Tag Archives: Alexandria (Virginia)

Making the Most of Your Intranet

Seven years ago, INK, Inc., a pay-for-placement media relations firm, needed a way for its staff to quickly share information about potential opportunities for clients. E-mail was too awkward and restrictive, especially where images or video materials were concerned. The answer was for INK to create its own intranet. “This is a really great solution and doesn’t require an IT professional,” says Cindy West, vice president and director of operations. “In fact, I set it up myself.” Using Citrix, and later Microsoft SharePoint, West created what amounts to a portal that all 50 or so INK employees can access, even from overseas. “With the old intranets, you could log in and share stuff, but they were pretty limited,” West says. “With this, we can create a virtual office people can tap into and see what’s going on. They can contribute ideas to accounts, even ones that aren’t theirs. And if they’re pitching one of our clients, they can get all the material they need, including images and video.” There’s no question that intranets are growing in popularity among small and midsize businesses. But what exactly is an “intranet?” An internal data network Strictly speaking, the term refers to an internal network, parallel to the Internet, which exists within an organization and allows employees to share resources. But most users don’t know or care where data is hosted, they simply see an interface that offers password-protected access to company information, documents, and contacts. So the term is commonly used for any secure website where employees can access materials they need, even if it’s a single site on a single server, and even if it’s actually hosted via the Web, and not within the company at all. Using this definition, many types of collaboration software (such as SharePoint at INK, Inc.) can be used to create an intranet. Though passing around video and images is an exciting use for an intranet, “It’s the more workaday things that drive people to our product,” says David Christian, chief technology officer at Mindbridge Software, which publishes the intranet application IntraSmart. Specifically, getting the correct versions of important documents into users’ hands. “Suppose you’re a bank, and you’ve got a whole set of policies and procedures you must provide to every employee,” Christian says. “You could e-mail them around, but that would fill up mailboxes pretty quickly.” Instead, many companies store essential documents in a shared directory within the network, but that creates its own problems, Christian says. For one thing, users copy the documents to their hard drives, but don’t always replace them with new ones as the documents are updated. Pretty soon, they’re working from outdated policies and procedures. Intranets help bypass this hassle by providing the information in webpage form, rather than as a document, making users more likely to simply open the relevant page, whenever they need that information. If the information on the page stays current, users do, too. Starting an intranet of your own If you’re thinking of creating an intranet for your own company, here are some questions that can help you make the right choices: 1. Exactly how will the intranet be used? “Plan it out,” advises West. “You need to have a good idea of how you want to set up the architecture, and what exactly you want it to do.” She herself learned this lesson the hard way. “I’ve had to change our structure twice now,” she says. 2. Will there be an extranet as well? An extranet is a section of the intranet accessible to customers and/or business partners. Providing an extranet was one of the two changes West had to make to INK’s intranet, and it was worth the effort, she says. “When they get mentioned in the media, they can easily find it, and the clips are all there. They can also see what media we’re working on, so they get a good idea of what we’re doing for them,” she says. 3. Will different users need different resources? Most employees may need a link to your company’s health insurance company, Christian notes. Your human resources people may also need administrative access, so they can manage employees’ accounts. Likewise, your sales staff may need links to CRM software that HR people don’t. Consider customizing the intranet interface for different types of users. 4. How compatible is it with existing technology? “The first concern we get from IT people is, how will it integrate with the environment they already have?” Christian notes. For instance, can it use existing credentials? Most users resist having to sign in twice, once to get on to the company network and a second time to get into the intranet. 5. How easy is it to change or add content? “You want to make it as easy to add material as possible,” Christian says. This only makes sense. If updating is too much of a hassle, the documents on the intranet could wind up being just as out of date as what users have stored on their hard drives. SIDEBAR: Internet Resources for Small Business Intranets can help users share information, serve customers better, and stay up to date on important policies. There are literally hundreds of software products that can help you create one of your own. Here are a few that are popular with small companies: HotOffice Thruport Technologies, of Alexandria, Va., provides HotOffice, a Web-based intranet service for small businesses to communicate and collaborate round-the-clock. Pricing for the intranet suite of services starts at $14.95 per month. Microsoft SharePoint A server and service, Microsoft’s SharePoint technologies can help small and midsize businesses set up a portal to facilitation collaboration and supply access to essential information across the business. Server software and services are available through Microsoft’s volume licensing agreements. IntraSmart A product of Mindbridge Software, of Norristown, Pa., IntraSmart is designed for midsize or larger organizations. A hosted solution, IntraSmart starts at $99 per month. Web Office This collaboration software product uses the Internet to make it easier and more cost-effective for small and midsize business employees to work together no matter where they work. Prices start at $59.95 per month and up.

Making the Most of Your Intranet

The Urge to Purge: When to Dump Data

Does your company have a data deletion and retention policy? If not, it’s time to create one, experts say. In today’s business climate, every keystroke you make on your computer can leave a trace on disks and tapes. Even if you think you’ve deleted it, forensic experts or others may be able to resurrect it. And if your company houses such personal information as client credit-card numbers, healthcare data, or proprietary government information, the more careful you must be. The bottom line? You need to safeguard your business from a potential lawsuit. New “safe harbor” rules Under new e-discovery rules, companies following consistent data-deletion policies won’t be held liable for no longer having certain records in their possession. The new “safe harbor” rules, adopted in December 2006, amend the Federal Rules of Civil Procedure. Similar rules are recognized by the National Institute of Standards and Technology (NIST) and other international standards-making bodies. “U.S. and international standards require the regular deletion of sensitive data,” explains Peter Adler, a data and privacy lawyer who heads Alexandria, Va.-based InfoCounsel LLC. “You won’t be sanctioned if you’ve deleted the data.” Nonetheless, companies are reluctant to take this step. “Most companies don’t have formal policies in place,” notes Brian Babineau, senior analyst with the Milford, Mass.-based Enterprise Strategy Group. A big reason? “Most [corporate] attorneys are reluctant to get rid of anything important, and don’t want their clients to look as if they are hiding something by deleting it,” Babineau says. How often you should dump data But having a policy, and following it, could protect your company. How often should you delete or overwrite certain data? It depends what kind of data it is, experts say. If it’s e-mail, companies may wish to delete frequently. “The Washington, D.C. [city] government just implemented an every-90-day destruction of e-mail rule,” notes Adler. Some companies delete e-mail as often as every 30 days, he says. But for other data, companies may opt to purge it every three to every seven years. “We are seeing companies on a three-year cycle, who are just retiring a desktop computer after three years and destroying everything on it,” notes Babineau. Not all data can follow a set cycle. For example, the U.S. Internal Revenue Service advises individuals and businesses to keep basic tax records for at least three years, and basic employment tax records for four years. But there are exceptions to these basics, and the onus is on the filer to follow the rules. Deletion options What’s the best deletion solution for your business? It may ultimately depend on the sensitivity of the data your company stores. First, you must determine how many copies of the data you have, and where it’s housed, by using indexing and search software, notes Babineau. Once you’ve identified what needs to be deleted, here are a few options: Wiping/Overwriting: This technique literally overwrites a hard drive with gobbledygook so it can’t be read. For smaller companies, a good wiping is probably all that’s needed, says Jesse Lindmar, computer forensics division director of Miles Technologies, a Moorestown, N.J. computer consulting firm. With smaller companies, where cost is an issue, “there is no need to physically destroy devices that can be reused,” Lindmar says. The U.S. Department of Defense standard wipe constitutes seven sequential overwrites, Lindmar notes. “The data is not coming back unless you have unlimited time, resources and/or access to high-level laboratory equipment.” Lindmar recommends wiping software such as Intelligent Computer Solutions Inc.’s WipeMaSSter, Active@KillDisk, Jetico BCWipe and WipeDrive. Degaussing: Degaussing involves running a hard drive through enough electric and magnetic energy to fry it so it can’t be read, explains InfoCounsel’s Adler. While the hard drive can be used again, Adler warns that degaussing “is only as good as the organization who does it,” and doesn’t always foil data recovery. Destroying: Actually shredding and disposing of the hard drive. “It’s so inexpensive to do this,” notes Elizabeth Wilmot, president of Capitol Heights, Maryland-based DataKillers. DataKillers will destroy 10 hard drives for $15.50 per hard drive, and notes that replacing hard drives has never been cheaper. “If you have it, it can become fodder for a lawsuit,” she says. “If in doubt, shred it.” While developing a data retention/deletion policy is complex — and likely to involve records management as well — it is a necessary evil, experts say. “It’s best to err on the side of being protected,” says Wilmot.

