Cyber Security

maclaren technology center

One concern many online users and businesses have is about the security of their personal conversations and correspondences. Nobody wants to have their correspondences stolen and snooped on by strangers for personal and security purposes. Furthermore, many online products make broad claims to the security and safety of their products, but how can we be sure that they work as advertised? Just because a company claims that its product is secure does not mean it is true. One of the limited options that consumers have is to rely on third party and independent reviews.

One such independent security reviewer is the Electronic Frontier Foundation. They recently made a very eye-opening and thought provoking review of online messenger products. Some of the criteria they based their evaluation on includes the following: Is your communication encrypted in transit; Is your communication encrypted with a key the provider doesn’t have access to; Can you independently verify your correspondent’s identity; Are past communications secure if your keys are stolen; Is the code open to independent review; Has there been an independent security audit.

It is important that security include end-to-end encryption, which means that the service company doesn’t have access to the keys of the users. Only the users have the keys and it doesn’t leave their possession. This means that the service company can’t give up information without the consent of the users. It is also important that past communications are secure if keys are stolen, so if a key is compromised but the message deleted on a user’s local machine, past messages are encrypted and can’t be decoded at all because the encryption uses ephemeral keys which are routinely deleted. Finally, it is necessary to make sure that the identity of the corresponding participant can be verified when communications are in route, because a significant security risk exists in divulging information to a false identity. The perpetrator can glean and steal sensitive data, so this must be prevented with a robust verification protocol.

Some of the top security performers in this analysis include products such as ChatSecure, CryptoCat, Pidgin, Signal/RedPhone, Silent Phone, Silent Text, Telegram, and TextSecure. The best mass-market option was Apple’s iMessage and FaceTime products, although neither provides complete protection against sophisticated and targeted forms of cyber intrusion. Some of the messenger options analyzed were found to be vulnerable to surveillance by the service provider, such as email products from Google, Facebook and Apple; Yahoo’s web and mobile chat; Secret; and WhatsApp. Even worse, some major messaging platforms have no encryption at all, such as Yahoo’s desktop messenger, QQ, and Mxit.

This security analysis affirms the notion that individuals and businesses must be very diligent in protecting personal information, and this includes stringent research in the security of the products that one utilizes to secure important data. In this day and age, cyber security is something that most people take for granted, but as the system evolves to become more sophisticated and the world becomes more reliant on cyber technology, the importance for all users to protect themselves will become paramount. You cannot assume that any entity or product is safe based on general reputation or unconfirmed claims. Assuming these claims as truth without due diligence opens yourself up to risk which is the path to loss and damage.

How Hackers Can Exploit Windows 10

 

hacking exploit

For those of us that are not computer programming experts, the idea of hacking is very mysterious and difficult to comprehend. The general idea is simple enough, but the logistics are esoteric. That’s why it’s a good idea to look at specific examples to get a better idea of how it works.

One example is a recent development, where Microsoft’s Windows 10 was found to have some kernel bug vulnerability. Adobe also was discovered to have a zero-day exploit in its Adobe Flash product. And with these types of vulnerabilities, you always have these opportunistic types that are always at the ready to pounce when they smell blood. And that’s what has happened with this new Windows 10 and Adobe Flash vulnerability. Apparently, there is a hacker group with ties to the Russian government that has been exploiting these vulnerabilities and bugs. This group has also been up to no good against the likes of Hilary Clinton’s associates, the DNC, and Colin Powell.

Microsoft has also acknowleged this vulnerability and has warned hacker groups like this are sending spear-phishing emails to trick recipients into clicking on malicious links and attachments, which install malware on their machines. This vulnerability in Windows 10 is known as a local privilege escalation bug in the system kernel, which can be exploited by malware to gain admin access on Windows machines. This malware allows the invader to circumvent security on the machine to compromise the system with malicious code.

Microsoft has announced it will take about a week to patch this security vulnerability. Adobe, on the otherhand, has already fixed their vulnerability at the end of October. Microsoft has advised Windows users to update Google Chrome and Adobe Flash or remove them completely until Microsoft can deliver the patch. They have also advised users to be careful of what they download, especially email links.

