her business dashboards on a daily, weekly, monthly, and quarterly basis. By doing this, “they can see what the profit centers are and where to make adjustments.”


They will also be better equipped to size up revenue goals and see how they compare with their desired target. Other questions Cummings says small business owners should ask themselves while tracking their cash flow on a business dashboard are: Where are they with expenses and cash flow? Who owes them money and how much? Also, who do they owe and how much?


SBC newsletter logo.gifPaul Jarrett, founder of the year-old health and fitness e-commerce site Bulu Box, agrees. In fact, Jarrett credits his use of LivePlan’s business dashboard software as being a catalyst to his raising $1 million in funding. By being able to accurately measure and track his company’s cash flow operations, Jarrett was able to present to investors a realistic picture of where his business was headed.


“I think a lot of entrepreneurs I know wait a little too late to start tracking certain things,” Jarrett says. “Also, small business owners need to make sure the way they track and measure remains consistent. Spend some time upfront to ensure that things are set up properly because if you change things a few months into the year or two years down the road, a lot of what you’ve been doing won’t matter anymore.”


To bolster his point, Jarrett notes the following: “I don’t think it’s any coincidence that around the time we got our dashboard nailed down to what was really important, we started to see the growth of our company. We were able to focus on what we were making money on [as opposed to] what we thought we were going to make money on. Having a business dashboard helped us figure that out quickly.”


A business dashboard that can help you accurately and effectively track cash flow can be a best practice for success. But it must be harnessed properly. Otherwise it won’t matter how state-of-the-art your software is.

QAJeffLanza_Body.jpgby Erin McDermott.


Jeff Lanza left one front in the battle to fight fraud, retiring from the Federal Bureau of Investigation in 2008. Now, he’s on another: He’s an in-demand speaker for businesses large and small, detailing how malicious hackers are targeting poorly prepared companies and alerting them about how to avoid becoming a victim. Business writer Erin McDermott recently spoke with the former agent about the big picture on small business hacking, misconceptions about the aftermath, and ways to try to stay one step ahead of the bad guys.


EM: How did you come to work on computer crimes during your days at the FBI?

ML: I was working on various crimes with the FBI. I started out as a white-collar crime agent and investigator and I was also covering public corruption and fraud. I was on the White Collar Crime Squad, so from time to time we handled fraud cases, and that morphed into computer crime. Eventually, it got pushed into its own squad because it was so big. I didn’t work on the Computer Crime Squad, but I did a lot of public speaking about computer crimes as time went on, because of how I personally felt about how important prevention was. I went out to businesses and the community to talk to people about what the threats were, with the hope that they wouldn’t get victimized.


EM: Hacking attacks on businesses and identity thefts seem to be in the news almost daily. Why do you think we’ve turned a corner into such proliferation?

ML:  The short answer is it’s easy to do and small to mid-size businesses make very good targets. They have enough money to go after, but often have less controls than large, Fortune 500 companies—and they may become much more vulnerable because of that. Companies are sometimes in denial that this could happen to them and they don’t take appropriate steps to protect themselves. All it takes is one weak link in the chain: an employee who clicks on an email that he or she thinks is coming from UPS ends up downloading a virus, and the next thing you know banking credentials are stolen and money is transferred out of the account. It is as simple and quick as that. The bad guys know there’s little risk because they’re often in foreign countries and out of the jurisdiction generally of the FBI. And they can do it to massive amounts of people and have just a few respond to get a big windfall.

QAJeffLanza_PQ.jpgEM: Aside from the basic protections that everyone should be doing—firewalls, VPNs, strong passwords, antivirus software, locking up your hardware—how should SMBs start thinking about staying safe going forward? How can they keep abreast of scams and online tricks?

ML: Staying abreast is easy—become members of groups in the community that work to fight these things. The No. 1 group to join, if you have a business, is InfraGard, which is an FBI-sponsored group. They have regular meetings and talk about these types of threats. Even if they’re in a city that doesn’t have a chapter, they can get the newsletter. Another: Read papers like The Wall Street Journal and the New York Times, where they have stories about these threats all of the time.