Is Municipal Wi-Fi Right for Your Business?

A few years ago, many towns and cities reasoned that there are advantages to offering homegrown Wi-Fi. For one thing, meter readers and other municipal employees out in the field would have an easy way to file data to the home office. Free municipal Wi-Fi for poorer areas could, in theory, ease the digital divide. Another benefit is that municipal Wi-Fi could provide new revenues if small and mid-sized businesses proved receptive to the idea. So far, the jury’s out on the latter application. Municipal Wi-Fi is still so new that it’s too early to gauge whether it will be a hit with small and mid-size business users. Nevertheless, there are reasons why some businesses may want to consider opting for such services, providing that they understand the risks. The rise of municipal Wi-Fi Municipal Wi-Fi is a growing business. According to MuniWireless, a Garden City, N.Y., integrated media company that tracks the market, municipal Wi-Fi was a $116.9 million business in 2005, but jumped to $235.5 million in 2006 and is projected to hit $459.6 million by the end of this year. “It’s still a fairly young market, it’s still developing,” says Mike Perkowski, chief operating officer of MuniWireless. In communities like Philadelphia, San Francisco and Anaheim, Calif., where municipal Wi-Fi is now available, small and mid-size businesses might want to consider the option, especially if they are looking for cut-rate pricing for broadband Internet access and/or have a lot of employees in the field locally who need to feed data back to headquarters. Chris Silva, an analyst with Gartner Inc., of Stamford, Conn., says small businesses that have employees who are out of the office more than 50 percent of the time most likely already have some form of Wi-Fi, but those with employees that spend about 30 percent of time away should look into it. “It’s not for the traditional road warrior,” he says. “Folks that are thought of as not consistently on the road will be able to benefit from public Wi-Fi.” Cheaper than traditional wireless plans Municipal Wi-Fi tends to be cheaper than traditional wireless plans offered by telecommunications companies. “It’s not cost effective to roll out a $60-a-month plan for every employee,” Silva says, adding that his research shows 30 percent of businesses with fewer than 1,000 employees are already using some form of municipal Wi-Fi for at least one employee. So far, the largest third-party contractor for municipal Wi-Fi has been EarthLink, the former dial-up Internet service provider that now offers broadband service. EarthLink offers an entry-level service costs $21.95 for a 1 Mbps download speed, says Tom Hulsebosch, vice president of municipal sales at the Atlanta-based company. “Small businesses do it if they tend to have a lot of salespeople in the field,” Hulsebosch adds. EarthLink has so far rolled out municipal Wi-Fi in New Orleans, Philadelphia and Anaheim, Calif., and plans to launch service in Alexandria, Va.; Corpus Christi, Texas; and Pasadena, Calif., this year. As the list of locations expands, the company is also starting to market a fixed Wi-Fi offering targeted at stationary office environments. Such service starts at around $100 a month for a speed of about 3 Mbps. Hulsebosch says the service is up 99.9 percent of the time, but higher-end offerings will provide even less potential downtime. “We’re in the process of bringing those services online,” says Hulsebosch. “This is just the beginning.”