This example goes to show, that with all the benefits of this new cyberspace era, there are also new dangers that were unimaginable just a short time ago. As this world evolves into a more online-dependent society, these types of threats and dangers will also evolve at an escalating pace. So the most important thing to emphasize is maintaining vigilance and always undertaking the most stringent security procedures.

Cyber Threats

mightyohm via Foter.com / CC BY-SA

mightyohm via Foter.com / CC BY-SA

As online business becomes more prevalent in this globalized economy and interconnected world, one main concern for businesses and government entities is cyber security. One of the main concerns concerning cyber security is hackers breaking into websites and online properties without authorization and stealing valuable information that can cause serious harm to individuals and even nations.

One common hacking method is SQL injection. This method involves entering SQL code into web or browser forms to access and manipulate the database behind the site or system, which is typically SQL. SQL works by entering text into a field which then checks the data with a table in the database to see if it matches. If the text matches the table data, then access is granted to the system. Otherwise, access is denied. This type of attack works when system security is not robust and doesn’t protect against simple SQL code that can be used to access the system.

Another common hacking method is the denial of service attack, which causes a system to be rendered inoperable due to the system being slowed down from overloaded resources. This has the objective of crippling a website so that no one can use it.

Another hacking method is cross-site scripting, which threatens a site’s security and can take access information from a user to the website. Cross-site scripting is a security loophole on a website that is hard to detect and stop, which makes the site vulnerable to attacks from hackers. This is especially a high risk because it leaves the site’s users open to identity and financial theft.

Regarding JavaScript, protection for this type of site is generally not very secure. Unless a password is encrypted, these sites are vulnerable to being hacked. Additionally, passwords are generally open to being cracked through brute force attacks.

The first step against cyber attacks is conducting a cyber self-assessment that identifies potential risks and vulnerabilities. Some of these risks can be identified by examining who has access to the system and how sensitive data is transferred, such as through email or messaging systems. The next step is to prepare and plan for these risks and vulnerabilities. This documents the protocol to implement when something goes wrong. The last step is to have procedures that actively monitor these cyber risks. One of the best defenses against these risks is vigilance and extreme effort.

One way to protect against cyber threats is through encryption. This makes it difficult for hackers to steal data. Also within your system, you can name your system files random names so it is harder for intruders to identify what they are. Another way to protect your site is to constantly test for vulnerabilities and think like a hacker to anticipate how they can attack your system. This will allow you to develop countermeasures against these threats. Most importantly, vigilance is crucial, even for simple tasks such as regularly changing passwords and keeping them secure and unpredictable. It is important to constantly update your site and programs within the site to keep it secure against evolving threats.

Choosing A Business Structure

office

When starting a new business, one must carefully choose a business structure to make it a legal entity, which means that it can own property, own bank accounts, and pay taxes the same way that an individual person would. When contemplating which business structure to choose, one must weight the pros and cons as they all have different features.

 A sole proprietorship is usually owned by a single person or a couple. With this business structure, the owner is personally liable for all business debts, can freely transfer the business assets, and report all taxes under personal income. This entity is good in its simplicity and lack of restrictions. However, it comes with a severe drawback of potentially being personally liable for all damages that a business may incur.

 In recent times, Limited Liability Companies have become very popular, as they combine the limited legal liability of full corporations but have easier tax structures like sole proprietorships and partnerships. LLCs are powerful because they protect owners from the present and future debts of the business. They also provide tax benefits of pass-through business losses that can offset the owner’s other nonbusiness income and distribution of profit that can be taxed at the owner’s potentially lower marginal tax bracket.

In addition, if a business has multiple owners, it can operate as an LLC while electing for its tax structure to be treated as a corporate entity. If the owners of the LLC want to retain profits within the business to facilitate growth of the business, the recommended option is a C corporation tax election, where the LLC’s profits are only subject to the beginning corporate tax rate of 15%, which is usually less than the personal marginal tax rates of individual owners. And if any of the owners wish to receive compensation, they can be paid W-2 wages for their work within this structure. However, if the owners prefer to withdraw substantial profits from business, the recommended option is the S Corporation election. This allows each owner to receive a pro rated share of the LLC’s total profit as distributions that would be personally taxed at each owner’s marginal tax rate. Furthermore, these distributions are not subject to Self-Employment Tax.

