Have You Been Hacked? How to Recover from a Data Breach

Credit: Sergey Nivens/Shutterstock

It's every modern business's worst nightmare: You discover there's been a security breach, and your sensitive business and customer data has ended up in the hands of hackers.

While business owners may have some safeguards in place, the reality is that a data breach can happen to anyone at any time, especially small businesses. In fact, according tothe National Cyber Security Alliance (NCSA), 71 percent of security breaches target small businesses, and nearly half of all small businesses have been victims of cyberattacks. And unlike larger corporations, smaller companies don't always have the resources to recover: Experian reported that 60 percent of small businesses that suffer a breach go out of business after six months.

It's likely not possible to regain control of everything the hackers accessed, but you can still take action and salvage your trust and reputation with your customers and clients. Legal and technology experts shared their insights on how to best recover from a small business data breach.

Identifying a data breach

You can't start recovering from a breach unless you know it's occurred. That's why it's critical to learn how to identify when something has gone wrong. The problem, of course, is that in many cases, there aren't any telltale signs you've been hacked.

"Often, businesses discover that they have been breached for the first time months after it happened, when they are informed by law enforcement, business partners, banks or the media — who themselves discover the businesses' data being sold on the black market," said David Zetoony, a partner with the international law firm Bryan Cave LLP. "Other businesses may have been breached months, or even years, ago and still do not know."

There are, however, a few things that may tip you off to a security problem. Francoise Gilbert, founder of IT Law Group, said that slow or lagging computer response time, pop-up windows that you can't close, client reports of spammy emails from your account, or strange programs or websites asking for your credentials could all be signs of a data breach. If malware or a virus is discovered on your system, you'll also want to investigate to see if any data was compromised.

Justin Bingham, chief technology officer for digital business solutions firm Janeiro Digital, warned companies that any noticeable issues are signs of a low-quality breach.

"If you've been compromised by someone that knows what they're doing, those signs are going to be few and far between, unless you have a sophisticated team and tools," Bingham said. "The best way to determine if you've been comprised is not to look for the attack, but what is done after it, when the hacker establishes residency within the network." 

What to do when a breach occurs

Recovering compromised information from a hacker is impossible in most cases, Zetoony said. By the time you discover a breach, the hacker has already stolen or misused the information, and has often wiped his or her trail, he said. Therefore, your first priority after discovering a breach should be to piece together what happened, how bad the breach was and which customers might have been impacted, Zetoony said.

"Companies typically call their attorney and have him or her retain [a forensic] investigator who specializes in finding, preserving and analyzing electronic equipment and data," Zetoony told Business News Daily. "Lawyers that specialize in data security breaches typically advise companies concerning any legal obligation that they have to notify consumers, the public, insurance carriers or regulators."

In terms of equipment, Gilbert advised organizations to stop using the server, computer or device where the breach occurred. This will preserve evidence, so the forensic team can look into the cause of the problem.

"If the computer is not performing a vital function, disconnect it physically from its network and the Internet immediately," she said. "Copy and securely store the access and activity logs from the affected machine, [and then] attempt to identify the type, nature and categories of information that has been affected — company trade secrets, customer lists, payment and delivery information, etc."

Informing affected parties

Once you've assessed the initial damage and potential cause, your next order of business is to break the news to your business partners, vendors, customers or any other affected stakeholders. Nicholas Gaffney, a lawyer and founder of legal media relations firm Zumado, said it's important to have a response team in place that will work quickly to preserve and enhance the reputation of your organization after a data breach. This means having a team member assigned as the point person for official responses to inquiries about the breach, and being transparent and consistent in all communications about it.

If possible, your company — rather than an outside party, such as the media — should break the news of the breach. Gaffney said this will demonstrate the organization's concern for the affected parties.

"Create a statement about the breach, and communicate it through the appropriate channels," Gaffney said. "Commit to keeping all affected parties informed of developments related to the breach, following appropriate legal guidelines. Accept responsibility for the inconvenience caused, apologize, and make it clear that you will do all you can to help victims deal with the consequences of the breach."

"Provide information promptly, even if incomplete," Gilbert added. "You want the affected party to learn about the incident from you, and in your own words. Don't be vague, or if you have to be, explain why — because you are still investigating the incident and do not have all the details."

To that end, Zetoony said that any information you provide about the incident must be accurate and verified. As Gilbert noted, this may mean telling stakeholders that you don't have any information for them, and providing updates only when you are sure of the facts yourself.

"Although waiting can be difficult, providing them with speculation, or information that may turn out later to be false, only hurts trust and reputation further," Zetoony said.

Preventing future breaches

It's a long road to recovery after your company has suffered a data breach, but once you've gotten the situation under control, you can learn from it and work to prevent another incident from occurring. Bingham said there's a laundry list of best practices that should be employed, from perimeter network security to secure access mechanisms and route audits, but there is no "silver bullet" solution. 

