Tag Archives: VeriSign Inc.

About 860 days ago Business Software

5 Ways IT Can Ease Small Business Accounting

Ever hear a story about a business owner who enjoys accounting and bookkeeping? Some say he lives in Tulsa, others claim it is a woman in Fresno. I think it is an urban legend. Small business owners tend to dislike crunching numbers because it takes too much time, can be too confusing or it involves expensive, hard-to-use software. The result: 64 percent of businesses manage their money half-heartedly out of shoeboxes and spreadsheets, or generally lack a solid accounting system,according to SimCorp USA Inc. and the Financial Executives Consulting Group. You can take control. Here are five ways that online technologies will save you accounting time. Head to the cloud, eliminate software For a small business, turning to the cloud can provide a plethora of accounting and money-tracking applications that have very clear advantages. Such advantages enable users to work from anywhere, on any computer that has a browser. All of these solutions work on a Mac or PC – there are no limitations. Working with accounting solutions in the cloud also allows you to grant access to collaborators such as business partners and accountants who can help with the work that needs to be done. Though some applications charge a monthly fee that could exceed the cost of desktop software, there are many inexpensive options, and some that are completely free. You will also find that cloud-based applications automatically back up data, eliminating the risk of lost work. For some people, working in the cloud raises anxiety levels brought on by potential security threats. Therefore, you should make sure the service you choose has privacy and security measures that are certified by a third party. VeriSign and TrustE are among the best known. Manual entry is dead – stop using it Many individuals spend countless hours on their accounting processes manually entering purchases, receipts and payments. When you make a purchase, it automatically becomes visible on your credit or debit card statement. And when you deposit a payment, it is posted to your bank statement. The information already lives in digital form, so there should be no need to manually enter it into a spreadsheet. Choose an accounting application that allows you to import data directly from your bank and credit card accounts. Automate to stop human error or duplication of work Running a small business means there is an unlimited amount of data that needs to be tracked, so using an automated system will dramatically save you time. When the numbers come in directly from the bank, there is no chance you will accidentally transpose two digits and then spend hours trying to locate your error. The chance of bookkeeping errors that lead to lost income or tax penalties is greatly diminished. A good accounting application will also be efficient. Do you type invoices manually and then record the information into a spreadsheet? You are duplicating your workload. A good online solution will allow you to create invoices and automatically register the income, taxes and other details into the right places. Simplify tax time What does tax time cost you, emotionally and financially, every year? Let me paint an alternate scenario: You choose an automated, cloud-based accounting tool that gathers your transactions year-round. You then either put in time to manage your books, balance sheets and income statements – far less than if you were doing things manually – or you invite a collaborator such as an accountant to do that for you. Come tax time, there’s no backlog. There’s no panic. What a relief. Keep track of the details Though we hate to admit it, we business owners cannot track everything ourselves. There are many responsibilities to running your own company, and while you focus on the juggling act, small but important tasks can be missed. A smart, intuitive accounting tool helps you pay attention to what matters most. Look for solutions that alert you when bills are due, when customer invoices are overdue, or send you real-time overviews that you can understand at a glance. Accounting is too important to ignore, and does not have to take a lot of time. With the new breed of online financial tools available, you will find they are easy to use and will simplify your life. And they are often inexpensive or free. Begin the New Year on the right note. Make it your resolution to reduce the time you spend on accounting, so you can focus on your business. Kirk Simpson is a serial entrepreneur and currently the CEO of Wave Accounting, a free online accounting application designed for small businesses. He can be reached at kirk@waveaccounting.com.    

