Blog

October 10th, 2014

BusinessValue_Oct08_AFor every business there are multiple keys to success. One of the most important is your staff. If you manage your employees in the right way, and offer them the information and systems they need to do their jobs, you could see business running smoothly and profits on the rise. This is often easier said than done though, as it can be a real challenge to effectively manage employees. That's where Enterprise Resource Planning, or more specifically Human Resource modules, can help.

What are Human Resource modules?

ERP, or Enterprise Resource Planning, is a suite of integrated business software applications (often called modules) that allow companies to track and manage data and even automate some business functions, including Human Resources.

Human Resource modules in particular are used to track different people-related functions, such as planning, payroll, administration, development, hiring, and more. Business services, like Standard Operating Procedures, job postings, news, forums, tracking of work hours, and benefits, etc., can all be unified into one module, which makes overall management and decision-making easier.

Benefits of using HR modules

Businesses that have integrated ERP and more specifically HR modules, have been able to benefit in a number of ways. Here are 5:

1. Automated processes that free up management

A large function of HR, as with many other business processes, is data entry and reporting. If you are trying to develop reports without an integrated ERP system, you probably need to pull data from numerous sources which takes time. This is time that can probably be better spent on more relevant tasks.

An ERP module data, once set up, will be more accessible. This simultaneously makes it easier to enter and pull data together into reports. And because large parts of daily tasks can be automated, you can ensure that what you need to complete is actually achieved.

2. Enhanced sharing of information and collaboration

Because HR is a central function of any business, data related to HR needs to eventually be shared with other teams or departments. Without ERP this likely means you will need to ask different people to share their data and then compile it into a useable format.

With ERP for HR, data is stored in a central location, or brought together to a central location, which means that data from different sources can be shared faster and easier. This also ensures that the right data is shared, thus enhancing overall outcomes and making it simpler for other teams to work together.

3. Management gains a clearer picture of HR

It can be tough to gain a short-term picture of your employee resources, especially when it comes to identifying potential resource shortfalls (e.g., double-booked holidays, employees who are constantly late, etc.) and where improvements can be made. For example, in most modules you can track overtime hours of employees, and receive alerts when overtime is past a certain threshold.

If you spot that one department is consistently banking extended overtime hours, you can move quickly to address this.

4. Data is kept up-to-date

As we've stated above, HR systems usually involve data from various locations. This means that there is always a chance of duplicate or incorrect information. A healthcare ERP module can help ensure that the data is not only correct, but also not duplicated, which can in turn speed up decision-making and enable better decisions to be made.

5. Reduced licensing expenses

Without ERP, your HR team could need five or more systems in order to keep track of everything. Each of these systems will need to be licensed, which can often be a serious investment on your behalf, not to mention the costs of setting up and maintaining these systems.

Because HR ERP modules offer an integrated solution, you pay for one license to cover all of your needs. This reduces overall expenses while also making it easier to budget and maintain.

If you are looking to integrate an ERP solution in your business, contact us today to learn more about how we can help.

Published with permission from TechAdvisory.org. Source.

October 9th, 2014

Security_Oct07_AEarlier this year news broke of one of the most widespread and potentially devastating bugs to-date - Heartbleed. While heartbleed was massive and companies are still dealing with the fallout to this day, news has recently broke of an even bigger potential threat: Shellshock. This is a security issue all business owners, managers, and employees should be aware of.

What exactly is Shellshock?

Shellshock is the name applied to a recently uncovered software vulnerability which could be exploited to hack and compromise untold millions of servers and machines around the world. At its heart, the Shellshock vulnerability is based on a program called Bash. This is a Unix-based command program that allows users to type actions that the computer will then execute. It can also read files called scripts that contain detailed instructions.

Bash is run in a text-based window called a shell and is the main command program used by OS X and Unix. If you have a Mac computer and want to see what Bash looks like, simply hit Command (Apple Key) + Spacebar and type in Terminal. In the text-based window that opens in Bash you can enter commands using the Bash language to get your computer to do something e.g., eject a disc, connect to a server, move a file, etc.

