December 29th, 2010
There is an age old process conducted in most organizations, large and small, known as performance review or performance appraisal (the term performance review will be used primarily in this article). The importance of providing feedback to employees cannot be overstated. But doing so in the proper setting, context, and manner is critical to carrying out successful performance reviews.
Having a performance review system in place is important for a number of reasons. An effective performance review process:
*Enhances coaching and mentoring opportunities for managers and supervisors.
*Clarifies the performance criteria that are important for employees to understand as important in doing their respective jobs.
*Defines a clear basis for wage increases, promotions, disciplinary action, and other important job related issues.
*Reinforces that performance and pay are rationally tied together.
*Serves as motivation to continue to focus on improving performance.
*Brings consistency to the organization in terms of how employees’ job performance is measured.
*Creates a means for clear and complete documentation of job performance.
*Helps identify training and development needs.
*Assists in associating company goals and objectives with employee goals/objectives.
*Communicates important information to the employee about how they are perceived relative to the work they do on a daily basis.
All organizations should have some sort of employee evaluation system in place. Many “systems” in place are not well defined and/or they do not address critical performance variables (competencies) commonly associated with work.
Employers should understand that personal biases enter into the overall perceptions about employees. What many managers believe is factual about an employee is often nothing more than their own biased perception of the employee’s performance.
Assessing an employee is sometimes an unfair process. In most organizations, there are often misperceptions about various employees. And unfortunately there are a lot of managers and supervisors who are just not good mentors and coaches and, therefore, the employee does not have the benefit of correcting performance issues prior to their annual performance reviews.
Adding to the problems associated with personal bias, misperceptions, and poor coaching is the fact that many performance review sessions (the actual meetings to review performance) are poorly conducted by the manager.
It is important that reviewing performance be taken seriously because it is a critical feedback mechanism for employees and a chance for managers and employees to share valuable information. But keep in mind that formal performance reviews are not the only time that feedback to employees should be given.
Appropriate and timely feedback to employees is important in order to reinforce positive “behaviors” or address negative “behaviors”. In short, well managed organizations do not use the performance review as the sole feedback mechanism. There should be regular interaction between manager and employee prior to formal review sessions.
Some organizations choose to use a formal review process more often than annually and that is acceptable and may even be preferable depending on the culture of the particular organization. However, conducting formal reviews too often can dilute the effectiveness of the process so it is important to consider the impact of doing formal reviews more often than once per year.
Typically a more effective approach is to create a culture where regular feedback is provided outside of the formal performance review process. In this scenario managers conduct more informal discussions about training needs, goal achievement, a job particularly well done, performance concerns, etc. as they are needed.
Having periodic discussions about goal achievement is central to a high performance, high accountability culture. These are all important to helping employees achieve their own goals and dreams and to the overall success of the organization.
An effective performance review/appraisal system includes at a minimum:
* A well defined process for documenting performance throughout each review period. This is an important reference tool when it comes time to complete the actual review form.
* Well informed/trained managers/supervisors relative to how to complete review/appraisal forms and how to conduct performance review meetings with the employees.
* A properly prepared review form that includes appropriate and valid competencies for measuring employee performance.
* A valid and appropriate rating mechanism (scale).
* Clearly defined goals for each employee that relate back to organizational goals.
* A clearly defined review period and review process that all employees understand.
* Fairness and equity in the review process.
* Consistency in how employees are evaluated. In other words, minimal or no bias from one employee to another.
Many organizations, large and small, are using what are known as on-demand performance review systems. These are secure Internet-based systems that allow you to more effectively manage all of your employee evaluations and document performance over time.
This growing trend away from in-house software or manual systems and toward online solutions is outlined in a recent blog article on entrepreneur.com:
“Is traditional desktop software a thing of the past? According to a recent survey conducted by online payroll service SurePayroll, it is–at least for small business. Instead, many small businesses are choosing to use web-based software that better allows them to compete with big businesses. In fact, three out of four entrepreneurs surveyed said they rely on online software, which enables them to work in an online environment in place of purchasing or licensing software.
