While Microsoft’s Internet Explorer enjoys a wide following including many businesses, the downside is that it becomes a prime target for hackers to exploit and abuse. One such instance is the recent discovery of a new flaw that allows hackers to “cookiejack” or hijack information from cookies from any website. Despite a few flaws, Internet Explorer remains one of the most commonly used browsers in businesses today, making it a ripe target for hackers looking for security flaws to exploit. One such flaw has been discovered recently by a security researcher in Italy. Dubbed “cookiejacking”, the flaw allows hackers to hijack a cookie of any website, thereby allowing them to gain access to passwords, credit card information, and various other data stored in the cookie. The flaw is found in any version of Internet Explorer in any version of Windows. However, users must first drag and drop an item before the exploit can be activated. It might sound like a bit of a stretch, but hackers are known for their creativity, so expect that a seemingly appropriate situation will be presented in which you will find it perfectly normal to do a drag-and-drop action. Microsoft responded to the threat by labeling it as “low risk”, citing the level of user interaction required for cookiejacking to occur. It did, however, encourage users to be more vigilant and alert, as well as to refrain from clicking suspicious links and visiting dubious websites. Regardless of what platform or OS you use, there is always the constant threat from cyberattacks – all it takes is one attack to break through and put important business data at risk. It is essential to always educate users on how to avoid being victimized by scams and hacks, and to have the right security software to ensure that your company’s information is safe and secure. If you are interested in user training for security and / or better security protocols, please give us a call and we’ll be happy to draw up a custom security blueprint that’s tailor-made to meet your needs.

Securing your business data is twofold. The first part entails having the right security software and security policies. The second is providing the right user training to your employees, making them more aware of the different scams and ploys used in socially engineered cyber-attacks. One of the things many people fail to realize is that securing business data from malware and other sorts of cyber-attacks doesn’t stop with implementing the right security software. These days, cyber-criminals also use all sorts of tricks to bait unsuspecting employees into being catalysts for malware entering your system. Reports cite that as much as 60 percent of cyber and malware attacks on businesses are done through social engineering – meaning that instead of a direct attack on your system, hackers are using ploys found on email and social networks to get people in your organization to unwittingly introduce malware into your IT infrastructure. This is why it’s equally important to put emphasis on training your employees to recognize common cyber-attack strategies such as phishing, or how to use proper virus scanning software so any external or thumb drives they plug into their computers are malware-free. Remember, it only takes one mistake from a gullible employee to open the gates of your system to keyloggers and other sorts of malware and viruses. Keeping your company’s IT system safe is an investment. Getting the right security protocols and then training your employees to not only use and respect these protocols but also be more aware about security risks goes a long way in keeping your data safe and your operations stable.

MacDefender is the name of a newly discovered malware program that targets Mac OS X users. Disguised as an anti-virus program for Macs, it dupes – and if that fails, bullies – users into entering credit card information to pay for fake anti-virus software. It is a widely held belief that one of the reasons Macs are superior to other systems is because of their ‘invulnerability’ to viruses, malware, and similar threats. All well and good, except for the fact that a recent rogue anti-virus malware that specifically attack Mac OS X systems has been discovered. So much for the ‘Mac = no virus’ myth. Called the ‘MacDefender’ and also known as Mac Security and Mac Protector, this malware tricks users by having them think that their system is under attack. It begins when users visit a malicious website where the program automatically downloads itself to the computer. If you have the “Open safe files after downloading” option selected, it automatically installs itself onto the system. The original installation package is then also automatically deleted. Next, a new menu item appears on the Mac OS X menubar. You’ll see a small orange shield that becomes red, which supposedly means that there are viruses in your system. You’ll then be prompted to “register” – which involves giving out your credit card information – to a website to clean the virus. If you don’t, the malware will then direct your browser to porn sites to ‘encourage’ you to register and pay up. To know more about how MacDefender works, check out this video . While Macs are certainly targeted less than Windows systems, the threat of getting infected by viruses and malware is very real, especially if myths like Macs being impervious to viruses persist. To know more about protecting yourself from threats like these, please contact us so we can draw up a plan to keep your system safe and secure.

