Tag Archives: United Kingdom

About 1359 days ago Computer Security

How to Fight Organized Cybercrime

our beautiful site

Kris Covino, CTO and co-founder of Date.com once received an e-mail that appeared to come from the United Kingdom. The writer explained that he had encountered a lot of fraudulent activity on Date.com, and asked for advice on how to detect fraudulent behavior. Covino wanted to be helpful. “I responded with information on some anti-fraud databases, places to check if a photo of a supposed Date.com user had been used in online scams, and an online discussion group about scams,” he says. “It was pretty comprehensive and I sent it off…but something about it bothered me.” So Covino checked the sender’s e-mail address against Date.com’s database of known frauds, and it matched up with a known scammer in Nigeria. “The scammers had proactively contacted me to find out how they could disguise themselves better!” Covino says. Not only that, at the same time he was answering the e-mail, the company’s customer service staff was fielding phone calls in which the caller claimed to be a Date.com user who’d been banned from the site, and asking for detailed information on how to avoid being banned in the future. There’s no question that in the past few years cybercrime has taken on new dimensions. “Ten years ago, it was teenagers with pony tails sitting in their garages,” says Fred Rica, principal at PricewaterhouseCoopers. “We now see a high level of organization, a high level of sophistication, and a high level of funding. Whether it’s coming from a nation-state, or organized crime, or somewhere else, they seem to have a lot of resources at their disposal.” And they operate across international borders. “We found many crime rings employed multiple teams that focused on different parts of a fraud operation,” Covino says. “For example, one team located in the U.S. would register free user accounts, but when it came time to input stolen credit card numbers to create fake pay accounts — which is illegal here — that was done from offshore. Then yet another team located predominantly in a few specific regions would use those accounts to perpetrate romance scams within our community.” Romance scams might include getting to know a Date.com member by e-mail or chat over a period of months, and then asking him or her to cash a check, for example. Cyber-gangs prey on small companies “If you ask a small business about safety, the response is often: ‘Who would hack me? I have nothing of value,’” reports Dirk Morris, CTO and founder of Untangle, an open-source security gateway for small businesses. They’re wrong. Organized cybercriminals are after two things that every company, large and small, has. The first is computers, which, if vulnerable, can be used as part of a botnet, sending out spam or performing other tasks without their users’ knowledge. The second is personally identifiable information, such as credit card or Social Security numbers, but also log-ins and passwords that could give the cybercriminals access to users’ accounts. In fact, organized cybercrime often targets small companies rather than larger corporations. “It’s just too easy to exploit small or medium-sized businesses,” says Ron Plesco, president and CEO of the National Cyber Forensics & Training Alliance. “Large corporations have more funds to remediate and mitigate. Small businesses don’t, and the bad guys know it. They’re concentrating on small businesses, and have been for the past year.” How you can avoid being a victim of cybercrime  Here are some steps that can help. Get the best security you can afford. You can’t match a large company’s security arsenal, and that’s okay. All you need is enough to make your company an unappealing target. “If the door to your house is locked, you have an alarm sign in the window, and a sign that says ‘Beware of the dog,’ a thief will probably go on to the next house,” Rica explains. It works the same with cyber-gangs: if you make it difficult to gain access, they’ll go bother someone else. Know your network patterns. It’s smart to review logs and usage on a periodic basis. For instance, by examining logs, Covino was able to determine that a user who appeared to be in the United Kingdom was actually in Nigeria when the scammer’s proxy server stopped working for a few moments, revealing the user’s actual location. Know your customers’ patterns. “You have to understand your customer base and have some information about how they use the site,” Covino says. “It’s impossible to fight this without some of that information.” Just as important, be aware of what user behaviors should be taken as red flags. For Modern Tribe, which sells Jewish themed t-shirts and other Judaica, that turned out to be large orders for t-shirts with overnight delivery and a shipping address that didn’t match the credit card billing address. The first time the company received such an order, it billed the credit card number and sent out the t-shirts for overnight delivery — and received an irate phone call a few days later from the credit card’s owner who had not authorized the charge. By then, it was too late to stop or recover the shipment, so Modern Tribe wound up eating the cost of the t-shirts and expedited shipping. However, there was a second order in process that also involved a large number of t-shirts, expedited delivery, and a shipping address that didn’t match the card’s billing address. “We immediately suspected that the second order was also fraudulent, so we looked into it, and when it turned out to be false, we were able to stop it,” says Jennie Rivlin, Modern Tribe’s founder. Since then, she says, her firm has received many such orders, but since they know the pattern, they can take extra steps to make sure an order is real before filling it. “We have had some larger orders where the billing and shipping address didn’t match, so we contacted the customers and it turned out to be fine,” Rivlin says. “But it was well worth taking that extra precaution.”

