Strategic Planning: List of Informative Web Sites

 

Keywords have become the currency of the digital economy. They transmute into cash when you attract the right prospective customers to your Web site. In Internet searches, the right key words will also deliver the right data – saving you time and money while increasing revenue.

If you’re like most businesspeople, you have your favorite Web sites, which are often trade or profession-specific. You probably get great newsletters, too.

As Biz Coach, I enjoy hearing from many of the best strategists in the world and daily receive information from scores of sources on best-practices management and other topics. And some of my best feedback and questions come from readers who stumble across this column after searching for specific topics.

No one is able to accurately predict what the future holds for your business. But you can influence it, of course, by acting on the best information available. Your best bet for a crystal ball depends on whether you have a good awareness of human nature and developing trends throughout the nation and the globe.

If you need capital, here is some helpful information: “What No One Tells You about Raising Investment Capital.”

For information on mounting a business comeback, see “Step-by-Step Solutions for a Company Turnaround.”

What does the future hold generally for the economy and your business? Not to be a broken record, but in order to design a strategic plan to maximize your resources, you’ll want to complete a SWOT analysis to determine your strengths, weaknesses, opportunities and threats. But you’ll probably need answers from external sources.

For more on how to conduct a SWOT Analysis, visit: “Boeing, Airbus Rivalry: Lessons in Strategic Planning.”  

Once you conduct your SWOT you can start your strategic planning.

Here’s a potpourri of Web sites that provide some enlightening answers:

National Bureau of Economic Research. The private, nonprofit organization is a wealth of economic data that has been providing information regarding the workings of the economy since 1920. The organization does not predict recessions but is regarded as the authority on the nation’s economic health. You can sign up for daily updates on economic indicators at www.nber.org.

Federal Reserve outlook. Current information works best if you also have a sense of history. You can access the government’s current and historical data, including the last four decades at www.federalreserve.gov.

Data from 100 federal agencies. At www.fedstats.gov, you’ll be able to see the latest statistics from 100 government agencies concerning the big picture economy and your specific industry – topics range from agriculture to transportation. You can also see demographic data for every city.

Retail sales. Retail sales data is available at www.chainstoreage.com. This is helpful information as you finalize your product orders and plan your advertising dollars.

Housing. You can get wide-ranging clues from the National Association of Home Builders, www.nahb.com. Admittedly, it is designed to influence policy, but the site also has far-reaching data ranging from the housing industry to consumer-oriented home and remodeling information.

Airline and travel. Face time is important for selling to customers. But it is not fun if your flights are delayed or cancelled. There are at least four helpful travel sites: www.dot.gov, www.thetravelinsider.com, www.flightaware.com and www.flightstats.com.

Small business loans. The Small Business Administration, of course, provides loans to qualified small businesses.

Naturally, it is no secret that federal agencies can be a desirable target for small businesses. Federal agencies indeed are huge opportunities. But the Small Business Administration, www.sba.gov, confirms that federal agencies do not meet their quotas in contracting with small firms. For each agency, the quota is to award 23 percent of contracts to small business.

Here are the requirements: 5 percent to disadvantaged businesses; 5 percent to female-owned businesses; 3 percent to service-disabled veterans; and 3 percent to small firms in defined enterprise zones.

Newsletters of consulting firms. While many successful consulting firms charge for helpful studies in the form of newsletters, a substantial number are complementary, such as some from McKinsey & Company, www.mckinsey.com.

From the Coach’s Corner, Internet security and identity theft are huge threats. One of my favorite consultants in Internet security is Dr. Stan Stahl at www.citadel-information.com.

For up-to-date information on global security risks, here is his blog site: www.citadelonsecurity.blogspot.com.

Web Security Checklist and Warning about Mobile Banking

 

Sept. 7, 2009

With good reason, Americans are increasingly concerned about their Internet security, according to a Harris Interactive study sponsored by Microsoft and National Cyber Security Alliance (NCSA). As recently as 2004, many Americans were not concerned about online security.

Fortunately, in surveying attitudes from 2007 to 2009, the Harris study’s findings included the following:

62 percent of U.S. adults are now leery of cybercrime

• 48 percent are more hesitant to put their personal information on the Web
• 37 percent are more reluctant to shop online
• 64 percent have received or are acquainted with someone who has received requests for personal information from untrustworthy sources

Internet security has been a headache for years and I once wrote that technology companies were doing too little to safeguard businesses and consumers. Security was a concern in my Biz Coach column dated Oct. 26, 2004 when we mostly just feared viruses.

Now, we increasingly fear a whole lot more, including:

• Malware – a term for malicious software that infiltrates computers without the owners’ authorization.
• Phishing – the criminal act of trying to obtain personal information including passwords and credit card information, surreptitiously, by masquerading as a trustworthy source usually via e-mail.