Google is testing the waters of the electronic wallet with retail and online shopping industries by introducing a new service called Google Wallet. Google Wallet allows users to make purchases and earn loyalty points and coupons – all from a single smartphone. Smartphone technology has grown by leaps and bounds these past few years, and having a smartphone these days is almost synonymous to being online all the time. Software giant Google has decided to tap into this phenomenon with a new service called “Google Wallet”, which enables users to make purchases and payments from their smartphones. Partnering with Mastercard, Macy’s, Subway, American Eagle, Citibank, and Sprint, Google assures users that their e-wallet service is safe. The service requires that smartphones have a special chip that allows the user to simply “tap” or “swipe” the phone at participating stores to pay for merchandise or services. When you swipe your smartphone’s e-wallet, you also earn coupons and points for rewards. The technology is also designed so that the user can turn the chip off when Google Wallet is not being used, making it safe from hackers. If the smartphone is lost, the data can also be wiped remotely. A similar system to Google Wallet has been operational in some countries including Japan for some time now, but its use is limited to only certain areas and stores there. While the concept of Google Wallet has great potential, there are still several limitations to the system as Google continues to look for more partners for the enterprise before its official launch, which is slated for within a month or two.

As more and more incidents of online identity theft are reported, it’s important that users become more aware of how they can prevent themselves from becoming the next victim of identity theft. Following some simple tips can help you make your online experience a much more secure one. Security experts are seeing a rise in the incidence of cyber-crime these days as more and more people use the web for their day-to-day needs. No one is spared – both businesses and private individuals have become victims of opportunistic cyber-criminals who take advantage of loopholes in security systems and a lack of foresight and alertness on the part of users. One common cyber-crime is identity theft, in which hackers steal and assume the identity and personal information of someone else. Under the guise of the usually unknowing victim, these unscrupulous individuals commit fraud or other crimes. While there is no 100% guaranteed way to be safe from identity theft when online, there are a number of steps you can take to protect your identity and your data. Have the right security software. One of the keys to keeping your identity and data secure is having the proper security software in place to protect your system. Also make sure to update the software regularly. Know the modus operandi. It’s also important to be aware of the different scams and techniques hackers use, such as phishing, which involves duping the user into clicking a legitimate-looking (but fake) link that has the victim enter personal information or download a file that introduces malware into the system. The rule of thumb is that if an email is unsolicited, there is a high probability of it being a scam or phishing email. Be stingy with your personal information. Be sure to only fill out personal information on sites that are legitimate and that you trust, and even then, only if you absolutely need to. Check and double check things like the URL or the company’s tag line to know if a site is what it says it is and whether it is secure. Phishing sites also look legit – but a careful look should be enough to tip you off that something’s amiss. Create unique passwords. The more complicated your passwords are, the harder they are to guess or hack. So don’t pick generic passwords like “password” or “12345″ or things like your birthday or wedding anniversary. The best passwords are alphanumeric – a combination of both letters and numbers. Secure wireless networks. It’s important to allow only the right people to have access to your wireless networks. Besides saving bandwidth, this also prevents leechers and hackers from using your connection to tap into your system or use it for unscrupulous activities. To know more about keeping your identity and data secure, please give us a call and we’ll be happy to discuss a custom security solution that meets your specific needs.

Losing data to a natural or man-made disaster can be devastating – but the protective actions you can take are not. What would happen to your business if you had a major data loss? The possibility is definitely there; this can’t be denied. Data loss disasters come in many forms, ranging from simple human errors to “acts of God” that cannot be controlled. However, you can control how you prepare for them. Here are eight questions you can ask yourself to test your disaster preparedness. First: Do we back up our data? It’s amazing how many small businesses do not have a backup system in place. It’s so easy to assume disaster won’t strike you. But data loss doesn’t always come from huge, cinema-worthy disasters. They can result from simple everyday errors – yet have huge disastrous results. Don’t let this be you. Do we back up all of our account information? Many small businesses tend to keep their accounts data on one employee’s PC, instead of the network which is on their backup schedule. But what if you lose your customer database? Be sure it’s included in the files to be backed up. Do we back up our email files? Ever wish you had that one email from a few months back, in which a customer gave you the “go ahead” – but now they’re refusing to pay for your work? These days, email is increasingly used as legal evidence of agreements or notices to proceed. If they’re included in your backup, you can easily pull up even deleted emails – received or sent. Is our Calendar and Contact information backed up? What if you came to work one morning and your online calendar and address book was gone? What appointments and communications would you miss, and at what cost? Most of the time, by default your Outlook Contact and Calendar files are stored on the individual PCs. Make sure these files are included in your backup set. Do we back up folders and files from each computer? In addition to important information that is stored in shared networks, think about the files that each of your employees create and use on their own hard drives. Spreadsheets, letters, memos, databases – wouldn’t it be a shame to lose all that work? Are we always saving our files to an area that will be backed up? Consider where each and every file your work on is being saved. Will it be included in your backups? Develop policies and educate your employees on where to save their work so it’s included in your backup schedule. Do we back up data frequently enough? This answer to this question is – how much work are you willing to risk? Say you complete an important contract on Tuesday morning, and an employee accidentally deletes it that afternoon. But you only run backups on Monday, Wednesday, and Friday. Bye-bye contract! A more frequent backup schedule would have saved the day. Do we know where our backups are and how to use them? If you use USB drives, external hard drives, or backup tapes for your backups, are you storing them offsite in a safe place? Even if your files are backed up to the cloud, do you know how to recover them in case of an emergency? Knowing your backup system and keeping it safe will ensure you can get back to business quickly and efficiently. Even if you already have a backup system in place, take a few moments to think about your specific business. If the unthinkable happened, exactly what data would you need to get back up and running? What could you not operate without? Once you identify these things, simply make sure they are included in your backup. Need help? We’re experts in guiding small businesses in setting up a backup system that meets their unique needs. Give us a call today to discuss the options available to keep your business data safe and sound.