One of the most important things a company can do to stay safe is education—making sure your employees aren’t just taught about basic computer security on their first day on the job and then forget about it. There has to be refresher training all of the time and top-of-mind awareness. Always be talking about computer security and about not clicking on links from unknown senders or with unknown attachments, or on unknown emails seeking banking information.


EM: Symantec’s 2013 Threat Report showed 83 percent of SMBs surveyed told the security software maker and the National Cyber Security Alliance they weren’t concerned about the rise in hacking. Do you see any signs of progress—that the threat is starting to be taken seriously?

ML: No. To be honest, when I talk at these SMB sessions, to the audience this is new information. The reaction is “I had no idea.” You give them examples of the more recent events we’ve had, and they’re like “Oh my gosh, I can’t believe this is happening.”



This interview has been edited for length and clarity.


Disclaimer: The opinions expressed are solely those of the author and interviewees.  You should consult a qualified computer and data security expert to assist you in developing and implementing sound technology-related policies and practices.

QAkenglickman_Body.jpgby Robert Lerose.


Time is the most fleeting resource at our disposal. We each have the same 24 hours in a day, yet some people perform meaningful work and fulfill their goals more than others. One reason for their success is because they've learned how to manage their time wisely and proactively. As one of the leading authorities on time management, Ken Glickman has given over 1,200 presentations and training seminars across the country for companies such as General Electric, FedEx, Rubbermaid, and others. Recently, business writer Robert Lerose spoke to him about some of the core skills and techniques for taking control of your time, your business, and your life.


RL: How would you define time management?

KG: You don't really manage time. You can't really save time like you save dollars. Time is more like a seat on an airline. Once the plane takes off, it's gone. So you're really managing the things you want to accomplish in life and accomplish for the day. You're managing your activities.


RL: What are three common mistakes that people in general and small business owners in particular make with their time?

KG: One is lack of clarity in goals. A goal is knowing where you want to go. I find a lot of business owners get lost in where they want to go. You can have a really productive day—it seems—get a lot done, check off a lot of to-dos, and yet you're not moving closer to the most important things. So you need very, very clear goals. You have to have a clear vision of where you want to go. Now, you can always change that goal. You're not locked into it. But if you are going to change, make sure it's for the right reasons—not because it just got too tough.


RL: A second mistake?

KG: Not establishing boundaries. Setting boundaries is absolutely critical. They need to be clearly stated, they need to be fair, and then they must be consistently followed. If you set good boundaries, people will most often respect them. For instance, my mentor would set aside each morning and say to people: "If you have to see me, stop by then. My office doors are always open. In the afternoon, they're closed, unless it's an emergency." What happened was, he would train people to see him in the morning if they needed to talk with him.


QAkenglickman_PQ.jpgRL: And a third mistake?

KG: Not organizing clutter. I don't mean so much the clutter on your desk, but your mind becomes very cluttered. And when your mind is cluttered, it creates tremendous tension. When you're tense, you can't be as productive. 


RL: After setting goals, what's the next step?

KG: You have to have a plan. Ask yourself: Where are you right now and where would you like to be? That's the vision. Then, how are you going to get there? What are you going to do—each day, each week, each month—to take you from where you are to where you want to go? That's the overall plan. Then you fill in the yearly goals, the six-month goals, and the weekly goals. It gets down to basically your daily to-dos. Then you have to prioritize. Prioritizing is knowing what's most important and taking care of what's most important first. I didn't say important. I said most important. There's a big difference.


RL: Tell me about that big difference.

KG: Let's say you have the list of things you want to accomplish today—your to-dos for today. Take a little time and prioritize them. There's two ways to prioritize. One is by payoff. Go through that list and assign each to-do an A, B, or C. An 'A' is something that has a very high payoff in taking you from where you are to where you want to go. A 'B' has a payoff, but less of a payoff, and a 'C' has little or no payoff at all. Many times, people [focus] on the Cs during the day.


RL: And the second way to prioritize?

KG: Now, look at urgency. A '1' is something that must be done right away—in the next hour, the next day, whatever. A '2' is something that needs https://smallbusinessonlinecommunity.bankofamerica.com/servlet/JiveServlet/downloadImage/4542/Image-CTA-v2.1.gifto be done, but not necessarily right away, and a '3' is something that has virtually no urgency at all. [Combining them], A-1s get done first at the beginning of the day. Once you've done your A-1s, go to your B-1s. If you have time, then do you’re A-2s. And schedule these. This is very important. Anything you want to get done during the day, you must schedule it or chances are it won't get done.