The problem with Bash however is that it was recently discovered that by entering a specific line of code '() { :; };)' in a command you could get a system to run any following commands. In other words, when this command is used, Bash will continue to read and execute commands that come after it. This in turn could lead to a hacker being able to gain full, yet unauthorized, access to systems without having to enter a password. If this happens, there is very little you can do about it.

Why is this such a big issue?

To be clear: Shellshock should not directly affect most Windows-based machines, instead it affects machines that use Unix and Unix-based operating systems (including OS X). So why is this so big a deal when the majority of the world uses Windows-based computers? In truth, the majority of end-users will be safe from this exploit. However, the problem lies with bigger machines like Web servers and other devices such as networking devices, and computers that have had a Bash command shell installed.

While most users have Windows-based computers, the servers that support a vast percentage of the Internet and many business systems run Unix. Combine this with the fact that many other devices like home routers, security cameras, Point of Sale systems, etc. run Unix and this is becomes a big deal.

As we stated above, hackers can gain access to systems using Bash. If for example this system happens to be a Web server where important user information is stored, and the hacker is able to use Bash to gain access and then escalate themselves to administrative status, they could steal everything. In turn this could lead to the information being released on to the Web for other hackers to purchase and subsequently use to launch other attacks - even Windows-based systems. Essentially, there are a nearly unlimited number of things a hacker can do once they have access.

If this is not dealt with, or taken seriously, we could see not only increased data breaches but also larger scale breaches. We could also see an increase in website crashes, unavailability, etc.

So what should we do?

Because Shellshock mainly affects back-end systems, there is little the majority of users can do at this time. That being said, there are many Wi-Fi routers and networks out there that do use Unix. Someone with a bit of know-how can gain access to these and execute attacks when an individual with a system using Bash tries to connect to Wi-Fi. So, it is a good idea to refrain from connecting to unsecured networks.

Also, if you haven't installed a Bash command line on your Windows-based machine your systems will probably be safe from this particular exploit. If you do have servers in your business however, or networking devices, it is worthwhile contacting us right away. The developers of Bash have released a partial fix for this problem and we can help upgrade your systems to ensure the patch has been installed properly.

This exploit, while easy to execute, will be incredibly difficult to protect systems from. That's why working with an IT partner like us can really help. Not only do we keep systems up-to-date and secure, we can also ensure that they will not be affected by issues like this. Contact us today to learn how we can help.

Published with permission from TechAdvisory.org. Source.

Topic Security
October 9th, 2014

BusinessValue_Oct07_A.It seems like September was a big month for mobile payments. From Apple launching a new service to announcements from both Amazon and Ebay, there will soon be a number of new ways businesses can allow their customers to pay via mobile solutions, and an increasing number of businesses are considering switching over.

What exactly is mobile payment?

Most people would define mobile payment as either using your mobile device as a wallet, or using mobile devices to accept payment. Many services allow users to link credit cards to their mobile device and simply scan it over a pay terminal to have their account charged.

Companies on the other hand usually pay a set per-transaction fee in order to use the system; something along the lines of, or slightly cheaper than, most credit or debit-based payment terminals.

If you are considering switching over, here is a brief overview of the most common payment solutions.

PayPal

In late September Internet auction giant eBay announced that they will be spinning off their popular Internet payment system PayPal sometime in 2015. While many users will utilize PayPal to pay online, there is actually a mobile payment solution called PayPal Here, which is expected to grow immensely.

With Here, you get a payment solution app with a card reader that plugs into most smartphones (Android, iPhone, iPad, Android tablets) and allows you to accept multiple types of payment from anywhere you have an Internet connection. You can even track cash payments and record checks.

Vendors can use this app free of charge, however they are charged a 2.7% per swipe fee, based on the amount of the transaction.

Apple Pay

Apple Pay is Apple's recently announced mobile payment system that utilizes NFC (Near Field Communication) on the iPhone 6. Users with an iPhone 6 will be able to link their credit cards to their phone and then will hover their device near a terminal and press their thumb on the device's fingerprint reader to pay.