Have Tech, Won’t Travel

Special Report: Tools that will let you stay grounded Alex Stanton would have swum across the Atlantic to woo that special prospective client in the United Kingdom. Ultimately, he only had to go downstairs. Stanton, CEO of Stanton Crenshaw Communications, in New York City, passionately wanted a contract to represent a certain European telecommunications company. He and his team planned to fly to London in mid-September to pitch their proposal in person. But then came September 11, when terrorist hijackings grounded all U.S. air travel for three days and delayed many overseas flights for several days longer. With the Twin Towers wreckage billowing smoke just a few miles away, Stanton asked his prospective clients to postpone the meeting. They politely declined. They wanted to pick their public-relations firm that week to get an overdue marketing campaign off the ground. In seeking options, Stanton didn’t have to look far. He dropped in on ICE Inc., a marketing-communications company located two floors below his office, on the hunch that the company might have videoconferencing equipment. In the spirit of post-attack camaraderie, Stanton’s neighbors offered to let him borrow their boardroom, their equipment, and a technician. Thrilled, Stanton called London. Fortunately, the prospective client had a compatible setup, and its executives were perfectly happy to meet virtually. So, at the appointed time, Stanton’s team went downstairs, faced the cameras, and put on a one-hour show for a five-person audience across the pond. “We did a couple of rehearsals,” Stanton says. “We found you have to stage it a little more than you might in person. You have to decide who’s going to talk when, and you can’t interrupt as much.” While the transatlantic sound was fine, the video occasionally jerked or froze. And the presentation didn’t feel quite natural. The executives in London faced a fixed camera, which never moved even when they did, and occasionally someone would shift out of view, forcing the presenters to address a disembodied voice. “You’re sort of at the end of a tunnel,” Stanton says. “It’s hard to see how people are reacting to your ideas.” Despite the drawbacks, Stanton’s team members felt they’d made their case, even after the telecom company awarded the contract to a competitor (which, coincidentally, was another New York City PR agency forced by circumstances to pitch by videoconference). “We didn’t win, but at least we were on equal footing,” Stanton says. Like Stanton’s company, many small and midsize businesses have built their reputation on traveling to meet far-flung colleagues, customers, partners, and prospects. And like Stanton, who’s now considering a blend of videoconferencing and personal visits, many CEOs are now reexamining the assumption that being in business means being on the road. The most urgent soul-searching, of course, stems directly from the September 11 attacks. And the November 12 crash of an American Airlines plane in Queens, N.Y., did little to allay the fears of an already leery traveling public. But even before those events, the slumping economy prompted many companies to curb their travel expenses. In April 2001 the National Business Travel Association, a trade group based in Alexandria, Va., polled 200 companies of all sizes and found that 33% were using or considering collaboration technologies, primarily videoconferencing, to eliminate costly trips. Five months later, following the suicide jet crashes, nearly 90% of those polled said they’d now consider high-tech options to travel. It’s too early to say if increased scrutiny of business travel represents a true change in thinking, a permanent shift away from our economy’s air dependency. Right now many CEOs seem to be in wait-and-see mode: Wait and see what happens in the U.S.-led “war on terrorism.” Wait and see whether there are more hijackings, air disasters, or other threats at home. Wait and see whether the economy starts to rebound. But it’s safe to draw a few conclusions. First, for both financial and security-related reasons, many CEOs are developing restrictive new travel policies. In addition, many companies are experimenting with high-tech options that let them do their jobs closer to home. Some are already finding those alternatives surprisingly attractive compared with long-distance business trips with all their expense, time investment, and hassles. ON SOLID GROUND: Alex Stanton, CEO of Stanton Crenshaw Communications, needed to make his pitch without getting on a plane. Ultimately, though, nobody expects to eliminate the need for business travel. As Daniel P. Brogan, president and CEO of the San Diego architecture firm Earl Walls Associates, puts it: “I see this as an opportunity to rethink the way we do business. But we’re never going to get away from traveling. Our business is still very much hands-on.” When it comes to substituting technology for travel, options range from the almost-free to those requiring another line on next year’s budget. On the low end: making better use of existing equipment, an approach as simple as spending more time on conference calls. On the high end: renting a television studio for a satellite broadcast or even investing in an in-house, state-of-the-art videoconferencing studio. In between: options like Web-based conferencing and broadcasting, setting up virtual private networks, using peer-to-peer technology, and — especially in an era of germ-tainted mail — increasing use of E-mail, fax, and instant messaging. (See “The Next Best Thing to Being There,” below.) Obviously, picking the right option depends on what the company needs to accomplish and what barriers it must overcome to get there. The following are several common postattack headaches and the technology prescription for relieving them: Your former “road warriors” are skittish about taking to the skies. Earl Walls Associates specializes in designing scientific laboratories. Thanks to that narrow niche market, the company serves clients all over the world. But in recent months “I’ve definitely told people not to travel if they don’t have to,” says CEO Brogan. Instead, the company increasingly runs client meetings from two rented videoconferencing facilities located close to its office. Even at $1,000 a day, videoconferencing is cheaper than sending a team in person, especially when you figure in the loss of productivity on travel days. Of course, architects must sometimes meet face-to-face with clients to review plans, but Brogan is now trying to do as much virtual up-front and follow-up work as possible. He’s even earmarked $25,000 this year for an in-house videoconferencing studio. But just as you can’t call somebody who doesn’t have a telephone, you can’t videoconference with somebody who doesn’t have a compatible setup. So before he actually spends a dime, Brogan is polling the company’s clients to find out whether they’ve got equipment — or at least access to it — on their end. On September 11, employees at Whale Communications Ltd., a network-security company with offices in Fort Lee, N.J., just across the Hudson River from Manhattan, watched the World Trade Center towers burn and collapse after being hit by hijacked jets. Not surprisingly, many Whale employees didn’t want to fly after that. CEO Elad Baron, who grew up amid the threat of terrorism in his native Israel, couldn’t blame them; he immediately declared all air travel optional. Fortunately, Whale had started scrutinizing its travel costs earlier in 2001, when many of the company’s 60 employees were spending up to 75% of their time traveling to visit clients across the United States or in the company’s research-and-development facility in Israel. “Even before September 11, we figured out that was not very efficient, so we really began cutting back,” Baron says. So he invested $38,000 in Web-conferencing and videoconferencing hardware, software, and services. By September, he’d cut travel time for most employees to just 20% to 25% of their total hours. Because of the savings on travel expenditures, he expects to recoup his investment early this year. However, some employees’ jobs still require travel. If they’re afraid to board a plane, Baron expects them to make other arrangements. In the most extreme case, a sales rep who’d previously flown nationwide started driving everywhere instead. His longest trek: from New Jersey to Charlotte, N.C. — about 1,300 miles round-trip. Because the rep traveled on weekends, he lost no work time — and got no objections from the boss. “I don’t mind, as long as the customer gets served,” Baron says. Your chief ambassador wants to stay home. In many companies, there’s one person — sometimes the CEO, sometimes another executive — who has long served as the public face of the business. But now the ambassador wants to spend less time, or no time, in the air. That’s the case at Phenix & Phenix Literary Publicists Inc., an 11-person agency based in Austin, far from the nation’s major news and publishing centers. A year ago, CEO Leann Phenix created the position of national media director, a job requiring frequent coast-to-coast travel to attend book-launch events, meet with the media, and speak at writers’ conferences. Staff publicist Marika Flatt was promoted into the new job and at first rather enjoyed all those cross-country flights. But Flatt, the mother of a 14-month-old daughter, hasn’t been on a plane since the terrorist attacks. A NEW ATTITUDE: “I see this as an opportunity to rethink the way we do business,” says Daniel P. Brogan. “But we’re never going to get away from traveling. Our business is still very much hands-on.” Like other companies, Phenix & Phenix has considered videoconferencing and other high-tech options. But because Flatt is the only employee who needs to travel extensively, the business’s executives have decided that such an investment wouldn’t make sense for the company — at least so far. Instead, Flatt is building and maintaining some other long-term relationships: with the telephone and the computer. “If there’s a writer I haven’t been introduced to yet, I’ll send an E-mail and say, ‘Can I call you at such-and-such a time?” she says. “It’s obviously not as good as meeting face-to-face.” But that’s how things will have to be, she says, “until things simmer down a little bit and we build our confidence back up in the airlines.” Meanwhile, will staying close to home hurt business? “Definitely,” Flatt says, sighing. “Definitely.” You need to do hands-on work with faraway partners, but you don’t necessarily need to see them. Network Orange Inc., in Boca Raton, Fla., which manufactures and sells network-testing and -control equipment, serves customers all over the United States. These days president Mike Vislocky has been concerned about sending employees across the country to touch base with customers. “It’s not just a fear of flying,” he says. “It’s the prospect of being stranded away from home.” So Network Orange invested in a Web-conferencing software called WebDemo, which lets the Florida team have virtual visits with customers. The product allows a meeting’s participants to view a PowerPoint presentation or edit a document together, screen by screen, in real time over the Internet. Meanwhile, they’re on a conference call, discussing what they’re seeing. Overall, “it’s not bad,” says Vislocky. “You can take breaks; you can put your phone on mute and just listen until it’s time for you to say something. I have a portable phone, so I can even walk around until I need to come back to the screen.” Vislocky hasn’t used videoconferencing and says he probably won’t. “None of the stuff we do benefits from being able to see other people.” You don’t travel much, but your clients do. Royce Carlton Inc., a New York City-based speakers’ agency, represents about 50 famous clients. Among them: Anna Quindlen, the former New York Times columnist turned best-selling novelist. Agency CEO Carlton Sedgeley had booked Quindlen to speak at a Houston fund-raiser in late September. But after the attacks, Quindlen, who lives in Manhattan, refused to get on a plane. So Sedgeley arranged for her to speak by videoconference, a solution he calls less than ideal. “It’s second-best,” he says. “It’s just not as satisfying as someone being there. You don’t get to press the flesh. You don’t get the book signing.” On the other hand, for an investment of about $350, the show went on, and Sedgeley collected his fee, albeit a reduced one. BUSINESS AS USUAL: Rob DeRocker of Development Counsellors International has flown 16 times since September 11. Sedgeley has been using travel-obviating technology since well before September 11. In November 2000, he helped political analyst Jeff Greenfield give a virtual talk using technology far more sophisticated than videoconferencing. Greenfield was scheduled to address a group in Palm Springs, Calif., but when the U.S. presidential race stayed too close to call for weeks, Greenfield couldn’t leave Florida, where officials were recounting the ballots by hand. Instead, he addressed the California crowd via satellite from a TV studio in Palm Beach, Fla. The satellite link provided a much higher quality transmission than even the best videoconferencing and, not surprisingly, bore a price tag to match: about $4,000 for that particular venture, Sedgeley says. In the weeks following the attacks, he arranged appearances broadcast by satellite or videoconference for several other speakers. You must travel, period. For some companies, no technology alternative can replace being there. As Andrew Zacharakis, professor of entrepreneurship at Babson College, in Wellesley, Mass., puts it: “If you have some hot sales prospects and you need that face-to-face contact, I would say you have to get on the plane.” Rob DeRocker did just that shortly after the attacks. DeRocker is executive vice-president and part owner of Development Counsellors International, a 30-person company that develops marketing campaigns promoting tourism. He flew to Kansas City the Monday following September 11. Over the next several weeks, he boarded 16 airplanes. (On one flight, owing to increased security, he had to remove his shoes and run them through a metal detector.) And so far, he’s requiring his account executives to fly because the company’s survival depends on it. “We can’t forgo traveling if we stay in this business,” he says. “It’s hard to lead a press trip to Tacoma unless you’re there, and driving isn’t an option.” There’s just one thing that might change his insistence on flying: another terrorist incident involving aircraft. Meanwhile, many companies continue to seek the perfect balance of technology and travel. For Alex Stanton, who used videoconferencing to make his pitch to the European telecom company, it’s a matter of compromise. “Often, when we’d go and do these things, we’d send two or three or four people to show them our whole team,” he says. Now he considers sending one person — perhaps the team leader — to present in person and having other employees attend by videoconference. “It’s not perfect,” he says, “but we don’t live in a perfect world.” Anne Stuart is a senior writer at Inc. The Next Best Thing to Being There Nothing digital can duplicate a hearty handshake. But if you want to keep your company aloft without putting yourself — or anybody else — on an airplane, you can consider a wide range of electronic alternatives. If you’re strapped for cash, build on your existing technologies, starting with the telephone. Make those once-deadly conference calls far more palatable with high-quality speakerphones (such as the Polycom SoundStation models, which start at $499) or the dial-in teleconference services offered by many telecom companies. Next stop: the Internet. Create an online environment in which employees, partners, and customers can swap documents, create group mailing lists, or post messages in forums. Host your company’s intranet, extranet, or password-protected Web site yourself, or, for a small monthly fee, pay a service provider (such as Intranets.com) to host one for you. If you need to see people’s faces, consider videoconferencing, two-way video, and audio communication over high-speed lines. Pictures may freeze or look grainy, and shy participants may clam up on camera. And videoconferencing works only if both parties have compatible equipment. But it’s probably the closest thing to sitting in the same room. Costs range from $100 or so for a home-use camera and microphone to $5,000 for a portable videoconferencing system to $75,000 for a customized in-house studio with good acoustics, professional lighting, high-quality monitors, and cameras. Rentals range from $250 an hour to a flat $1,000 a day at local videoconferencing studios and some Kinko’s outlets. Another option when visuals matter: a satellite hookup. Satellite communications offer superior transmission quality — but at a superior price because of the cost of renting satellite time. Figure on spending at least $1,000 an hour. If you want to put on a show for a widely scattered audience, consider Web conferencing with tools such as WebEx or WebDemo, both of which let meeting participants share documents and applications online in real time. Web conferencing lets far-flung participants view documents simultaneously from their own desktops. It’s a handy option for PowerPoint presentations, sales demonstrations, whiteboard-style diagramming, and collaborative document editing. Some products include audio, while others require a simultaneous telephone conference call if participants need to talk while they’re working. The costs range from $100 for install-it-yourself conferencing software to $1,000 or more for a professionally hosted conference. If you want to share documents safely, look into creating a virtual private network (VPN). This highly secure technology creates a private “tunnel” into a company’s systems. It’s an outstanding way to provide remote users — including distant partners, traveling employees, and people who work at home — with full access to important documents and applications. The costs range from a few hundred to several thousand dollars, depending primarily on the number of users. Please e-mail your comments to editors@inc.com. For more electronic alternatives, see 5 Travel-Reducing Technologies.