RL: You're saying to put it on your schedule with a specific day and time?

KG: Absolutely. Whatever you've got to do, you make an appointment, and you shouldn't break that appointment as you wouldn't break an appointment you made for an important business meeting, unless something comes up that you really need to do first. But that's a decision you make.


RL: Small business owners have demands made on their time constantly. How do they say "No" to a request without feeling guilty or causing hurt feelings?

KG: When someone asks them do something, most people will [comply] to make this person happy. But the proper questions to ask yourself are: "If I say yes to this, what specifically am I saying no to? And do I want to say no to that?" If you ask yourself this, you're probably going to come up with the right answer for that time. You can't make everyone happy. When people have requests for you as a business owner, you want to make sure it's very to-the-point, that it's very relevant, because people can take forever to say something. During World War II, Winston Churchill insisted that every memo he got had to be on one side of a piece of paper. 


RL: Managing email and social media can burn through time at warp speed. What's your advice for handling them?

KG: Let people know that you look at your emails and text messages [at a certain time of the day], so they shouldn't expect to hear from you at any other time. You can also have several emails or even several phone numbers. Give one to the people you want to respond to right away—say, your biggest clients—and maybe a different email to your family.


RL: How can you tame mental clutter?

KG: You can really only handle one thing well on the conscious level [at one time]. I carry around several index cards stapled together. When anything comes up that I want to deal with sometime in the future, I write it down and forget about it. When I get back to the office, I take the things I want to keep and I put them on their proper shelf. Then, when I'm planning what I'm going to do next, I simply look at all the shelves and take things down that I want to use that day. So I've organized my mind to get rid of the clutter. 


RL: Final tip?

KG: If you get up early and give yourself an hour to work straight with no distractions—you don't check your email or your texts—and you literally spend that time focusing on the most important things, that hour will probably be the most productive hour of your day.


This interview has been edited for length and clarity.

POS_Body.jpgby Erin McDermott.


Online criminals have been drawing a bead on small businesses’ point-of-sale terminals—what are you doing to protect yourself?


Maybe not as much as you should. A recent industry study by Ipsos Reid showed 40 percent of the small business owners told researchers they have no protocols in place for securing data, a 5 percent increase from 2012. (Scarier: Nearly 70 percent of small businesses surveyed said they didn’t believe that data being lost or stolen would hurt their companies financially or harm their reputation.)


Though point-of-sale (POS) breaches at large companies like TJ Maxx, Subway, and Barnes & Noble have made national news, attacks are adding up at smaller enterprises. Symantec’s 2013 Internet Security Threat Report claims targeted cyberattacks increased by 42 percent last year, with nearly one-third aimed at businesses with fewer than 250 employees. Experts say many more go unreported out of fear of reputational damage or a customer backlash.


Yet mobile-payment technologies are enabling the expanding array of POS registers, from smartphone-based systems and quick response code-enabled purchasing to e-wallets and iPad-based checkouts, with hordes of new users who are often unfamiliar with best practices when it comes to security.


“Part of the problem is that technology seems to be getting ahead of the ability to secure it,” says Jarred White, manager of security engineering services at ControlScan, an Alpharetta, Ga.-based provider of payment-security and compliance solutions. “Technically speaking, mobile’s nothing that we aren’t already accustomed to dealing with, but the distribution model is different, the underlying platforms are a little different, and mobile security professionals haven’t spent a lot of time looking at the security. And that’s what concerns me—how far behind the industry is when it comes to best practices around those technologies.”


And it’s a scary place out there for those with vulnerabilities. The methods of attack seem endless—breaches via WiFi, phony “skimmer” devices, keyloggers, “spear-phishing” emails, and malware, malware, malware.


“We’ve been talking about ‘hockey stick’ growth of malware for a few years, but malware has yet to even slow down a little bit,” says Mark Bermingham, director of global product marketing at Kaspersky Lab. “The guys that write malware are always going to follow the path of least resistance. And one of the challenges for the small business owner is that, for a few years now, many have been saying ‘Why do I have to worry?’”


