Tips to Avoid Your Data or Server Being Hacked

Posted on March 18, 2013 by Evolve Systems

It is estimated that 1 in 10 small businesses have been cyber hacked by criminals. Attacks on small businesses have continued to rise as have the number of criminals enlisting in for profit “data warfare”.

Black hats, Backdoors and Botnets!

We have all heard of worm, virus and Trojan horse attacks used by hackers to compromise the network servers of big corporations and governments. Most of us don’t know what they are or what exactly they do; we just know we don’t want them on our computers.

Now in addition to the crafty hackers who create these viruses there is a class of cyber criminals known as script kiddie or skiddies. These are unskilled people who buy scripts or programs written by skilled hackers. With these scripts anyone can target and successfully hack a server despite having no technical skill whatsoever. Black market sites have millions of hacking tools for sale like, bank codes, log ins, passwords and the like. This has opened up the technical world of hacking to any common criminal with an Internet connection. These cyber criminals don’t know a botnet from a backdoor but they are using them against small businesses.

Cyber Security is a priority in 2013

Small businesses have become a favored target of elite hackers and the common script kiddie because most small to mid-sized businesses, SMBs, don’t have proper and continually updated security measures in place, making them easy to attack. Often a business’ computers aren’t just targeted for a data breach but are also used as a zombie computer to facilitate various other breaches. On average there is a 156-day lapse between a system compromise and detection of that breach. Generally it is a third party like a bank that discovers credit card fraud and notifies the merchant they have been hacked.

Most experts agree that cyber attacks are not a case of “if they will happen, but when”. Business owners should protect themselves by making sure all the necessary security measures are in place and kept up to date.

Best Practices for defending against cyber attacks

PASSWORDS MATTER- A hacker can crack a 6 character lowercase password in ten minutes. However, by using an 8 character password with a few uppercase letters and that hacker will be at it for 3 years. Throw in a number or symbol and it takes nearly 50,000 years to crack it. Be sure you lock up your wifi with a strong password as well. In addition it is recommended to change passwords as often as possible.

Change Default Credentials- A popular technique used by cyber criminals is scanning for default credentials on Point of Sale systems. When they find the default credentials they immediately start capturing the credit card numbers stored in the system. Do not keep the same log ins and passwords that came with your hardware.

Firewalls- Install and maintain appropriate firewalls, one is probably not enough. Redundancy is key in network protection.

Protect your data starting at the server level

Educate your employees- Often breaches in network security are caused by innocent ignorance. Remote servers accessed by employee’s personal devices like smart phones and tablets put your organization at risk.  Make sure your staff is aware of the dangers of social phishing.  In tech terms there is a phrase known as level 8 compromise, namely human error, and it is at the heart of most security vulnerabilities.

Back it up! – Suffering a cyber attack is bad enough and can cost your business a ton of money in fees and lost revenue.  Lengthy recovery times can also interrupt the continuity of your business. However, if you are not backed up there is nothing to recover. Not all hackers are after money some are just destructive and may infect you with malware that will corrupt and or destroy all your files. A thorough disaster recovery plan  is essential for efficient recovery from a cyber breach.

Has your server been hacked, how did you recover?  Please share tips below that you have found helpful.

Share and Enjoy

  • Facebook
  • Twitter
  • Google Plus
  • LinkedIn
  • StumbleUpon
  • Email
  • RSS
  • Add to favorites
Posted in Evolve Vault, Website Maintenance Plan | Tagged , | Comments Off

Mobile Website Options – Here’s The Skinny

Posted on March 8, 2013 by Evolve Systems

2013 is all about mobile for businesses and consumers.  Mobile internet usage is projected to overtake desktop internet usage by 2014.  Most smart phone users never let their device be more than a few feet away from them.  It’s no longer uncommon to watch TV and be using your tablet or phone at the same time or shop in a retail store will surfing online.