About 1265 days ago Data Security

For Holiday Cheer, Keep Customer Data Safe

our beautiful site

This is Greg Balestrieri’s first Christmas as the Candy Man and he’s doing everything he can to make it a good — and safe — one for customers of his online sweet shop, Candy.com. Balestrieri and his cousin and co-owner Joe Melville opened Candy.com in July stocked with 6,000 types of candy from 500 sweets makers. Christmas goodies include gingerbread-shaped Peeps, a two-pound mint stick, and old-fashioned ribbons and sourballs like your Grandma used to keep in the living room candy dish. To prep for Christmas, the eight-person Weymouth, Mass. company also stocked up on e-commerce security measures to keep customers safe while they shop, including the latest website encryption technology, multiple security seal programs, and payment options that don’t require customers to input a credit card number. “It’s all about conversion,” Balestrieri says. “When you have thousands of people coming to your site every day, if making one little change like putting a security logo on your checkout page makes a 1 percent difference in conversion rate a day that can make a huge impact on your bottom line over time.” Like Candy.com, small online merchants are mimicking the security practices of bigger, more well-known e-tailers to give customers a little peace of mind along with their wares this holiday season. It’s vital for small businesses to show they’ve got their customers’ best interests in mind because they don’t have the familiarity of big brand names to fall back on, says Robert Siciliano, a Boston Internet security consultant. “In this day and age, you should be screaming about how secure you are,” Siciliano says. “Consumers are overwhelmingly concerned about their personal security as it relates to fraud prevention and identity theft. If you can show them you’re a security-minded brand, they’re more likely to do business with you.” Secure holiday shopping cheer When planning their online store, one of the first things Balestrieri and Melville did was hire a website hosting company that met widely used PCI DSS standards for processing credit card payments, which include a number of mandatory security measures. To keep customers saying “Ho, ho, ho” instead of “Oh, no, oh, no,” here are other measures electronic shopkeepers should take, according to security vendors and consultants: Use EVSSL — Extended validation secure socket layer, or EVSSL, is an upgrade to the existing SSL security standard that requires certification requests to go through a more rigorous identity check and authentication process. When a website’s got EVSSL its browser’s URL address bar turns green: on the left for Firefox, on the right for Internet Explorer or green text on white background on Mac Web browsers. Since its February 2007 introduction, EVSSL has been adopted by 18,000 sites, including big names such as eBay and Overstock.com, but predominately small merchants, says Tim Callan, vice president of product marketing at VeriSign, part of the consortium that created the process. Some companies opt for EVSSL coverage throughout their entire site, while others like Candy.com use it only for the checkout process. Sign up for seal programs — Small merchants can pay security agents to vet their websites to ensure they’re operating within set security precautions and get trust marks or seals to display if they pass. Charges for such programs vary; VeriSign’s is $995 a year per server. Other programs include TRUSTe, BBB and McAfee Secure. Some also display the date and time a site went through its most recent security check up. Experts suggest merchants prominently display trust marks, especially on checkout pages or other spots where they’re asking customers to fill out forms. Offer multiple payment options — For shoppers leery of giving credit card information to an online merchant they’ve never dealt with before, offering alternatives such as PayPal or Google Checkout is another way to gain their trust. Unlike larger merchants, small businesses don’t pay PayPal a monthly fee to maintain an account so it’s helpful and cheap, says Eddie Davis, the company’s director of small and mid-sized business service. However, merchants do pay PayPal a commission of 1.9 percent to 2.9 percent on each transaction. According to Davis, PayPal’s research has shown small merchants conversion rates go up 23 percent when they offer alternative payment methods. “We bring a lot of consumers who love using PayPal and they’ll seek out sites,” he says. Another option that security experts suggest is this: if you accept credit card payments, delete card information after a transaction, thereby eliminating any risk hackers could break in and steal it. Show and tell — It’s not enough to display security program logos or trust marks on your website. You need to create a page somewhere that explains in detail what precautions you take, Siciliano says. That goes against the grain at some major online merchants, who treat their security measures as a competitive advantage. By contrast, smaller merchants who promote their security programs can use it as a way to differentiate themselves from their like-sized competitors. “Partnering with those big companies helps us get closer to that point of being trusted,” Balestrieri says. Keep customers in the loop — If the name of your online store isn’t the same as your corporate name, include both on order confirmations or credit card receipts that get e-mailed to customers — it’ll save them from refusing the charge because they don’t know where it came from. “You’re also showing them you’re conscious of their card activity, you’re concerned for the security of their card,” says Siciliano, the security consultant. Because Balistrieri’s company’s legal name is G&J Holdings LLC, both that name and Candy.com show up in the Web browser window when customers are checking out, and on receipts. E-commerce security isn’t just about keeping customers safe. Merchants have to make sure they’re not getting defrauded either. That’s why security experts suggest small businesses use intrusion protection hardware and software, monitor credit card activity levels and keep credit card blacklists. SIDEBAR: Safe Shopping Resources Resources online retailers can use to find out more about e-commerce security include: PCI Security Standards Council — The online home of the industry group that developed the PCI DSS security standard for credit card payments offers a variety of resources and information, including downloadable specifications. CA/Browser Forum — This volunteer industry consortium creates guidelines used for issuing EVSSL certifications and provides updates related to the standard. The Number One Sign of Trust on the Internet — Results of a May 2009 study from Synovate/GMI and commissioned by VeriSign about online shoppers’ security concerns.

About 1721 days ago E-Commerce

Market Online without Spamming

our beautiful site

E-mail is still one of the best ways for small businesses to reach customers and prospective buyers. But send too many unsolicited marketing messages and you run the risk of people thinking you’re a spammer. Thankfully, there are weapons in the war on spam that companies can use to make sure their legitimate marketing messages aren’t mistaken for spam. Certifying outgoing e-mail One new tool is signing up with an e-mail certification service, which puts a sender through a rigorous authentication process to prove they’re the real deal. The services work on the same principle as website verification services such as eTrust or VeriSign. Companies submit certain information about themselves to a certification agency, including a physical address, Dun & Bradstreet listing, what their e-mail practices are, or how they obtain their e-mail mailing lists. If they’re approved, they can place an icon on messages they send showing that they’ve passed inspection. One of these e-mail certification services is GoodMail, which uses a seal of approval that looks like a blue ribbon hanging from a white envelope. When a company has the GoodMail seal of approval, the blue ribbon icon appears on the outside of an unopened message in the recipient’s e-mail inbox, as well as on a toolbar near the top of the opened email message. GoodMail has already signed up 400 companies for the service, including brand names like Shutterfly, Petco and StubHub. The four-year-old Mountain View, Calif., company also has deals with Internet service providers and e-mail service providers that account for about 65 percent of all e-mail traffic in the United States and is negotiating others, says Charles Stiles, vice president of business development. The service costs $1 to $2.50 per million messages, based on volume. Although most early customers are big companies, GoodMail is actively pursuing small businesses too, because they’re most likely not to have IT staff to deal with spam problem, Stiles says. GoodMail isn’t the only company with an e-mail authentication service. Return Path offers an e-mail white-list service, called Sender Score Certified, that the company claims covers 1.2 billion e-mail inboxes. Return Path recently announced it was acquiring another competitor, Habeas, which markets a service that follows large e-mail senders to see whether they’re complying with federal spam laws. Other companies with e-mail security technologies of one favor or another are Cloudmark and Commtouch. SIDEBAR: Other Strategies to Avoid Looking Like a Spammer Certifying outgoing e-mail is one step companies can take to let customers know they’re not spammers, but there are others. E-mail experts say they also need to: Deliver material the customer expects. If customers sign up for a free newsletter about pet care, don’t mail them mortgage offers. Stick to stated mailing frequencies. “If you say you’re going to send weekly mailings, don’t send out three in one week to make quota,” says Stiles, who was the postmaster at AOL before joining GoodMail and dealt with spam-related issues on a daily basis. Make unsubscribing as easy as subscribing. If someone chooses to unsubscribe, do it immediately. “Don’t ask them 15 times, just get them off the list” as quickly as possible, Stiles says. Block employees’ access to unauthorized Websites. The further employees wander on the Web, the greater the risk they could inadvertently let a hacker get onto the company’s network and use it as a botnet to launch spam attacks. Avoid it by using Web blocking software and creating explicit policies about where employees can and can’t go online. Check your online reputation. If you get on a spam blacklist like the kind kept by Habeas, your customers might not receive your mailings. Avoid spammer language. Pick your words carefully so you don’t accidentally include language in email marketing pitches that set off spam filters at ISPs and email service providers.