Your payment information (an account number linked to your card. Apple has noted that actual card numbers are not stored) is stored in the Passbook, and will be accepted at an initial 220,000 stores in the US when it launches sometime in October. There is a good chance that small to medium businesses will be able to integrate this solution into their business in the near future, so it would be a good idea to keep an eye on this.

What is interesting is that many banks have announced that they are considering accepting, or will accept Apple Pay as a method of payment. This means that businesses with an existing NFC payment terminal - which is often provided by a bank - should be able to accept payment (if the bank does of course).

Rumors have it that merchants will not be charged a transaction fee to use this service; details will be solidified when the system goes live.

Square

Square is arguably the most popular, or at least the most well known, mobile payment system. With a card reader that is compatible with most popular mobile devices (Android, iPad, iPhone) users can set up a whole Point of Sale system via the Square Stand and accept a wide variety of payments.

To use this solution, you need either the card reader (which is free) or the Square Stand (which costs around USD $99). For each transaction there is a fee that starts at 2.75% for credit and debit cards.

Amazon's Local Register

Introduced in mid August, this new card reader is aimed at both PayPal and Square solutions. As with these, there is a card reader that can be plugged into most devices (Android, iPad, iPhone) and an app that goes along with it. Businesses with the reader can then use the device to accept payment.

Where this solution differs is that the reader costs USD $10 to purchase. That being said, the USD $10 is refunded towards your first transaction fees upon signing up. The transaction fees are also quite a bit lower. For businesses that sign up before October 31, 2014, there is a flat rate of 1.75% per swipe until January 1, 2016. Any business that signs up after this date will pay a flat rate of 2.5% per transaction (based on the total transaction amount).

Google Wallet

Google Wallet is a hybrid mobile and online payment solution that allows users to add credit cards to their wallet and pay for things either online, or at stores with NFC payment terminals (also called contactless terminals).

While most users who have made a purchase on Google Play, or have used their Google Account to make a payment have used Wallet, this hasn't been the most popular of solutions when it comes to customers using it to pay in-store. The reason for this is because there are only a limited number of devices with the required NFC radio (two to be exact). This system is also currently limited to the US only. Customers around the world can use Google Wallet to pay online however.

There is a good chance that with the recent new announcements and upcoming mobile payment products, Google will be pushing this out to more devices in the near future.

There are other mobile payment system options available, so it is a good idea to contact us before you implement one. We can help you not only find a solution that works for your business, but ensure that it can be integrated into your existing systems.

Published with permission from TechAdvisory.org. Source.

October 2nd, 2014

Security_Sep29_AWith the ever growing number of security threats faced by businesses around the world, the vast majority of business owners have adopted some form of security measures in an effort to keep their organizations secure. But, how do you know the measures you've implemented are actually keeping your systems safe? Here are five ways you can tell if your security measures aren't sufficient.

1. Open wireless networks

Wireless networks are one of the most common ways businesses allow their employees to get online. With one main Internet line and a couple of wireless routers, you can theoretically have the whole office online. This method of connecting does save money, but there is an inherent security risk with this and that is an unsecure network.

Contrary to popular belief, simply plugging in a wireless router and creating a basic network won't mean you are secure. If you don't set a password on your routers, then anyone within range can connect. Hackers and criminal organizations are known to look for, and then target these networks. With fairly simple tools and a bit of know-how, they can start capturing data that goes in and out of the network, and even attacking the network and computers attached. In other words, unprotected networks are basically open invitations to hackers.

Therefore, you should take steps to ensure that all wireless networks in the office are secured with passwords that are not easy to guess. For example, many Internet Service Providers who install hardware when setting up networks will often just use the company's main phone number as the password to the router. This is too easy to work out, so changing to a password that is a lot more difficult to guess is makes sense.

2. Email is not secure

Admittedly, most companies who have implemented a new email system in the past couple of years will likely be fairly secure. This is especially true if they use cloud-based options, or well-known email systems like Exchange which offer enhanced security and scanning, while using modern email transition methods.

The businesses at risk are those using older systems like POP, or systems that don't encrypt passwords (what are known as 'clear passwords'). If your system doesn't encrypt information like this, anyone with the right tools and a bit of knowledge can capture login information and potentially compromise your systems and data.