Your small business needs a mobile solution

We shop, get information, exchange information and rely on our mobile devices more and more each day.

So as a small business – you must have your website mobile accessible at the very least and provide a unique and tailored experience for the mobile user in the best of all worlds.  A little vocabulary to get out of the way…

    • Mobile Friendly – your website is designed in a way to make it useable on a mobile device, probably not an ideal user experience but the ability to navigate, see text and pictures, contact you or place and order is so compromised that your web visitor abandons the site in favor of an easier to use site – small image sizes, no flash and clickable phone number and easy to locate address information is important
    • Mobile optimized means that the site will reformat itself for specified devices called out in the website coding. Buttons accessible with a thumb or by swiping, content formatted for screen size, and images optimized images to appear correctly are the kinds of issues addressed with mobile optimization.
    • Mobile Website – sometimes using the term, responsive design, takes into account the user experience regardless of the mobile device your visitor is using.  It’s a pared down version of the main website with thoughtful use of space and data so it provides a complete experience in a mobile setting.
    • Mobile App – a downloadable application designed the unique product and/or services you offer with a streamlined path for sales, information or reference to make the customer experience match and exceed expectations.  You should use careful consideration in developing a mobile app.  It could easily be the most expensive to maintain.

We are increasingly mobile in our behaviors and our need for information.  Considering that some 46% of consumers are unlikely to return to a mobile site if it didn’t work properly it’s important to have a mobile strategy in place.

Like to learn more?  Our next webinar will dig a bit deeper into mobile technology and how you can plan your next move.

Share and Enjoy

  • Facebook
  • Twitter
  • Google Plus
  • LinkedIn
  • StumbleUpon
  • Email
  • RSS
  • Add to favorites
Posted in Mobile, Website Design | Tagged | Comments Off

Keeping e-mail from consuming my life – A Presidential Perspective

Posted on February 13, 2013 by don

You may know me. My name is Don. I have an e-mail address. For many years now I have had to come to terms with the sheer volume of e-mail that comes my way. This barrage is a love-hate relationship. I simply love to get email, but I hate processing it.

Over the past several years I have developed a series of habits that keep me sane and prevent me from being a slave to the inbox. I am still looking for a better solution, as is the nature of the idea of evolving, but for now I am fairly happy with the steps I have taken and wish to share them with you.

Is your email inbox full

First, I come in early to work almost every day. I do this so that I am able to process e-mails from the night before. E-mail for me fall into 4 categories:

1)      Things that need me to do something NOW. The word now is important, as it sets the tone for what I am giving myself permission to do, or not do. (This is Key!) If something is a now item, it should be done at the moment that I read it.

2)      Things that I need to do, but not now. I will note this as a task (if not time based) or add it right then to my calendar (if time based). Task based may be something like: Call Mom. (Everyone should do this as a normal task, as often as possible.) Time based would be an appointment that needs to be met.

3)      Things that are interesting, but I do not want to deal with now. I will move this to one of several folders based on the type of data it contains: personal, research, follow-up, etc.

4)      Things that should never come to my attention, ever again. (Think: SPAM!)

In each case, 1-4, I am left with an empty in-box. I do not leave things in my inbox. I always move them to one of 4 types of folders. These are: Customer Folders, Time Folders, Later Folders or SPAM/Trash. The goal here is to have zero emails in my in-box when I am done. It is an in-box, not a fester until the end of humanity box!

The other thing that I have done that speeds my processing is to create filters for anything that comes at me more than once. These filters can move items to my High Priority (Time) folder, or if it is coming from a particular person it may move the message directly to their folder (Customer). This is also very useful if you have “that one person” who is infected with the need to send you jokes or pictures of monster trucks. I like jokes! I do. But I pay people like Jeff Dunham to make me laugh, not “that one person”.

