A story on the BBC news site makes for scary reading....
"A newly declassified document gives a fascinating glimpse into the US military's plans for "information operations" - from psychological operations, to attacks on hostile computer networks.
The document says information is "critical to military success"
Bloggers beware.
As the world turns networked, the Pentagon is calculating the military opportunities that computer networks, wireless technologies and the modern media offer.
From influencing public opinion through new media to designing "computer network attack" weapons, the US military is learning to fight an electronic war."
Forget about locking up your daughters - lock up your networks!!!
Saturday, January 28, 2006
How much information are you giving away when you sell that computer?
Companies and individuals frequently sell on old pieces of kit, or consign them to the dump. One thing that is often forgotten is cleaning the hard drives of data. Whilst the most secure method (and possibly most satisfying) is a few well placed clouts from a club hammer, this does little for the re-sale value of the machine.
How can you ensure your data is wiped?
At the very least do a low level format of the disk (fdisk), then re-format and install the operating system. This will remove the data from your drive, although a determined forensic study can still retrieve the data from residual magnetism within the drive.
A better solution is to use a package that over-writes the disk several times with random data (such as http://dban.sourceforge.net/), follow this up with an fdisk and re-install and you should be OK.
Thursday, January 26, 2006
Blocking Search Engines from indexing pages
It may sound bizarre, but occasionally when promoting your site to search engines, you do not want certain files/directories to be scanned and indexed by the search engine spiders such as configuration files and any personal files/directories you are using your webspace to store.
The most common approach is to use a 'robots.txt' file in the home directory of your site.
This file is normally created using a simple text editor that does not insert any formatting such as Microsoft's Notepad and follows the following format, with two lines making up a record;
[field]:[value]
There are two field types, the first 'User-agent' which specifies the type of spider you wish to apply the following rule(s) to and 'Disallow' which specifies prohibited content. The * symbol can be used as a wildcard in either of the fields.
The following allows all robots to visit all files because the wildcard "*" specifies all robots.
Why not visit my main site for more tips and hints
The most common approach is to use a 'robots.txt' file in the home directory of your site.
This file is normally created using a simple text editor that does not insert any formatting such as Microsoft's Notepad and follows the following format, with two lines making up a record;
[field]:[value]
There are two field types, the first 'User-agent' which specifies the type of spider you wish to apply the following rule(s) to and 'Disallow' which specifies prohibited content. The * symbol can be used as a wildcard in either of the fields.
The following allows all robots to visit all files because the wildcard "*" specifies all robots.
User-agent: *This one keeps all robots out.
Disallow:
User-agent: *The next one bars all robots from the cgi-bin and images directories:
Disallow: /
User-agent: *This one bans Roverdog from all files on the server:
Disallow: /cgi-bin/
Disallow: /images/
User-agent: RoverdogThis one bans keeps googlebot from getting at the cheese.htm file:
Disallow: /
User-agent: googlebot
Disallow: cheese.htm
Why not visit my main site for more tips and hints
Wednesday, January 25, 2006
More security information and mis-information about the WMF bug
Steve Gibson (http://www.grc.com) has managed to put his foot in it again by claiming the WMF bug is a Microsoft conspiracy according to a post on his site and at http://www.theregister.co.uk/2006/01/21/wmf_fud_from_grc/
Whilst his security scanner is a useful tool, I feel that he just likes to keep his name in the press by hyping and distorting any potential weaknesses in operating systems.
Tuesday, January 24, 2006
Computer Security - Keeping it Safe
If the phrase 'computer security' was mentioned to you, what would come to mind?
-
Viruses?
-
Hackers?
-
Physical Security?
-
Users?
-
Backup?
It may be surprising, but most (if not all) breaches in security arise as a result of user actions.
In my role as an independent computer consultant, I frequently require user names and passwords to access systems. I have lost count of the number of times, I have telephoned a client and asked whichever user for a user name/password combination and been given just that without even basic security (such as a telephone call-back to my published number).