SurePayroll’s survey cited benefits to online software such as convenient access, the fact that they don’t need internal support for the software, and fast and easy implementation.
“When looking to the future, 75 percent of survey respondents predicted that in 10 years, desktop software will be eliminated, and all applications will exist on servers that can be accessed remotely.” This means that web-based performance management systems will be the norm in the very near future.
Reasons to Automate Your Performance Review Process
Reason One – Enhanced ongoing communication. Because an automated performance management system provides the requisite tools that allow managers (and others) to more efficiently and effectively document performance and conduct regular performance reviews. When managers are given tools that “encourage” them to communicate and tools that make their jobs easier, they will be more inclined to document performance as it occurs, do a better job of writing about performance, complete reviews and 360 degree surveys in a more timely manner and feel better about what they are communicating to employees. The framework that an automated system offers gives managers more confidence in their feedback and communication.
Reason Two – Automated systems follow performance management best practices. Best practices in performance feedback and performance reviews range from alignment of individual goals with organizational goals to using validated competencies. There are a number of best practices incorporated into web-based systems such as ReviewSNAP. By subscribing to such a system your organization benefits by having the assurance that best practices are being followed.
Reason Three – Employees are encouraged to share in overall accountability for success. Having an automated system in place brings each level of the organization into alignment with one another and places emphasis on everyone moving in a common direction.
Reason Four – Automated performance management systems capture data over time and provide invaluable information about performance related to goals and competencies in a manner that is difficult and nearly impossible to achieve with manual or quasi-manual systems. Understanding trends and cumulative results is an excellent way for organizations to achieve incremental improvement.
Reason Five – Allows the organization to reduce or eliminate paperwork and go paperless. The inherent “hassle factor” associated with handling, passing and storing paper makes the entire performance management process less appealing to deal with. Automation of the process virtually eliminates the need for dealing with paper. And the level of security associated with online systems is extremely high and will likely elevate the overall security of the process.
Reason Six – Automation of performance management helps make managers more effective in managing their employees. Performance reviews need to be relevant and appropriate to the job being performed and to the goals of the employee and the organization. Because automated systems such as ReviewSNAP contain tools that help managers/reviewers comment on performance and because these systems simply make the process flow better and easier, managers do a better job of reviewing performance. Feedback is enriched and is done in a timelier manner.
Reason Seven – Save time and frustration. As expected automation of the performance management process will save significant amounts of time and will reduce frustration because access is gained easily by logging into the online system and all forms and information is centrally located within the system. Employee feedback and documentation is handled by selecting the employee to be reviewed and all functionality related to the performance management process is located in one area. Notifications of managers and reviewers (or raters) are automated and the frustration of chasing down managers and raters to complete feedback forms or reviews is virtually eliminated.
Reason Eight – 360 degree feedback is easily managed and anonymity is achieved. One of the more difficult things associated with initiating a 360 degree survey on an employee in a paper-based system is the amount of manual work involved. In an online automated system, raters are selected, notifications are delivered automatically, forms are completed and verification that surveys are completed is done automatically. Results are compiled by the system and a report is generated. There is no paper involved. Also, an automated system helps ensure that the feedback of raters is kept anonymous. There is no paper floating around to identify specific feedback of a particular rater.
Reason Nine – Performance reviews will mean more to the employee and performance is more likely to be enhanced. Employees are often confused and frustrated by the performance review process. They often are kept waiting for their reviews to be completed or the feedback is incomplete, irrelevant or inappropriate in some manner. Because the process is easier for managers to follow and because there are tools to assist in documenting ongoing performance, writing comments to support ratings and recommending wage increases, for example, the quality of the reviews increases dramatically.
Reason Ten – Ultimately a more effective performance management process will lead to better overall organizational performance and increased profits. Since automation of performance management gives the organization a much better chance of implementing a highly effective process, one would expect that automation to yield better organizational results. Research suggests that this is exactly the case.