So what are the best practices to attempt to stay ahead of the bad guys? A talk with a few professionals on the front lines suggests what to focus on.


POS_PQ.jpgStay compliant with PCI-DSS

This is the heart of the card-payment industry’s defense against crime. The Payment Card Industry Data Security Standard is a list of requirements that apply to all merchants that process, store, and/or transmit cardholder data. The rules are strict, but they’re also the first line of protection for your business, your customers’ information, and a firewall against possible penalties in the event of a data breach, provided that your system is in full compliance. The standards are overseen by the PCI Security Standards Council, a governing body that, among other things, also vets the security of manufacturers’ POS devices and recommends safe payment applications (known as PA-DSS).


ControlScan’s White says trouble often occurs when a business doesn’t make the time and effort to maintain and update their systems. “They make excuses when, say, the system has to be taken down for two hours to implement the changes,” he says. “They say ‘That’s two hours of e-commerce or swiping that we’re losing.‘ Or they don’t want to stay up from midnight to 3 a.m. to do it. For them, their bottom line is running a business, and not being a security expert. But really, there is a balance that needs to be struck.”   


Install anti-malware software and update it

“It doesn’t take much to be secure enough to make hackers want to go elsewhere to find someone who hasn’t chosen to be secure enough,” Kaspersky’s Bermingham says. So, get proactive. He points to a combination of three measures for a semblance of peace of mind: 1) “whitelisting,” security programs that make only an index of known, safe software available for download; 2) application-control management, which employs that same standard for trusted apps on computers; and 3) strong anti-malware that uses cloud computing to offer near-real-time protections. Why? Bermingham says that as the IT security industry has become better at spotting scams in progress, many hackers recognize they could be caught quickly and plan accordingly. “The guys issuing this malware recognize they may only have an hour or two, but that’s enough,” he says.


https://smallbusinessonlinecommunity.bankofamerica.com/servlet/JiveServlet/downloadImage/4542/Image-CTA-v2.1.gifDon’t forget to patch. Choose security software that offers automatic patch management and vulnerability scanning. This will ensure users and administrators are always up-to-date and fully notified about any newly discovered weaknesses in programs their machines are running, which could potentially be exploited by cybercriminals.


Harden your technology setup

Keep POS systems and guest WiFi networks separate. Better yet, White says, put them on networks on separate routers. In a brick-and-mortar shop, hide all of the gear away in a locked room or large secure container, to avoid snooping visitors and limit access to the equipment. (The PCI-DSS actually requires the latter.)


Use stronger passwords

First off, don’t use one of these top 25 most popular passwords. All the security measures in the world won’t matter much if the simplest step to take is undermined by sheer laziness. Also, ditch the out-of-the-box default passwords immediately on all devices. Passwords for POS registers should be changed every month and should in no way match the business name or public WiFi access codes. Go off-dictionary, work in some numbers and punctuation, and, whatever you do, don’t write it down and stick it in a place where unauthorized people can see it. Have trouble remembering? Here’s a good guide to password managers.


Educate your staff

Employees can be an excellent line of defense. Be upfront about why policies are in place and how procedures are to be followed. Staffers armed with information about possible threats could later save the day with an early warning about suspicious behavior, fishy calls or emails, or something that seems out of place. (Show them this fantastic infographic from Merchant Warehouse.)


How can you put your trust in staffers, particularly in positions with a lot of turnover?


White says he’s seen demand for awareness efforts. “I think there’s a lot of value in training employees and showing them what they’re protecting,” he says. “The business owner has it in his or her best interest to make them aware of what the risks are, but also to the danger to the business. As in: How can a negative incident hurt our business and, in turn, your job? Not just that you made a mistake and could face disciplinary action, but that the business could take a serious hit financially or to its reputation and could have to shutter its doors.”

AssocRoundup_Body.jpgby Robert Lerose.


As any small business owner can attest, starting and running your own company takes commitment, hard work, and ingenuity. The good news is that you don't have to do it alone. Thanks to the Internet, it's easier than ever to find authoritative answers to the questions and challenges that entrepreneurs face. Here are seven organizations and associations to consider adding to your list of resources. Most offer free or low-cost services, but some charge membership fees, so be sure to check first.