If you are using older email systems, it is advisable to upgrade to newer ones, especially if they don't encrypt important information.

3. Mobile devices that aren't secure enough

Mobile devices, like tablets and smartphones, are being used more than ever before in business, and do offer a great way to stay connected and productive while out of the office. The issue with this however is that if you use your tablet or phone to connect to office systems, and don't have security measures in place, you could find networks compromised.

For example, if you have linked your work email to your tablet, but don't have a screen lock enabled and you lose your device anyone who picks it up will have access to your email and potentially sensitive information.

The same goes if you accidentally install a fake app with malware on it. You could find your systems infected. Therefore, you should take steps to ensure that your device is locked with at least a passcode, and you have anti-virus and malware scanners installed and running on a regular basis.

4. Anti-virus scanners that aren't maintained

These days, it is essential that you have anti-virus, malware, and spyware scanners installed on all machines and devices in your company and that you take the time to configure these properly. It could be that scans are scheduled during business hours, or they just aren't updated. If you install these solutions onto your systems, and they start to scan during work time, most employees will just turn the scanner off thus leaving systems wide-open.

The same goes for not properly ensuring that these systems are updated. Updates are important for scanners, because they implement new virus databases that contain newly discovered malware and viruses, and fixes for them.

Therefore, scanners need to be properly installed and maintained if they are going to even stand a chance of keeping systems secure.

5. Lack of firewalls

A firewall is a networking security tool that can be configured to block certain types of network access and data from leaving the network or being accessed from outside of the network. A properly configured firewall is necessary for network security, and while many modems include this, it's often not robust enough for business use.

What you need instead is a firewall that covers the whole network at the point where data enters and exits (usually before the routers). These are business-centric tools that should be installed by an IT partner like us, in order for them to be most effective.

How do I ensure proper business security?

The absolute best way a business can ensure that their systems and networks are secure is to work with an IT partner like us. Our managed services can help ensure that you have proper security measures in place and the systems are set up and managed properly. Tech peace of mind means the focus can be on creating a successful company instead. Contact us today to learn more.
Published with permission from TechAdvisory.org. Source.

Topic Security
October 1st, 2014

BCP_Sep29_AMany business owners and managers readily acknowledge the fact that they need to be prepared for a disaster, and most do have backup-plans in place should something actually go wrong. The thing is, it can be difficult to actually know if your plan will be enough to see your business through a disaster. What can help is knowing the common ways business continuity plans (BCP) fail.

There are many ways a business continuity or backup and recovery plan may fail, but if you know about the most common reasons then you can better plan to overcome these obstacles, which in turn will give you a better chance of surviving a disaster.

1. Not customizing a plan

Some companies take a plan that was developed for another organization and copy it word-for-word. While the general plan will often follow the same structure throughout most organizations, each business is different so what may work for one, won't necessarily work for another. When a disaster happens, you could find that elements of the plan are simply not working, resulting in recovery delays or worse. Therefore, you should take steps to ensure that the plan you adopt works for your organization.

It is also essential to customize a plan to respond to different departments or roles within an organization. While an overarching business continuity plan is great, you are going to need to tailor it for each department. For example, systems recovery order may be different for marketing when compared with finance. If you keep the plan the same for all roles, you could face ineffective recovery or confusion as to what is needed, ultimately leading to a loss of business.

2. Action plans that contain too much information

One common failing of business continuity plans is that they contain too much information in key parts of the plan. This is largely because many companies make the mistake of keeping the whole plan in one long document or binder. While this makes finding the plan easier, it makes actually enacting it far more difficult. During a disaster, you don't want your staff and key members flipping through pages and pages of useless information in order to figure out what they should be doing. This could actually end up exacerbating the problem.

Instead, try keeping action plans - what needs to be done during an emergency - separate from the overall plan. This could mean keeping individual plans in a separate document in the same folder, or a separate binder that is kept beside the total plan. Doing this will speed up action time, making it far easier for people to do their jobs when they need to.

3. Failing to properly define the scope

The scope of the plan, or who it pertains to, is important to define. Does the plan you are developing cover the whole organization, or just specific departments? If you fail to properly define who the plan is for, and what it covers there could be confusion when it comes to actually enacting it.