December 29th, 2010
Unfortunately too many people take the development of a business plan lightly and simply do not create a document that will get results. Over the years, we have reviewed and written numerous business plans and have worked closely with funding sources.
Many requests for financing for businesses that have strong potential are rejected daily by funding sources simply because the business plan is poorly written, incomplete or unrealistic. It is absolutely critical to pay close attention to detail and to include all information that the reader will need to have available to make an educated decision.
A sound business plan is not a sketchy overview of the business. In reviewing many business plans over the years, our consultants never cease to be amazed at the number of them that appear to have been written in a haphazard or hurried manner. There are a number of elements that a business plan must include. These range from the executive summary to a complete financial section.
There are roughly a dozen elements that must be included. Leave one or more of these out of the document and it will be difficult to gain the attention of those you most want to impress. And you will not end up with a document that provides clear guidance for your business.
A business plan is a living document. That simply means that the words you put on paper have to mean something and they must be defensible. Too many people who write business plans are careless or simply do not place enough importance on the meaning and impact of the words they put on paper. If you cannot defend what you have written, you will be faced with an uncomfortable situation when it comes time to answer questions. Be clear, be concise and be accurate. Following a prescribed business plan outline will help you gain the required clarity and detail in your plan.
There are a number of common mistakes that are made by people attempting to write a business plan. Some business plans exhibit a failure to fully understand the business concept. Still others leave important pieces of information out of the document. A tendency on the part of many writers of business plans is to be unrealistic in their financial and market share assumptions and projections.
There are other mistakes that are made and it is important that these be avoided. These include, but are not limited to; poor grammar and spelling, a failure to provide supporting documents as needed, lack of clarity, arrogance that is evident in the document, insufficient evidence to support the notion that the business can be successful and a lack of enthusiasm for the concept and the business.
It is important that the business plan not be viewed strictly as words on paper. It must represent what the business will do to be successful. The writer(s) of the plan must have a strong handle on just how this will be accomplished. It will become obvious very quickly to astute readers of your plan if there is a clear understanding and vision of how the business will be managed, how products or services will be produced and marketed, how the business will make money and if there is a sound strategic direction for the business. The business plan document must be well organized and instill confidence in the reader that the business has a good chance of being successful.
Generally business plans are written for the purpose of seeking financing. That means that the document must get attention quickly, it must keep attention and it must convey critical information in an easily understood manner. Those who read business plans on a routine basis expect a well written document that is comprehensive and detailed enough to convey essential information and data.
Business plans also should be written annually to support and complement your strategic plan. A business plan is not only a funding document, but a very important road map that details how the business will function over the next year. In fact, we sometimes refer to the business plan as the organization’s functional plan because of the budget, staffing, marketing, competitive, and other information contained in the document. And, as mentioned, it should fully support and reflect the direction provided by your strategic plan.
December 24th, 2010
There is probably nothing in business more valuable that good strategic planning. Unfortunately, there is nothing that wastes more time than bad strategic planning. Organizations too often spend a lot of time working on an annual planning process only to have the plans quickly fade away until the following year’s process begins. Because of this, too many companies get frustrated and drop the process rather than finding a way to make it more effective.
An effective strategic planning process enables companies to take control of their future and remain focused on the critical areas that will result in sustained periods of growth and success.
By definition, strategic planning is a process by which an organization’s leaders define and implement the strategy to achieve the company’s fundamental purpose. The output of the process is a set of high-level objectives (i.e., critical improvement areas) and initiatives (specific actions, to achieve the objectives). Inherent in this definition is the ability to turn strategy into action. Although, by itself, the planning process tends to improve communication within the management team, increase knowledge of the company and its markets, and cultivate teamwork, it is the action – i.e., actually achieving the objectives – where the value resides.