In 2004, I wrote there was evidence of increased security ramifications for business. We learned computer users ignored basic online security measures – even in tech-savvy Seattle. A nationwide study by NCSA and America Online revealed that 77 percent of computer-users believed they were not vulnerable to Internet dangers.

But after dispatching experts to the homes of the responding 329 broadband and dialup users in Seattle and 21 other cities, NCSA study learned some startling facts:

• 49 percent of broadband users didn’t utilize firewalls
• 60 percent of the participants felt secure from hackers
• 88 percent were unaware their computers were infected with spyware
• 67 percent failed to regularly update their computers with anti-malware software
• 19 percent of the group was afflicted with viruses

Not only were they risks to themselves, it was unnerving to note that those computer-users were unknowing risks as online customers and as employees in both the public sector and business.

Customer data was also lost as a result of ineffective online security. Citing a 55 percent increase in attacks on government agencies, telecommunication companies and utilities in August of 2006, IBM launched its Global Business Security Index. The company reported its customers were attacked 100 million times a month and most attacks generally occurred on Saturdays and Sundays.

A widely known pioneer in security and the prevention of identity theft – a premier consultant, Dr. Stan Stahl – warned security was a big issue in 2004. He is the expert on Federal Trade Commission rules under the Gramm Leach Bliley Act governing non-public personal information by financial institutions. He is also president of the Los Angeles chapter of the Information Systems Security Association, a nonprofit, international organization of information security professionals and practitioners.

His philosophy for a successful online security program includes:

• Protect information assets from attack.
• Detect illicit attacks on information assets.
• Quickly recover from attacks, accidents or natural disasters.
• Comply with applicable security and privacy laws, regulations, and policies.

To protect the assets of both your customers and your company, here is his basic self-assessment management checklist:

1. Does your organization’s computer network contain sensitive or critical information?

2. Do you have an executive responsible for managing the protection of critical information assets, is this person explicitly trained in information security, and have you allocated budget and resources for protection?

3. Does the board or executive management review the organization’s information security posture at least semi-annually?

4. Has your organization documented information security policies consistent with its business needs, organizational structure, legal obligations, insurance policies, and risk management processes?

5. Is all critical and sensitive information explicitly identified as such and restricted to those having a “need to know?”

6. Are all employees and contractors provided regular ongoing information security training, including training in the safe handling of email and in password selection and protection, and are they held accountable for violations of security policy?

7. Have you coordinated your information security posture with customers, suppliers, and other trading partners whose computer systems you access or who access your computer systems?

8. Does your organization have documented recovery procedures to follow should a break-in, malware infestation or other security event occur?

9. Does your organization back up all workstations and servers at least weekly, are multiple back-ups stored offsite, and are back-ups periodically tested to ensure the ability to restore data if necessary?

10. Has your organization’s system architecture been explicitly designed in accordance with network security principles and practices, including the use of firewalls?

11. Is malware protection software on all servers and workstations and is someone explicitly responsible for monitoring malware alerts and ensuring that malware protection is up-to-date?

12. Is someone explicitly responsible for monitoring security patches and alerts, and ensuring hardware and software systems are up-to-date and properly protected?

13. Is access to servers, routers, and other network technology physically restricted to those whose job responsibilities require access?

14. Would you know if someone was illegitimately accessing critical information assets?

15. Has your organization had an independent third-party information security vulnerability assessment or penetration test within the last 12 months?

So, if security is a possible concern, I would follow Dr. Stahl’s advice.

Dr. Stahl’s Web site:  www.citadel-information.com.

From the Coach’s Corner, phishing attacks are also possible in mobile services, according to the Credit Union Times Web site. With the growing popularity of mobile services, not surprisingly, mobile phones are vulnerable, too.

The site warns about another security threat – bluejacking on mobile phones. Predators are capable of penetrating Bluetooth connections to access data on phones. The publication suggests implementing multi-layer authentication and quick-session timeouts in this blue jacking article.

However, please note Dr. Stahl raises a giant red flag on mobile services:

“Once again, the opportunity to make money trumps security, he says. “I recommend that consumers ignore any and all attempts to induce them to use their phones for online banking.”

He further explains:

“It is not just phishing attacks to which they are vulnerable. We can take over cells running Bluetooth. Cell phones (like my iPhone) are often automatically configured to connect to the web using a wireless network over which neither the user nor the bank maintain any control. (I’ve changed this default setting on mine.) And because there have been few cell phone attacks to date, the community has little experience in how buggy the software products are and how responsive the vendors will be in fixing vulnerabilities when they show up.”

For the bottom-line, he advises:

“All in all, cell phone on-line banking is a big NO!!!”