And, here is the most important thing I do. I close my out my email system when I am done processing my emails. This means I am not distracted by something New and Shiny each time a message comes in. I even uninstalled my message indicator so that I am not alerted to new emails. This took discipline. But this habit also allows me to focus on the task that I am working on at the time, not on cute cat stories. (No, I do not care that you just posted something awesome on Facebook. If it is important I can look at it on my iPad, later.)

It is important to separate things that are important from things that are immediate. From personal experience I can tell you that there is an attraction to watching the inbox for things to do. It makes me feel like I am doing something. (And usually not the thing that I should be doing.)

By implementing discipline into the way that I deal with e-mail I have found myself to be much more productive and focused. The key here is to choose several blocks of time during the day to again process e-mail. Think of it like eating. If you take a block of time to go to lunch you are able to plan what you are going to eat and discipline your calorie intake. If you eat at your desk all day long, well, you will get fat. Shed those e-mail pounds by exercising some good data practices with your inbox.

Cheers,

Don

Don Raleigh is President of Evolve Systems.  We appreciate and rely on Don for strong leadership, direct communication and unique perspectives.

Share and Enjoy

  • Facebook
  • Twitter
  • Google Plus
  • LinkedIn
  • StumbleUpon
  • Email
  • RSS
  • Add to favorites
Posted in President's Perspective | Tagged , , | Comments Off

Are you storing sensitive merchant card data without knowing?

Posted on January 22, 2013 by Evolve Systems

Every time you swipe a customer’s card vital unencrypted information is collected and stored in your POS (point of sale) system. Most merchants are harboring unencrypted credit card data and don’t even know it. Over 70% of merchants that had their systems checked for security vulnerabilities were found to be storing customer’s unencrypted data. This is information that isn’t even needed by the merchant beyond the completed authorization for the transaction. The actual percentage of merchants and small businesses with this data is probably far higher as the 70% figure only reflects those that bothered to check.

Non-compliance for PCI can be costly

Small Business security breaches are on the rise

According to the 2012 Verizon Data Breach study, 72% of reported security breaches were in businesses with 100 or less employees. Over the last five or six years cyber criminals have abandoned targeting big corporations because of their vast security measures. These hackers prefer the easy prey of mom and pop shops whose systems are easily breached.  See a related story about a small restaurant chain hit with security breaches.

The financial cost of a breach can put you out of business

It is estimated that the loss of revenue to a small business that has suffered a security breach comes in at about $10,000. However, that is only the beginning. Card brands such as Visa, MasterCard and American Express will fine the acquiring bank between $20 and $30 for each card that is hacked. The acquiring bank then passes those fines on to the merchant. On average 40,000 cards are stolen per breach, multiply that by $30 per card and a merchant could be facing $1.2 million, just in fines. Furthermore the merchant is liable for whatever fraudulent charges were made on the card. In addition to the financial devastation that can result from a security breach, the loss of customer trust can ruin an otherwise stellar reputation.

Best practices for securing your data

So what can a merchant do to protect their customer’s data? There are several security measures such as firewalls, anti-virus software and creating unique ID’s and passwords for each user on the system. Unfortunately, as quickly as new security measures are developed, cyber criminals develop ways to breach those new measures. The best way to ensure you and your customers are protected is with PCI compliance. Merchants who accept credit cards know they are required to make their systems compliant, but what they don’t realize is it’s an ongoing process. Compliancy standards change constantly and keeping up can be confusing and time consuming. Many merchants assume that because their credit card processing company’s system is PCI compliant, so is their system. However, this is not always true.

Keep your customer data safe from criminals

It’s about more than transaction fee rates

Any merchant who accepts credit cards has undoubtedly received sales calls, mailers and spam emails from credit card processors promising lower transaction rates, no hidden fees, etc. Credit card processing is extremely competitive and full of fly by night operations. When choosing a merchant services provider, make sure that they provide ongoing and up-to-date PCI compliance services in addition to competitive transaction rates.

