Archive for

Best Resources for Small Businesses

Being a successful small business is not easy. The five core challenges most small business face are time management, pricing, cash flow, managing growth and marketing / client acquisition. In order to succeed, you must arm yourself against these challenges. The good news is that there are a number of fabulous resources to help you with these issues.

Actively seek out the right small business information.
Many small business owners are so over-extended that they neglect staying informed about business trends. This is a fatal error. In today’s modern marketplace, you simply cannot succeed if you run your business on intuition alone. You may stay afloat in the short run, but you will eventually lose out to better informed competitors.

There are a number of incredible online resources that are both free and invaluable. Sites like Inc.com and Entrepreneur.com provide tips on just about everything from starting your business to navigating advanced legal issues. They feature in depth information on running your business, leadership / management techniques, sales & marketing tips, small business technology and finances.

Helpful Tip: Set aside at least 1 hour each week to review these sites. If you find that you prefer to read in bed, consider subscribing to a few of these magazines. This information will make you and your business stronger.

Know your industry and target market in real time.
In our modern age, trends shift at break-neck speed. It is important to stay abreast of developments in both your industry and your target market’s microcosm. After all, more often than not, what concerned your target market 3 months ago is now ancient history.

Subscribe to industry related publications and consume the same media as your target market. If you sell jewelry for eco-friendly women in their thirties and forties, spend an hour each week reading news and publications that are relevant to that market. Likewise, be sure to check industry news every week. For example, using the same eco-friendly jewelry analogy, you might read up on green product developments, new fashion trends or even ecological political issues.

Helpful Tip: Set two separate Google Alerts – one on your industry and one for your target market – to send you period updates on relevant news. Google will send these news stories to you automatically, making it easy to skim over the headlines and read through the meaningful stories.

Find the right on-line partnerships.
The proliferation of online office supply stores makes economically and efficiently stocking your office a lot easier than it was 10 years ago. Buying office supplies online takes less time and makes price comparison easy. Because of online competition, online suppliers are eager to earn your business. The good ones will provide a wealth of free information on their site and happily take your calls to field questions and offer advice. For example, if you are looking for discounted printer ink cartridges but are a little confused about toner versus regular stores like compandsave not only provide free yet invaluable printer cartridge information resource center but they also eagerly accept calls and offer advice on how to save on office supplies.

Helpful Tip: When you find a supplier with great prices and customer service, hold onto them for the long-haul. A good supplier relationship can save you thousands, streamline your operations and free up your time so you can focus on growing your business.

Rethinking IT Management For Small Business

Why the traditional approach to technology staffing does not work

Most small business owners are frustrated with the time and capital demands of their technology investment. Technology is expensive, ever changing and the contribution to the bottom line is not always apparent. Attempts to be deliberate with technology architecture decisions leads to more questions;

  • How can every printer vendor promise to save me more money than the other ones?
  • Can I get all of the collaborative email features I want without having to hire a full-time email administrator?
  • Why is the right CRM so hard to find?
  • Are we really protected from viruses and spam? How many programs do I really need to buy to be ‘protected’?
  • Does our website REALLY help us get more customers?
  • Which hand-held should we standardize on? Blackberry? Which service? AT&T? Verizon? Is there really a difference?
  • Are we really getting the best deal on our technology lines? How do I compare DSL? T1′s? PRI’s?
  • What do we really need??

These questions leave most small business owners with the conviction that their IT investment is not optimized but they need help to get through all the data and conflicting opinions. There just isn’t time to do the research to properly understand the value of the various technologies. The logical progression is to hire an administrator to manage the technology investment. This works for a while but ultimately this leads to an uneasy truce with the IT solution, the systems do ‘enough’ of what is needed and is supported by staff with a tolerable mix of technical skill, sufferable personalities and some understanding of what the business really needs. Small business managers accept an infrastructure that is adequate because there isn’t time to delve into IT personally and the administrators are not able to able to actualize tangible business advantage with the current technology.

The cause? Small Business Information Technology departments attract technicians. People that make excellent support personnel and administrators. What is missing is the strategic thinker. Someone with an understanding of the technical tools AND both the financial and operational background to establish a comprehensive plan for the business that is financially justifiable, technically efficient and business appropriate to grow and evolve with the company.

This understanding highlights the need to hire technical personnel with more experience and deeper knowledge in business administration. Being a technician isn’t enough, the candidate must be aware of the needs of the specific business, the marketplace, competitors, industry trends and be able to evaluate the total cost of ownership of potential solutions and weigh that cost against the value of devoting the resources to sales, R&D or marketing. Unfortunately, hiring a full-time CIO with this breadth of experience and understanding of the business needs quickly becomes cost prohibitive for most small businesses.

The strategic decisions are critical to get right but the business cannot justify a full-time CIO. The high-end, strategic task of keeping a small business on-track with the IT portfolio may not be a full time job and the right candidate is costly to retain. Still, the in-house administrators, devoted to operational support, do not have the right perspective to actualize the mission of the business. To address this limitation, there is a growing trend in Small Businesses to consider part-time CIO programs. Part-time CIO programs allow companies access to seasoned, senior IT management for the amount of time appropriate for their business needs. Similar to retaining an attorney, this model allows small business to retain low-cost, in-house technicians to support operations while leveraging the depth of experience and knowledge of an experienced executive to establish the architecture standards, develop staff and ensure the alignment of solutions to the corporate strategy.