About 1390 days ago PCs, Laptops, and Notebooks

Are Netbooks Enough for Your Business?

our beautiful site

Portable and affordable, the trendy “netbook” is all the rage among computer makers and the consumers snatching them up in droves — so much, in fact, this young category is estimated to make up more than 20 percent of the entire laptop category by next year. But are these tiny Wi-Fi-enabled netbooks — designed primarily for Web surfing, e-mail, and word processing — ideal for running your business? What’s lost or gained in the transition? If you recognize the limitations of these scaled-down PCs, a netbook might be all you and your staff need to remain productive on the go, experts say. Price and size matter “A netbook is just a laptop whose pivotal axis is price,” says Michael Gartenberg, vice president at Interpret LLC, a market research firm based in London, New York, and Los Angeles. “Basically you need to ask yourself if the netbook has enough horsepower to manage your business, and if so, you can save some money.” However, if you or your staff need to run memory-intensive programs or require larger screens or a full-size keyboard, you might want to steer clear of this category, he says. The lack of an optical drive might be an issue for some, Gartenberg adds, but an inexpensive external drive — that can be shared among employees to install software — might be all that’s required. “Beyond that, many computer users today simply don’t need a DVD drive,” he says. Steve Hilton, vice president for enterprise and small and mid-sized business research at the Boston-based  Yankee Group, says along with a relatively inexpensive price tag, netbooks offer two other advantages for mobile workers: “They are fairly easy to replace if lost or damaged — in fact most suppliers can easily ship an exact duplicate very quickly. Plus, an IT department tends to like [netbooks] as they’re easy to manage since they have very few applications resident on the device.” Cloud computing Netbooks might carry few applications because many small and mid-sized businesses are moving towards “cloud computing,” which allows online employees to securely access programs and files on a remote server, as opposed to physically carrying sensitive data on the road. This trend is on the rise thanks to ubiquitous Wi-Fi and 3G connectivity. In addition, more devices are available — such as netbooks and smartphones — with limited local memory. Much of the software is Web-based, too, therefore not requiring one particular operating system over another. “Applications in the cloud are not loaded on a netbook because applications are processing and hard-disk hogs,” explains Hilton. “Netbooks are light on both processing and hard-disk space, which is one of the reasons why they’re priced fairly inexpensively, so in order to get the value from a netbook, applications in the cloud are essential.” Looked at another way, “a Prius and a Boxster have different purposes,” continues Hilton, comparing netbooks with automobiles. “If you need a car that sips gasoline, drives your family of four to the mall, and keeps your auto insurance premiums low, your choice is obvious.” Gartenberg, however, cautions those who rely too heavily on remote applications for business. “The problem with the cloud is that it’s not always available,” he says. “There is this notion that everything will be delivered via browser, but it’s more of a coexistence [with locally stored programs]. One solution isn’t killing the other.” And they’re getting better Just two years ago, a netbook might be limited by a Linux operating system, a petite 7-inch display, and just 4GB of Flash (SSD) memory. Fast-forward to today, however, and there is far more selection, including a Windows o/s, bigger screens (up to 12-inches), a near full-size QWERTY keyboard, a minimum 160GB hard drive and better processors, such as Intel Atom chips. As far as security goes, Gartenberg says you must treat netbooks like a laptop. “You want to be cautious about what information is on the netbook,” he says, “ensure everything is password-protected, and despite its small size, try to remember not to leave it at a coffee shop or in a taxicab.”  

About 1755 days ago Data Security

Tech Talk: Fashion Designer Upgrades Firewall

Nanette Lepore, a New York-based fashion designer high end clientele, rapidly expanded to 10 boutiques in the United States, and one each in London and Tokyo. While the designer’s fashions were making a splash, network specialist Jose Cruz tells IncTechnology.com that the firm upgraded its firewall and network security in the wake of a hacker attack. Elizabeth Wasserman: How does a fashion house use IT? Jose Cruz: Until recently, we didn’t have much of an IT presence. When they brought me in, the company was growing pretty fast. The one thing that they seemed to overlook as the company was growing fast was their IT needs. My objective was to get them on a corporate e-mail system, lock down the network so it was not open to the world, and to implement security standards so that their intellectual data would be their intellectual data alone. Wasserman: Last year, you found out that hackers had compromised some of your customers’ credit and debit cards. What happened? Cruz: I got that call on a weekend. It was a frantic call from our store manager in our Las Vegas location. The FBI showed up and questioned what was going on. They said purchases had been made on credit cards belonging to our clients. We found out our point of sale systems had been compromised. These were in place long before I came on board. It was dated equipment and not up to the task. This was very disturbing to me as I had been auditing the main infrastructure in New York and hadn’t yet had time to see how the other locations operated. Wasserman: What did you do? Cruz: As soon as I got that call, I called up my support providers at Webistix. I’ve relied on them at times to tackle some situations I’ve never encountered before. This was something new for me. Webistix suggested that we get some SonicWALL firewalls in place. These are PCI compliant – they’re certified by the credit card bureau that puts standards in place for retailers. We got the SonicWALL TZ 180 in place. I immediately flew to Las Vegas and pulled the router offline. It looked as if someone had actually gone in and tampered with the firmware settings on it and pre-programmed it with a set of IP addresses unknown to us which meant it shouldn’t have been working but it was still allowing internet traffic to pass through or possibly piggy-back off of equipment that was capturing information. The FBI confiscated the equipment and we had to replace it all. We decided to harden everything through intrusion prevention, anti-virus prevention, and anti-spyware. We are now in a far better place than we used to be. Wasserman: Is it true that you had to shut down stores that weekend? Cruz: We shut the Vegas store immediately. It’s right there in the Caesar’s Palace mall and weekends are very busy. We also shut the two locations in Los Angeles. The location at Robertson in LA and the New York Broome Street location get extreme amounts of foot traffic coming in so we asked them to push off credit card transactions for the weekend, which of course affect business since almost all transactions are done credit card. We lost over a million dollars in business that weekend. The fear alone made Nanette consider closing stores in other areas around the U.S. over the weekend because they had the same legacy equipment. It was legacy equipment in place before I came on and before the company took experience a major growth spurt. When you think about what is going on, some of bigger retail chains have been affected in the same way on a grander scale, with thousands of their clientele level-three credit card information compromised. We’re just a small pea in a pod compared to those retailers for now. But, still, in a company in a growth mode, it’s scary to consider. If we were marching forward with technology in play that was dated and not up to the task, it could have been worse and we might have had more stores breached. Wasserman: Have you had any intrusions since? Cruz: No, we haven’t seen any intrusions since we installed the firewall. A lot of viruses have been blocked. A lot of spam bots have been blocked. I can now pull up this information with our global management system and monitor all our remote locations and get real-time feedback on the status of all our locations. We not only hardened our firewalls and locked down our systems and network but we also implemented security and group policies on our systems for our staff. This way, users are forced to log in before they can use any of our machines. And, depending up the group structure, they only have rights to do certain things on certain machines.