About 1783 days ago Data Security

Can Outsourcing Better Protect Customer Data?

our beautiful site

“Is it inherently insecure to let someone else handle your own security?” mused an October 2007 report by Forrester Research. Not if a reputable firm can do the job better and for fewer greenbacks than you can, experts say. In today’s marketplace, your company must meet a dizzying number of compliance regulations, with acronyms to match, if you store your customers’ personal or financial information.  Everything from the Payment Card Industry Data Security Standard (PCI DSS) to the Gramm-Leach-Bliley Act (GLBA) to Health Insurance Portability and Accountability Act (HIPAA) requirements. High-profile cases of laptops containing such data being stolen have added to the angst. Meanwhile, many smaller businesses just don’t have the manpower to handle these added security concerns. “You might have someone on-site who can put in a firewall or a VPN [virtual private network] gateway, and then forgets about it,” warns Guy Fardone, chief operating officer and general manager with Wayne, Pa.-based Evolve IP, a managed security and compliance services firm. “So no one is looking at it, and no one is updating it…they never inspect it.” As a result, there is no threat detection and the system is at risk, he says. Does this sound familiar? Providers come in several flavors If it does, hiring a managed security services provider (MSSP) may be the solution. They can step in and install and manage firewalls, VPNs, vulnerability management, Web filtering and anti-spam, security intelligence services, and wireless and mobile functions.  According to the Forrester report, there are several types of these providers, including: Managed services specialists, such as Evolve IP, SecureWorks, and Solutionary; Security product or service vendors, including VeriSign, McAfee, MessageLabs, and Google’s Postini, which offer either security services or products; Telcos and managed services providers, such as Verizon Business, AT&T, and Sprint now offer some of these services. Which type of MSSP should you choose? That, experts say, depends on how extensive your needs are. For example, do you need consulting, hardware, and services, or only some of these? Telcos do not provide compliance consulting, “but if requirement number one for PCI [compliance] is that you need a firewall, you can get one through a telco,” notes Doug Barbin, director of product management with Mountain View, Calif.-based VeriSign. VeriSign, which offers a full range of MSS products and services to enterprise customers, currently services the small business market only through telco partners such as AT&T, Barbin says. Other service vendors may cover specific security needs (for example, MessageLabs offers email protection and archiving services) but not a full range of service. A so-called pure-play MSSP, such as SecureWorks or Evolve IP, can provide a wide range security and compliance systems and consulting, notes Evolve IP’s Fardone. The cost can start at $100/month for a managed firewall and run over $1,000/month for a threat detection service, but is still “cheaper than hiring someone,” he says. Choose wisely and get everything in writing The next big question: whom to choose? “Like choosing a doctor, the customer’s lack of specified knowledge in the field makes trust an essential issue,” the Forrester report notes. Many companies tend to rely on word of mouth. Whomever you choose, make sure the service-level agreement (SLA) you draw up with the company is crystal clear and is done with legal help. This IncTechnology article on avoiding security pitfalls with subcontractors can help. Experts recommend that the SLA includes enforcement rights, consequences, and a policy about how sensitive data will be destroyed after use. After all, a good security agreement with the correct firm can save you time, money — and your bottom line.

About 1874 days ago Computer Security

New Ammo to Battle Online Fraud

When it comes to protecting customers online, small businesses can’t act small. Customers expect them to use the same safety measures employed by larger businesses. That’s why Terence Johnson didn’t wait for a customer at Scribendi, the Canadian editorial services company where he’s vice president of technology, to fall victim to a “phishing” expedition before upgrading his website security. Last year, Johnson upgraded to a newer security protocol called extended validation secure socket layer, or EV SSL, an improvement to existing SSL that requires certification requests to go through a more rigorous identity check and authentication process before being approved. EV SSL is one of a handful of measures security experts and industry analysts suggest companies of all sizes take to combat phishers, identity thieves, and others out to steal valuable personal information from unwitting Internet users. Acting before you need to is one way to keep the bad guys at bay, according to a December 2007 report on e-commerce fraud from The Aberdeen Group, a Boston technology researcher. According to Carol Baroudi, the Aberdeen Group analyst who wrote the report, all types of businesses that sell something or conduct financial transactions online can also prevent fraud if they: Authenticate new customers while they’re creating an account Add layers of user authentication, geo-location and device authentication Establish and enforce security policies Use anti-fraud directories Continuously educate themselves and customers on new types of security threats and protections Consortium created EV SSL to combat fraud A consortium of more than two dozen Web browser and security technology companies formed the CA/Browser Forum to develop and introduce EV SSL in February 2007. Since then, approximately 4,000 websites have been certified to use the protocol, says Tim Callan, vice president of SSL product marketing at Verisign, a consortium member. Seventy-five percent of those websites are VeriSign customers, and of that number, 80 percent are small businesses, Callan says. The thinking behind EV SSL: increasing the hoops parties need to jump through to be certified will weed out undesirables who create fake websites, and at the same time, make consumers feel safer when they visit legitimate online establishments, Callan says. To that end, when someone using Microsoft Internet Explorer 7.0 visits an EV SSL-certified Web site it turns the browser’s URL address bar green, much the way a green traffic light signals it’s OK to proceed. Upcoming releases of Firefox and Opera Web browsers are expected to work with EV SSL, according to industry reports. Appleisn’t part of the consortium and EV SSL doesn’t work with its Safari browser. EV SSL isn’t cheap. VeriSign charges $995 per server per year, with volume discounts, and a second version with even stronger server cryptography costs $1,499 a year per server. It’s not cheap, but it is worth it, says Johnson, the technology guru at Scribendi, in Chathan, Ontario, which has provided editing services to authors and other clients for 10 years and has a staff of 100. Customers appreciate businesses that go out of their way to provide them with security, Johnson says. And it pays off. In the four months after Scribendi started using EV SSL, the number of orders from Internet Explorer users who visited the website increased 27 percent from the four months immediately prior. “That’s an indication that people are learning to recognize” what it means, Johnson says. As New York City apartment dwellers know to use more than one lock on their doors, Websites should use more than one security system, business owners, security experts and others say. In addition to EV SSL, Scribendi uses security tools from the company’s Internet service provider, encrypts transmissions of manuscripts and other documents that editors are working on and authenticates payments in real time, Johnson says. “When it comes to security, being a small business doesn’t count,” he says. “You have to use the best tools you can.” SIDEBAR: Resources to Learn about EV SSL Here are some resources small businesses can use to learn more about EV SSL and other measures for stopping e-commerce fraud: EV SSL FAQ — Everything you wanted to know about EV SSL, from the CA/B Forum, the volunteer consortium of 27 security companies and 4 Web browser makers that created the security protocol. A primer on e-commerce security issues — published by Ecommerce-Digest.Com, an online publication that covers the Internet security industry. E-commerce white papers — A collection of research papers and other documents explaining online fraud and security measures used to combat it, from ZDNet, the technology trade publisher. The Anti-Phishing Working Group — A five-year-old industry association with 3,000 member companies that documents phishing activity and shares best practices for stopping it.