Especially with small entrepreneurial organizations, senior leaders have little time to spend on anything that doesn’t provide clear benefit. An effective strategic planning process can, however, provide the clarity and focus that is often forgotten in small companies – especially those with very little bench strength.
Elements of an Effective Process
To be effective, it is necessary to clarify and understand the expectations of the planning process. As mentioned above, the process must absolutely include a basis for action. The plan must also provide a clear and consistent focus, a platform for involvement of team members, and a method for communication.
Although the depth, frequency, and specific process used will differ for every company, there are some basic elements that greatly increase the chance of success. First of all, the organization must have a clearly defined purpose, including a mission (which keeps the plan grounded) and a vision (which provides a consistent direction for planning). Objectives and initiatives are the components of the process that bring the vision to reality.
Also included in an effective process are key indicators, which measure the organization’s success in achieving the objectives. This absolutely requires that the indicators be directly linked to the high-level objectives. If the indicators are not linked to the objectives, then you either have the wrong indicators or the wrong objectives.
The Basic Process
The basic process for creating the strategic plan (depicted in exhibit 1) is as follows:
- Review/create the company’s purpose;
- If necessary, determine the focus of the plan based on the organization’s most critical needs;
- Develop key objectives to be completed over the following 1-3 years (depending on the organization’s normal planning horizon). At least initially, stick to four key areas for the objectives: leadership development, process improvement, market development, and product/service development;
- Assure the existence (or create) key indicators to measure progress on the objectives developed above;
- Identify initiatives (or projects) that will enable the organization to meet the objectives developed in step 3;
- Communicate the plan throughout the organization;
- Conduct periodic review to assure that the initiatives are progressing as expected and, if so, whether they are actually achieving the key objectives; and
- Take action when necessary (based on the review) to get the organization back on track toward achieving its key objectives.
The One-Page Plan
The steps presented above require a lot of reflection and discussion in order to assure that the plan and associated actions address what is critical for the company. When done correctly, though, the result can be communicated throughout the organization in a simple, one-page format that can increase understanding, acceptance and involvement.
Exhibit 2 presents an example of the one-page plan for ABC Products Company resulting from carrying out the process.
The one-page plan is a simple document that communicates the work of many hours of work by the senior leadership team. Communicating the plan in this format demonstrates clarity of thought by the team and shows people how the initiatives, objectives, and purpose all fit together.
Remember that this is a living document and should be updated as initiatives are completed/created or focus shifts.
December 19th, 2010
You better stop what you’re doing right there, Mark Zuckerberg: Somebody else has patented the “social network.”
The United States Patent and Trademark Office on Tuesday awarded a patent to Amazon for a “social networking system” that would seem to accomplish the exact same tasks already performed by the likes of Facebook, MySpace and Friendster.
Amazon now holds the patent for “A networked computer system [that] provides various services for assisting users in locating, and establishing contact relationships with, other users.”
Groundbreaking, isn’t it?
Amazon’s patented system — which, of course, doesn’t seem to be publicly available — does all the major things Facebook is known for.
“Users can identify other users based on their affiliations with particular schools or other organizations,” according to the patent, and the system “provides a mechanism for a user to selectively establish contact relationships or connections with other users, and to grant permissions for such other users to view personal information of the user.”
Facebook functionality letting users identify friends of friends is covered by Amazon’s patent with “features for enabling users to identify contacts of their respective contacts. … In addition, the system may automatically notify users of personal information updates made by their respective contacts.”
Of course, we can’t give Facebook the credit for inventing social networks. MySpace launched in August 2003, six months before Facebook. There is still controversy over whether Facebook CEO Mark Zuckerberg stole the idea from Harvard classmates, who filed a lawsuit and received a settlement from Zuckerberg.
The technology world has long been full of patent controversy, and the existence of Amazon’s patent on social networking technology doesn’t mean other sites have to shut down. Friendster, after all, patented the social network in 2006 but that hasn’t stopped Facebook and MySpace.