We’ve Been Hacked

Not scared of losing your data to a corporate thief? You should be Bob McNeal sits down in a cubicle in his Alexandria, Va., office with his morning coffee. He turns on his computer and flips open his notebook to check out the specifics of today’s assignment. He clicks a couple of buttons on the screen and runs his usual scripted program, entering in a few numbers from those that are scribbled in his notebook. He types in some commands, following routine instructions from his database of tools. Then he patiently waits for the computer to process his programs and answer his questions — questions that could be worth thousands of dollars to his client. Two hours later, McNeal has completed his assignment. He has broken into the computer network of MBA Management Inc., located some 20 miles away in Fairfax, and verified that he can access every computer and every database in the company. And, McNeal tells his boss, he can read the user ID and password of every single employee. Is that enough, he asks, or should he continue? That’s hacking. Sorry to make it seem so banal. But it doesn’t take some wild-eyed rocket scientist with a supercomputer and nothing better to do but type ingenious code into the wee hours of the morning to perform it. Most of what hackers do is disarmingly simple. Often they use readily available vulnerability-seeking software programs, which some experts call “point, click, and attack tools.” And most of the time hackers are pretty successful — especially when they target small companies, which typically don’t spend either the time or the resources they need to protect themselves. The simplest tricks can do tremendous damage. (Witness the “I Love You” bug that was sent earlier this year in an E-mail attachment.) Most small companies that are hooked up to the Internet do what James Mugnolo, president of MBA Management, did: assume that their Internet service provider will furnish a secure connection. It took McNeal just one morning to reveal how faulty an assumption that was. Fortunately for MBA Management, a $5-million executive-search business, Bob McNeal works for the good guys: Para-Protect Services Inc., an E-commerce and network-security company. Mugnolo, who recently moved his company to Chantilly, Va., hired Para-Protect in October 1998 to find the holes in his company’s network and recommend ways to stitch them up. McNeal stopped his penetration test into the MBA Management network after those first two hours. Normally, such a job can take two days. “We stopped when we found we could get into everything,” says Chuck Downs, Para-Protect’s vice-president and director of operations. “There was no sense in beating that horse to death.” Close call: James Mugnolo’s company received a nasty virus that read, “Enclosed is my résumé.” Mugnolo had decided to test his company’s security and to spend some money upgrading it after a former employee was suspected of stealing customer data. Like most employers who have such suspicions, Mugnolo doesn’t like to discuss the details. Still, he clearly felt betrayed, and worse, the incident scared him. In its database the company keeps information on more than 50,000 workers throughout North America, as well as on an equal number of companies that are looking for employees. “Their whole business is that database,” says Downs. Though Mugnolo didn’t hire “white hat” hackers until the company had lost data, other small-business owners are rushing to secure their networks before disaster strikes. In some cases the critical or private nature of the company’s data pushes them to it; in other cases companies see security as a differentiator for their product or service. But many have just plain seen the writing on the wall — or more precisely, in the newspaper headlines, which have blared a stream of reports on security breaches. Though well-publicized stories about computer viruses have lately brought security into the public consciousness, it’s often other threats that are more dangerous to a company’s profits and reputation. Those can include attacks that shut down Web servers, for instance, or that replace Web sites with obscene or insulting graphics. Hackers can also get in and rummage through a company’s files. Sometimes data just disappear — consider the case earlier this year at the U.S. State Department, where Madeleine Albright ordered a crackdown after a classified laptop vanished, and at Los Alamos National Laboratory, where two hard drives containing classified nuclear-weapons data were missing for more than a month. Those sorts of events — from the annoying to the frightening — are often what it takes to make an entrepreneur recognize the need for computer security, says Terry Gudaitis of information-protection consultant Global Integrity Corp., based in Reston, Va. After all, you don’t want your company to be the next one in the headlines. Certainly, Mugnolo doesn’t. And he has thus far been successful. In March, Para -Protect Services ran an unscheduled penetration test of MBA Management’s systems, and this time the company passed with flying colors. Since it adopted its new security measures, “we haven’t had a single instance of systems penetration,” says David Denne, MBA Management’s vice-president of marketing. That has left the company free to concentrate on growth: this year’s second quarter was its best ever, and the business grew from 35 employees to almost 60 in the first six months of the year. In perhaps its closest call, the company escaped damage from a virus that was seemingly designed for a headhunting company: code disguised as a E-mail attachment on a résumé. That message, signed “Janet Simons,” read: “Attached is my résumé with a list of references contained within. Please feel free to call or E-mail me if you have any further questions regarding my experience. I am looking forward to hearing from you.” The attachment, however, carried a virus that could have methodically erased every single drive on MBA Management’s network. Needless to say, that particular virus could have been disastrous for the company, where résumés flow in regularly through the E-mail system. “It probably shut down several of our competitors,” says Denne. “Our system immediately scrubbed anything that came in through the firewall, flagged it, and kept it on a server outside the firewall.” Like Mugnolo, Denne believes that MBA Management has gained a competitive edge through its stepped-up security. “I find it comforting, and therefore I think my clients find it comforting,” Denne says. Hire a Hacker At Para-Protect Services, Chuck Downs was surprised but not shocked that McNeal was able to break into MBA Management’s systems in just two hours. Doing what Mugnolo did — relying on his ISP to configure his connection to the Net — meant by definition that it was an open connection, Downs says. But if Downs wasn’t appalled, Mugnolo certainly was. His business’s competitive edge — the reason companies go to him rather than to other headhunters — is his deep compilation of information on thousands of potential employees. Included in that data is sensitive information on job openings, including postings that haven’t been made public — perhaps because an employee doesn’t yet know that he or she is on the way out. Companies can unwittingly reveal a lot about their strategic plans, for example, by listing the specific skills required for various jobs. “The last thing in the world the client wants is for that information to get back to his staff or to a competitor,” says Denne. In particular, a company that’s developing a new product doesn’t want anyone to know the nature of its work. “A breach in a program could spell the end of the whole market for their idea,” Denne adds. Still, it’s not surprising that few people spend a lot of time worrying about Internet security. As the user looks out onto the superhighway of the Web, it’s easy to see it as a one-way street. But in fact, when you open a Web page or do virtually anything on the Internet, you send a request to the faraway computer on which that Web page is stored, and that computer sends you back information, which is opened by your browser or other software. That means your computer — and, in a company setting, the server — must be constantly open and able to receive data feeds from the outside. That openness is exactly where vulnerability lies. For a fee of about $10,000, Para-Protect restricted the openness of MBA Management’s systems in two ways. First, the company installed a simple firewall from Prism Servers Inc., in Allison Park, Pa., at a cost of less than $3,000. The firewall was configured according to a simple rule, Downs says: “Anything coming from the Internet that is not requested from the inside is denied.” It does that by using a Unix filter to distinguish between information — like a Web page — that is coming in at a user’s request and any unknown traffic that arrives unbidden. When someone inside the network requests something from outside the firewall, the firewall issues a tag number with the request. If incoming data packets don’t contain a matching tag, the firewall won’t let them in. There are two big exceptions. One is E-mail, which arrives unrequested. Downs put MBA Management’s E-mail system onto a separate server, which redirects incoming mail and scans it for viruses before users can access it. The other exception is the company’s own Web site, which anyone from the outside should be able to access. MBA Management disconnected the site from its corporate network and arranged to have it hosted off-site. Second, Downs made sure that each computer went on the internal network, which is invisible to outsiders. In a normal office network with Internet access, each workstation has a unique Internet Protocol (IP) address. It was those addresses that McNeal was able to identify and attack in the penetration test. Downs changed each workstation’s IP address to a nonroutable address — meaning that outsiders can only see the address of the firewall. The result: nobody from outside can discover the IP address of an internal computer and use it as a port into the network — a common hacking procedure. Downs says that the firewall’s logs reveal that hackers have frequently