"Establishing security for a given organization requires constant vigilance and attention by trained and dedicated people equipped with the right tools employing industry best practices," he said.

Gilbert agreed that a highly trained and vigilant staff is the key to minimizing the risk and damages of future breaches. Your employees should take extra care when using company equipment and learn to recognize clues that could indicate compromised information. Additionally, she recommended conducting a periodic "sweep" of all personnel's equipment to catch any malware and security holes.

Most importantly, Zetoony reminded businesses that, given enough time, a data security incident is as inevitable as any other type of crime — but learning from it will help you handle it better going forward.

"If you view each breach as a learning exercise, you won't be able to stop them necessarily," Zetoony said. "But you can learn how to respond to them more efficiently, quickly, and with less impact to your business and your customers."

post from sitemap

Working on Memorial Day? You're in Good Company

Credit: dmaster/Shutterstock

If you have to trudge in to work this Memorial Day, you can take solace in the fact that you won't be alone.

Although 97 percent of employers have designated Memorial Day as a paid day off, more than 40 percent of companies still require at least some employees to work the holiday, according to a new study from Bloomberg BNA.

Along with Christmas, New Year's Day, Thanksgiving, Labor Day and July Fourth, Memorial Day is one of the six paid days off for nearly all U.S. workers, said Matt Sottong, Bloomberg BNA's managing editor of surveys and research reports.

"However, as with most federal holidays, where most Americans receive a paid day off, some will be required to punch the clock, particularly technical workers and public safety and security personnel," Sottong said in a statement.

The study revealed that nearly 20 percent of businesses have at least some members of their technical staff working on Memorial Day, and 15 percent of businesses said they'll have security and public safety workers doing the same.

In addition, 13 percent of organizations will have professional employees working, 12 percent will have managers on the clock and 11 percent will make service and maintenance personnel report for duty. Just 10 percent of businesses will have sales and customer service employees working on Monday.

The good news for people who have to work the holiday is that their paychecks will be a bit larger for doing so. The research discovered that 85 percent of companies that have employees work on Memorial Day provide them with some type of extra benefit.

Specifically, 28 percent will give time-and-a-half pay, 20 percent will provide both extra pay and compensatory time, and 15 percent will pay double time or double time-and-a-half.

Large companies are the most likely to have workers on the clock Monday. The study shows that 80 percent of businesses with more than 1,000 employees will have at least some employees work Memorial Day, compared with just 31 percent of small businesses.

The study was based on surveys of more than 100 human resources professionals.

post from sitemap

Hiring Process Leaves Lasting Impression on Candidates

Credit: Pressmaster/Shutterstock

Your company's hiring process might have a lot more impact on its future than you think.

The experiences job seekers have throughout the application process significantly affect their impression of a company, according to a CareerBuilder study. It influences both their decisions to apply and accept job offers and their customer loyalty.

Today’s candidates want ongoing communication from companies during the application process, and when companies fail to meet those expectations, it can be bad for business, said Rosemary Haefner, chief human resources officer of CareerBuilder.

"Candidates remember when companies don't respond to them, fail to update them on the status of their application or don't follow up after an interview," Haefner said in a statement. "Not only do these experiences make candidates less likely to apply to the company again, but they also make them less likely to purchase from the company as customers."

To help employers, CareerBuilder highlights five strategies to ensure they are keeping job seekers happy.

Understand that candidate experience makes a difference: More than 80 percent of employers believe there's little to no negative impact when a job seeker has a poor experience during the hiring process. However, about 60 percent of candidates are less likely to buy from a company they've applied at if they don’t get a response to their application or have a bad experience in the interview. The reverse can also be true as nearly 70 percent of candidates are more likely to buy from a company to which they’ve applied if they’re treated with respect and receive consistent updates throughout the application process.

Find more outlets to connect with job seekers: Businesses might be missing out on quality candidates because they aren't promoting their open jobs where candidates are actually searching. CareerBuilder found that job seekers check up to 18 resources throughout the search process, including job boards, social networking sites, search engines and online referrals. Despite that, nearly 60 percent of employers don't track where candidates are coming from to ensure they're making the most of their recruiting efforts.

Make more of an effort: Candidates want more from potential employers. While the majority of businesses respond to less than half of candidates who apply, 84 percent of job seekers expect a personal email response and 52 percent anticipate a phone call. In addition, 25 percent of applicants want to hear from employers even if they aren't being considered for an interview.

Communicate regularly: Don't leave applicants in the dark. CareerBuilder found that 36 percent of candidates expect to be updated throughout the application process. Despite that, just 25 percent of businesses communicate with candidates about what stage of the hiring process they’re in.