About 3335 days ago Computer Security

Safe Specs

The way the security-industry experts see it, if you’re a small-business owner, Internet security is your problem. Not your IT department’s problem. Your problem, and your responsibility. That doesn’t mean you, as CEO, must fiddle with the actual nuts and bolts protecting your valuable information. But it’s in your best interest to understand what’s at stake, help craft an overarching strategy, and stay on top of security initiatives — just as you would with any other major activity in your company. Following are three suggestions for doing that. 1. Make security a business priority. The National Cyber Security Summit Task Force, an industry group, recently issued a “Call to Action ” urging companies of all sizes to help “strengthen America’s homeland security” by taking a comprehensive, high-level approach to shielding their systems. “Information security is not only a technical issue, but also a business and governance challenge,” says the report, which suggests specific security-related tasks for CEOs and other top executives. “Effective security requires the active engagement of executive management to assess emerging threats and provide strong cyber security leadership.” That approach is at least as important for small companies as big ones, says Larry Clinton, chief operating officer of the Internet Security Alliance , a nonprofit trade association based in Arlington, Va. However, he continues, many SMB owners don’t understand just how vulnerable their companies may be. According to ISA research, SMB executives generally feel they’re safer than their Fortune 500 brethren when it comes to network break-ins, crippling virus attacks, and other security breaches. That’s a dangerous misconception. In fact, most hackers are equal-opportunity intruders, meaning they scan the Internet for any available security loophole, whether it’s at a global financial institution, a midsized manufacturer, a local retailer, or a home-based business. Viruses and Internet worms don’t necessarily target companies of any particular size, according to the ISA and other organizations specializing in online security . But because small enterprises often have less stringent security than large corporations, Clinton says, they often get hit more frequently. Case in point: The Mydoom worm (and several later spinoffs) that flooded the Internet in January 2004, slowing servers and, in some cases, installing programs that could allow outsiders to penetrate systems, steal information, and remotely control computers. “One in three small businesses was affected by Mydoom,” Clinton says. “For larger companies, it was one in six.” And the damage may be proportionately more severe for SMBs, says Clinton, who recently testified about SMB issues at a U.S. House of Representatives subcommittee hearing on improving public awareness about cybersecurity measures. “Large companies can afford to take some hits,” he points out. “Smaller ones have smaller margins. A major outage or million-dollar damage can put them out of business.” Substandard or outdated security also puts SMBs at greater risk from targeted attacks from, for instance, disgruntled former employees or shady competitors. For that reason, small-business CEOs “need to understand that, in today’s world, their security plan is just as important as their marketing plan,” Clinton says. “It’s now an integral part of their business. They don’t need to do the work themselves, but they do need to have it in their business plan.” 2. View and treat security as a work in progress. New threats keep evolving, as do new solutions for combating them. Among the latest at this writing are browser-based attacks , which rose 25% between 2003 and 2004, according to the Computing Technology Industry Association . Those attacks involve harmless-looking websites that are actually booby-trapped with malicious code that crashes visitors’ browsers, sabotages their computers, or lets attackers access sensitive or confidential information. For that reason, it’s important to realize that security is always, always a work in progress: “The idea that ‘I just bought security software, so now I’m safe for the next four years’ is a fallacious one,” Clinton says. The growing use of wireless networks, instant messaging, and other new technologies creates new security risks. SMBs must also constantly adjust policies and practices to cope with threats and keep employees, contractors, and customers posted on those changes. One widespread example: Many companies now restrict or ban the use of e-mail attachments, which can carry viruses. 3. Start with the basics — but don’t stop there. First, if you haven’t already done so, take those simple low- and no-cost steps that security experts have drummed into our heads for years: Choose hard-to-guess passwords and change them often. Back up all important data frequently. Use and update virus-scanning software. In addition, disseminate security best practices. For example, encourage employees to turn off their computers or disconnect them from the Internet when they’re not in use. Limit access to sensitive and confidential information. Enlist managers in making sure unused e-mail, voice mail, system access, and other accounts are shut down as soon as workers or contractors leave the company. (For more recommendations, see ISA’s free, downloadable SMB cybersecurity guide . Written specifically for small-business entrepreneurs and executives, the 37-page PDF includes actual case histories as well as advice. Meanwhile, develop a business-oriented security plan. A free downloadable Cisco Systems Inc. report , What You Need to Implement a Network Security Solution , recommends considering the following strategic questions as you do: Government regulations, industry standards: If applicable, what must you fix to comply? Customer protection: How can you safeguard individual and corporate customers’ confidential information — and how can you assure them that it’s protected? Risk level: What are your most mission-critical applications? What do you see as an acceptable level of risk? Corporate policies: What in-house rules will you establish? How will you monitor and enforce them? Finally, keep in mind that nothing is ever 100% safe. Your best bet is to aim for flexible, scalable, well-integrated approach to security so that when problems arise — and it’s smartest to assume that they will — you can respond quickly and minimize the impact. With that in mind, security expert Tom Kellermann, senior data risk manager for The World Bank in Washington, D.C., suggests in his “Electronic Safety and Soundness” guidelines that you approach any security initiative with three sobering axioms in mind: Attacks and losses are inevitable. Security buys time. The network is only as secure as its weakest link. Websites with Information Security Information Internet Security Alliance Resources include Common Sense Guide to Cyber Security for Small Businesses , a free downloadable 37-page PDF file with information and real-life examples. National Cyber Security Alliance Resources include an online beginner’s guide to Internet security threats and a quick online self-test to help determine your organization’s vulnerability. Also maintains a user-friendly security glossary . National Cyber Security Partnership Resources include an online CyberRisk profiler and a risk checklist , both designed to help visitors pinpoint and improve their company’s security weaknesses. U.S. Computer Emergency Readiness Team (US-CERT) Resources include the National Cyber Alert System , part of the U.S. Department of Homeland Security; system provides updates on Internet security threats. Additional Online Resources Overview of Internet attack trends , from the CERT Coordination Center at Carnegie Mellon University Information on the federal government’s National Strategy to Secure Cyberspace , part of the larger National Strategy for Homeland Security CSO (Chief Security Officer) magazine resource center Seven simple computer-security tips for small-business and home-computer users, form the National Infrastructure Protection Center Vendor Resources Microsoft Corp.’s e-Security Guide for Small Businesses . ServGate Technologies Inc.’s white papers on network security, spam control, and virus protection Cisco Systems Inc.’s white paper, What You Need to Implement a Network Security Solution, a seven-page PDF file VeriSign Inc.’s Internet Security Intelligence Briefings , updated periodically with information about fraud and attack trends