SCORE: A nonprofit association that provides support primarily through mentorships and education. Small business owners can find a mentor from 62 industries for either a face-to-face or email meeting. There are also free business tools, free confidential counseling, and free or modestly priced workshops and webinars at more than 340 chapters across the U.S. and its territories. SCORE also offers expertise in specialized categories, such as minority, rural, veterans, women, over 50, and youth entrepreneurs.


The U.S. Small Business Administration: An independent agency of the federal government that helps in four key areas. The SBA offers a variety of business financing arrangements, provides free face-to-face and Internet counseling, fights for government contracts for small businesses, and represents entrepreneurs before Congress.


AssocRoundup_PQ.jpgNational Federation of Independent Business: A nonpartisan, nonprofit association that lobbies in Washington, DC, and in all 50 states for favorable government policies for small businesses. NFIB membership also offers discounts and buying power for small business essentials such as insurance, credit card processing, office equipment, online marketing products, and more.


National Small Business Owners Association: Focuses on giving members access to various kinds of working capital, insurance products, and financial education. According to their website, they "partner with leading lending institutions to service small business owners who cannot borrow from traditional banks due to business type, a short length of time in business, or an insufficient credit history."


America's Small Business Development Center Network: A network of private, government, academic, and local nonprofit economic development organizations that provide free or low-cost business consulting and training. Operates approximately 1,000 centers around the country. Their website has an extensive list of links to other resources for small businesses.


Business Marketing Association: This well-established association helps members meet their B-to-B marketing and communications objectives. It offers a wide range of programs, reports, surveys, and events that bring expert knowledge and people together.


National Association of Women Business Owners: The only dues-based organization of women entrepreneurs with 70 chapters across the country. Focuses on increasing the voice of women business owners in political, social, and economic leadership roles.

TwitterSecurity_Body.jpgby Erin McDermott.


So far, 2013 seems like it will be remembered in part as the year of the hacker. Cybercriminals and other malicious computer malcontents have targeted seemingly every aspect of modern American life. There’s the Pentagon, ATMs, the media, social media, videogaming, and government agencies.


With the pace and speed of these attacks growing, how can you stay informed about potential threats to your business? A quick and easy way (not to mention free) is tapping into the Twitter streams from some of the best minds in data security.


The experts on this list deliver real-time news and suggestions for action that can help you protect your small business’s computer and financial systems. If you’re interested in this world beyond these experts, just plug in a few hashtags—#security, #infosec, #cybersecurity—to get a taste of the breadth of issues that others are confronting on the information-technology front.



Naked Security


@Naked Security

Here’s the feed from the newsroom created by Sophos, a U.S.-British maker of malware protection and security hardware. The articles are smart reminders of things like new upgrades for search engines and applications, malware and scams to watch out for, accounts of how companies were compromised, and newly discovered flaws that you’ll need to worry about. Naked Security can also be followed on Facebook and Google+, but there’s something about their straightforward news and headlines that are best digested within a 140-character limit. (Add on Sophos’s senior technology consultant Graham Cluley—@gcluley—for even more insights.)


TwitterSecurity_PQ.jpgBrian Krebs



Krebs is a former Washington Post reporter, Security Fix blogger, and self-taught computer expert who became fixated on the world of cybercrime after his PC was infected by overseas hackers back in 2001. These days, he’s an in-demand speaker on computer security and routinely breaks news on his Krebs on Security website, where he reports on his investigations into the sources of the most damaging hacks and scams. On Twitter, it can be exhilarating to watch him spar with underworld elements that have tried to knock him offline. Follow him to be ahead of the curve on flaws and scams that make industry heavyweights scramble to repair—and for his particular attention to the active threats to small businesses. There’s plenty to learn just by reading his interactions with his Twitter followers, too.  


Bruce Schneier



This lauded American cryptographer—an expert in making and breaking secret codes— is well-known contrarian and gadfly when it comes to data security and privacy issues. He focuses on the long view and rational thinking instead of succumbing to fear by poking holes in the perceptions of the safety of new products, such as “smart” appliances and Google Glasses. This is Big Picture stuff, and questions that Schneier raises have often become the early warning system for controversies down the road. His tweets point to his own writings and other articles and off-the-beaten-path news that he finds interesting—and you likely will, too.