scanned MBA Management’s system looking for ports since Downs put the firewall in place. Although $3,000 is low-end for a commercial firewall, Downs says, it’s all that a small company needs. “The only thing you limit is the number of people you can service,” he says, since the small firewall has limited bandwidth capacity. The Prism product, he says, can easily handle 200 users. That should cover the short-term needs of MBA Management, which plans to double its number of networked users within a year. As the company has grown, it has periodically added servers behind the main firewall and is now running six of them. Now that Downs feels the company is secure from outside intruders, the next move is to provide greater internal security for the databases. Currently, MBA Management uses a proprietary database running on NT servers. It is about to split the database into several parts using software called Adapt, which will allow the company to use the operating system’s security-administration features to carefully control who can have access to different levels of data. Since installing the firewall, Para-Protect has conducted monthly tests as part of a routine security checkup. That is not to say that MBA Management’s security is 100% foolproof. But the company has put a pretty solid defense in place — solid enough to send hackers on to easier targets. And that’s a big part of what Internet security is about: making sure yours is not the easiest lock to pick. Virtual Privacy You could say that a kindergarten play cost entrepreneur Dana Dodds $120,000 a year, and you wouldn’t be that far off. One afternoon in 1996, Dodds, CEO of San Diego auto insurer Reliant General Insurance Services Inc., left work to watch his daughter perform in a school play. He was immediately struck by guilt. “I had a customer-service rep whose daughter was in that class, too, but she couldn’t be there, and it bugged me,” Dodds says. A virtual private network lets Dana Dodds’s employees work from home without sacrificing security. Soon, about 15 of Reliant General’s employees were working from home, with no time clock — just quotas for the number of applications they processed and standards for the quality of the work they did. Back then, the workers connected to the corporate network directly through a dial-in 800 number. The phone bills for those lines ran about $120,000 a year. Reliant General is a fast-growth company — it’s made the Inc. 500 twice, as #341 in 1998 and #417 in 1999. And Dodds is all for using the newest technology to keep his company growing at a rapid pace. So in 1997 he hired information-services director Cary White to help him do just that. When White, 32, joined the company, he took one look at the exorbitant phone bill and told Dodds that the company could eliminate most of it by letting the telecommuters connect over the Internet. Dodds liked the idea but knew there had to be a catch. “He’s a very sharp guy when it comes to technology,” White says with a laugh. “Almost too smart for his own good.” The catch, White responded, lay in the open nature of the Internet. Essentially, the Internet is a very large collection of routers that are wired to one another. When you send a packet of data into cyberspace, it wanders, asking at each router, “Have you seen this IP address?” If the answer is no, the packet moves on to the next router. However, nobody should trust that every router on the Internet will simply shoo data packets along. Hackers can put tools, called “sniffers,” on those routers and use them to peek inside every packet of data that comes along. If a packet’s contents or destination seems juicy enough, the sniffers can read everything inside. An extra layer of worry exists for Dodds and his colleagues working in California’s auto industry: 11 years ago actress Rebecca Schaeffer was murdered by a stalker who obtained her address from the state Department of Motor Vehicles. (Since then, California has tightened its DMV privacy laws.) Not surprisingly, Dodds is passionate about the need to protect his customers. “Information for us is a trust, and we can’t give it away, and we can’t let anybody get it,” he says. “We’re talking about where they live, what cars they drive, where they work, the children that drive in the household, their driving records, their claims history — it’s very similar to credit information. It’s very private.” For White, simply using the wide-open Internet was out. So he called in a local consultant, Paradise Technology, which built a virtual private network. At the time, VPNs were a fresh concept, and few companies of any size had tried them out. The VPN creates a tunnel of sorts between the Reliant General network and telecommuters’ computers, shielding its content from the view of the myriad routers along the way. Axent Technologies’ PowerVPN was one of the first of its kind on the market, so Paradise chose it for Reliant General. In addition, Reliant General purchased Axent’s Defender product to authenticate users on its dial-up lines. The system works this way: Telecommuters like Reliant policy underwriter Mike Lemieux connect to the Internet through a cable modem or a dial-up ISP. Lemieux, who works full-time from his home in El Cajon, Calif., clicks on an icon to start his session with Reliant General. Lemieux’s request then passes through several stages. First, the firewall lets it through only if it is a request for a VPN session on the Axent machine. Anyone — even an authorized user like Lemieux — who tries to bypass that machine and connect directly to the corporate server will be blocked by the firewall. Approved requests for VPN sessions make it to the next stage: authentication by the Defender hardware. Lemieux enters his user ID and, just as he would at an ATM machine, types in a personal identification number. But in addition, using that PIN and secret data stored on Lemieux’s hard drive, the system creates a onetime password that allows him to access it. This two-level authentication means that someone would have to know Lemieux’s password and use his computer in order to impersonate him and gain access to the corporate server. When Defender gives the go-ahead to Lemieux’s session, the PowerVPN establishes a secure tunnel that keeps all transmissions out of harm’s way. In addition, it encrypts the contents. Once the secure connection is established, Lemieux logs in to the corporate server — using yet another password — and begins working on applications just as if he were on the network in the office. So far the system has worked so well that Reliant General uses the VPN not just for its own telecommuters but also for approved outsiders, like insurance-claims reps. Installing the system for about 25 telecommuters cost Reliant General about $20,000. Given a yearly savings of $100,000 on the phone bill, “it was pretty clear-cut, pretty much a slam-dunk decision,” says chief financial officer Greg Goodrich. Instant reassurance: Joseph Rosmann guarantees that the children’s records are shielded from harm. According to Dodds, the phone-bill savings haven’t been the only gain. He says telecommuters’ productivity has increased sharply — a phenomenon supported by a new poll conducted by the International Telework Association & Council, which found that nearly half of the telecommuters surveyed felt they were more productive working at home, while less than 10% thought they were less productive. According to Dodds, underwriters who used to process about 70 applications a day in the office are now doing at least 100 a day working at home. And giving a staffer time off to attend a school play no longer costs the company a small fortune. Bedside Manner If you think that storing kids’ immunization records doesn’t sound like a business bonanza, then you haven’t been talking with Joseph Rosmann. Rosmann’s soft-spoken manner belies his passion about his Internet start-up, HealthRadius. The company — Rosmann’s obsession since he launched it in 1996 — will soon make many millions of dollars from its Web-based repository of children’s vaccination records, he explains in measured tones. Doctors, he says, have free access to the records. Public-health agencies pay a fee to access the records of children in their area. Health plans pay $1 a child for basic data and as much as $4 a child for more complete records. Individuals, through their employers or insurers, can access their own children’s records for a family subscription fee of $15 a year. Eventually, every time a doctor’s office wants to check on a new patient’s history or a parent wants to sign up a kid for summer camp, money will flow into HealthRadius. What companies like Healtheon/WebMD Corp. have become for the Web-based administrative side of health care, Rosmann’s company will be for the patient-records side of it, he says. Rosmann, 56, who formerly worked as a health-care consultant, has had to make his pitch many, many times, to venture capitalists, state health officials, doctors, and health-care administrators. Though they may expect the caricature of an Internet-start-up entrepreneur with plans as big as the sky — a young, brash, fast-talking braggadocio — what they get instead is the calm assurance of Joe Rosmann, with his mellifluous voice that never rises or rushes. Like a family doctor explaining your test results, he provides instant reassurance with his smile and bearing. Reassurance is an important element of Rosmann’s plan. To make it work, he must collect and distribute the type of information that everyone agrees should be held in utmost privacy: medical records. Without strict assurance of the data’s security, Rosmann says, his company could never meet the requirements of health-care privacy laws — newly tightened in the wake of consumer outrage over privacy violations. And just as important, without that security, Rosmann could never sell anyone on the idea. And these days it’s a Herculean task to ensure that Web-based transactions are private and secure. Still, for cost, speed, and simplicity, Rosmann wants to do it all — including data collection and access — over the Web. His approach seems to be working. HealthRadius, based in Bellevue, Wash., will expand its immunization-records service to four new