The ROI Series: Calculating the ROI of a Technology Investment—Part 4. Cost savings are usually important to small businesses even in the best of times. New technology solutions may be necessary for survival and growth, however — and they may not be as expensive as you think when you consider their return on investment (ROI). In this four-part series, we’ll explain what ROI is, help you understand indirect ROI, and provide guidelines for predicting and measuring the ROI of a technology investment. Part 4: Measuring ROI If you’ve been following this series, you’ve already learned what ROI is and how you can use it to make sure your technology implementations are profitable. But the process doesn’t stop there: it’s important, once you’ve implemented a new technology solution, to track its benefits. There are many direct and indirect benefits of implementing new technology, as we’ve described — but in most cases, companies don’t know what they are. In many cases, what you measure is clear. Consider a service company that implements customer service software designed to help phone representatives more quickly resolve customer issues. To determine ROI, the company simply measures the number of calls per employee before and after implementing the software. In other cases, companies don’t measure what we call the relevant “value drivers.” Some companies don’t know what to measure; others know what to measure but don’t know how to do it. The end result: only 17 percent of CFOs measure ROI for outsourcing projects, according to Hewitt Associates. As an example of how this could happen, consider a manufacturing company that implements software designed to reduce errors in a product line, thereby improving quality. While the company may be tracking the increase in quality (in the form of fewer returned goods, for example), it may not be considering other value drivers. How about waste? We can assume that quality has improved, fewer products have been scrapped — but the company doesn’t have a business process in place that can track costs incurred from waste. How do you identify value drivers? Follow the workflow. IT will always impact your business processes in some way. For example, it might eliminate, create, or change a business process. So to identify value drivers, look at the results you hope to achieve from these business process changes. As an example, consider the service company we referenced previously. As a result of its new customer service software, the company might reduce its customer service employees from five to four. This change in business process shows that one value driver is the reduction in labor costs due to increased efficiency, resulting in a direct ROI. Another value driver might be improved customer service, resulting in an indirect ROI. As another example, consider a company that implements software to track employee performance against objectives. In the past, it has paid bonuses randomly; now it has a methodology. This change in business process shows that one value driver is the savings in bonuses not paid due to non-performance, resulting in a direct ROI. Another value driver might be improved employee morale and effort, resulting in an indirect ROI. Generally, a year of data collection should be sufficient to determine the changes in costs and revenues that will drive both direct and indirect ROI, providing you with solid data to determine just how effective your IT investment has been.

Security experts are discovering an emerging trend in cyber-crime these days as more and more SMBs become attractive targets for cyber-thieves because of their inadequate security measures. Reports have shown that cyber-criminals can siphon off as much as $70 million worth of accumulated resources. There is a misconception among many SMBs that they are small targets for would-be cyber-attacks. “We’re too small a company to be of any worth” is the mindset of many. However, there is an ongoing trend in which smaller companies actually find themselves victims of the most elaborate and vicious cyber-attacks. Why? Security experts are discovering that SMBs tend to have less or inferior security protocols in place to counter cyber-attacks. While this was of little consequence in the past, cyber criminals are now starting to take notice of the fact, and are exploiting it to their advantage. And it’s profitable too – an attack on one SMB might not amount to as much as a larger organization, but given the greater ease through which hackers can attack smaller businesses, they more than make up for the difference in the volume of companies they target. According to several news reports, these cyber-thieves can make off with as much as $70 million. The more unfortunate fact is that smaller companies are less able to counteract the effects of losses from cyber-attacks. This is why you should stay one step ahead of cyber-thieves by updating your security systems. Short term or long term, it’s a practical solution to keep information and data safe, and your operations stable. Give us a call today – we can help.