Kaspersky Lab



If you’re dealing with online commerce, this Twitter feed is a must-have. Its value comes from the fact that it’s not just a corporate site; it’s a smartly monitored source for breaking news on the security of tools that small businesses use every day. For instance, followers can check out flaws in the PayPal system and Drupal programming code vulnerabilities. There’s also a weekly roundup of the latest arrests and scams that have been discovered around the world, and a helpful site for those using the Kaspersky toolbox. It offers a daily supply of tips to harden your internal systems and alerts users to numerous reports of questionable activities that its worldwide user base is encountering. 


E.J. Hilbert



E.J. Hilbert’s career reads like the Forrest Gump of online crime fighting: A former FBI special agent on the Web’s frontlines against terrorism; MySpace’s chief cybersecurity expert; and now Kroll Security’s top mind against spammers and scammers. He’s now moving on to London to take on hackers from across Europe, Africa, and the Middle East. His Twitter feed offers an intriguing inside look at the people and agencies who are going after the bad guys, how the investigations unfold, and the cyber threats he sees occurring on a daily basis.

QAdavidlewien_Body.jpgby Erin McDermott.


Your staff is your personal cavalry when it comes to running a small business. But how do you keep them on guard for a potential hacking attack? David Lewien is the president of Go West IT, a technology-services company based in metro Denver. (Why Go West? He says it signifies helping clients choose their direction.) Business writer Erin McDermott spoke with Lewien recently about dealing with employees’ personal mobile devices, getting serious about growing threats, and keeping a small business’s staff armed with the information they need.


EM: There have been reports that the private accounts of the First Lady, Vice President Biden—even Beyoncé—had been hacked and their personal information stolen. A month ago, it was the New York Times and Washington Post confronting hackers. Is the message starting to filter down to small business customers that data breaches are something they need to be worried about?

DL: I think businesses and individuals are getting the message that security breaches are something that is possible for them and that they should be concerned about. I think there’s still a big gap between the knowledge that it’s a problem and what they should do about it. That gap exists for most small business owners that I talk to. Many don’t know how to prevent breaches or where to turn to for help.


EM: Security experts say it’s often an internal factor—they call it “social engineering”—that the bad guys exploit to gain entry. How can small companies work with their staffers to make them more aware that these threats are out there and keep them up to speed on how to prevent problems?

DL: IT security for small businesses is not unlike it is for larger businesses. It’s just a scaled-down version in terms of scope. IT security for small business encompasses a lot of things, social engineering and the entry points through personnel is absolutely a component of that.


There are lots of entry points and the approach that businesses should take, from a security standpoint, is to have layers of security that include the use of network security devices, third-party filtering, policies, and procedures to prevent attacks on a very broad scale. Of course, that’s more difficult for small businesses because they generally don’t have the resources, knowledge, or personnel to handle all of these tasks.


We recommend some very basic things from a pure operational, functional standpoint. A good business-class firewall—we distinguish that from a consumer-grade firewall. So the firewall you buy at local retailer isn’t necessarily what a small business should be using. The cost difference between a business-class firewall and a consumer-grade firewall is negligible. The firewall protects the business at the Internet gateway and is the first line of defense between your network and the public Internet. It’s also very important for small businesses to make sure they have a good, business-class antivirus application running on all of their machines and that it’s constantly updating. That’s also relatively inexpensive to put in place.


QAdavidlewien_PQ.jpgFrom there, it’s about handling internal resources—personnel. The most important thing, in my opinion, is managing credentials for access to your systems. Having policies, procedures, and controls in place to make sure employees are using complex passwords that are changed on a routine basis—that’s the key to your first line of defense. Then it becomes a matter of educating users about the appropriate use of company resources: the company’s WiFi connection, the personal computers, and even the company websites. That education starts by sitting down with users and saying: “Look, these are the types of threats that we may encounter,” and then set forth ways they can mitigate the risks around those threats.


EM: Let’s talk about educating the staff. In the case of the New York Times, it appeared to be rogue emails—for instance, one of those win a free iPad offers—that someone clicked on and gave hackers entry into their system. How can a small business keep everyone informed about these changing threats?   