states this fall and expects to have more than half a million physicians involved within two years. Although the company took in just $100,000 in revenues last year, venture capitalists value the company at about $20 million. Rosmann expects revenues of close to $5 million this year. Four years ago, when Rosmann launched HealthRadius, doctors and health-care administrators were just beginning to eye the potential of the Internet. Washington state health officials brought Rosmann in to study how to salvage a failed medical-records-exchange initiative, the Community Health Information Network. Their request, he says, was straightforward: “Get something simple started to prove that you can safely exchange medical-health records and automate the transactions between doctors, health plans, and hospitals.” Out of that effort came two companies: Rosmann’s and a payment-exchange provider called Pointshare. Rosmann’s response to the state’s request was to break into the potentially enormous health-care-records field through the single entry point of children’s immunization data. That category is a good testing ground for the broader health-records field, he believes. For one thing, parents must frequently provide immunization records to new schools, new summer camps, and new doctors. A child typically has seen three doctors and had 23 immunizations by age six, according to HealthRadius’s research. Who wouldn’t want to make managing and exchanging all that data easier? Rosmann believed it was a market waiting to be served. One of Rosmann’s key early contacts was information-law specialist John R. Christiansen of the Seattle office of law firm Stoel Rives LLP. Christiansen began consulting for HealthRadius in the fall of 1996. “There is no standard-setting organization out there” for electronic medical records, Christiansen says. “You can’t just go out there and say, ‘What are the steps I need to take?” He advised Rosmann to draft his contracts with clients in a way that holds HealthRadius to an unusually high level of liability for the privacy and security of the data it collects. Only by doing so could Rosmann hope to reassure the doctors, health insurers, and parents who were HealthRadius’s targeted customers. If you’re going to put your business on the line like that, you’d better make sure you can live up to your promises. So the first person Rosmann brought on board was not a health-care adviser, but information-security veteran Gene Shook, now vice-president of the company’s operations and development. Rosmann and Shook, working together in their quiet offices on the outskirts of Seattle, laid out a long list of steps they would take to keep medical data both secure and private. First, they needed to be able to verify the identity of any client trying to access their records over the Web. Then they had to encrypt the data sent to and from HealthRadius servers so that only people holding the keys to unscramble it could read it. In addition, since participating doctors’ offices would submit information directly to the HealthRadius database when they performed immunizations, the company had to guarantee an even greater level of security for those transactions. Different employees at doctors’ offices — even those using the same computer — would need to have varying levels of access; for instance, some workers would be able to read but not edit patient records. The first employee Rosmann brought on board was Gene Shook, who took charge of security. Shook will soon install a VPN, which will offer a high degree of security. In the meantime, he turned to the encryption built into standard versions of Netscape Navigator and Microsoft Internet Explorer (called Secure Socket Layer encryption) and other Microsoft tools. For authentication, Shook currently uses the access-control system built into the Microsoft Windows NT operating system as well as the company’s own custom-developed access-control system. To ensure that changes that are made to HealthRadius’s database are verifiable and legally valid, Shook decided to use a method that should soon become more widespread: digital signatures that use public key interchange (PKI). Those digital signatures, provided through an authorized third party, verify two parties to each another, like a secret handshake. Washington state has recently authorized a Utah company called Digital Signature Trust to act as the licensed certificate authority for supplying digital PKI signatures. Anyone in the state can sign up with Digital Signature Trust and receive the hardware or software to generate digital IDs. Two parties that are both using those digital IDs — for instance, HealthRadius and a physician’s office — can be certain that the information that was sent exactly matches what the other party receives. In Washington, such electronic documents can now legally take the place of paper. Shook is hoping that other states adopt compatible systems; if they don’t, HealthRadius may have to install a vast and confusing array of different digital-signature systems. (Without a common standard, Shook fears that HealthRadius may have to establish its own PKI service for its customers. That not only would be more costly and difficult — HealthRadius would have to license and distribute software to everyone who is authorized to access its data over the Web — but also would open HealthRadius up to liability for its digital-signature system.) So far HealthRadius has spent about $1 million on technology, including security. By the time it rolls out nationally during the next year or two, Rosmann expects he will have spent $2 million to $3 million on technology. But perhaps most important, the company has already subjected itself to an intensive security audit (in the spring of 1998) and will undergo another one early next year. It also requires periodic audits of the 50 clinics and hospitals that supply it with medical-records data, and a randomly selected 5% of clients’ sites will be audited each year. In such a review, an independent outside party rigorously examines the procedures and technology that a company is using to handle its data. In HealthRadius’s case, the auditors were interested in seeing whether the company could live up to the security standards of the Health Insurance Portability and Accountability Act of 1996. That legislation established ground rules for medical-records privacy — always a delicate subject and one made even more so in the Internet age. (DrKoop.com got into hot water recently when its advertising partner, DoubleClick, sold lists that included members’ health information. HealthRadius’s contract with its clients bars it from selling its information.) The audit, which takes about three weeks to complete, includes interviews and a systematic review of the technology itself. That may seem like a lot of effort to secure something as relatively uncontroversial as immunization records. But a market test in 1998 confirmed that the HealthRadius service had no chance of acceptance if people felt even a slight concern that someone could access its demographic information on the more than 2 million people in its system. “We needed to act as a bank — you have direct access and no one else has access,” says Shook. In addition, managing immunization records is just HealthRadius’s initial foray into the arena of electronic-medical-records exchange. In the not too distant future, Rosmann plans to start databases that will contain patients’ disease histories and other medical matters. At that point, he wants an unblemished security track record. The company’s biggest vote of confidence so far has come in black and white: a letter from the National Committee for Quality Assurance (NCQA), an independent nonprofit organization that evaluates the quality of managed-care organizations. The letter, dated January 1999, stated that NCQA considered HealthRadius’s registry of immunization records an allowable source of data for its own system, which is used almost universally by health plans. “NCQA gave its blessing because we had provided the privacy,” says Rosmann. “As soon as that letter was issued, about every health plan became a customer.” That’s not to say Rosmann is satisfied. “We still have a little sensitivity around the subject of security,” he says, still in that calm, careful voice. In fact, he has Shook shopping for three more security items. One, HackerShield from BindView Development, scans for known intrusion methods, similar to the way antivirus software checks for familiar computer viruses. A second, IPsec, is a computer-security standard that keeps unwanted data traffic from bothering a company’s servers. One benefit of that would be protection against denial-of-service attacks that can overload and disable a server. (Remember that disastrous day for Amazon.com and eBay last February?) The third product Rosmann and Shook want, WebTrends, monitors and analyzes firewall logs for unusual activity. That will help Shook manage the company’s defenses more actively and will also help the company prosecute any hackers who try to break in. Because catching a hacker would make the kind of headlines that Rosmann would like to be in. David S. Bernstein is a freelance writer in Watertown, Mass. What Are You Afraid Of? So what’s the worst that can happen? There are several types of hacker attacks, all of which have occurred in recent months. Denial of service. Much like protesters’ barring the entrance to a physical store, hackers can shut down your E-business by making sure no customers can get through to your site. Typically, they bombard the site with data traffic, rendering the Web server useless. That is the type of attack that brought down ZDNet, E*Trade, CNN.com, eBay, Buy.com, Amazon.com, and Yahoo, each for about three to five hours, all during a period of several days in February. Electronic theft. This scenario is just like a physical robbery: the hacker breaks into your system, finds something he wants, and downloads it to his own computer. In most cases you may retain your copy of the data, but now someone else has it as well. Is that so bad? Ask the folks at CD Universe, an Internet music retailer based in Wallingford, Conn. Last December someone describing himself as a 19-ye