Cloud computing refers to the “next evolution” of the Internet and how users (you and me) access, store and work with applications, files, e-mail, data and more. Instead of having all your files and applications stored on a PC or laptop, cloud computing puts this workload onto a high-speed, high security server that you access via any Internet connection or device. Why do this? Several reasons: You can connect to your files and applications from anywhere on (practically) any device. You’ll save a lot of money on IT support, maintenance and software since those responsibilities are assumed by your cloud provider. You only pay for the applications, storage and software you use. A good comparison for this system is the way you access the electricity that runs into your home or office. To use it, you just plug the appliance of choice into any outlet. Like electricity, which is metered, with cloud computing you just pay for the services you use. Most cloud solutions offer instant backup and the ability to be back up and running again fast. Since your files and applications are hosted online, a failed server or PC won’t put you out of business, and the chances of a data center going down (the place where your files and apps are stored) is very, very slim. Chances are you’re already using cloud computing without even knowing it. If you bank online, access an e-mail service like Yahoo! Mail or Gmail, or use an e-mail broadcasting service like ConstantContact, you’re using cloud-based apps (also called SaaS or “software as a service”). Many businesses are moving to cloud computing because it frees them from having to install, maintain and upgrade expensive, overblown PCs that cost a lot to maintain. It also makes adding and removing users (or employees) quick and easy since you simply pay for what you use each month and nothing more. Other advantages include unlimited storage, automatic backups, higher-level security and the ability to access your information from any device anywhere. Plus, cloud-based networks don’t require the ongoing maintenance that traditional server-workstation networks require. However, not every application or situation is suited for the cloud. While many line-of-business applications still can’t be hosted in the cloud and require a commercial-grade Internet connection with a backup such as DSL or cable, there’s no doubt that cloud computing is here to stay. Advances are being made rapidly to make it the better solution for most businesses. Of course, we’re here to help you understand your options and the pros and cons.

The ROI Series: Calculating the ROI of a Technology Investment—Part 3. Cost savings are usually important to small businesses even in the best of times. New technology solutions may be necessary for survival and growth, however — and they may not be as expensive as you think when you consider their return on investment (ROI). In this four-part series, we’ll explain what ROI is, help you understand indirect ROI, and provide guidelines for predicting and measuring the ROI of a technology investment. Part 3: Predicting ROI As we explained in part 2 of this series, you can’t measure ROI simply by asking what a technology implementation will do for your bottom line. However, if the new technology leads different parts of your company to collaborate, which in turn produces better goods and services that lead to top-line growth, then your ROI is likely strong. Getting at those indirect ROI numbers, however, may be the greatest challenge of ROI analysis. Few models exist to guide you, and with good reason: determining ROI involves looking at many components, then applying those components to your particular situation. But there are things you must take into account, from both a cost and a benefit perspective, when considering the ROI of a technology investment. Your existing technology infrastructure. There are few companies without existing technologies in place, and any new solution will need to work with these systems to be effective. There will likely be costs associated with the new technology’s impact on existing systems — but there will also be benefits. For example, a new technology might automate the tracking of hourly employees’ work hours. Or, it might offer more efficient collaboration. Your business processes. A new technology can clearly improve your business processes by reducing downtime, improving productivity, and lowering costs. But implementing the new technology will likely involve training staff in using the technology — and that can have associated costs. Your external relationships. Finally, no business is an island. Your systems may link to customer and vendor systems. As a result, any new technology may impose constraints on or require changes of external organizations or individuals — in the way information is delivered or received, for example. To solve this puzzle, it can be helpful to ask three different but related questions about the technology solution’s direct and indirect costs as well as its efficiency. Direct costs: Can you afford the technology — and will it pay for itself? To answer these questions, you’ll need to know the cost of the solution itself and the monetary value of the resources used to implement it, measured in standard financial terms. You’ll then compare the dollar cost of all expenditures to the expected return in terms of the projected savings and revenue increases. You may need to project the cost and return over a multi-month or multi-year time span in order to show a payback period. Indirect costs: How much bang for your buck will you realize? Now the analysis becomes more complex. Analyzing the effectiveness of a technology solution requires you to look at its costs in relation to how effective it is at producing the desired results — in essence, to expand your measurement of ROI beyond cost savings and revenue increases to include performance relative to your company’s goals. Efficiency: Is this the most you can get for this much investment? Finally, you’ll want to ask whether the technology will produce the greatest possible value relative to its direct and indirect costs. That can present difficulties, as it will require you to conduct a similar analysis on many alternatives, perhaps simulating the performance of the alternatives in some way. These three types of measurements differ in several ways. While the first is based simply on financial metrics, the second includes the quality of goods or services, customer satisfaction, employee morale, or in the case of some companies (such as manufacturers of “green” products or non-profits), social or political benefits. All of these measurements, however, will help you answer the same basic question: Which technology investments will pay off in the long term? In the next part of this series, we offer specific tips for measuring ROI.