In addition, many passwords are referred to as 'weak', consisting of the name of significant others/children or even as basic as 'password'. For password security, users should be forced to change their passwords at least once per month and each password should be unique. In addition, it is recommended that passwords are at least 5 characters long and contain numbers as well as alphabetic characters. An easy way to prevent 'dictionary' attacks (one of the most common password cracking schemes) is to substitute numbers for letters e.g. 1 for i, 3 for e, 5 for s, 7 for l and 0 for o and adding 3-4 numbers at the end.
Viruses are fairly easy to deal with, assuming fairly simple common-sense rules are applied;
-
Ensure you have anti-virus software installed, both on servers and workstations (AVG make an excellent package that is free for single machine use).
-
Do not open unsolicited emails, or emails that contain attachments that are unexpected.
-
If an email requires you to run a program – ensure you scan this for viruses before executing it.
-
Educate users to the steps above.
Hackers pose a constant threat to security, but realistically, a small business is unlikely to be targeted for commercial gain. Install a firewall (such as ZoneAlarm), switch off internet routers when not in use, however, again user education is the best step – most hacker attacks succeed due to 'social engineering', where a hacker pretends to be from a support company and elicits passwords from users. Having said this, most hacking attempts arise from within organisations, so ensure that you have robust policies in place with regards to computer usage.
Physical security is another consideration. If your server is located in your main office, what is to stop the cleaner from un-plugging it to plug in the vacuum cleaner? In addition, if you have technically aware users, or visitors ensure that there is no monitor/keyboard attached. I have seen numerous clients where the server is in the main office and administrator password is on a 'post it' note attached to the monitor. At the very least, your server should be in a locked cupboard/closet that provides sufficient ventilation for cooling.
Users have already been partially covered above, but to re-iterate;
-
Ensure you have a password policy.
-
Ensure you have an acceptable use policy.
-
Keep your users happy (most successful attacks on computers originate within the organisation).
Backup is another issue altogether which I will cover later, but you should aim to ensure that you can recover from complete failure/loss of your server/computer system with minimal downtime. There are various options available from on-line storage, through to re-writable DVDs/Tape.
Monday, January 23, 2006
Do you really need CRM Software
Knowing your customers, their needs, likes/dislikes etcetera is essential to many businesses today, particularly those that provide a service as opposed to tangible products. CRM, or Customer Relationship Software is often touted as the prime tool for increasing customer spend.
CRM software is generally highly configurable and can capture almost endless information about clients including sales data, meetings, telephone calls and much more.
So how can you tell whether you need to purchase a CRM system?
There are several pointers that may help steer your decision;
How different are your customers? Are they spread over a large geographic area, do they fall into vastly different backgrounds, are their age ranges similar and many other factors? If your customers are similar to each other, you may not need CRM software because there is not a large range of demographic information that requires organisation. If, however, they differ then CRM may help you organise them and target promotions according to demographic parameters.How often do your customers make a purchase, and what do they purchase? If your business only sells a small range of items, then tracking purchases may not present too much of a problem. But if customers buy on a frequent basis or buy a vast range of products, then CRM may help you spot buying patterns and trends.Do customers complain about duplication of sales calls/follow up calls? If you have a number of staff working for you with a shared pool of customers, then this can and will happen. CRM software will permit staff to track activity with specific customers to avoid this duplication. If your sales team are each responsible for a sub-set of your customers, then this is less likely to happen.Is your customer base manageable? For some organisations, keeping track of 10,000 customers is easy without the need for specialist CRM software, others as few as 20 can cause problems, for example missed follow-up calls.
If you have decided to embark on the CRM route, bear in mind that getting the system to work with you and your business is a complex task. Whilst there are numerous CRM systems available at a wide range of prices, you may find that only one really meets your needs. Purchasing the other systems could prove a costly mistake.
Some of the factors to be considered when choosing a CRM system are as follows;
Sales management. All CRM systems should have a strong customer component; that is, they should be able to match the information you have on your customers to their transactions, providing a meaningful analysis for your sales force to use in retaining those customers in the future. With a simple click, you should be able to see the entire history of your transactions with a given customer. Fulfillment. Good CRM software systems should also quickly update your inventory or project databases so that each customer's latest orders can be fulfilled and shipped (if applicable) quickly and easily. After making a sale, your sales professional should be able, through CRM software, to place an order and have those products in the works within seconds. Customer service. Good CRM systems will be able to record service calls, customer comments and other service notes. That way you can quickly respond to a customer who calls with a problem. Miscellaneous add-ons. How flexible is the system? Will it integrate with your accounting system and many other possibilities.