5 Safety Measures to Thwart Mounting Social-Network Attacks

 

May 28, 2010 

Sally, the accounting manager of a medium-sized business, regularly checked her Facebook account while at work. One day she received an e-mail. The e-mail said that a long-lost friend, Bob, had added her as a friend in Facebook.

There was a link in the email for Sally to follow to confirm the friend’s request. Sally clicked the link. Over the next week, cyber-thieves withdrew nearly $1 million from her employer’s bank account.

Welcome to the newest nastiest twist in cybercrime.

You see, the e-mail wasn’t from Bob and the link didn’t go back to Facebook.

Bob is on Facebook just like Sally is. That’s how the cyber-thieves found them and discovered that they might know each other. That’s also where they learned that Sally worked in the accounting department.

After that it was a simple matter to set the trap by sending Sally, a friend’s request from Bob.

“How great.” thought Sally. “An email from Bob. Let me just follow this link and we can be friends again.”

A link followed, and a Trojan Horse installed.

The unrecoverable damage: $1 million stolen.

Sally is a pseudonym for the victim. The story is an actual client-case of Dr. Stan Stahl, an information security expert at Citadel Information Group in Los Angeles.  His credentials are lengthy and he is president of the Los Angeles chapter of the Information Systems Security Association (ISSA-LA), a nonprofit, international organization of information security professionals and practitioners.

Dr. Stahl says the bank will not return the $1 million to Sally’s company.

No Protection for Business Bank Accounts

Regulation E of the Federal Deposit Insurance Corporation (FDIC), stipulates consumers are protected by cyber crime involving their banks. The FDIC regulation protects consumers, if they report such discrepancies in their bank accounts within 60 days.

However, businesses are not insured.

So, Dr. Stahl knows crimes involving hackers who attack social networks, including Facebook and Twitter, are a major threat to business.

When did social-network attacks become an epidemic?

Breach Security in Carlsbad, CA, reports Internet security-crime jumped 30 percent in the first six months of 2009. Breach reports 19 percent of the attacks involved social networks. Ironically, social networks were not even mentioned in Breach’s 2008 report.

“Making matters worse, many of these attacks succeed by taking advantage of missing patches and using obscure technology like ‘0-day exploits’ that get past traditional antivirus and antispyware defenses,” says Dr. Stahl.

What is a 0-day exploit? Hackers are so cunning they are able to use security vulnerabilities to their advantage immediately – the same day before protection measures can be implemented.

Dr. Stahl advocates five security precautions:

1. Prohibit use of social network sites from the office. These sites can be blocked at the corporate firewall. This can become particularly challenging if employees work remotely as it may not be feasible to block access to social networks from home computers. Making matters worse, Trojan horses are like communicable diseases and Sally’s work-at-home computer can be infected from her son’s.  That’s why the next four recommendations are so important.
2. In addition to antivirus / antispyware defenses, add advanced defenses like intrusion detection and prevention designed to block internet-based attacks like the link in Sally’s email and 0-day exploits.
3. You can block known internet-based attacks by comparing links against a database of known bad links like http://stopbadware.org/home/reportsearch.
4. Keep your systems patched. This means not just Windows patching but all your applications, those you know about — like Office and Adobe Reader — and those you might not even know about — like Flash and Java. This also includes your Macintosh computers as they are every-bit as vulnerability-prone as Windows PCs.
5. Finally, don’t expect to rely on technology alone. Users are often the weakest link so it’s very important to train them to detect the subtle signs of an attack so they can keep from becoming victims. They also need to be given guidance on what information is safe to put on a social networking site.

“There is no one thing you can do to keep from being victimized from a social network attack,” says Dr. Stahl. “Even doing all five of these isn’t a guarantee, just like a flu shot doesn’t guarantee you won’t get the flu. But if you are diligent you can significantly affect the odds and this should be your objective.”

(Note: I know Dr. Stahl very well as we’re both members of Consultants West, www.consultantswest.com, a roundtable of veteran consultants and authors.)

From the Coach’s Corner, are you Using Starbucks’ WIFI? Security Pro Issues Warning and Security Checklist.

Mobile banking is popular in Europe, but Dr. Stahl has long warned that it’s dangerous, consider: Our Mobile-Banking Warnings about Security Prove Prophetic.

To learn more about Internet security:

Dr. Stahl’s Web site: www.citadel-information.com.

Here’s his security blog.

For more on ISSA-LA, visit: www.issa-la.org.

“Companies spend millions of dollars on firewalls, encryption and secure access devices, and it’s money wasted, because none of these measures address the weakest link in the security chain.”

– Kevin Mitnick

 

__________

Terry Corbell is a business-performance consultant and profit professional. Click here to see his management services (many are available online). For a complimentary chat about your business situation or to schedule Terry Corbell as a speaker, why don’t you contact him today?

« Previous Page