Form a smooth application process: Employers are hurting their reputation by creating a frustrating application experience. Research revealed that 40 percent of candidates think the application process has become more difficult in the last five years. Of those, nearly 60 percent complain the process is too automated and lacks personalization and 51 percent are aggravated they don't know where they stand in the process.

Improving the candidate experience can really pay off for businesses. More than 75 percent of job seekers would accept a salary that is 5 percent lower than their expected offer if the employer created a great impression throughout the hiring process.

The research was based on surveys of more than 5,013 workers ages 18 and over and 2,002 hiring decision-makers.

post from sitemap

Microsoft Office for Tablets (Android) Review: Is It Good for Business?

The new Android smartphone apps should look familiar to Office veterans. Credit: Microsoft

Microsoft’s new Office apps for Android smartphones are the best tools for editing documents, spreadsheets and presentations on the platform.  The new mobile versions of Word, Excel and PowerPoint are just as easy-to-use and feature-packed as the iPhone versions, launched last year.

Actually, the new apps aren’t the first Android-based Office apps. Microsoft already launched Android versions of Word, Excel and PowerPoint in 2014, but they were only compatible with tablets. The new releases mark the first time you can use full-fledged versions of the three main Office apps on your Android smartphone.

Currently, the apps are still in a preview mode, so they’re not available to download directly through the Google Play app store. Still, anyone can sign up to get the apps now, or wait for the official launch later this year.

Wasn’t Office already on Android phones?

It’s true that the new Word, Excel and PowerPoint apps aren’t the first Android smartphone apps with the Microsoft Office branding. The Office Mobile app has been around for years. But Office Mobile is very limited; it only lets you view and make very simple edits to documents, spreadsheets and presentations, while the new apps are much more robust.

For example, Office Mobile limited document formatting to changing the color and size of text. And in spreadsheets, you can’t do much besides edit the content of individual cells and run a few simple equations. In comparison, then new apps are more lot like mobile versions of Microsoft’s desktop Office programs, giving you a lot more control over editing and creating new documents than Office Mobile. 

Requirements

The Android tablet apps carry a laundry list of hardware requriements in order to run them, but the new Android phone apps are much more lenient. Still, not every Android phone is capable of running them. Here’s what you’ll need.

• 1GB of RAM: Most Android phones easily meet this basic requirement, but some budget handsets might not have the necessary memory needed to run the new Office apps.
• Android 4.4 KitKat or 5.0 Lollipop: You’re more likely to run into software compatibility issues, especially if you’re using an older Android smartphone. The new Office apps will only work on Android phones running Android version 4.4 KitKat, or the newest version, Android 5.0 Lollipop. In fact, roughly half of Android handsets on the market don’t meet this requirement. Make sure to check your smartphone’s operating system if your’e having issues installing the apps.
• Microsoft account: You’re prompted to log into your Microsoft account when you load all three apps, so you’ll need to register for one before you can get started. Signing up is simple and free, however, and it ensures that your documents are backed up to the cloud via Microsoft’s OneDrive cloud storage platform.
• Office 365 subscription: You don’t need to subscribe to Microsoft’s premium Office 365 service to use the apps. However, subscribers do get some extra features in each app (more on these later in this review.)

Layout and design

The layout of these mobile apps should be familiar to anyone who regularly uses one of the two most recent Office desktop releases -- Office 2010 or Office 2013 – but things have been scaled down to fit on a cramped smartphone screen. The familiar Office sidebar can be summoned at any time in all three apps by swiping in from the left side of the screen, providing easy access to options for opening documents, creating new ones, printing and more.

The main document view in all three apps looks clean and uncluttered. The familiar formatting “ribbon” from the desktop Office apps is still here, but it’s positioned at the bottom of the screen rather than the top. It’s easy to hide or reveal the ribbon at any time by tapping a small arrow in the bottom right corner. Thankfully, Microsoft stripped away some non-essential options, leaving plenty of space for touch-friendly buttons

Since the apps were designed for small touch screen devices, Microsoft incorporated some good touch controls for navigating around the interface. That includes pinch-to-zoom to quickly zero in on an item you wish to edit. Panning around documents with my finger also felt responsive.

Features

Most of the features you could want in a mobile office suite are available with the free versions of Word, Excel and PowerPoint for Android phones. For instance, Word lets you tweak the format of text and change paragraph styles right from the ribbon. You can also add bullet points, and edit the overall page layout.

Excel is surprisingly robust for a mobile spreadsheet application. Changing the formatting of your spreadsheets is easy, as is inserting charts and pictures. Plus, there’s a pretty extensive list of financial formulas. And you don’t have to start from scratch when you want to create a new spreadsheet, since the app comes with more than a dozen premade templates for business’ budget, invoices, online sales tracking, product inventory, travel expenses and more.