About 4490 days ago Data Security

Protect Your Business From a Hack Attack

Safeguarding your Web site — especially sensitive site areas such as shopping cart software — against hackers need not be an expensive and time-consuming affair. With a few basic precautions, you can make your Web site extremely difficult and unrewarding to hack. Your Web site is most susceptible to hacking through your shopping cart, so choose wisely. Here are three guidelines to help you choose the best one for your business: Shop around. Use newsgroups such as AOL.com’s Search Newsgroups and online reports such as About.com’s Web Store Software Selector to verify the products you want to purchase are safe to use. Avoid free software. Although it might seem an attractive option, downloading free shopping carts is extremely risky for three reasons: the source of the software is indeterminate; you can’t check the creator’s credentials; you have no one to hold responsible for hacking incidents. Buy smart. Several ready-to-use shopping carts on the market today, including EasyCart, Monstercart.com, and MerchandiZer, have been designed specifically for the small, online business owner. These are often available at little or no cost. But be aware: No software comes with a no-hacking guarantee. There’s always a chance that a hidden access password, or backdoor, might be lurking. In 90 percent of all hacking cases, the most vital data had been provided from within the organization. Here are three rules to follow religiously: Change the default password immediately. Whenever you purchase a ready-to-use shopping cart, your first step should be to change the default password that comes built into the software. Although this might seem an obvious precaution, it’s one many people overlook. Change your shopping cart password frequently and guard it zealously. Change passwords often. Frequently change passwords. Tell relevant passwords only to those who truly need to use them. Use passwords that include letters and numbers, and don’t use a password that’s easy to guess. Never write your passwords on sticky notes and paste them to your desk or monitor. Restrict access to passwords. Never allow more than one person the use of your server access password. For example, the person in charge of packaging doesn’t need to know your file upload password. If an outside agency designed your Web site, ask for all access passwords and change them immediately. If any changes need to be made on your site, you provide the password and control access to your server at all times. Many small, online business owners maintain their central work database and their Web server on the same computer. While this seems convenient — and necessary for storing such information as product descriptions, prices and images — any machine connected to the Web is dangerously vulnerable to attack. Here are two ways you can thwart would-be hackers: Delete sensitive data from the Web server. Sensitive customer data, such as addresses and credit card information, should never remain on the Web server itself. Even if the server is protected by a password, this data is only a few keystrokes from a talented hacker. Instead, devise an automated system to periodically copy any data stored on your Web server to a machine located on your premises and then delete the data on the Web server. After the data has been copied to your off-line system, restrict access to that system as well. Send sensitive data securely. Although the chances of a hacker intercepting data while it’s being transmitted are very low, you can protect your customer’s most sensitive information by providing a secure connection between your customer’s browser and your server. If you host your Web site on your own server, two companies, VeriSign and Thawte Consulting, offer this security using technology called Secure Sockets Layer (SSL). These companies provide a downloadable device called a digital certificate to verify to your customers that your company is a bona fide business. If you don’t host your own site, ask your Web host to provide a secure connection. Your host probably has a relationship with an SSL provider. It will cost you only a little more and it’s worth it; SSL protects your data from hacking and serves as reassurance to your customers. Regularly and consistently tracking activity on your Web site will help identify hack attacks. Here are three ways to do it: Monitor server access. Ask your network administrator to install a remote access mechanism that lets you shut down your server remotely as soon as you find evidence of suspicious activity. This will stop any hacking activity in its tracks. Your network administrator should be able to install a real-time alert, such as a beeper alarm or an automatic e-mail message, to inform you of any unauthorized attempts to access your Web server. Monitor site traffic. Changes in site traffic patterns sometimes indicate a hacker at work. A noticeable dip in traffic could mean something’s wrong with your Web site and would require immediate attention. Be sure to monitor site traffic on a regular basis. Run extensive sitewide checks if you notice any inexplicable changes. Run “preflight” checks. Make it a point for you or one of your employees to check the functionality of the entire site, especially the shopping cart area, every day. Here’s a checklist: Check whether the site is accessible on the Web. Check whether the home page displays the correct data. Perform random price checks within the Web site. Check the help function to see whether any data has been altered. Click links in the site to make sure they link to the right pages. Test the results of your search functions. Add random products to your shopping cart and proceed to checkout. What if you still fall victim to a hacker’s attack? Develop an action plan to minimize further damage to your system and to avoid inadvertent destruction of evidence. Your plan should include: Clear delegation of tasks to specific employees in the case of a security breach. A contact list of your Internet service provider (ISP) and/or Web host, Web site designer, network administrators or any Web security contractors you might want to use to recover from an attack. A contact list of local and national authorities to inform of the incident, including the FBI’s 24-hour service for immediate guidance after the attack. Periodic tests of your emergency procedures. And remember: Firewalls and fancy measures notwithstanding, the big break for a hacker will most likely be one little, vulnerable password. Copyright © 1995-2000 Pinnacle WebWorkz Inc. All rights reserved. Do notduplicate or redistribute in any form.