While you or some managers may have the scope defined in your heads, there is always a chance that you may not be there when disaster strikes, and therefore applying the plan effectively will likely not happen. What you need to do is properly define the scope within the plan, and ensure that all parties are aware of it.

4. Having an unclear or unfinished plan

Continuity plans need to be clear, easy to follow, and most of all cover as much as possible. If your plan is not laid out in a logical and clear manner, or written in simple and easy to understand language, there is an increased chance that it will fail. You should therefore ensure that all those who have access to the plan can follow it after the first read through, and find the information they need quickly and easily.

Beyond this, you should also make sure that all instructions and strategies are complete. For example, if you have an evacuation plan, make sure it states who evacuates to where and what should be done once people reach those points. The goal here is to establish as strong a plan as possible, which will further enhance the chances that your business will recover successfully from a disaster.

5. Failing to test, update, and test again

Even the most comprehensive and articulate plan needs to be tested on a regular basis. Failure to do so could result in once adequate plans not offering the coverage needed today. To avoid this, you should aim to test your plan on a regular basis - at least twice a year.

From these tests you should take note of potential bottlenecks and failures and take steps in order to patch these up. Beyond this, if you implement new systems, or change existing ones, revisit your plan and update it to cover these amendments and retest the plan again.

If you are worried about your continuity planning, or would like help implementing a plan and supporting systems, contact us today.

Published with permission from TechAdvisory.org. Source.

September 19th, 2014

Security_Sep15_AData breaches are growing both in number and intensity. While many businesses have turned to cloud apps for better security measures, some experts and businesses worry about the cloud, mentioning that it could see an increased data breach risk. This leads to a collision course between data breaches and cloud usage. But it doesn’t have to end in a fiery crash, as there are steps you can take to prevent a cloud and data security breach.

The cloud opens up some great tech advancements for businesses and is here to stay. However, as with all tech developments, you need to also be aware of any vulnerabilities and security issues as they change and develop at the same time too. If you use the cloud and want to proactively prevent cloud-and-data security breaches then here are five tips to follow:

  1. Know your cloud apps: Get a comprehensive view of the business readiness of apps and which ones render you more or less prone to a breach. Ask yourself these questions: Does an app encrypt data stored on the service? Does it separate your data from that of others so that your data is not exposed when another tenant has a breach? The idea here is to know exactly what each cloud service employed offers and how your company uses them.
  2. Migrate users to high-quality apps: Cloud-switching costs are low, which means that you can always change and choose apps that best suit your needs. If you find ones that don’t fit your criteria, take the time to talk to your vendor or switch; now more than ever you have choices, and the discovery process in step one will help you find out what these are.
  3. Find out where your data is going: Take a look at your data in the cloud. Review uploads, downloads, and data at rest in apps to get a handle on whether you have potential personally-identifiable information (PII), or whether you simply have unencrypted confidential data in or moving to cloud apps. You wouldn’t want cloud-and-data breaches with this critical data.
  4. Look at user activities: It’s important to understand not only what apps you use but also your data in the context of user activity. Ask yourself: From which apps are people sharing content? According to tech news source, VentureBeat, one-fifth of the apps they tracked enable sharing, and these aren’t just cloud storage apps, but range from customer-relationship management to finance and business intelligence. Knowing who’s sharing what and with whom will help you to understand what policies to best employ.
  5. Mitigate risk through granular policy: Start with your business-critical apps and enforce policies that matter to your organization in the context of a breach. For example, block the upload of information covered by certain privacy acts, block the download of PII from HR apps, or temporarily block access to vulnerable apps.
The key to preventing a cloud-and-data security breach lies in careful attention to your cloud applications and user activity. Analyzing your apps and looking into user activities might be time consuming, but the minimization of cloud-and-data security breaches makes this task worthwhile. Looking to learn more about today’s security? Contact us and let us manage and minimize your risks.
Published with permission from TechAdvisory.org. Source.

Topic Security
September 17th, 2014

BusinessValue_Sep15_AOne way to really expand your online presence is through content marketing. Many business owners and managers are aware of this, but may be unsure as to how they can ensure that any content marketing is successful. There are many ways in which you can achieve a good result and here are four tips to help you achieve a great content marketing strategy.