With general partnerships, partners share income and managerial duties, while each partner is personally liable for any debt. Members of general partnerships must file an informational tax return and file personal income taxes. General partnerships are the most simple business structure to form, as they only require that at least two people agree to be partners or conduct business and share profits even with an express agreement. They do not have to register or file organizational documents but usually must register a trade name unless the business operates under the names of the partners.

 Corporations are complex structures with high legal costs. They are owned through stock and have complicated tax, licensing and regulation requirements. They must also follow complex procedures such as issuing stock certificates, holding annual meetings and keeping minutes, electing directors, and so on.

 C-Corporations are distinct legal entities that are taxed separately from the owners and generally are not advised to own assets that appreciate in value. While they do protect against personal liability, they have some disadvantages with regards to taxes and operations when compared to an LLC or limited partnership. However, they may have lower tax rates if annual net income is below $75,000. S-Corporations protect their owners against personal liability and are not taxed as a separate legal entity. They have limitations on the number and type of eligible shareholders and have some tax and operating disadvantages when compared to an LLC.

 When choosing a business structure, it is important to consult a tax accountant or attorney to make sure that one understands all the pros and cons behind the decision and makes the correct elections based on the situation. This decision should be based on a multitude of factors, including the type of business, the tax structure and benefits desired, who the owners of the business are, and the amount of capital and budget available to spend on a particular business structure.       

 

Online Business Marketing

online business office

The biggest challenge facing most online businesses is the difficulty in obtaining traffic. The problem here is if you’re not getting traffic, you’re not getting sales. Even if you have the greatest product or service in the world, it must be visible to consumers for it to sell and deliver the most value. Your business needs to be discovered by consumers. Whether it be through word-of-mouth, print and tv advertising, or online marketing, there needs to be some avenue of accessing the awareness of consumers.

One option for acquiring more traffic with online marketing is to pay for traffic through PPC search engines, which provides immediate qualified traffic based on keywords that you bid on. The goal is to bid on the top three positions, because these reach 80 percent of all internet users. Bidding on PPC search engine traffic also allows your site to get ranked in the search engines for free. The advantages of this method is the speed of delivery and flexibility in selecting which search terms you would like to advertise for. Disadvantages include the competitiveness of this industry, which drives up the prices of keyword ads and doesn’t guarantee you will receive the amount of traffic that you intend.

Another option is to implement search engine optimization techniques that make your website available to address the search queries of users looking for information. By adding relevant content to your site and promoting it to other websites and as many viewers as possible, you can increase the brand awareness of the site and make sure it is hitting the public consciousness. One firm that specializes in SEO in Washington DC, states that 87 percent of all consumers search actively for products and services online. Furthermore, this DC SEO firm says that consumers are becoming more attached and dependent on their mobile phones for personal activities than ever before, which means online marketing is becoming more essential for being able to access these mobile consumers. This is a very powerful way of marketing because 44 percent of consumers begin their purchase through a search engine. In fact, search is the 4th top internet activity behind social media, email, and video.

Finally, another effective marketing strategy to attract more traffic is to give away free content in exchange for contact information. This allows you to build a potential customer base that you can continually market to and encourage to pass on valuable content to other potential customers. This is very important, because it can take up to seven points of contact before making a single sale to an individual customer. By having a direct line of communication to your potential customer base, you can employ much more effective marketing strategies and develop a relationship of trust which is vital for sale conversions. Furthermore, it is known that repeat customers are the most valuable customers.

Whatever method of traffic generation that you employ to drive customers to your business, you must make sure that it is cost effective and scalable. Because if generating traffic is costing you more money to bring in a customer than the sales you receive from that customer, this is not sustainable over the long term. Also, if your strategy is not scalable, it will not have a meaningful impact on your business and is not necessarily worth the time and investment for such a low return activity. Being able to scale your strategy is also very important for being able to drive down marginal costs of marketing over time.