About 4766 days ago E-Commerce

Barbarians at the Watergate

THIS PLACE Washington society adjusts to a new breed: the fast-moving, different-thinking, so very dot-com riche In a blaze of lights at the MCI Center Arena, the nouveau Madison Square Garden of Washington, D.C., basketball superstar Michael Jordan made his announcement. He was acquiring an ownership stake in the Washington Wizards and would serve as the team’s president of basketball operations. The news, widely anticipated because of leaks prior to Jordan’s January 19 appearance, played well in the capital. Neighbors couldn’t stop talking about it. Pundits had a field day. It was the knell that signaled an end to the district’s darkest days. There was a new Washington now, with a new, can-do mayor, Anthony Williams. The city’s financial crisis was over. Real estate was rebounding. And now Michael Jordan, with that perennial movie-star grin, had arrived. Only one way to go, everyone seemed to be saying — up — a direction particularly well suited to His Airness (and the loss-ridden Wizards, too). It hasn’t been that long since D.C. — besides being the seat of the most powerful government in the free world — was a ranking murder capital with a standing mayor who was an international embarrassment. The city government was so mismanaged that stories of payroll checks being issued to dead or nonexistent employees were daily fodder for the Washington Post. “We’ve taken such a bruising in the past 10 years,” says John Tydings, president of the Greater Washington Board of Trade, sort of a chamber of commerce for the Beltway. Now, though, the new mayor, the city’s comeback, and Michael Jordan — hell, even the Washington Redskins’ finally making the NFL playoffs — were like manna from heaven. But Jordan’s entrance was eye-popping in another, more significant way. The deal that brought him to town was done without any help from the usual suspects — the cabinet officials, career politicians, lobbyists, media stars, Georgetown Brahmins, society hostesses, policy heads, real estate barons, and well-connected lawyers who have made the town what it is for decades, if not centuries. No, the people who landed Jordan were outsiders, like Wizards part-owner Ted Leonsis, who helped build a local company called America Online Inc. into, arguably, the first dot-com Goliath. These new big-city players did the Jordan deal in their off-hours with play money, much of it from tech fortunes. They made a huge splash for guys who five years before hadn’t even been on the radar screen, let alone on society-party lists. But this is a new day, and not only in Washington. Now politicians are no longer the role models they used to be, especially when compared with the strike-it-rich business stars. On March 9 the Wall Street Journal likened the new era to the turn of the last century, when industrialists with names like Carnegie and Rockefeller led the first entrepreneurial revolution. “It was an era when the economy — with wildcat prosperity, businessmen as media superstars — was shifting like tectonic plates; an era when Wall Street, not the White House, drove events,” the Journal reported. The first big wake-up call for Olde Washington had come only a week before the Jordan deal went down. That’s when America Online — a once unknown speck of a company dabbling in that Internet thing from offices in the distant suburbs — announced it was buying Time Warner Inc. for upwards of $166 billion. The establishment movers and shakers were caught off guard by the hordes of tech millionaires making waves in “our city.” “They don’t know who these people are. They don’t know anything about them. They don’t even know enough to be suspicious,” says Sally Quinn, the Georgetown high-society hostess who offers a window on the elite and also helps shape its outlook through her writings in the pages of the Post. “The first moment anyone ever thought about it was the AOL thing, and they said, ‘Oh, my God! That’s what they do over there.” None of those people were bred in Georgetown. Nor did they attend St. Albans, the elite private school in northwest Washington. Most don’t even have degrees from Yale or Harvard. Worse, they couldn’t care less about the society way of life. They trade neither on their social connections nor on their pedigree but rather on their business exploits, which might include a flaming dot-com failure (it seems to give them credibility, of all things) as easily as a stunning success. Instead of considering social standing in the good old-fashioned meaning of the term, they measure one another by the growth curve of their companies, the size of their paper fortunes, and the global impact of their businesses. Washington, to put it politely, has always been defined by power and access — who’s got it, who wants it, who lost it. Money has never been a part of the equation; certainly not in the way it is in, say, New York. But now money is a force to be reckoned with, big-time, and it’s here to stay. Politics has always supplied Washington with a new crop of movers and shakers, who tended to assimilate into the standing social fabric, refreshing their own ranks with each election. But this new group of tech-fortune youngsters isn’t leaving with the next election. “The way I view it, this is the biggest thing to happen to this city since Washington was made the capital of the nation,” says Quinn, who notes that the recent arrivals are infusing much-needed new blood into a town where the old money kind of “dried up.” And she enthusiastically welcomes the transfusion. “It’s going to have a big impact in every way,” she predicts. Washington used to be quaint, run by a stable circle of friends. Not anymore. To understand how all that is playing out, you need to look at the people who made the Jordan deal happen. The aforementioned Ted Leonsis, now president of AOL Interactive Properties Group and worth an estimated $1 billion, came up with the idea. Originally, he’d been a marketing guy with a company of his own, whose operations were folded into AOL when the larger company bought him out, in 1994. The then-unproven online service paid $45 million, mostly in stock, for Leonsis’s CD-ROM catalog company. That brought Leonsis on board for practically the whole AOL ride, all the way from obscurity to megagiant. Now he’s using the resources he gained to have some real fun. In May 1999, Leonsis and two partners plunked down $200 million for the Washington Capitals hockey team and a stake in the holding company, which counts the Wizards basketball team among its multiple properties. Leonsis figured that snagging Jordan would be the ultimate buzz card, elevating the profile of both teams. He and his group took a meeting with Jordan at his Chicago restaurant. Under the deal they eventually cut, the one that was announced at the MCI Center, Jordan got the front office of the basketball team, a stake in the partnership, and a chance to play with the