About 1816 days ago Telecom and Wireless

The Skinny on Wi-Fi-Enabled Smartphones

our beautiful site

Over the past five years mobile computer users have benefitted — nay, relied upon — wireless high-speed connectivity in the home, office, and various “hotspots” around the globe be it your local coffee house or an airport lounge in Moscow. Now a standard feature even among entry-level laptops, wireless Internet or Wi-Fi (802.11) frees the computer user to work where and when they want, no longer restrained by a cord and a wall to access the Internet at broadband speeds. Get ready for the second major Wi-Fi wave, as the connectivity is beginning to appear in smartphones. This feature is already built into popular handsets including Apple’s iPhone, Nokia’s N95, and Research in Motion’s BlackBerry 8120, 8320, and 8820. Better for business Whether they’re used in a private space (such as a home or office) or commercial location (like a coffee shop or airport), Wi-Fi-capable smartphones are capable of downloading data at much higher speeds than what your cell phone provider is offering, be it global system for mobile communications (GSM) or code division multiple access (CDMA) connectivity. Sure, this is handy from a consumer perspective, such as quick music downloads to your phone or smoother video streaming, but consider the work-related advantages to accessing data faster and more reliably. “Wi-Fi is faster than most cellular data connections, even 3G, so bandwidth intensive things such as web browsing and downloads are a lot faster,” says Gary Chen, senior analyst for small and medium enterprise IT infrastructure and applications at the Yankee Group, a Boston-based technology research firm. Not only is Wi-Fi faster but also cheaper, adds Ken Dulaney, vice president of mobile computing at the Stamford, Conn.-based Gartner, a research and consulting group. “If the organization is on a fixed price per minute, avoiding cellular charges can save money with Wi-Fi.” Chen agrees: “If you don’t have an unlimited data plan and are charged by the kilobyte, then using Wi-Fi can help save on your data bill for sure.” Voice service, too Some GSM-based carriers — such as O2 in the U.K., T-Mobile in the U.S. and Rogers Wireless in Canada — are letting users of Wi-Fi phones use voice over Internet protocol (VoIP) technology when in a wireless network. Often referred to as Unlicensed Mobile Access (UMA), these supported handsets can seamlessly switch from a GSM call to Wi-Fi, or vice-versa, without dropping the call. Though this service usually costs a few dollars a month, they offer unlimited Wi-Fi access, therefore a UMA call doesn’t eat away at a customer’s monthly airtime minutes. Call quality is also better over Wi-Fi. It can be used in spots without good cell reception (such as a high-rise office tower or basement office). And Wi-Fi takes less of a toll on the phone’s battery compared to GSM. Not necessarily trouble for cell providers When asked if UMA could be the beginning of the end for cell phone providers, Delaney and Chen agree it’s not likely. “No one can cover the large swaths of territory covered by cellular other than cellular,” says Delaney. “There are too many Wi-Fi operators and Wi-Fi is unlicensed meaning that you cannot deliver quality of service guarantees because no one party owns the spectrum.” “Wi-Fi won’t end the need for cell providers,” predicts Chen. “Wi-Fi is a local area technology and was not designed for the wide geographical coverage of cellular.” Chen says that devices will be smart and choose the best connection it can. That means Wi-Fi when you are at fixed locations like home or office or happen to be near a hotspot, and cell for the rest, he says.