One thing to consider with off-the-shelf CRM software products like GoldMine and ACT! is that the support offered is dependant on where these products are purchased. The integration of customer data between various devices such as a PDA and a cell phone can be more complicated than your technical support contact might want to get into.
If you are going to invest in CRM software, you want everything to work, so make sure good technical support and training is available if needed. You also want to make sure you know what you want. Although these products are off-the-shelf, they are by no means limited, and some offer really sophisticated features for future growth. For example, FrontRange's GoldMine has many features available that instruct and support you in expanding your customer service energy and possibly any sales efforts.
A few final things to consider: CRM software is a very personal tool just as a to-do list can be. It manages data that is close to the heart and sometimes very private. It tracks how you interact with your customers and associates. Anyone considering CRM software must weigh how changing this tool will impact productivity.
Source: http://www.roypenfold.co.uk/
CRM software is generally highly configurable and can capture almost endless information about clients including sales data, meetings, telephone calls and much more.
So how can you tell whether you need to purchase a CRM system?
There are several pointers that may help steer your decision;
How different are your customers? Are they spread over a large geographic area, do they fall into vastly different backgrounds, are their age ranges similar and many other factors? If your customers are similar to each other, you may not need CRM software because there is not a large range of demographic information that requires organisation. If, however, they differ then CRM may help you organise them and target promotions according to demographic parameters.How often do your customers make a purchase, and what do they purchase? If your business only sells a small range of items, then tracking purchases may not present too much of a problem. But if customers buy on a frequent basis or buy a vast range of products, then CRM may help you spot buying patterns and trends.Do customers complain about duplication of sales calls/follow up calls? If you have a number of staff working for you with a shared pool of customers, then this can and will happen. CRM software will permit staff to track activity with specific customers to avoid this duplication. If your sales team are each responsible for a sub-set of your customers, then this is less likely to happen.Is your customer base manageable? For some organisations, keeping track of 10,000 customers is easy without the need for specialist CRM software, others as few as 20 can cause problems, for example missed follow-up calls.
If you have decided to embark on the CRM route, bear in mind that getting the system to work with you and your business is a complex task. Whilst there are numerous CRM systems available at a wide range of prices, you may find that only one really meets your needs. Purchasing the other systems could prove a costly mistake.
Some of the factors to be considered when choosing a CRM system are as follows;
Sales management. All CRM systems should have a strong customer component; that is, they should be able to match the information you have on your customers to their transactions, providing a meaningful analysis for your sales force to use in retaining those customers in the future. With a simple click, you should be able to see the entire history of your transactions with a given customer. Fulfillment. Good CRM software systems should also quickly update your inventory or project databases so that each customer's latest orders can be fulfilled and shipped (if applicable) quickly and easily. After making a sale, your sales professional should be able, through CRM software, to place an order and have those products in the works within seconds. Customer service. Good CRM systems will be able to record service calls, customer comments and other service notes. That way you can quickly respond to a customer who calls with a problem. Miscellaneous add-ons. How flexible is the system? Will it integrate with your accounting system and many other possibilities.
One thing to consider with off-the-shelf CRM software products like GoldMine and ACT! is that the support offered is dependant on where these products are purchased. The integration of customer data between various devices such as a PDA and a cell phone can be more complicated than your technical support contact might want to get into.
If you are going to invest in CRM software, you want everything to work, so make sure good technical support and training is available if needed. You also want to make sure you know what you want. Although these products are off-the-shelf, they are by no means limited, and some offer really sophisticated features for future growth. For example, FrontRange's GoldMine has many features available that instruct and support you in expanding your customer service energy and possibly any sales efforts.
A few final things to consider: CRM software is a very personal tool just as a to-do list can be. It manages data that is close to the heart and sometimes very private. It tracks how you interact with your customers and associates. Anyone considering CRM software must weigh how changing this tool will impact productivity.
Source: http://www.roypenfold.co.uk/
Subscribe to:
Posts (Atom)