What are the benefits of content marketing?

Before looking into ways you can implement content marketing that works, it is a good idea to look at the benefits of this type of marketing for businesses. One of the biggest pluses is that it boosts online engagement between you and your customers. If a customer sees that you are producing quality content that appeals to them, they will be more likely to interact and consider you when they need your products or services.

The other major advantage of a good content marketing strategy is that it helps show search engines like Google that your website and online presence are active. Because of the way search engines work, more active sites are usually ranked higher in results. If your website and overall Internet presence is seen to be active on a regular basis, you could possibly reach the first page of search results, which can lead to a boost in site visits, inquiries, and even sales.

If you have been considering implementing a content marketing campaign, or are looking to improve your existing efforts, the following four tips could help.

1. Always have a goal

The main thrust of many successful content marketing initiatives is that they tell a story. As with any narrative there needs to be an ending and in the case of content marketing this endpoint is a goal - something you want the reader to do. What do you want to achieve? Do you want customers to call? Do you want them to learn how to use your product?

By working backwards, you can then determine the right voice to use and best way to reach those customers who are most likely to react positively to the content. This also makes it easier for you to separate your campaigns and even launch multiple strategies at the same time.

Beyond this, having a goal can really help you narrow down the type of content you need to create. If for example, you know what customers you want to attract and how you want them to ultimately act, you can create content that is more appealing to them.

2. ABT

One of the most popular sayings amongst content marketers is to, "Always Be Testing (ABT)". When developing content you should be striving to test your content. Consider if certain images work better than others, as well as headlines, layouts, and content types, etc.

This could be as simple as developing three different social media posts and testing them with different market segments, or locations. You can then take what you have learnt from the tests and apply this to future posts.

The same can be said for more advanced content like blog posts or white papers. If you create different versions and layouts, and track the general downloads and interaction with the content, you can usually figure out how various people are reacting in different ways to a variety of content.

It is important to note here that content marketing is not a quick payoff style of marketing. You need to invest time, money, and effort into this and be willing to always be tweaking content. It takes time to pay off, but the time invested in testing what works and what doesn't work will help you develop better, more useful content.

3. Share and share alike

Creating content and just putting it on existing sites or sharing it with existing clients is not the most efficient way of making your content marketing show returns. Combine this with the fact that you will likely be using platforms like social media which are constantly changing and adding new content, and there is a good chance your content won't even be seen.

What you should aim to do is to share the content as much as possible. Share it on all of your social media platforms, link to it on your site, add it to emails, use the various social media content promotion features, and most of all: Share it again.

If you truly believe content is useful to your target market, you should aim to post it at least three to four times on social media. One of the most effective strategies is to share it on different days at different times, usually with a space of at least a week or two between posts. This can help maximize the numbers who see it.

4. Be prepared to fail

Failure is a part of business, and coincidently, it is also a part of content marketing. Face it, you might create content that just simply won't click as you intended. If this happens, your first reaction might be to pull the content and try something different. This may not be a good idea.

Sure, if the content is stirring up trouble, or has offended people, then it is likely best to remove it. But even if you aren't seeing the results you had hoped for, stick with the content for a bit. Try reposting it, and promoting more vigorously. It could very well be that users just didn't see the content.

As we stated above, successful content marketing takes time and effort. Once you realize this, and combine it with the fact that not everything will work, you should see a viable strategy surface over time.

If you are looking to learn more about content marketing and how our systems can help support it then get in touch and we can share our thoughts on how to be proactive and get results.

Published with permission from TechAdvisory.org. Source.

September 11th, 2014

BI_Sep08_AIn business, as in life, we constantly try to make predictions about the future. How will sales be next year if we implement a new procedure? What will the weather be like for the annual staff event next week? It's no surprise then that businesses of all sizes have started to embrace the idea of predictive analytics. However, many business managers are unsure as to exactly how to work with this form of analytics effectively. To help, here is an overview of the three main components of predictive analysis all business owners and managers should be aware of.