About 1937 days ago PCs, Laptops, and Notebooks

Technology for the Perfect Home Office

our beautiful site

Thanks to technological advancements over the past decade, starting a business in your home or maintaining a telecommuting relationship with an established small or mid-sized business has never been easier. Broadband penetration in the U.S., for example, has made way for “always on” e-mail and Web access in the home, and opened the doors for inexpensive Voice over Internet Protocol (VoIP) calls and videoconferencing via webcams. Here are five essential technologies you need for the modern home office. Reliable broadband Internet Fast and reliable Internet access is one of the most important tools for a productive at-home worker, says Caroline Jones, a senior analyst at Gartner’s Technology & Service Provider Research in the United Kingdom. “The basics here would be secure, fixed broadband access which will give both access to the company network and applications via a VPN [Virtual Private Network], and also provide telephone contact, which is vital,” said Jones. And while the popularity of wireless broadband networks in the home means you can work in more places – and un-tethered from the wall – it could pose as a security threat if not setup properly among telecommuters, advises Jones. “Whilst it would be possible to use a wireless broadband solution, the potential security issues for a worker having relatively unrestricted access to company applications means that it is possible that a company would not support such a solution for someone who could just as easily use fixed access. Laptop with docking station A good quality mobile computer is another essential, but with a few accessories that can turn it into your full-time office computer, such as a full-screen monitor and wireless full-sized keyboard. “It also makes far more sense to use a laptop with docking station and separate monitor, since the laptop can then be taken into the office for any meetings and upgrades necessary, but you also have the benefit of a more user-friendly screen,” Jones says. Paul Edwards, who has co-authored 17 books with his wife, Sarah, including Home-Based Business for Dummies (Wiley), agrees a good computer and high-speed broadband connection is the “heart” of a good home business today. “But whether it’s Windows or Mac, desktop or laptop, or perhaps a combination of the two with a docking station, all boils down to a matter of personal preference and work style” says Edwards. “What we’ve found in one study, for instance, is having an exclusive area in the home works from a tax and organization standpoint” continues Edwards. “But most people are integrators rather than segregators as they disperse their work throughout their home and throughout their day, with no discrete rooms or hours — so for them, a notebook computer works well.” Edwards says mobile computers and wireless communications means you “can now work in the bleachers of a soccer stand, responding to eBay customers, if you like.” This is also possible with today’s smartphones, such as BlackBerrys. Communication tools — phone, e-mail, IM For those who spend a lot of time chatting with customers, clients or colleagues, a headset is a more comfortable (and ergonomic) choice compared to holding a handset up to one’s ear — with your neck. This is especially true for those who like to multitask, such as type on a computer while talking at the same time. Acknowledging many telecommuters have young children, a “mute button on the phone is a good idea, too,” adds Edwards. The outgoing voicemail recording — on a dedicated home office line — should say the company’s name instead of trying to balance both types of calls with one recording. You might opt to forward calls to a cell phone when you step away for a few minutes. On a related note, you should setup a business e-mail address, rather than use a personal one for work, and segregate these messages with custom folders in your e-mail program. Jones says the phone, e-mail and instant messaging (IM) are all vital for a home worker today. ”You need to be able to maintain a ‘presence’ both within your team and to any clients.” “For example, IM can be used very effectively for brainstorming sessions between several colleagues and the results easily captured and sent to all.” Webcam Edwards says webcams are an ideal and inexpensive purchase for face-to-face meetings. For under $50 you can purchase a high-quality and color webcam with a built-in microphone for online video chats, though many choose to disable the integrated mic in favor of a headset, which usually offers better sounding audio (and with less echo). Many popular IM programs — such as AIM, Windows Live/MSN Messenger, Yahoo! Messenger and Skype — all offer a video option along with text and audio chats. Make sure you look professional when conducting online video chats with clients or customers. Yes, you can tell if you haven’t shaved in three days or that you’re wearing a stained t-shirt or baseball cap. Also be aware your messy office might be in plain sight, so clean up ahead of time. Fax, printer, copier Multipurpose home office products — such as an all-in-one printer, scanner, copier, and sometimes a fax machine — can be good space-saving technology. They’re also a more affordable pick as it would cost more to purchase the items individually (same goes for consumables, such as ink and paper). It might also be less hassle for driver installation since it’s only one disc (or download) instead of four, from potentially four different manufacturers. “That said, individual products tend to do a better job on their own, and if one of them goes down they’re not all down,” cautions Edwards. And some tips… When asked to share some at-home productivity tips, Edwards says it’s much easier to organize everything when it’s digital. “Reduce the amount of paper you have — digitize everything you possible can – as it’s easier to organize and search and doesn’t require the same level of maintenance as paper.” For telecommuters, Jones says in order to be productive at home one should have: clear targets and objectives (“they and their boss know exactly what is expected of them and how their productivity is going to be measured”); regular phone contact with colleagues and occasional visits to the office for meetings and training; and access to collaboration tools such as NetMeeting to resolve complex issues and instant messaging for brainstorming. Finally, a word to those whose employees want to telecommute: “Managing remote workers is a real art, and not one to be taken lightly – i.e. without training — since getting it wrong can damage morale and productivity and also cost a company dearly” advises Jones.