The Amazon patent application was filed on May 27, 2008, more than two years before it was accepted, and lists the social network “inventors” as Brian D. Robertson and Warren W. Adams of Massachusetts.
Roberton and Adams, according to an article on Seattle’s TechFlash, were the founders of PlanetAll, a service Amazon acquired in 1998 and shut down in 2000.
“PlanetAll was a Boston-area startup that was created by a guy who wanted to keep in touch with his college friends,” the TechFlash article notes. “Sound familiar?”
Lots of companies are building social networks these days. Google added Facebook- and Twitter-like capabilities to Gmail, Cisco is releasing social networking software called “Quad” that is designed for internal use by businesses, and now HP says IT pros need their own social network.
Amazon is a consumer-oriented company but has also built services geared toward professional users, particularly in the cloud computing realm. But it’s not clear yet whether this patent is the first step toward Amazon building a Facebook-like service of its own.
By Jon Brodkin
December 19th, 2010
In case you haven’t heard, there are two companies called Microsoft and Google that really don’t like each other very much. These tech behemoths are battling each other on a dizzying number of fronts in the consumer, government and business markets, the U.S. court system and the court of public opinion.
Let’s examine 10 battles Microsoft and Google fought against each other in 2010.
Google and Microsoft each accused the other of being monopolistic in 2010, with Google, for example, suing to the U.S. Department of the Interior for favoring Microsoft in the bidding for a cloud-based e-mail contract, and Microsoft joining a group that’s trying to block Google’s planned acquisition of a travel software company due to fear that Google would dominate the online travel search market.
Just for good measure, Microsoft also testified against a Google project to scan millions of books and, separately, filed patent complaints against Motorola for its phones based on Google’s Android mobile operating system. Microsoft has worked on softening its stance toward open source software, so the Android lawsuit illustrates just how seriously Microsoft is taking the threat posed by Google’s mobile phone platform.
War for the desktop
Not content with dominating the search market, Google took aim at Microsoft’s signature Windows operating system business by releasing a prototype version of the forthcoming Chrome OS. Google is so confident that it’s reportedly dumping Windows for internal users, supposedly because Microsoft’s OS isn’t secure enough.
While analysts say Chrome OS is no Windows-killer, just yet, that doesn’t mean Microsoft shouldn’t be worried. If Google’s vision of a “100% Web” world comes to fruition, Microsoft may have some catching up to do. But Microsoft’s Tim O’Brien, senior director of the Platform Strategy Group, dismissed Chrome OS in an interview earlier this year, saying “The browser isn’t the operating system. The operating system is desktop Linux and it runs one application and one application only, and that’s Google’s browser.”
Speaking of Web browsers, Microsoft’s Internet Explorer is still the most widely used tool for surfing the Web, and this year Microsoft took a leap forward with the beta of IE9, which is performing well in early HTML5 testing.
But Internet Explorer usage has been going down steadily nearly every month, while Google’s Chrome is nearing 10% market share just two years after its release. With the arrival of the Chrome Web Store, Google is poised for even more growth in 2011.
No modern tech rivalry would be complete without accusations about putting users at risk of viruses and malware. In June, Microsoft accused a Google security researcher of putting Windows customers at risk of “broad attacks” by publishing code that exploits a zero-day vulnerability, after Google security engineer Tavis Ormandy published some proof-of-concept attack code related to a bug affecting Windows XP and Windows Server 2003. Ormandy says he was acting alone, and that Google shouldn’t be blamed. Ormandy also complained about Microsoft’s tendency toward “bug secrecy,” and said he would have been ignored if he had reported the problem without a working exploit.
December 19th, 2010
iPhone users, beware. The popular gadget is vulnerable to attacks by hackers.
Security experts revealed during the Black Hat conference in Las Vegas that they had uncovered certain flaws in Apple’s iPhone which can be exploited by unscrupulous individuals for identity theft and other malicious activities, Reuters’ Jim Finkle reports.
Security experts are now urging Apple to deal with this vulnerability to protect iPhone users.