Together, these three elements of predictive analytics enables data scientists and even managers to conduct and analyze forecasts and predictions.

Component 1: data

As with most business processes, data is one of the most important and vital components. Without data you won't be able to make predictions and the decisions necessary to reach desired outcomes. In other words, data is the foundation of predictive analytics.

If you want predictive analytics to be successful, you need not only the right kind of data but information that is useful in helping answer the main question you are trying to predict or forecast. You need to to collect as much relevant data as possible in relation to what you are trying to predict. This means tracking past data, customers, demographics, and more.

Merely tracking data isn't going to guarantee more accurate predictions however. You will also need a way to store and quickly access this data. Most businesses use a data warehouse which allows for easier tracking, combining, and analyzing of data.

As a business manager you likely don't have the time to look after data and implement a full-on warehousing and storage solution. What you will most likely need to do is work with a provider, like us, who can help establish an effective warehouse solution, and an analytics expert who can help ensure that you are tracking the right, and most useful, data.

Component 2: statistics

Love it, or hate it, statistics, and more specifically regression analysis, is an integral part of predictive analytics. Most predictive analytics starts with usually a manager or data scientist wondering if different sets of data are correlated. For example, is the age, income, and sex of a customer (independent variables) related to when they purchase product X (dependent variable)?

Using data that has been collected from various customer touch points - say a customer loyalty card, past purchases made by the customer, data found on social media, and visits to a website - you can run a regression analysis to see if there is in fact a correlation between independent and dependent variables, and just how related individual independent variables are.

From here, usually after some trial and error, you hopefully can come up with a regression equation and assign what's called regression coefficients - how much each variable affects the outcome - to each of the independent variables.

This equation can then be applied to predict outcomes. To carry on the example above, you can figure out exactly how influential each independent variable is to the sale of product X. If you find that income and age of different customers heavily influences sales, you can usually also predict when customers of a certain age and income level will buy (by comparing the analysis with past sales data). From here, you can schedule promotions, stock extra products, or even begin marketing to other non-customers who fall into the same categories.

Component 3: assumptions

Because predictive analytics focuses on the future, which is impossible to predict with 100% accuracy, you need to rely on assumptions for this type of analytics to actually work. While there are likely many assumptions you will need to acknowledge, the biggest is: the future will be the same as the past.

As a business owner or manager you are going to need to be aware of the assumptions made for each model or question you are trying to predict the answer to. This also means that you will need to be revisiting these on a regular basis to ensure they are still true or valid. If something changes, say buying habits, then the predictions in place will be invalid and potentially useless.

Remember the 2008-09 sub-prime mortgage crisis? Well, one of the main reasons this was so huge was because brokers and analysts assumed that people would always be able to pay their mortgages, and built their prediction models off of this assumption. We all know what happened there. While this is a large scale example, it is a powerful lesson to learn: Not checking that the assumptions you have based your predictions on could lead to massive trouble for your company.

By understanding the basic ideas behind these three components, you will be better able to communicate and leverage the results provided by this form of analytics.

If you are looking to implement a solution that can support your analytics, or to learn more about predictive analytics, contact us today to see how we can help.

Published with permission from TechAdvisory.org. Source.

September 4th, 2014

Security_Sep02_AWith smartphones playing a larger role in today’s daily business, the need to recharge them while you are on the go increases. And when you’re nowhere near your charger, that public charging kiosk can look pretty promising. But what you might not know is that common traits in smartphone hardware and software design makes recharging phones through public chargers prone to juice jacking. If you're not sure what that is then let’s find out and also discover how you can avoid juice jacking too.

What’s juice jacking?

Regardless of the kind of smartphone you have, whether it’s an Android, iPhone or BlackBerry, there is one common feature across all phones: the power supply and the data stream pass over the same cable. This setup allows for juice jacking during the charging process whereby user access is gained on your phone by leveraging the USB data/power cable to illegitimately access your phone’s data and/or inject malicious code onto the device.

The attack can be as simple as an invasion of privacy, wherein your phone pairs with a computer concealed within the charging kiosk and information such as private photos and contact information are transferred to a malicious device. However, on the other hand, it can also be as invasive as an injection of malicious code directly into your phone. According to security researchers at this year’s Black Hat security conference, your iPhone can be compromised within one minute of being plugged into a harmful charger.