About 2029 days ago Telecom and Wireless

Dialing for Dollars: Open Source or Virtual PBX?

our beautiful site

When it comes to telecommunications in your office, do you do-it-yourself or farm it out? Make or buy? That’s basically the decision your small or mid-size business needs to make when it weighs the differences between new voice over Internet protocol (VoIP) private branch exchange (PBX) telecom services, experts say. As telecom costs have come down due to the availability of VoIP services, small and mid-size businesses are faced with new options for configuring a VoIP PBX that connects office telephones, fax machines, and other connections to the public switched telephone network. About 30 percent of all North American businesses with fewer than 1,000 employees were using IP PBX systems in 2007, according to Forrester Research. At present, there are basically two types of services available. Providers like Fonality and Talkswitch offer PBX products built on open-source software that requires firms to purchase on-site equipment. Others, such as Covad, Qwest, and Verizon, offer full-service hosted PBX services where they house the equipment and do the troubleshooting for you if things go wrong.  Fonality offers a “hybrid hosted” product as well that installs with an office’s existing switching. Pros and cons of open source products At first blush, PBX offerings that are based on Asterisk, the original open source PBX software, might seem inexpensive. They are, after all, based on something that’s free. Fonality and talkswitch charge between $2,000 and $3,000 for an 8-line and voice mail package. But prices continue to rise with the number of employees. Also, there is maintenance and staffing to consider. “You have to have staff people that understand voice, and that’s becoming rarer and rarer,” notes Lisa Pierce, vice president with Forrester. There is also the matter of line quality. Subject to echoes and garbling, a conversation over VOIP does not match the quality of a landline connection. “All [VoIP PBX-based] calls go over the Internet, even sales calls, and they suffer when it comes to quality,” admits Chris Lyman, chief executive officer of Fonality. One advantage open-source-based products have, however, is that they are more easily customized. “With our hosted product, we only have three flavors,” notes Steve Robinson, spokesperson for Qwest, referring to the number of hosted packages the firm offers. Pros and cons of hosted products But for many, three flavors might be enough choice. With a hosted product, “everything’s managed from the cloud,” says Qwest’s Robinson. “If the system goes down, we have a 24X7 help desk,” he notes, and a full range of features is available, including forwarding messages to e-mail. Moreover, service-level agreements on the lines can help speak to the issues of quality, maintenance, and security, notes Robinson. Qwest charges $35 per seat, including handset, as part of a three-year agreement. Fonality’s “hybrid hosted” offering, at $5-$10/month/employee, offers hosting, but takes calls through the existing office network. Instead of installing traditional hardware, Fonality’s trixbox product provides a souped-up Dell computer that has been fitted with the necessary technology, explains Lyman. “This is a much, much cheaper option,” he notes, referring to standard hosted products as well as most open-source-based plans. However, the service packages offered, equipment (if any) required, and service agreements can vary widely, making it difficult to compare these products by price. When looking at costs, “make sure you’re comparing apples to apples,” advises Qwest spokesman Jon Lentz. Here’s how to decide By answering these questions, your company will be well-equipped to make the best choice. Do you have the staff and know-how to install and maintain an open-source-based system? Does your company need the customization that an open-source-based system could provide? Would your company benefit more from having its system managed “from the cloud”? How important is the superior line quality guarantees that hosted services can provide? Conclusion The choice between types of VoIP PBX solutions for business may ultimately come down to what type of resources your business has available. Web-hosted services are most often billed as monthly fees, you don’t need to provide staff for maintenance, and your staff can concentrate on other aspects of business. If cost savings initially drove you to deploy VoIP, and you have the IT experts on staff, then an open source solution may make more sense for your business. Open source will allow more customization, but it will also require more tinkering on the part of your staff. SIDEBAR: Web-hosted and Open Source PBX Providers  Fonality: The company’s open source VoIP-capable PBXtra phone system serves 53,000 business users in 50 countries who have placed more than 130 million calls. Recognized as an Editors’ Choice by PC Magazine and product-of-the-year by Internet Telephony. Talkswitch: The company, which designs and manufactures innovative telephone systems for the small and mid-size business sector in the U.S., the U.K. and Ireland, recently unveiled six new IP PBX systems ranging in capacity from 2 incoming lines to 8 incoming lines. Qwest: Denver-based Qwest, a provider of telecommunications, video and Internet service, offers OneFlex hosted VOIP as a basic package, an enhanced package, and with optional features for small- and medium-sized businesses. Contracts run a minimum of two years. Verizon: The nation’s second-largest telecom company (behind AT&T), Verizon offers two hosted VOIP products for smaller businesses: Hosted IP Centrex, for up to 325 employees, and Private IP. Covad: The California-based telecom giant offers two VoIP products, ClearEdge Office and ClearEdge Pro, that service small- to mid-size businesses. Covad services, including VOIP, are available in 44 states, 235 major markets, and are used in 57 million U.S. homes and businesses.