“It’s scary. I don’t want people taking over my iPhone,” the report quoted security analyst Charlie Miller of consulting firm Independent Security Evaluators as saying.
Miller and Collin Mulliner, a Ph.D student at the Technical University of Berlin, bared at the conference a strategy they had uncovered wherein hackers can sabotage iPhone users’ connection to the carrier network. The phone then becomes virtually useless as the owner will not able to make calls, receive or send text messages, and access the web.
Apple had been warned about such flaws but the company has yet to address the problem, said Miller and Mulliner. Now, after the information was revealed during the Black Hat conference, the two warned that it would take a mere two weeks for criminals to start using this method and launch hacking attacks against iPhones.
Miller and Mulliner demonstrated how this could be done. They sent a malicious computer code to the phone via SMS. The tricky part is that, the user is unaware that the phone has just received the code.
The two had tested this with iPhones running on carrier networks in Germany and also with AT&T in the U.S. They are now convinced that all iPhones all over the world are at risk of getting hacked using this method.
The security experts defended their move to reveal the method to the public, saying that they merely wanted to warn users against such attacks. They also said it would also likely to become eventually known to resourceful hackers.
Apple has yet to issue a statement about this. Miller and Mulliner said the company should take the necessary steps to secure the iPhone; otherwise, the negative publicity could cripple the sales of this much coveted gadget and wipe out the otherwise positive reviews about its cool features.
Black Hat is the global leader in information security events. The recent conference held July 25-30 at the Caesars Palace in Las Vegas had about 4,000 attendees that included both security professionals and hackers. It’s a venue where security experts get to announce the latest software flaws they have uncovered to warn the public and encourage the manufacturer to address them. Unfortunately, hackers also exploit the same flaws to launch attacks.
The revelation about the iPhone’s vulnerability to hackers is hardly new. Last year, security researcher Aviv Raff reported that certain iPhone applications could be used as gateway for phishing attacks. The hacker uses a seemingly legitimate email link which when clicked would lead to a phishing site. iPhone 1.1.4 and 2.0 were said to be the ones vulnerable to this type of assault.
December 17th, 2010
That dancing skeleton might look really cool on your pc, but it could turn your computer into a virtual zombie capable of spreading malware to other machines.
Security experts are alarmed over the new wave of online threats associated with Halloween. According to Panda Security, cyber crooks had been busy in the days leading up to the holiday cooking up innovative tricks to lure online users to malicious sites.
Free downloads of Halloween-related applications and screensavers are especially suspicious as they are often packed with malware, the experts said. If you must have them on your computer, make sure you scan every download with a good antivirus program.
Keep an eye out for poisoned e-cards dubbed “Dancing Bones,” “Happy Halloween,” “Show this to the kids,” “The most amazing dancing skeleton,” “Send this to your friends,” and “Man this rocks.” Security analysts at Kaspersky has also cautioned users to beware of spam mails offering gift cards or Halloween special deals and websites asking users to install special browser toolbars as these may also be laced with malware.
Also high on the list of Halloween scare antics are websites which frighten users that their pc had been infected with malware to trick (every pun intended) them to buy a license for a bogus antivirus software. Once a computer is infected—which is usually what happens because the user is blocked from further using the pc unless the fake antivirus program is downloaded—it is difficult to rid it of the threat. Check out Panda Security’s warning about this particular tactic of cyber crooks.
The bad guys of the Internet are becoming increasingly smart, using black hat search engine optimization to make these malicious websites rank higher in the results. They use commonly searched phrases as “Halloween costumes” or “Halloween parties” as targeted keywords, said Panda Security experts.
How do you distinguish malicious websites from legitimate ones? Panda Security offers the following tips:
- Type the web address of the website you are trying to access directly into the address bar.
- Use a web browsing tool to check if the site you are searching for is safe or malicious. A good example of this is WOT, a free security website scanner.
- Your children may also unknowingly access infected websites, so installing a parental system on your pc might help.