dot-com boys. ( Boys is not a casual term; modern as dot-coms may be, there are few women among their ranks in Washington.) The way Leonsis tells it, the Capitals’ Web site will be the foundation for building an “Internet distribution channel” for the team in the same way that Ted Turner used cable TV to promote the Atlanta Braves. Right now the Capitals are red-hot. If Jordan also manages a comeback for the Wizards in the next few years, it isn’t hard to figure the upside: valuable teams, Web channel, and then the eventual acquisition of the entire basketball franchise when its current owner, Abe Pollin, 76, retires. No doubt, this was a value investment for all concerned. Six days before Jordan made his role official, Leonsis brought in a partner, Raul Fernandez, to help design the sports-team-cum-Web vision. Fernandez immediately took a place on the roster of Washington’s new power players. Just 33, he is a card-carrying member of the current crop of dot-com millionaires. He is the founder and CEO of Proxicom Inc., a fast-growing Internet-consulting firm based in Reston, Va., that serves clients like General Electric Capital Corp., Mobil Corp., and Mercedes-Benz Credit Corp. And he’s a big sports fan. “I told Ted last summer, ‘If you ever need another partner, I’m in,” he says. Fernandez has gotten a lot of ink lately, being featured in the Wall Street Journal and on the cover of Fortune, where he appeared right next to Jordan (“America’s 40 Richest under 40″). His background speaks volumes about how diverse the new A-list in D.C. can be. Fernandez is the son of a Cuban immigrant who came to this country with $100. He grew up outside Washington, D.C., attended the University of Maryland, and then worked on Capitol Hill for Congressman Jack Kemp. In 1991, with $40,000 in savings, he formed his own company. It grew like crazy and went public in April 1999. Since then Proxicom has grown so rapidly that Fernandez’s 28% stake is now worth about $600 million. With that kind of money, he can afford to indulge his “love of competition, in any form.” Although he jets around the world all the time — Proxicom is steadily expanding — Fernandez calls the sports team his “night job.” It has raised his profile, as have his other local activities. Fernandez talks passionately about the importance of community service and appears on philanthropic panels. He is conscious of being a role model for his employees, many of whom are already millionaires in their late twenties and early thirties — the coming shock troops for the new establishment. The rise of a figure like Fernandez is just another signal that times are changing inside the Beltway. Talk to one of the society veterans, like real estate power broker Robert Linowes, about the Washington business world of the 1960s and 1970s. You’ll get a picture of a quaint, provincial town, run mostly by developers, bank managers, and retail executives, who would welcome the other power players — the pols and their minions — in full knowledge that eventually most would return to wherever it was they came from. By contrast, the old Washington hands Linowes recalls knew one another: they sat on the same corporate and philanthropic boards. In the evenings they hobnobbed with the ever-changing political-cultural elite. “It was incestuous, but no one even thought about it,” Linowes says, recalling the days when the landscape could be altered by a few words over dinner at the Willard Hotel. “Conflict of interest? If you didn’t have a conflict, you didn’t have any interest.” It was a cozy little community in those days. But that community has long faded away. The local retail chains were bought out or folded. The banks were gobbled up, the CEOs with community ties replaced by professional managers. And while Washington’s business world was devolving, the federal government was seeding a vast and entirely new industry outside the city’s borders. So-called Beltway bandits grew by feeding an insatiable demand for information technology, supplying all the computers, software, telecommunications services, and training that could fit into the budgets of federal agencies. The defense buildup and deregulation of the telecommunications industry during the 1980s fueled the growth of high tech so well, it now has more employees in the D.C. area than the federal government itself. By the mid-1990s, the local versions of Silicon Valley-style growth companies were primed like a tinderbox ready to explode. The technology, the communications, and the workforce were all in place. All that was needed was the economic spark — and then came the Internet. Mike Daniels, chairman of the Internet-domain-registration company Network Solutions Inc., based in Herndon, Va., is a prime example of a player who was brought into the game by the dot-com revolution and the explosion in Web businesses. He’s one of the “new” breed that was actually in the area all along, one of the tech executives who had worked for decades in obscurity under the shadow of the military- industrial complex. He started out as a naval research officer at ARPA (the Defense Department’s Advanced Research Projects Agency, which invented the Internet — first known as the ARPANET) and then formed his own technology-consulting company. He sold it in 1987 to Science Applications International Corp. (SAIC), an employee-owned company and one of the Beltway bandits. “We were very typical of what went on here in the Washington technology community, especially in the northern Virginia side, until the Internet revolution began,” says Daniels. In 1995 he convinced SAIC that it should buy Network Solutions for $4.8 million. Network Solutions was as close to being a world-dominating organization as there ever was, if you consider cyberspace to be the world. The company was the registrar for the Internet, the keeper of domain names on the Web. Daniels became chairman of the subsidiary and led its initial public offering. In March, VeriSign Inc. agreed to buy Network Solutions for $21 billion. Obscure no longer, Daniels is a made man. Now he appears with the Steve Cases and Michael Dells of the world on panels such as Governor Jim Gilmore’s 2000 Global Internet Summit, which was held in March in Fairfax, Va. The pace at which this new world has emerged isn’t lost on traditional power brokers like Linowes. In the past, he says, if he wanted to raise money quickly on behalf of some philanthropy, all he had to do was get on the phone. With calls to 20 close friends from the city’s business community, he could complete a fund drive. That’s all changed now. Trudging out to northern Virginia recently to seek funds for the Smithsonian’s National Air and Space Museum, Linowes met with a number of the new-wealth class of greater Washington: high-tech executives. “But I had to be introduced. No one knew me,” Linowes said afterward, briefly interrupting the interview to take a call from the governor of Maryland. And what of the