DL: The key, like any training program, is routine and frequent touches on this. For most of our customers, we recommend that they hit on this on a recurring basis. Keeping employees aware of the risks and the potential damage that can be caused by a breach is something that could be done, say, every two weeks at a staff meeting. Say to them: ‘Hey, everybody. Please remain diligent. We saw again in the paper today that there have been these attempts to gain access to peoples’ computers by phishing scams, like promising a free iPad. Keep your eyes open for that. Anything that looks out of the ordinary, please be cautious of it.’


By bringing this up in a recurring fashion, it seems to have a bigger impact than, say, an annual training session where everyone just signs off on a memo.


EM: From the IT security end, what are you seeing with mobile devices?

DL: First and foremost, we see them being connected to the corporate networks. For small businesses, I have not seen a rash of successful attacks launched from those devices, but I personally believe we are headed in that direction. They’re relatively weak from a security standpoint and the people trying to launch these attacks are constantly pushing the envelope and looking for the next best way into corporate networks.


Because everyone realizes these devices are connected to corporate networks through WiFi, it’s just a matter of time before we have viruses and spyware that are written to sit in waiting on a personal device. Then once it’s connected to that corporate network, it will do its dirty work, gathering passwords or credentials or mapping the network for a more sophisticated attack. I don’t see it a lot with small businesses yet, and I think a lot of businesses are allowing those devices to be connected to their internal network without an understanding of the risk. As a side note, those devices also consume valuable bandwidth intended for business purposes.


My recommendation is that small businesses consider having a separate guest network that’s not part of the company network for employees and these devices. It’s a discussion to have—here’s a connection for your iPhone where you can keep tabs on your kids or whatever you want to do—we only ask that you not connect to the internal corporate network.


We can deploy technology to prevent personal devices from connecting to the corporate network but most small businesses aren’t investing in these technologies now. If breaches increase as a result of connecting personal devices, we may start to see smaller businesses stepping up to invest in these systems. Again, education is key. Let people know this is a problem. Tell people to be aware of what they’re doing on their cellphones—and, particularly with iPhones, we would encourage users not to “jail-break”—modifying the phone to run unauthorized software—their devices. There is some security set up around Apple iOS from a supported vendor like AT&T or Verizon, and when they jail-break the devices, they leave themselves wide open to some risks they wouldn’t face if they hadn’t done that.


EM: What about regular old company mail?

DL:  Aside from web browsing, it’s the most common entry point for spyware and viruses on a network. We recommend to our customers that they implement a good third-party spam and virus filtering solution for their email. Even if filtering is in place, there is still a small chance that phishing emails or viruses can slip through the filters.


Then it’s about educating users about clicking on links in emails. Unfortunately, we all need to click on links sometimes—it’s what we do on a regular basis. It is part of how we communicate with the rest of the world these days.


It becomes a question of what do we do if we suspect there’s been a problem. The last thing we want is for an employee to be concerned that they clicked on something they shouldn’t have and then don’t say anything about it for fear of losing their job or being reprimanded or being criticized. We tell our people that we want your employees to raise that big red flag when they think something has happened—anything out of the ordinary: “After I clicked on this link, my computer started running slow.” Raise a red flag and have someone check it out. Or when you open Internet Explorer you are suddenly taken to an unfamiliar search page. Those are the symptoms that should raise attention and be sure that someone who knows what they’re doing investigates. Those are telltale signs that something underneath is doing harm. We want users to understand that this can happen to anyone. It doesn’t mean you were doing something you weren’t supposed to. Let’s just identify those problems so they can be remediated.

CloudStorage_Body.jpgby Jennifer Shaheen.


It took less than a minute—just long enough for the Starbucks barista to confirm my order—for a small business catastrophe to occur. While my back was turned, some sticky-fingered thief swiped my laptop.


You can imagine my reaction. Like many small business owners, I used my laptop as a key element in operating my business. Everything was on there: projects in development, banking, employee information and more. Recreating that information from scratch would take hours, weeks—in some cases, months! The risk exposure was tremendous, both financially and in terms of my team’s personal security.