PowerPoint is the simplest of the bunch, but it has most of the functionality you’d need to tweak a presentation before your next meeting. It can also help you create presentations from scratch. Choose from roughly 20 colorful templates, then write and format text and add transitions between slides.

I was disappointed to see that – like other mobile versions of Office -- you still can only have one document open at a time in any of the three apps, so you can forget about serious multitasking.

Premium features

If you happen to subscribe to Microsoft’s premium Office 365 service – which is essentially a Web-connected version of the basic Office suite – you get some extra features in the new Android phone apps, in addition to a whopping 1TB of storage space on OneDrive.

In Word, you gain extra tools like the ability to track and review changes when editing a piece, plus options to insert page and section breaks, create custom headers and footers for each page, and more. You also unlock a few features in PowerPoint, like a pen tool for inking annotations. Subscribing won’t unlock any extra features for Excel, however.

Conclusion

Let’s face it: you you probably won’t be spending a lot of time in the Office for Android apps. Smartphone office suites are mostly meant for making quick edits to existing documents. But it’s great to see that Microsoft’s new apps are robust enough to not leave Office veterans wanting. And since all three apps sync with OneDrive, you can be sure that any document you edit on your phone can be accessed on your desktop later.

Of course, there are plenty of other options for mobile business users. The obvious alternative is Google’s Docs, Sheets and Slides apps, which offer similar functionality to Microsoft’s suite, but have fewer formatting options. WPS is another good Android smartphone app for creating and editing documents, spreadsheets and presentations on the go.

But in my opinion, the new Office apps are currently as good as it gets on Android phones.

post from sitemap

Rapid Revenue: How Tech Can Help Fuel E-Commerce Growth

Credit: Sergey Nivens/Shutterstock

For most startups, especially in the e-commerce industry, achieving rapid revenue and sales growth in the first few years is a dream come true. The bigger and more powerful you get, the easier it will be to keep adding resources and expanding in the future, right? Maybe not.

Business intelligence company RJMetrics recently published its 2015 E-commerce Growth Benchmark report, which analyzed anonymous data from its e-commerce clients to uncover trends in growth, sales and revenue. The report found that the smallest companies — those with less than $1 million in annual revenue — grow at a rate of nearly 140 percent each year. This annual growth slows significantly when a company reaches each new revenue bracket, dropping to 40 percent at $1 million to $5 million, 25 percent at $5 million to $10 million, and about 10 percent at more than $10 million.

The report's authors wrote that it becomes harder to sustain rapid growth as a company gets bigger and that the business will eventually need to explore new ways to boost its revenue.

"The most successful e-commerce companies ... target a very specific niche of customers," said Jake Stein, chief operating officer of RJMetrics. "This hyperfocus allows them to acquire customers quickly and grow incredibly fast in the early days. But [as] they start to max out customers in that target niche ... growth often starts to slow. This forces them to expand their product line or distribution network so they can reach a bigger market. In order to maintain that rapid growth, a company needs to continue to excel at customer acquisition but still retain that core market."

Stein said that although it's tough to make that leap as a growing e-commerce company, it's doable with the right strategy and tools. Online retailers can start to achieve this balance of old and new business by building a product and brand experience people want to come back for.

"Our report found that product-market fit emerges early, within the first six months of sales," Stein told Business News Daily. "If you're not seeing these indicators of rapid adoption from the start, it's a sign you need to either change your product or how you're presenting it to the market, Stein said.

The report identified six factors driving fast e-commerce growth in today's market:

• Increasingly tech-savvy consumers spend more money online than ever before.
• Mobile purchases made via smartphones and tablets have increased by nearly 50 percent year over year.
• Third-party and in-house warehouses and shipping services are becoming more efficient.
• All-in-one logistics providers have made it easier to enter international markets.
• Niche retailers are differentiating their product and brand experience to compete with larger companies like Amazon.
• Brick-and-mortar retailers are expanding into online sales and adjusting their in-store strategies accordingly.

While these trends are indeed fueling e-commerce growth, a company's choice of tech tools remains one of the most important factors in maintaining sales growth. According to the RJMetrics report, e-commerce startups that were launched in 2013 saw a tremendous spike in monthly revenue growth in their first 18 to 24 months in business, reaching an average of more than $2 million. Businesses founded in 2010, 2011 and 2012, on the other hand, grew more slowly, barely reaching $1.5 million by the 36-month mark. Stein believes this is because companies getting started today have access to technology that older e-commerce companies could only dream of.

"Major shopping-cart platforms offer beautiful, mobile-optimized sites," he said. "Facebook has made it easier than ever for very new companies to do brand advertising. SaaS [software as a service] products make it easy for brand-new retailers to send great emails, run A/B tests and make sense of the data they have at their fingertips. All of these products make it easier for new retailers to grow quickly from day one."

post from sitemap