Cheap Talk

Money What your phone company won’t tell you: these new Web sites promise to shrink your long-distance and wireless bills Dr. JoAnne Duffy knows how to scout out a bargain. She finds 10-foot Christmas trees for $35, bargain-basement prices on designer suits, and two-for-one airfare deals to Ireland. This Baltimore-based clinical psychologist honed her shopping skills in the 1980s when she was a cash-strapped graduate student. But today, when it comes to buying cell-phone service, she’s mystified. Duffy, who racks up monthly phone bills of about $150, says she’d like to investigate which cellular plan is best but that as a private practitioner she’s pressed for time. Case in point: she recently spent 40 minutes on the phone with Bell Atlantic Mobile — almost as much time as she spends with a client — regarding a $25 charge on her bill that she didn’t recognize. Needless to say, Duffy can’t afford many more 40-minute bill problems. “My Ph.D. didn’t cover cellular science,” says Duffy. When she shops for other items, Duffy knows what she’s looking for and can determine if she’s getting a good deal. With cell-phone service, though, she’s not sure if she should be comparing monthly rates or price per minute. It shouldn’t take a Ph.D. to figure out a telephone bill. Yet Duffy and countless business owners find themselves lost in a maze of roaming charges, peak and off-peak rates, and activation fees. Long-distance plans are no better. The recent onslaught of long-distance price wars has left most people confused about whether to choose Sprint Nickel Nights or AT&T’s One Rate 7Â¢ Plan — or service from a less well known long-distance reseller. A new breed of Web sites wants to help small-business owners ascertain how to get the best deals on everything from wireless to long distance to calling cards. Point.com, Decide.com, eSpoke.com, LetsTalk.com, Telezoo.com, Telstreet.com, Simplexity.com, and others that are popping up as fast as you can say “venture capital” provide free search engines into which customers enter information about their monthly calling habits. The sites then recommend wireless or long-distance plans that should suit a customer’s specific needs. Customers can order many of the recommended plans right on the sites. And they may well want to do so to cut down on one of the biggest expenses small businesses incur. The Yankee Group reports that businesses employing from 2 to 99 people spend an average of $220 a month for phone service; businesses with 100 to 499 employees spend about $2,800. Larger companies can spend less per employee, since they can negotiate better deals directly with carriers. Smaller businesses don’t have that luxury. “By just being on the wrong plan, you could end up leaving literally hundreds of dollars on the table,” says Roy Prasad, president and CEO of Decide.com. When Carol Newton visited eSpoke.com, she discovered she was leaving more than $500 on the table every month. The CEO of Priority Search Partners, a $2-million Redondo Beach, Calif., company that matches IS professionals with contract and permanent work, Newton was spending about $700 a month on long-distance calls. For only $165 she could get the same service from UniDial, a carrier that eSpoke.com identified. Newton had never heard of UniDial, but the eSpoke site informed her that the service provider, which has 230,000 customers and $215 million in revenues, resells service from MCI, Sprint, and others. “We figured, they’re solid; they’re not going to be disappearing tomorrow,” Newton says. She estimates that by switching carriers, Priority Search Partners will save from $5,000 to $6,000 yearly. She’ll use some of the savings to get a toll-free number. We chose to test the best of the dozen-plus sites that purport to help customers make informed telecom choices. With assistance from Michael Lauricella, an analyst at the Yankee Group, we first compiled an extensive list of sites. We narrowed the list by choosing only those sites that were already up and running and through which customers can purchase some services. We eliminated all sites backed by telecom companies, because those sites typically sell plans from only one or two carriers. Finally, we eliminated any site through which we could not contact a human being, figuring that if the site didn’t return our E-mail messages or phone calls, it probably wouldn’t return yours either. To test the sites, we ran the phone bills from a variety of growing businesses through the sites’ search engines and came up with recommendations for economical calling plans. The wireless sites that made the cut are Point.com, Decide.com, LetsTalk.com, Simplexity.com, Telstreet.com, and Telezoo.com. Similarly, Decide.com, Simplexity.com, eSpoke.com, and Telezoo.com made the cut for long-distance service. Some of the sites also compare Internet services and calling cards. (See “The Players,” below.) To provide services free to Internet surfers, the sites charge some or all of the carriers listed in their search engines. When a customer signs up with a carrier at a particular site, the carrier pays the site a one-time referral fee or 5% to 20% of the customer’s monthly bill. Execs running these sites are quick to point out that even though the sites make money from service providers, they remain unbiased. (The execs make that claim despite the fact that some carriers pay higher commissions than others, making it tempting for a site to recommend one carrier’s offerings over those of its competitors.) And some sites, in an effort to be completely neutral, list a huge gamut of offerings, regardless of whether the carriers are paying clients or not. ESpoke.com, Simplexity.com, Telezoo.com, LetsTalk.com, and Telstreet.com carry only service providers with whom they’ve negotiated agreements. Decide.com and Point.com, on the other hand, carry plans from a wide range of service providers, whether or not they take commissions from them. “We have the largest database of all the available plans, whether we have a business relationship or not,” says Decide.com’s Prasad. (Decide.com’s claims of neutrality were true: in our tests, both Decide.com and Point.com recommended some providers that don’t pay any commissions to their sites.) Another variation among the sites is ease of use. All the wireless sites examine how many minutes a customer requires and how much he or she wants to spend. Telstreet.com and Simplexity.com pull up plans based on those two factors and the customer’s location, but it’s up to customers to discern which plan best fits their needs. In addition to using minutes and price as criteria, Point.com also asks customers to choose between analog or digital service and to select features such as prepaid plans, no cancellation fees, or a one-year service contract. At LetsTalk.com, customers can sort by features such as voice mail, caller ID, text messaging, and E-mail services. Decide.com was the easiest site to use. It poses a series of questions including what percentage of calls are long-distance and what percentage of calls the customer places outside the home-service area. Then it recommends up to 10 plans, listing its top recommendation first. Decide.com and eSpoke.com allow for quick comparisons or detailed comparisons of individual calls on long-distance bills. The easiest and most accurate way to evaluate long-distance bills is to plug in the number of interstate, intrastate, off-peak, and peak minutes from a recent phone bill. Plugging in individual phone calls at both sites is time-consuming, however, and in our trials turned out to be a less accurate method of evaluating total cost. ESpoke.com seems to understand that this process can be cumbersome. To make the process easier, it offers a service through which customers can fax or mail in their most recent long-distance bill; eSpoke.com will analyze the bill within an hour of receiving it and send its results out by E-mail. While most of the sites let customers figure out how much they can save on wireless or long-distance phone bills immediately, Telezoo.com and Simplexity.com offer “request a quote” services. To use those programs, submit your phone bill or your calling requirements to the site and request bids from a variety of carriers. Such a service can be ideal for companies with complex and costly telecom needs. Elias Shams, Telezoo.com’s chief zookeeper (yep, that’s what this company calls its CEO), says companies that spend more than $1,000 per month are most likely to benefit from requesting quotes. Take Timothy Wierbinski, for example. When the communications engineer needed to order a T1 line from Hawaii to Alexandria, Va., he didn’t know whom to call. Wierbinski, who works for Science Applications International Corp., in Tyson’s Corner, Va., turned to Telezoo.com and entered his request. “Within an hour somebody from Telezoo had called me back to get more details,” he says. The carriers, unfortunately, didn’t respond as rapidly as the Web site had; it took a couple of weeks for Wierbinski to receive a few bids. In the interim, he found Hawaiian carriers listed on Telezoo.com and called them himself. Regardless of which services they offer, all the sites provide easy-to-reach customer service. Telstreet.com, LetsTalk.com, Simplexity.com, Point.com, and Decide.com have toll-free numbers. The two sites we tested that don’t have toll-free numbers offer cyberservice: Telezoo.com provides online support through LivePerson.com — a real-time chat application. Customers click an on-screen button and choose a customer-service rep. It took less than a minute for the rep to join the online chat; he answered our question (about the request-a-quote service) immediately. ESpoke.com provides support only by E-mail but answered our question within an hour and a half. Both Telezoo.com and eSpoke.com list the phone numbers of corporate headquarters so customers can call (albeit for a fee) if need be. To take these sites for a test-drive, Inc. Technology asked three growing companies — MBA FreeAgents.com, WebCT, and eOriginal — each to submit one month’s long-distance phone bill. We plugged the information from those