Are you a merchant worried you might have a breach on the horizon? Contact Evolve Systems for a mini audit of your payment-processing platform. Evolve Systems can guide you through the steps to becoming and remaining PCI compliant as well as providing competitive transaction rates.

Has your POS been hacked? How did you recover?

Share and Enjoy

  • Facebook
  • Twitter
  • Google Plus
  • LinkedIn
  • StumbleUpon
  • Email
  • RSS
  • Add to favorites
Posted in Fraud Prevention, Merchant Services | Tagged , , | 1 Comment

Social Media Marketing – Where is your ROI?

Posted on January 8, 2013 by Evolve Systems

It is estimated that 90% of small businesses use social media as part of their overall marketing strategy and that 87% of small-medium businesses (SMBs) are doing it wrong! In this post we will look at some of major pitfalls of “do it yourself social media marketing” and how to make social media marketing (SMM) platforms work for your business.  Let’s start with some common misconceptions about Social Media Marketing.

It’s free and it only takes a few hours…

While it may cost nothing but your time to post on Facebook and Twitter, as a business owner how valuable is your time? How many “free” hours do you have in a week? Too often business owners abandon social media efforts after spending countless hours creating a web presence because they realize they simply can’t keep up. Trends in keywords and search terms change almost daily. Therefore creating new original content with current SEO language requires constant updating to your content. Building and maintaining a strong social media campaign can easily become a full time job.

Traditional marketing strategies can be applied to Social Media…

The old push and shove outbound approach just doesn’t fly any longer. Social media is best utilized as part of an inbound marketing strategy within your overall online marketing integration plan. Effective social media campaigns pull your potential customers in by creating an interactive dialog that educates and develops interest in your business and encourages their participation.

Social media efforts should convert to quick and easy sales…

Yes, social media can be an effective conversion tool but your messages are best delivered over several informational conversions. Posting, tweeting and pinning pulls your customers to your website where your virtual sales force presents your products and services. Now you have an interested and educated searcher who has come to you for conversion into activities that typically create a new customer. This is a process and it doesn’t happen overnight. When dealing in social media marketign a return on investment is not the only metric to measure. Businesses should also view ROI as return on influence or ROE return on engagement.

I can determine the success of my SMM through “likes, friends and followers”…

Being liked and followed is an important metric to measure along with, re-tweets, blog comments and the more traditional website based metrics like page views, unique visits, time spent on site, and of course number of conversions. It is likely that you have several marketing goals in mind when using social media. Each one of those unique goals should be measured within each social media platform to determine which one is best suited to achieving each goal. It may be that Facebook is a sharper tool then Twitter, if your goal is brand recognition. Your blog may outperform Facebook in lead generation because of its high SEO rankings.

I have posted everywhere, tweeted and re-tweeted everyone, blogged and chatted and I just don’t see the benefit to my bottom line…

One of the pitfalls of do it yourself SMM is focusing to heavily on quantity VS quality. While you want to engage potential customers in various arenas just showing up isn’t good enough. There are thousands of competitors vying for your share of the market in each social media space. Compelling quality content is what will differentiate your business, build brand awareness and drive traffic to your site, thus improving your ROI. Quantitative metrics like bounce rates and click-throughs are much easier to measure then their qualitative counterparts. Because of the subjective nature of what quality means there is no definitive standard. However, Evolve Systems can help you develop and apply qualitative metrics based on your specific marketing goals within each social media platform. With our online integrated marketing strategies we can make social media work for you instead of you working for it.

Contact us for a complimentary mini-audit of your web presence.  This is a 5-point recap on how your web presence is reflected for your business and opens up several opportunities to take your online presence to the next level.  The way to get one of these mini-audits is to contact sales@evolve-systems.com and we will get you started.

 

Share and Enjoy

  • Facebook
  • Twitter
  • Google Plus
  • LinkedIn
  • StumbleUpon
  • Email
  • RSS
  • Add to favorites
Posted in Online Marketing, Social Media, Strategy | Tagged , , | Comments Off