About 2394 days ago Data Security

How Far to Trust Digital Signatures

our beautiful site

For all the digital age’s promise, the reality of a paperless office remains elusive as mounds of paper continue to accumulate on your desk and those around you. It doesn’t have to be this way. Paperless contracts are real, and they growing more common everyday. It is increasingly routine for any transaction, from the simplest consumer purchase to million-dollar procurement deals between companies, to be completed online without anyone ever physically signing a piece of paper. Thanks to a law passed in 2000 by the U.S. Congress, any signature made electronically — whether it’s typing your name at the bottom of an e-mail, pushing an “Accept” button, or using an electronic pen and pad — is just as binding as an old-fashioned pen-and-paper John Hancock. “The general rule is that any electronic signature is fine,” says Tom Smedinghoff, an attorney at McBride Baker & Coles, of Chicago, who has written extensively on e-commerce law. “You can substitute an electronic signature where you’d ordinarily use paper in almost every case.” Digital signatures upheld in court In most cases, all-digital agreements with clients or customers can safeguard a company’s interests. State and federal laws are squarely on the side of the virtual contract, and courts have repeatedly upheld the notion that electronic signatures — at least in the context of typing a name at the bottom of an e-mail — are valid, as long as it’s clear to both parties that a signature is intended.   But contracts, online or offline, are ultimately a matter of trust. Handwriting can be forged, or deals challenged after the fact. To this end, signatures are often made in front of witnesses as an added layer of security to be certain the signer is not a forger. Verifying identities is just as important online. Digital signatures are legally binding, but if one party is pretending to be someone they’re not, problems naturally arise. Here are some tips for ensuring your paperless transactions are secure and binding. Password-protect yourself Under the federal Electronic Signatures in Global and National Commerce Act (ESIGN), as well the similar Uniform Electronic Transactions Act adopted by many states, electronic signatures do not require any encryption or high-tech proof of identity to be valid. Thus, a simple “Click to Accept” form is technically binding. However, many companies add at least a log-in feature, with a unique user name and password, in order to add security to e-commerce or other transactions. Encrypt identities An added layer of security is provided by deploying digital identity certificates, which use strong encryption technology to lock information about a person or company’s identity to the digital equivalent of a calling card. Because this information is protected by strong encryption, it can’t be spoofed, and can be used only by the person who created it unless that person has lost or otherwise given away their private encryption key — a kind of password on steroids. Digital certificates are often issued by third-party companies such as Verisign, an e-commerce security company based in Mountain View, Calif. As a result, the certificates are viewed as an extremely secure way of verifying identity, even though they are not required by law. “The problem with the technology is that implementation, and getting people familiar with it, is so difficult,” says Maury Shenk, a partner with Steptoe & Johnson, in London, who advises clients on digital issues. “But we do see a lot of large organizations starting to adopt digital signature systems internally.” It’s working, slowly Lawyers say the six-year old system in the United States for treating digital signatures as the legal equivalent of their paper counterparts has so far worked with few hiccups. Initial concern from consumer groups has been largely allayed by elements that require companies to use paper contracts if one party asks for them. Yet it is clear that commerce and contracts are moving to an increasingly secure electronic form, if only a little at a time. “It is working,” Smedinghoff says. “But people are still sticking their toes in the water in terms of implementation.”

About 2425 days ago Setting Up a Website

Reducing the Geek Factor in RSS

At least 75 million people in the United States and the United Kingdom use Really Simple Syndication (RSS) on a regular basis, but two-thirds say they don’t have a clue what RSS is. That’s according to a Yahoo-sponsored research study late last year by Ipsos Insight. In this day and age, how can this be?  How can so many people be using RSS, but have so little awareness of it? The small business community has a vested interest in helping to educate Internet users about this technology because it holds so much potential for cost-free marketing and communication to customers.   A serious case of geekiness The simple reality is:  RSS still has far too much geek factor.  It’s like asking people if they use PHP software.  Most people (except the techiest among us) would say, “No.” However, PHP is a common scripting language used in many popular websites today.  We can be using sites built on PHP — and never realize it.  And there is no reason we should know it.  As users, we don’t need to know the enabling technology. All we need to know is what the website does for us. Yet website owners continue to communicate about RSS by describing the technology to potential subscribers instead of the benefits. For instance, just about every definition of RSS that you read defines it as “really simple syndication.”  That may be a definition but it’s hardly helpful — and it is symptomatic of the problem with RSS. RSS is a tool that allows users to subscribe to blogs, websites, or news and have new or updated content sent to them on a regular basis. To businesses, this means potential for marketing sales, new products or other announcements. Solving the RSS communication problem To consumers, rather than defining technology, we should be emphasizing the benefits, instead.  And explaining in simple non-technical terms how to use RSS feeds.  The benefits to them are substantial: convenience, time savings, and access to more current information sources. Some industry leaders have started to take steps toward demystifying RSS. Under the industry leadership of Firefox and Microsoft, the original orange buttons with the letters XML or RSS that websites post to alert users to subscribe, are being replaced with a new, more attractive, abstract button sans confusing acronyms.  Some content publishers have even discontinued using the phrase “RSS feed,” in favor of the less technical term “Web feeds” or just “feeds.” And a few of the aggregator sites like My Yahoo now offer users a convenient way to search for and add new feeds with just a few clicks. What website owners can do If you are a small business owner with a website and want to demystify this technology and encourage users to subscribe to your feed, here are some steps to take. Use the new orange button.  If you are still using the old buttons with the acronyms XML or RSS, swap them out for the new button.  Today’s browsers, such as Firefox, auto-detect RSS feeds and will display the new orange button in the lower right hand corner of the browser when the user is on a site with RSS. You want users to see the same version of the button on your site and in the browser bar.  This will help reinforce how to use RSS feeds. Use descriptive text links. Add a text link next to the orange button. A simple “subscribe to news feeds” text link is preferable to the rather baffling “syndicate this site” label that you so often see. Consider adding a description page.  Give your readers an information page with a plain English description of feeds. The Yahoo study pointed out that some of the confusion users experience comes after they click on the orange buttons and either nothing happens or they’re taken to an ugly page of raw HTML. One easy alternative is to use the FeedBurner service. FeedBurner adds a user friendly page. Offer one-click subscribe buttons. “One click subscribe” buttons let users do just that: subscribe with one or a few clicks to automatically receive updates to your feed at one of the popular start pages or news aggregator sites such as Bloglines or Google reader. Use RSS auto-discovery.  Add an RSS auto-discovery command to your website’s HTML, if the site supports this feature (most blog software does).  RSS auto discovery lets applications such as the Firefox browser know there’s an RSS feed on your site. Then the application can alert the user that there is a feed to subscribe to. With an RSS feed you can develop audience loyalty and extend your reach online. RSS is now a mainstream trend, and it is time to leverage your feed so that you don’t miss out on this opportunity. For detailed information about how to use RSS to expand the reach of your site visit the Yahoo Publisher’s Guide to RSS. Anita Campbell is a writer, speaker and radio talk show host who closely follows trends in the small business market at her site, Small Business Trends.  