Part-time CIO programs can be as little as 30% of the cost of retaining a full-time executive without the additional employment package overhead inherent with full time executives. A part-time CIO contributes immediate value to the organization allowing the small business owner to focus on their business with the piece of mind that a highly-trained, experienced professional is addressing the back-end needs to keep the business on track.

Protecting Your Small Business From The Heartbleed Bug

After responding to several retail data breaches, computer security experts have been made aware of a glitch in a popular security encryption protocol, which has left computers, networking equipment, and mobile devices vulnerable to potential cyber attacks, hackers, or cybercriminals. Popular websites such as Facebook, Netflix, Hulu, Yahoo, and Google had initially reported potential vulnerabilities, but have already taken immediate action to patch their systems, update the faulty software, and notify users to update their login passwords. However, what about the small businesses which rely on e-commerce websites to process payments, sell products and services, and store user account information? Although it is highly unlikely your small business may become the primary target of organized cybercriminals, it is possible for your business networks to be compromised by amateur hackers or unauthorized employees who attempt to exploit the software vulnerability. As a small business owner, merchant, or retailer you are accountable for protecting your customers’ cardholder data, personnel information, and sensitive company documents. To ensure protection of your business, learn more about the vulnerability and how it could impact your business operations, and follow the advice to secure your computer networks and mobile devices from potential harm from the Heartbleed bug.

The Heartbleed bug vulnerability manifested from a flaw in the software program code of the Open Secure Socket Layer (OpenSSL) cryptographic application, which is developed by a collaboration of volunteer programmers for the OpenSSL Project. The faulty software code creates memory leaks which can be exploited by skilled computer programmers, hackers, or cybercriminals who could breach computer systems or steal sensitive information being protected by the faulty OpenSSL software. The OpenSSL software is designed to protect secret keys used for encrypted communications of passwords and user names for email, instant messaging, or application data. The vulnerability in the OpenSLL program allows hackers to intercept messages, impersonate users and web services, or steal information being passed between computers over the internet.

The discovery of the Heartbleed bug vulnerability was communicated to the world via information security advisories from the OpenSLL project and via the national cyber security awareness system, maintained by the National Institute of Standards and Technology. However, based on information provided by the OpenSSL project the Heartbleed bug vulnerability has been available for more than a year. The Heartbleed bug is only present in OpenSSL software versions 1.0.1 through 1.0.1, which was included with multiple Android devices and LINUX distributions for OpenSUSE, Ubuntu, Fedora, and CentOS, and OpenBSD. Therefore, any merchants, retailers, or small business owners who rely on the apache server or client operating systems to manage websites, e-commerce, or databases, which have the faulty versions of the OpenSLL software will be affected by the Heartbleed bug.

The biggest concern for merchants, retailers, and small business owners is whether or not their computer system has been compromised during the time period software developers, network administrators, and information security professionals were not aware of the vulnerabilities presented by the Heartbleed Bug. During this period any system running compromised versions of the OpenSSL software were vulnerable to data breaches, stolen security keys, web service impersonation, and unsecure email, internet, or VPN communications. If your business uses smartphones, tablets, or mobile devices with the affected versions of the Android operating system then it is possible these devices could be used by hackers to breach your company’s computer network.

The most significant impact of the Heartbleed bug would be associated with merchants, retailers, and small businesses who rely on OpenSSL software to encrypt cardholder data across the internet, in accordance with the PCI-DSS requirement which requires the use of strong cryptography and security protocols such as SSL/TLS, IPSEC, and SSH. Because there is limited information about Heartbleed bug based attacks, small business owners will need to establish security plans to monitor their networks for data breaches, private security keys issues, or compromised user accounts. Also employees should be made aware of the vulnerability and instructed to monitor and report issues regarding voice-over IP, instant messaging, email, VPN connections, or secure websites. However, the best way for merchants, retailers, and small businesses to protect their computer systems from the potential threats and vulnerabilities of the Heartbleed bug would be to implement information security policies and procedures to ensure you:

1. Perform regular software updates via patch management.

2. Have a comprehensive data backup and disaster recovery plan.

3. Provide security awareness training for all managers, supervisors and associates.

4. Setup an Information Security framework such as PCI DSS, COBIT, ITIL, NIST, or ISO/IEC 27001

If you are not sure if your small business is using one of the compromised versions of the OpenSSL software then you should have your IT personnel review the OpenSSL Security Advisory for technical details, or you can check your company’s website URL using one of the trusted public websites with the Heartbleed bug test. If you determine your company is using a compromised version of the OpenSSL software then you should have your IT personnel either disable the OpenSSL heartbeat extension, upgrade to OpenSSL version 1.0.1g or later, or upgrade the Android or Linux operating system.

To obtain additional information about the Heartbleed Bug or learn more about the OpenSSL/TLS software please visit HeartBleed.com for a comprehensive collection of information about the Heartbleed bug. Information Technology professionals should visit the National Vulnerability Database, sponsored by the Department of Homeland Security National Cyber Division, to review the CVE-2014-0160 vulnerability summary which contains security references, technical details, advisories, and solutions. Finally, network security administrators interested in learning more about vendor specific issues regarding the Heartbleed bug should review the vendor-specific security advisories for Cisco, Juniper Networks, VMware, and LINUX.