old crowd in the Washington business world? Where are they now? “Either dead or out of business or both,” he said, laughing. Anthony Kennedy Shriver (a member of two of the “best” families in town) started the nonprofit organization Best Buddies in 1987, when he was a student at Georgetown University. His organization offers social and employment opportunities for the mentally retarded. In the early days, he says, he relied on his family’s circle of friends — Washington’s political and cultural elite — for the donations he needed. That all changed in 1995, when Shriver was introduced to Leonsis. The AOL honcho decided to make Best Buddies his charity of choice. Leonsis came aboard as cochairman of the Best Buddies ball, the nonprofit’s fund-raising event, and one that drew many famous names. But not the names Leonsis could draw. He brought in his contacts from the high-tech world. “Honestly, in those days no one had heard of Ted Leonsis, and when I told my mother, she was like, ‘Fine, whatever. It’s your thing,” Shriver recalls. “But Ted was willing to work and get involved, and that’s what we were looking for.” Now Shriver talks about the “pre-Ted” and “post-Ted” eras at his charity. “I try to avoid remembering the pre-Ted days, because they were very unpleasant,” he says. In those early days the charity typically raised anywhere from $200,000 to $300,000 from the establishment. But with Leonsis working the phones — or rather, E-mail — the northern Virginia tech crowd began to show up in force at the Best Buddies ball and to give generously. Last year, with Leonsis’s Wizards partner Fernandez serving as cochairman of the event, tickets went as fast as shares in a dot-com IPO. With the ball oversubscribed, Shriver expanded the tent at his aunt Ethel Kennedy’s Virginia estate, and then he sold out again. When the black-tie event took place, in October, limos got stuck in the driveway. Muhammad Ali posed for pictures. The Pointer Sisters sang. The Kennedys welcomed guests. “People showed up from my family, but they didn’t know anyone, which from my perspective was a great sign,” Shriver says. Best Buddies raised a record $1.1 million that night. “When we hold events in Hollywood with a good number of celebrities, or in Houston, Palm Beach, Miami, or New York on the Forbes yacht, we raise maybe $300,000 to $400,000 a night,” Shriver says. “Washington just blows them away.” He is calling the upcoming 2000 event the “dot-com ball.” And this year he plans to raise $2 million. It will be a real A-list event, especially in the tech community — a party “where anybody who is anybody in the Internet world will be,” he says. That example hasn’t been lost on the region’s cultural institutions, ones that have been at the heart of the Washington social circuit for ages but that have been at a loss to capture much of the new wealth. “In the 1990s, at almost every board meeting I attended, the question was always raised, ‘How are we going to get those people interested?” Linowes recalls. “Almost every major foundation and charity had a committee aimed at doing just that.” “Is it a conscious strategy to get those new people involved? Yes. Is it organized? No,” says David Levy. The disconnect makes sense when you think about it. Many of the new paper millionaires are young and simply haven’t had the time that the older crowd has had to focus on how to give money away. And many of the philanthropies have never had ties to a class of people who lived on the wrong side of the Potomac River. But that’s changing. The Corcoran Gallery of Art, which as the largest privately funded art museum in the capital also runs a college of art, recently lured Bob Pittman, president and chief operating officer of AOL, to its board; he’s the first major figure from the tech community to join at that high level. Why, you might say that Pittman — the New Yorker credited with creating the massive MTV phenomenon before making his high-profile move to start shaping the world in AOL’s image — had finally arrived. But you’d better have your tongue firmly in your cheek, because in this case it seems that Pittman brings as much cachet to the Corcoran and the society it represents as they give to him. “Is it a conscious strategy to get those people involved? Yes. Is it organized? No,” says David Levy, the Corcoran’s president and director. The way he sees it, people give money for two reasons: to support the arts and education and to gain access to social and cultural circles in Washington. “We provide that access, and they provide the support,” Levy says. What’s not clear, however, is whether access to society is something the dot-com crowd wants. Where a charity-board seat might have been de rigueur for the well-bred, it’s more of a fun option for the newly minted. As Linowes says, “We had a certain way of giving and a certain level of giving. These people want to do things in new ways.” Remember, many high-tech fortunes were spawned by battling the establishment business world. These start-ups exploited small niches and built new entities by going against the grain. The late Bill McGowan, founder of MCI, is a perfect example. In fact, he’s something of an Ôber role model for many of the established entrepreneurs in the region, because his Washington-based company battled giant AT&T for years. McGowan used to exhort his troops, Whatever AT&T does, do the opposite. That rattle-the-gates strategy worked for all who followed, and they prospered by it. Why change any of those attitudes now? Already, there are strong indications that Washington’s technology elite is treating philanthropy in a very different way from that of the establishment. Many even take umbrage at the word philanthropy, since it suggests a handout rather than an attempt at producing fundamental change in people’s lives. Mario Morino, chairman of the nonprofit Morino Institute, in Reston, Va., for example, speaks in no uncertain terms of the need for “social change” to correct the huge disparities in wealth and opportunity for youth in the region. He’s not going by Karl Marx; quite the opposite. He’s repeating lessons learned by virtue of his entrepreneurial experience, which some would term ultimate capitalism. Morino earned his first entrepreneurial merit badge building Legent Corp., a software company that was sold to Computer Associates International Inc. in 1995 for $1.8 billion. By then Morino had stepped back from day-to-day business affairs and embarked on an eight-year odyssey to figure out how to give some of his $140 million away. Oddly, he found it harder to properly give his wealth away than it was to build it in the first place. [In the interests of full disclosure, the writer of this article worked on speeches for Morino a couple of years ago.] “We took [MicroStrategy founder Michael Saylor] to lunch, and over the course of that lunch his net worth went up by $145 million.” –Lloyd Grove, society columnist fpr the Washington Post