Exposure to a malicious kiosk can also create a lingering security problem even without the immediate injection of malicious code. Once a device is paired to a computer, it can access a host of personal information on the device, including your address book, notes, photos, music, sms database, typing cache, and even initiate a full backup of your phone, all of which can be accessed wirelessly at anytime.

How do I avoid it?

The most effective precautions center around simply not charging your phone using a third-party system. Here are some tips to help you avoid using public kiosk charger:
  • Keep your devices topped off: Make it a habit to charge your phone at your home and office when you’re not actively using it or are just sitting at your desk working.
  • Carry a personal charger: Chargers have become very small and portable, from USB cables to power banks. Get one and throw it in your bag so you can charge your phone anytime you’re at the office or while on-the-go if you use a power bank.
  • Carry a backup battery: If you’re not keen on bringing a spare charger or power bank, you can opt to carry a full spare battery if your device has a removable battery.
  • Lock your phone: When your phone is truly locked as in inaccessible without the input of a pin or equivalent passcode, your phone should not be able to be paired with the device it’s connected to.
  • Power the phone down: This technique only works on phones on a model-by-model basis as some phones will, despite being powered down, still power on the entire USB circuit and allow access to the flash storage in the device.
  • Use power only USB cables: These cables are missing the two wires necessary for data transmission and have only the two wires for power transmission remaining. They will charge your device, but data transfer is made impossible.
Even the tiniest detail like charging your phone from a kiosk charger could affect the security of your device. While there are many substitutes to using a third-party system, ultimately the best defense against a compromised mobile device is awareness. Looking to learn more about today’s security and threats? Contact us today and see how we can help.
Published with permission from TechAdvisory.org. Source.

Topic Security
September 3rd, 2014

BCP_Sep02_AMany people wonder why it’s necessary to perform business impact analysis (BIA) when they’ve already invested a large amount of time on a risk assessment. The answer is simple: because the purpose of a BIA is different, and wrong results could incur unnecessary expenses or create inadequate business continuity strategies. To that end, let’s take a look at five tips for successful business impact analysis.

Five tips for successful business impact analysis:

  1. Treat it as a (mini) project: Define the person responsible for BIA implementation and their authority. You should also define the scope, objective, and time frame in which it should be implemented.
  2. Prepare a good questionnaire: A well structured questionnaire will save you a lot of time and will lead to more accurate results. For example: BS (British standard) 25999-1 and BS 2599902 standards will provide you with a fairly good idea about what your questionnaire should contain. Identifying impacts resulting from disruptions, determining how these vary over time, and identifying resources needed for recovery are often covered in this. It’s also good practice to use both qualitative and quantitative questions to identify impacts.
  3. Define clear criteria: If you’re planning for interviewees to answer questions by assigning values, for instance from one to five, be sure to explain exactly what each of the five marks mean. It’s not uncommon that the same event is evaluated as catastrophic by lower-level employees while top management personnel assess the same event as having a more moderate impact.
  4. Collect data through human interaction: The best way to collect data is when someone skilled in business continuity performs an interview with those responsible for critical activity. This way lots of unresolved questions are cleared up and well-balanced answers are achieved. If interviews are not feasible, do at least one workshop where all participants can ask everything that is concerning them. Avoid the shortcut of simply sending out questionnaires.
  5. Determine the recovery time objectives only after you have identified all the interdependencies: For example, through the questionnaire you might conclude that for critical activity A the maximum tolerable period of disruption is two days; however, the maximum tolerable period of disruption for critical activity B is one day and it cannot recover without the help of critical activity A. This means that the recovery time objective for A will be one day instead of two days.
More often than not, the results of BIA are unexpected and the recovery time objective is longer than it was initially thought. Still, it’s the most effective way to get you thinking and preparing for the issues that could strike your business. When you are carrying out BIA make sure you put in the effort and hours to do it right. Looking to learn more about business continuity? Contact us today.
Published with permission from TechAdvisory.org. Source.