About 2425 days ago E-Commerce

Accepting Online Payments

Starting your first online store can be an intimidating and overwhelming experience. One such consideration is giving your customers enough choices upon checkout. But according to a recent report by WebSurveyor, a Herndon, Va. online survey company, one of the reasons why customers abandon a shopping cart is due to “payment issues,” including when the site does not accept their type of credit card. Another survey by Allurent, an Internet commerce applications maker from Cambridge, Mass., found that 37 percent of customers who abandon a shopping cart do so after initiating the checkout process.   “The more payment options you can provide to customers, the greater the likelihood they’ll purchase something at your site,” says Jeffrey Grau, senior analyst for retail ecommerce at eMarketer, a New York-based research firm. “In addition to credit card payments, you should also offer online payment services, such as PayPal, and even accept checks or money orders — the more options the better,” adds Grau. If you’re confused about where to start, consider the following payment pointers. Credit cards Small-to-midsized online businesses say they prefer to be paid by plastic over other payment types, according to results of a 2006 survey by Financial Insights, an IDC-owned market research company in Framingham, Mass. A recent survey of nearly 9,000 employees of online merchants in 22 countries found that credit and debit cards — with familiar brands such as American Express, Visa, MasterCard and JCB — showed the strongest usage among its customers. To get started, Visa encourages merchants to visit its site to help Web store owners go through the steps to apply for a merchant account. Basically, you first need to contact an “acquirer,” a merchant bank or other financial institution that grants a merchant account and enables credit card payments from customers. “My advice to a Web merchant is to use any bank to get started, an institution you already have a relationship is a good idea,” suggests Derek Sivers, rresident of CD Baby, of Portland, Ore. the largest seller of independent music on the Web. Small businesses that accept credit cards advise that there is an initial cost to the business in terms of fees to the merchant bank or other financial institution. After that, every credit card transaction costs you about 2.5 percent of the sale, plus gateway fees, monthly statement fees, etc. Pricing is set between the merchant and their bank based on the number of services provided, and not negotiated by Visa directly. Some businesses advise that the fees are only a short-term problem because once you accept credit card payments, your online sales should increase and you may be able to negotiate with banks on fees.  “The point is to simply get a credit card merchant account and live with it for six or 12 months — and then you can play hardball by pitting multiple banks against one another who want to fight for your business,” says Sivers. Given the global nature of ecommerce, always ask your bank to let your online store accept all popular card types, including ones that may be popular in other countries such as JCB in Japan and Swift in the United Kingdom. As a merchant, you want to accept as many cards as possible. PayPal In case you missed the Inc Technology article, How PayPal Works for Businesses, PayPal is the world’s leading online payment service with more than more than 114 million accounts globally. The Financial Insights report found many of the nearly 9,000 surveyed employees of Web merchants said they also prefer to accept PayPal and other secure online payment solutions. According to the eBay Inc.-owned service, and the millions of merchants who rely on it, PayPal is a quick, safe and relatively inexpensive option for those who want to set up online payments for customers. Merchants can review the different types of accounts at PayPal. The  easiest way to get going is opting for the Website Payments Standard, which simply involves signing up for a PayPal Business Account, verifying your information and then adding a little payment button on the site. While free to buyers, PayPal merchants must pay a fee to use the service. Transaction fees depend on monthly volume: PayPal charges 2.9 percent + $0.30 USD for PayPal payments between $0 and $3000; 2.5 percent + $0.30 USD for $3001 and $10,000; 2.2 percent + $0.30 USD for $10,001 to $100,000; and 1.9 percent + $0.30 USD for $100,001 and higher. Transaction fees are deducted right away, so when a merchant receives $100, it’s really $97.50 (at 2.2 percent + $0.30 USD). Unlike credit card merchant accounts, PayPal does not charge a set-up fee, gateway fee or any monthly fees.