- Exercise extreme caution when clicking on links sent by friends through social networking sites like MySpace, Facebook or email. When in doubt, ask your friends first if they knew about the link. If you do decide to click on the link and notice that you have entered an unrecognizable page, close your browser immediately. Even if nothing on the website seems suspicious but you are asked to download something, leave the site right away.
- Equip your computer with a trusted antivirus software.
December 17th, 2010
The bad guys of the Internet will be shifting gears next year, targeting file sharing networks more than websites and applications, according to computer security firm Kaspersky Lab.
Kaspersky Lab has already detected a mass malware epidemic of malicious files being spread through torrent portals. This was mainly the strategy used to spread malware such as Virut and TDSS. The company sees cybercriminals stepping up this type of attack on P2P networks in 2010.
Alex Gostev, Kaspersky Lab’s director for Global Research & Analysis, predicts that sophisticated file infection methods and rootkit technologies will be the order of the day and that many anti-virus tools will have a hard time treating these infections. IT security firms will respond by coming up with advanced protection programs, although it may take awhile before they can pin down advanced cyberthreats, he says.
Gostev says today’s cybercriminals are trying to legalize their operations by leveraging botnets’ power to generate huge web traffic. This enables them to earn money by spreading malware and spam or performing DoS attacks without necessarily committing an explicit crime.
At present, mostly black-market services make use of botnet traffic, but Kaspersky predicts that the botnet services market will expand next year.
Before 2009 began, Kaspersky Lab had expected a surge in the amount of global epidemics and was a quite taken aback when advanced infections developed through rootkit technologies emerged instead.
A rootkit is a type of software system consisting of one or several programs that try to seize control of the operating system while hiding the infection. A rootkit is different from a virus in that the former is limited to controlling one operating system while a virus is designed to spread to other systems.
Rootkit technologies are becoming increasingly popular among cybercriminals because they allow malware to elude detection from PC users and anti-virus scanners.
This year, PC users have had to deal with the Conficker worm, botnets and web attacks. There were also an increase in SMS fraud and attacks on social networking sites.
Fake anti-virus programs were everywhere in cyberspace, although Kaspersky Lab says we will see fewer of these bogus protection tools next year. This is because the market has become saturated by these fake programs and selling them is no longer profitable for cybercriminals. With IT companies and law enforcement agencies keeping a close tab on these products, it has become more difficult to create and distribute them, says Kaspersky Lab.
The security vendor also warned that Google Wave service will suffer from various attacks, from spam to phishing, to vulnerability exploitation and malware distribution.
Kaspersky Lab also warns iPhone and Android users to beware of increased attacks, particularly for Android which is more vulnerable than the iPhone. Numerous malware outbreaks are likely to happen because of the popularity of smartphones running the Android OS in China. The lack of proper screening for third-party software applications will make matters worse, says Kaspersky Lab.
December 17th, 2010
On the Monday after Thanksgiving, more than 100 million Americans will be using their computers and network connections to search for deals and start their holiday shopping, unaware of the risk they pose to their employer and themselves. To help minimize the impact of phishing attacks this holiday season, PhishMe, a leading provider of anti-phishing training, is hosting a free phishing game, PhishMe Consumer Edition, to educate shoppers on how they can protect themselves from the latest scams.
“There is a crass saying in the security industry that you ‘can’t fix stupid,’ meaning that uninformed employees will always put your organization at risk,” said Rohyt Belani, CEO, PhishMe.com. “At PhishMe we not only disagree with this sentiment, we have made it our mission to help companies educate and train their employees, so that they can minimize the risk of their company falling prey to these user-oriented attacks. We are launching a free version of the PhishMe Consumer Edition games during the peak Internet shopping period to help consumers at home or while they are at work.”
PhishMe.com is urging employers to take the necessary steps to educate their employees and reduce the risk of phishing and malware attacks. In addition to the PhishMe Consumer Edition game, the company is recommending that every organization educate its employees on how to best avoid falling victim to an attack.