bills into eSpoke.com and Decide.com. (Simplexity.com’s long-distance portion wasn’t yet operating at press time, and we didn’t use Telezoo.com since it doesn’t offer any immediate price-comparison tools.) In addition, we entered information from one of eOriginal’s cellular-service bills into Simplexity.com, Telstreet.com, Decide.com, Point.com, and LetsTalk.com. (See the charts below.) MBA FreeAgents.com places experienced MBAs with start-up and other companies that need high-level employees. MBA FreeAgents.com is a fast-growing company with three full-time employees and seven part-timers. CEO Rob Steir works from his home in New York City and spends about $235 a month on long-distance calls with MCI WorldCom. When Steir first signed up with MCI WorldCom, he snagged a 12-cent-per-minute rate. At the time, Steir recalls, the provider promised 10,000 airline miles along with a 20% rebate if he stuck with the plan for a year. Steir knew there were cheaper per-minute rates available, but he resisted the advances of other carriers because he figured he was getting a good deal with the rebate and the miles. At year-end, however, MCI gave him only the airline miles, saying that he had chosen that option over the rebate. Steir says he feels misled by MCI, especially since his 20% rebate would have amounted to about $250 — more than a month’s long-distance bill. As a result, Steir was more than ready to dump MCI for another provider — if he could find a better deal. (An MCI spokesperson says that Steir’s account is being credited to correct the error.) And did he ever find a deal. ESpoke.com pulled up the lowest-priced plan — $102.24 per month, through a carrier called RSL Communications. Decide.com came in slightly higher, with a total estimated monthly cost at TTI National Inc. of $114.01. Those sites take usage patterns into account and occasionally turn up surprisingly useful information. For example, Decide.com also lists MCI WorldCom’s 5Â¢ Everyday plan — which might seem like a bargain. But after analyzing Steir’s calling pattern, Decide.com estimated that MBA FreeAgents.com would spend $283.13 per month with MCI WorldCom — no bargain at all. A larger company like WebCT, which builds systems that colleges use to create online classes, has more complex telecom needs. The company more than tripled in size, from 60 employees last fall (split between offices in Peabody, Mass., and Vancouver, British Columbia) to more than 200 today. The company counts millions of student users in 100,000 courses at 1,100-plus colleges and universities in more than 40 countries. “From a sales perspective, we need to make a high volume of calls around the world, 24 hours a day,” says Peter Segall, vice-president for sales and strategic partnerships at WebCT. “We need a plan that’s flexible enough so that as we see patterns about time of day emerge, or we see patterns about regions emerge, we can minimize our expenses by getting discounts in those categories.” In addition, because it’s growing so quickly, WebCT doesn’t want to get locked into any long-term contracts. Currently, WebCT uses Bell Atlantic for its in-state toll calls and American Long Lines for its state-to-state and international calls. The company spends about $1,347 a month on in-state, state-to-state, and international calls for its headquarters in Peabody. ESpoke.com came up with the cheapest deal — RSL’s Alliance plan, which would cost WebCT $986.38. Still, that may not be the best that WebCT can do. Bobby Martyna, president and CEO of eSpoke, says its site is optimized for companies with fewer than 20 employees. (Decide.com says it can handle phone bills from companies with up to 100 employees.) Since WebCT receives complicated 70-plus-page telephone bills each month, it might benefit from the customized bids that Telezoo.com and Simplexity.com offer. EOriginal Inc. is a four-year-old company that has developed a patented process for creating what it calls “electronic source documents” — digital versions of birth certificates, driver’s licenses, and so on. At the end of last year, eOriginal had 25 employees. This year the company expects to grow to more than 60 employees and about $12 million in sales. Doug Trotter, eOriginal’s CEO, says his company looks for the cheapest long-distance service possible for its headquarters, in Baltimore. Last fall eOriginal spent about $133 a month on direct-dial long distance with AT&T and used its teleconference service once, for a cost of $90. Again, eSpoke.com found the cheapest plan: RSL came in at $81.16 per month. Both eSpoke.com and Decide.com also pulled up TTI’s Month-to-Month plan, but eSpoke.com estimated the monthly cost would be $83.76 while Decide.com estimated that same plan would cost eOriginal $96.13. Unfortunately, neither site compares teleconferencing services. Simplexity.com promises to do so later this year. Ultimately, Trotter feels his cellular service is more important than his long-distance plan. He’s looking for high-quality cellular service for his senior executives, general managers, and sales force. All senior staffers at eOriginal are converting to one-rate national plans. “We’re getting really large telecommunications bills from hotels when we’re traveling,” says Trotter, adding that, as more and more employees download E-mail on the road, the bills are mounting. “Normal direct dial on a computer without an 800 number can run you up to a couple hundred dollars an hour in a hotel room,” he says. EOriginal founder and executive VP Stephen Bisbee already uses AT&T One Rate service from AT&T Wireless Services and pays $149 for 1,400 minutes a month. But Bisbee, who used the phone for only 300 minutes in December 1999 (the bill we used), is obviously overpaying for a plan he doesn’t need. Simplexity.com, Telstreet.com, Decide.com, and Point.com all recommended AT&T’s Digital One Rate plan, through which Bisbee could get 300 minutes for $59.99 a month. LetsTalk.com recommended Sprint PCS’s Free & Clear 500 plan, which would give Bisbee 500 minutes for $50. Even the pros admit that comparing wireless plans is no simple task. Without a Web site to help buyers navigate roaming charges and off-peak bundles, it’s next to impossible. “My guess is that the majority of the people in the wireless area are on the wrong plan, just because it’s hard to understand,” says Decide. com’s Roy Prasad. But by investing about half an hour — and a little patience — in these sites, most consumers should be able to turn the odds in their favor. Even those customers with a Ph.D. Rachael King is a freelance writer based in Hoboken, N.J. Test-Drive: Long-Distance Here are the plans currently in use by our three companies compared with the Web experts’ recommendations: COMPANY DECIDE.COM ESPOKE.COM MBA FreeAgents.com MCI WorldCom MCI One for Small Business Extra $235.35 per month TTI National Term plan $.069 per minute $114.01 RSL, Alliance plan $.069 per minute $102.24 WebCT Bell Atlantic/In-state American Long Lines/Interstate, Intl. $1,346.90 per month TTI National MTM promo $.069 per minute $1,201.89 RSL, Alliance plan $.069 per minute $986.38 eOriginal AT&T $133.35 per month TTI National MTM promo $.069 per minute $96.13 RSL, Alliance plan $.069 per minute $81.16 Test-Drive: Wireless We put the wireless plan used by eOriginal’s Stephen Bisbee to the test at five different Web sites. Here are their recommendations: WIRELESS CUSTOMER WIRELESS PLANS Stephen Bisbee AT&T One Rate plan is 1,400 mins./$149 currently uses 300 mins. Simplexity.com AT&T Digital One Rate 300 mins./$59.99 Telstreet.com AT&T Digital One Rate 300/$59.99 Decide.com AT&T Digital One Rate 300/$59.99 Point.com AT&T Digital One Rate 300 /$59.99 LetsTalk.com Sprint PCS Free & Clear 500 500/$50 The Players DECIDE.COM What it compares: Wireless, long-distance, prepaid calling cards Site launched: September 1999 Funding: $20.5 million in 1999 from Advanced Technology Ventures (ATV), Morgenthaler, Information Technology Ventures (ITV), and J.F. Shea & Co. Customer service: 800-792-3890, M – F, 6 a.m. – 11 p.m. Pacific time; Weekends, 9 a.m. – 6 p.m. Pacific time LETSTALK.COM What it compares: Wireless Site launched: December 1999 Funding: $20 million in 1999 from Brentwood Venture Capital, Accel Partners, HIG Capital Management, and Goldman Sachs Customer service: 877-825-5460, M – F, 6 a.m. – 9 p.m. Pacific time POINT.COM What it compares: Wireless Site launched: May 1998 Funding: $18 million to date from private angel investors, Oak Investment Partners, IDG Ventures, and Kirlan Venture Capital; and $3.5 million from Staples Customer service: 888-764-6877, M – F, 6 a.m – 7 p.m. Pacific time; Saturdays, 8 a.m. – 4:30 p.m. Pacific time SIMPLEXITY.COM What it compares: Wireless, long-distance, calling cards, and 800 service Site launched: January 2000 Funding: $28.5 million from ABS Capital, Best Buy, and Novak Biddle Venture Partners Customer service: 24-hour service, 800-321-8552; 877-868-2652 (fax); customerservice@simplexity.com ESPOKE.COM What it compares: Long-distance. Internet service providers and digital subscriber line (DSL) to begin this month Site launched: November 1999 Funding: At press time, the founders had bootstrapped $500,000 and were closing their first round of financing. Customer service: customer-service@espoke.com TELEZOO.COM What it compares: Long-distance, wireless, local, teleconferencing, DSL, Internet service providers, ATM, frame relay, Web hosting, and more Site launched: March 1999 Funding: $3 million from Lazard Technology Partners Customer service: Online chat, M – F, 9 a.m. – 6 p.m. Eastern time TELSTREET.COM What it compares: Wireless Site launched: September 1999 Funding: $17 million Customer service: 877-947-3537, M – F, 8 a.m. – 11 p.m.; Saturdays, 9 a.m. – 5 p.m. Eastern time

Tag Archives: Alexandria (Virginia)

Making the Most of Your Intranet

Making the Most of Your Intranet

Making the Most of Your Intranet

The Urge to Purge: When to Dump Data

Is Municipal Wi-Fi Right for Your Business?

Have Tech, Won’t Travel

We’ve Been Hacked

Cheap Talk

Twitter Updates

CHANNELS

Tag Archives: Alexandria (Virginia)

Popular Posts

CHANNELS