About 2455 days ago Computer Security

The Malware Mess

Computer viruses have been around nearly as long as personal computers themselves. The first ones to show up “in the wild”–that is, beyond wherever they were created–debuted in the early 1980s, spreading from one Apple II machine to another via shared floppy disks. (A Ph.D candidate coined the term “computer virus” in 1983). In 1988, a Cornell graduate student released the first major Internet virus, a self-replicating program that flooded what was then an academic-research network, disabling several thousand computers. (The student, who insisted the damage was unintentional, received a sentence of probation, community service and a fine.) Over the next decade, as the number of homes and businesses connected to the Internet grew rapidly, so did reports of problems from viruses and other “malware” – malicious software such as worms and Trojan horses. (For a selected sampling of top threats, see Most Memorable Malware.) By July 2006, experts had identified nearly 185,000 different viruses and other threats, according to malware expert Graham Cluely, senior technology consultant for Sophos plc, a U.K.-based British antivirus firm. That’s up from an estimated 80,000 in early 2003. Threats proliferate quickly because as antivirus companies figure out how to eliminate one, several others–often closely related spin-offs–start popping up. What do viruses and other malware programs do? Some replicate themselves, flooding e-mail accounts with so much junk mail that systems slow or shut down. Some modify, delete or move files. Some find and forward important data (such as passwords). Some deposit spyware, adware or other unwanted programs on computer hard drives. More sophisticated ones open “back doors” that allow their creators to take remote control of computers to, for instance, coordinate a widespread attack on a particular website. Some are smart enough to disable antivirus programs. A newer threat, called a rootkit, conceals itself so that it can be run undetected by a computer’s operating system or security software. What’s out there right now? Here are three of the threats most frequently reported to antivirus-software companies, as of July 2006: Sober, debuted in October 2003 (several variants still circulating). Delivered via e-mail attachment. Sends e-mails with forged return addresses; disables anti-virus software. Netsky, debuted in February 2004 (many variants still circulating). Delivered via e-mail attachment. Sends e-mails enabling different functions; some variants cause users’ computers to beep at particular times. Mytob, debuted in February 2005 (many variants still circulating). Delivered via e-mail attachment and network shared spaces; sends e-mails with forged return addresses; turns off antivirus applications, may permit remote access. How much do malware attacks cost businesses? It’s tough to find reliable numbers because there are no universal metrics for calculating damages. But when you figure in reduced productivity, missed business, the cost of software upgrades and the labor expenses associated with cleaning up and protecting systems, you can safely put the overall losses for each major outbreak in the millions. (In a few major cases, analysts set the global economic impact at $1 billion and up.) In 2005 alone, U.S. companies lost $15.7 million to virus outbreaks, according to the 2006 CSI/FBI Computer Crime and Security Survey conducted by the FBI and the San Francisco-based Computer Security Institute. In fact, such attacks accounted for 74 percent of all security-related financial losses–more than system break-ins, stolen hardware or data theft, according to the 11th annual survey (Free download available; registration required). While many of the participants–executives from more than 600 U.S. companies–weren’t willing to estimate how much security problems cost them, those who did reported losses averaging nearly $168,000. Even for smaller organizations, malware can take a toll in terms of productivity: Another research organization, Mechanicsburg, Pa.-based ISCA Labs, says businesses typically lose about nine “person-days” to recovering from every malware incident. How can companies protect themselves against such attacks? Experts recommend that you: Take a big-picture approach. Look at security as a business imperative, not just a “tech problem.” Given ongoing concerns about cyberterrorism, it’s worth encouraging all executives and managers to stay informed about the latest threats. Keep corporate firewalls updated. Make sure that your IT team monitors event logs for early evidence of attacks or intrusions. Invest in maximum-strength antivirus software for every computer, including those used by remote, mobile and contract workers. Insist that employees regularly update the software–or make it happen automatically, if possible. Monitor incoming e-mail with virus-scanning software that deletes infected messages and quarantines spam (which can carry viruses and worms). Make sure both your overall systems and employees’ individual machines get backed up regularly to ensure that critical data is preserved even if original files are attacked. Establish procedures for safe network file-sharing; otherwise, when workers move files between computers, they may inadvertently pass along viruses or worms as well. Instruct employees to remain vigilant about incoming e-mail. The old warning about not opening messages and attachments from strangers still stands. But users should be equally cautious with e-mails that may initially seem to come from acquaintances because malware often spreads by co-opting real e-mail addresses. A weird subject line–one containing misspellings or a reply to a message that the recipient didn’t send—often signals the presence of a virus or a worm. Bottom line: When in doubt, delete.