Belani continued: “Education is the key to protecting your business, employees and customers, from the majority of today’s phishing attacks. Many attacks can be thwarted if organizations regularly educate their staff on the types of tricks used by phishers.” Safety tips include:
> Don’t take candy from strangers — Be suspicious of unsolicited offers or emails, even if the email is personalized to you.
> If it seems uncharacteristic, check with the source – phishers are getting smarter about using known contacts or corporate brands to trick people into sharing information or clicking links. Beware.
> Don’t provide your username or password in an email or over the phone. Your corporate IT department will NEVER ask you for this information through these channels.
> Don’t click links you don’t understand, unless you want to lose company data or worse yet – your identity.
> Confirm the source of file attachments to emails (out of band) before opening them. File attachments are one of the most reliable mechanisms of propagating malware.
December 17th, 2010
Another virus could be spreading faster than swine flu: swine flu spam.
The world’s largest international police organization, Interpol, warns web users against clicking links in emails that purportedly sell unlicensed or counterfeit medicines for swine flu.
Web security experts estimate that 3 to 4 percent of spam mails that turn up in users’ inboxes are related to swine flu. They say the volume of swine flu spam mails is expected to rise as the influenza strain spreads in more parts of the world.
Officials of the Lyon, France-based Interpol say cybercriminals are taking advantage of the global swine flu scare by creating hundreds of web pages offering information or medicines.
“It has been seen time and time again that following a global threat or natural disaster, criminals exploit the situation for their own financial gain and in this situation they are searching to take advantage of people’s fears about their health,” says Jean-Michel Louboutin, Interpol’s executive director of police services.
Louboutin warns web users to treat unsolicited emails that offer deals or contain links to websites that sell swine flu medicines with “extreme caution.”
He further warns users against unscrupulous manufacturers of fake antiviral drugs out to exploit people’s fears of getting infected with swine flu. The Interpol, which operates in 187 countries, has yet to receive reports of phony antiviral medicines being produced, but the agency is strictly monitoring the market for possible emergence of such drugs.
The Interpol’s warnings were echoed by the Royal Pharmaceutical Society of Great Britain (RPSGB). David Pruce, RPSGB’s director of policy, says counterfeit versions of Tamiflu and Relenza may soon sprout all over the Internet in response to the swine flu outbreak.
Another reason why the public should avoid clicking on swine flu-related links in emails is that cybercriminals are also using these links to infect computers with malware.
Symantec Security Response has detected a malicious attachment in swine flu-related emails. The malicious attachment is in PDF format and supposedly contains information about the swine flu influenza.
When users try to access the file, a malware then gets planted into the computer. Adobe has a new patch which can prevent a PC infection, while an anti-spam software can block the emails in the first place, says Marc Fossi, manager of Symantec Security Response.
Fossi says the public’s eagerness to get updates and information about swine flu may cause them to drop their guard and try to access dubious links and files contained in swine flu-themed emails.
Some of these emails tempt users with such questions as: “”Are you in Mexico or the US? Do you know someone who has been affected?” The recipient is then prompted to click on a link wherein they will be required to provide their name, email and home address, and telephone number.
As of late, authors of swine flu spam emails have started using the names of Hollywood celebrities to lure users to their sites. Some examples include: “Salma Hayek caught swine flu!” and “Madonna caught swine flu!”
Symantec also reports that some emails don’t contain any malware or offers of anti-swine flu drugs, but merely want to scare recipients.
According to McAfee, the volume of swine flu-related spam mails has exploded in recent weeks, most of them coming from Brazil. Some of the emails originate in the United States and United Kingdom. Other than those using names of celebrities, the emails contain subject lines as “US swine flu statistics,” and “Swine flu in USA.”
To be on the safe side, the Interpol says web users looking for information about the swine flu should only rely on the World Health Organization website for updates. For countries’ individual guidelines on swine flu, users may consult the website of their national health authority.