But this story has a happy ending. The fact that our company uses cloud-based technology for our operations meant that I could, using my smart phone, remotely disable access to all critical data. The thief had a nice laptop, but they didn’t have a way to rip off my personal or professional information. Better than that? My total downtime was less than ten minutes.


What is “the cloud?”

The cloud is just the latest, most powerful incarnation of a very old (in tech-time terms) concept: remote computing. Cloud computing is the delivery of computing services, such as storage or software, over the Internet as opposed to those services being hosted on an individual user’s computer. When you use Gmail or QuickBooks Online, you’re using a cloud-based service.


Some cloud-based firms offer free services. Google Docs is a suite of services that provides word processing, spreadsheet, and slide-show software; FreeCRM offers lead management, and Evernote promises to help you remember everything. Other services charge a monthly subscription fee, including Microsoft’s Office 365, Adobe’s Creative Cloud, and 37signals’ Basecamp project management platform.


CloudStorage_PQ.jpgEmpowers Innovation

“When a small store I owned needed a better method to log packages in and out, we realized that we would have to create our own,” says Patrick Weir, president of EZTrackIt, a package tracking service. “Cloud computing allowed us to create a solution that could be shared easily among computers, both our own and then to clients. This made the solution possible not just from a technical perspective, but also from a business one.” Without access to cloud-based technology, developing services like this, that depend on access to significant amounts of computing power, would be cost-prohibitive.


Enhanced efficiency

“As a small business owner, cloud-based services have streamlined many of my administration functions, provided additional back up for business documents, and enabled easier access to those documents from multiple locations,” says Janet Hoffman, president of HR Aligned Design, a New York City-based human resources consulting firm. “Sharing documents and keeping versions current with multiple parties has become easier.”


The cloud has also had a transformative effect on small business’s ability to collaborate and compete. Services such as Google Docs and Dropbox facilitate document sharing, while remote conferencing platforms like WebEx and GoToMeeting enable multi-media meetings. The cloud’s ubiquity has made it the go-to solution for connecting with clients and employees, no matter where they’re located.


Better back ups and superior storage

Computers crash. Clouds don’t. One of the primary benefits of using cloud-based technology is that your business is protected against computer crashes and loss. We can’t forget about operator error, either. Failing to hit “Save” at a critical moment can result in catastrophic data loss. When you’ve got a customer waiting, there’s not always time to re-create all of your efforts. Cloud-based storage preserves your data so it can’t be lost due to human error or natural disasters. Retrieving your data from the cloud is simple and easy.


Additionally, the data storage capacity offered by cloud-based services is exponentially greater than the amount the typical small business owner could expect to access on their desktop. The alternative, offline approach would be extremely costly and labor intensive for a small business, as it involves saving data to an external hard drive and then moving that redundant storage platform offsite. 


Is the cloud secure?

According to John Souza, president of online training company Social Media Marketing University, choosing the cloud can offer better security than offline options. As proof, Souza cites a recent report by Alert Logic, a cloud-based security provider. That report found 46 percent of corporate security systems were hit by brute force attacks, versus 39 percent of cloud providers. Further it found malware had gained entry into 36 percent of on-premises computer systems, versus only 4 percent of cloud-based systems.


But small business owners still need to do their research. “The bad news is that security on the cloud is pretty uneven. Many sites can and do share all kinds of personal information about their users to other companies and to the world at large,” says EZTrackIt’s Weir. “The good news is that many more sites protect their user data with a zealous passion. The trick is knowing which is which.”


When asked for best practices small business owners should follow when using the cloud, Weir points to three simple things to keep in mind: money, reputation, and privacy. For example, that ‘free’ service might not be such a good deal after all. “Every website needs revenue to keep their lights on,” he notes. “If their service is free then odds are they are getting that revenue by selling your information.”


“Be aware of what your responsibilities are,” says Hoffman. He cautions small business owners to hold cloud services to the same expectations of security and privacy they would have for on-site data storage. “Depending on the business’s function, these standards may involve legal requirements and could be higher for some than for others,” he explains. “For instance, there are government regulations about handling credit card information and personal health information. Businesses should move forward with leveraging cloud based solutions by taking the time to consider all implications for their business.”

Community Actions

Filter Article

By author: By date:
By tag: