40/10/10 – Optimal conversion rates in relation to lead magnet, tripwire, and core offer, respectively.
ActiveCampaign (AC) – a popular email marketing automation tool.
Affiliate – An affiliate member can receive commission for helping refer new customers.
Analytics – is the measurement, collection, analysis, and reporting of web data for purposes of understanding and optimizing web usage.
Angel Investor – An individual who invests a certain amount of money (usually 25-500k) early on, in order to get the company off the ground.
API – Application Programming Interface. An API is a way for web programs to connect with one another using code instead of an interface in a browser. You can use email service providers’ APIs to integrate them with Leadpages.
Autoresponder – a program that automatically generates a set response to all messages sent to a particular email address.
Average Customer Value (ACV) – A formula that tells you how much your customer is worth.
Average Visitor Value (AVV) – A formula that tells you how much you can pay per click.
Aweber (AW) – a popular email marketing automation tool.
Bottom of Funnel (BOFU) – Relates to content and offers at the “Conversation” stage of the marketing funnel.
B2B – Acronym for Business-to-Business. A type of business transaction that is carried between two companies (as opposed to a business selling to a consumer, B2C)
B2C – Acronym for Business-to-Customer. A type of business transaction that is carried between a company and an individual consumer (as opposed a business selling to another business, B2B
Bootstrapping – Financing a startup through a founder’s personal resources or otherwise extremely limited external resources.
Burn Rate – The rate at which startups exhaust raised capital to fund operations in excess of income. Related to runway.
Call to Action (CTA) – An instruction given to your audience so that they take an immediate, measurable action.
Churn Rate – Customers lost subsequent to acquisition in a subscription-based business model. Because of the churn rate, your growth might not look like you think it will.
ClickFunnels (CF) – A popular landing page and funnel-building software.
Click Through Rate (CTR) – A way to measure the ratio of clicks to the number of people who saw an ad, email, or landing page. It is calculated by number of clicks / number of impressions X 100.
Cold Traffic – People in your target audience who have never heard of your business.
Conversion – Conversion is tracked based on the type of Call to Action configured for your landing page or Lead Magnet. If your Call to Action directs people to an opt-in form, conversion is measured by the number of unique submissions to the list integrated with that opt-in form. If your Call to Action directs people to a URL, conversion is measured based on the number of unique visits to your page (not on whether they completed a transaction on the URL you sent them to.) Keep in mind, Leadpages tracks these conversions regardless if single or double opt-in are activated.
Conversion Rate Optimization (CRO) – The process for increasing the number of people who take a specific action on your site.
Core Offer (CO) – You’re flagship offer in a sales funnel.
Cost Per Click (CPC) – The amount you pay a publisher (like a website, social media platform, etc) each time one of your ads is clicked. See also: “PPC”.
Cost Per Lead (CPL) – An advertising pricing model where the advertiser is charged for each lead generated from the ad.
Customer Lifetime Value (CLV) – The forecast of total profit that company can expect to earn from one customer throughout the lifetime of their relationship.
Customer Relation Management (CRM) – software that is designed to help businesses automate and synchronize sales, marketing, customer service, and technical support.
Deck (aka Pitch Deck) – A 10-slide power point presentation that covers all aspects of your business in a concise and compelling way. There is a standard format and real artistry to making a good deck. Do your homework, get lots of feedback, and consider hiring a graphic designer to polish the final version.
Double Opt in – Requires users to “Confirm” their subscription via email after opting in to your form.
Domain Name Forwarding – Domain name forwarding lets you automatically direct your domain name’s visitors to a different website.
Domain Name Masking – Masking prevents visitors from seeing your domain name forwarding by keeping your domain name in the web browser’s address bar.
Digital Revenue Engine (DRE) – 5 Step Customer Acquisition Model
Email Service Provider (ESP) – A company that provides email marketing or bulk email services, such as MailChimp, AWeber, and Constant Contact.
Embed Code – A section of code that is “embedded” on a page to create an object, such as a video player.
Engine – The Digital Revenue Engine is the Unfunnel course and training kit that outlines our entire product launch campaign strategy along with providing 36 done-for-you, ‘copy & paste’ turnkey landing pages, blog posts, website design hacks and email marketing campaign templates and training videos.
Execution Plan (EP) – A term for a step-by-step marketing tactic guide.
Google Analytics (GA) – Software offered by Google that tracks and report website traffic.
Google Tag Manager (GTM) – A system offered by Google that manages tags used to track and report on website pixels.
Growth Hacking – A term to describe a marketing technique that focuses on quickly finding scalable growth through non-traditional and inexpensive tactics such as the use of social media.
Guerrilla Marketing – an advertisement strategy concept designed for businesses to promote their products or services in an unconventional way with little budget to spend. This involves high energy and imagination focusing on grasping the attention of the public in more personal and memorable level.
Hidden Fields – These give you another layer of customization to use and are intended for advanced users.
Hot Traffic – Refers to audiences that have already purchased something from you.
HTML – HyperText Markup Language, commonly referred to as HTML, is the standard markup language used to create web pages.
iframe – An iframe (Inline Frame) is used to embed one HTML web page inside another HTML web page. Typically, it’s used to insert content from another source, such as a video, image, survey, or other media content, into a web page without losing its original style or diminishing its functionality.
Integrations – The ability to “integrate” with other services, such as Email Service Providers.
Key Performance Indicator (KPI) – A metric used to track success of an business or marketing initiative.
Landing Page grader – A free service that provides insights on how to optimize your landing page.
Launch – To start a company or push a website live.
Lead – A potential customer. Typically they have expressed an interest by giving contact information, such as an email address.
Leadbox – The forms used for capturing a user’s information (email, name, address, etc.) in the form of an opt-in. They are designed to be used on your own website.
Lead Magnet (LM) – an irresistible bribe offering a specific chunk of value to a prospect in exchange for their contact information. The goal of the Lead Magnet is to maximize the number of targeted leads you are getting for an offer. It’s the first step in my Digital Revenue Engine launch process.
Leadpage – A landing page used to convey information and capture leads via an opt-in form.
Lean Startup – Similar to Growth Hacking. The core mission of a lean start-up is to prove the business concept as quickly and cheaply as possible.
Loss Leader Pricing – Selling something at a loss as a form of marketing expense to bring in customers you expect repeat business from.
Low Hanging Fruit – The easiest thing your company can do to bring cash in the door. Often hard to identify, but crucial for start-up success.
Machine – The Inbound Selling Machine is the newest Unfunnel training course that outlines our entire blog-to-sale content strategy along with providing 7 done-for-you, ‘copy & paste’ turnkey blog post funnels and training videos.
Marketplace – Website that hosts templates that are available for purchase.
Middle Of Funnel (MOFU) – Relates to content and offers at the “Evaluation” stage of the marketing funnel.
MMBF – Make Money By Friday Mastermind Group. A private insider network and exclusive Facebook group for members of Unfunnel Growth Labs and premium monthly MMBF mastermind calls (hint: it’s the group this glossary is originally posted in).
Mobile Responsive – is a type of template that can provide an optimal viewing and interaction experience across a wide range of devices (from desktop computers to mobile phones).
MVP – Minimum Viable Product. The bare-bones version of a product required to achieve proof of concept. Often used in the creation of new software that will be Beta tested, and later upgraded with extra features.
Newsjacking – Politicians from one party do it to their opposing party all the time. When press coverage of your long-planned product announcement gets diminished by competing announcements, your company is a victim of newsjacking.
Opt-in Page – A landing page used to gather visitors’ information via an opt-in form.
OptimizePress (OP) or OptimizePress2 (OP2) – A WordPress plugin that easily creates landing pages, sales pages, membership portals, and product launch funnels.
One Time Offer (OTO) – A scarcity offer that is only made once to a specific audience. Similar to a flash sale.
Pay Per Click (PPC) – Refers to the advertising model where advertisers pay a publisher every time one of their ads is clicked. See Also: Cost Per Click
Pivot – Change directions as a company. This is usually used to describe going after a different market segment or using an established technology for an entirely new purpose.
Pixel – Little snippets of code advertisers place on their web pages that allow them to follow you around the web with relevant ads. See also: “Retargeting”.
PLF – A system created and promoted by Jeff Walker that provide step-by-step training in launching a product.
Pre-population – Settings that allow you to predetermine values and pre-populate form fields. For example, by doing this, subscribers will fill out less information, making the opt-in process quicker.
Revenue Maximizer (RM) – also called a Profit Maximizer – An immediate up-sells offered after the Core Offer that serves to increase the average transaction value per customer.
Relevance Score – A metric on Facebook ads that tells the advertiser how audiences are reacting to the ad. It is based on positive and negative feedback from the specific audience to which the ad is targeted.
Re-targeting – A marketing strategy that places advertisements in front of an audience based on previous online actions.
Return On Investment (ROI) – A metric used to compare the benefit of an investment to the cost of production.
Sales Page – Any page that instead of having an opt-in form, sells a product and often links to a shopping cart check out or something similar. We have specific templates that are crafted for this, but any of our other templates can be modified to link to a URL.
SEO – Search Engine Optimization. Allows you to optimize your page to show up higher in search rankings.
SEO tags – Page title, Description and Keywords that are used by search engines to categorize your page.
Single Opt in – Customers are added to your list immediately after they opt in.
Split Testing – Also known as A/B testing, split testing allows you to test multiple versions of a landing page.
Standard Operating Procedure (SOP) – A documented method for a routine task.
Split Test – A method of testing two variants to locate areas of improvement. Often used to improve landing page performance.
Thank You Page – After they opt in, users are sent to a “Thank You Page.” While a default Thank You page is provided, you have the ability to replace it with a custom Thank You page.
Top of Funnel (TOFU) – Relates to content and offers at the “Awareness” stage of the marketing funnel.
Traction – Proof that people are actually buying and using your stuff.
Tripwire (TW) – An irresistible, super low-ticket offer (usually between $1 and $20) that is designed to convert prospects into buyers.
UF – Unfunnel
UF Growth Labs – Unfunnel Growth Labs. A membership program that includes a library of campaign execution plans (step-by-step marketing tactics), online marketing tools and templates, live webinars with Unfunnel staff and industry experts, and access to a private online community.
Video Sales Letter (VSL) – A promotional video that gives same information given in a traditional sales letter.
Warm Traffic – Audience who has displayed interest in your offer but have not made a purchase.
Wishlist Member (WLM) – the most popular membership platform online. Also a membership website creation, pay-per-content and content gating / protected content creation tool.
WordPress (WP) – a publishing platform for websites with a focus on aesthetics, web standards, and usability.
ZIP File – a file whose contents of one or more files are compressed for storage or transmission.
( A very informative article published on smallbiztrends by a Guest Blogger. Enjoy the read )
Mobile devices pose heightened security risks. Those risks come in several forms.
- Devices — including business data saved on them such as call records, contacts, images, videos, documents and email messages — can be lost or stolen.
- If you use mobile apps or cloud software accounts with saved logins, anyone could conceivably access your business data through those apps or accounts via a stolen or lost mobile device.
- Devices used over insecure connections such as public Wi-Fi, can expose data to hackers and eavesdroppers who steal login credentials, banking and credit card information, emails, and more.
- Mobile devices may serve as a backdoor for malware to enter your business network.
Obviously, it’s important to protect your mobile devices and your company’s data.
Here are some essential mobile device and data security tips you can use to protect your small business.
1. Use a Secure Lock Screen
If someone gets ahold of your device, the last thing you want is for them to just turn it on to access everything. The first line of defense is a secure screen lock. This could be a strong password or perhaps a biometric lock such as a fingerprint scanner. That way, someone who casually recovers your lost device, for example, won’t have instant access.
2. Enable Location Settings
The best case scenario for a lost or stolen phone is to be able to find it quickly. You can greatly increase your chances of doing just that by enabling “location settings” ahead of time. For example, the Find My iPhone feature available for iPhones and iPads helps you identify where your lost device may be by ringing your phone and including a helpful screen message as to how to contact you, the owner, as well as tracking your device. Similar services are available for Android, Windows and Blackberry devices. Become familiar ahead of time with the applicable service for your device. Discover what it can do and can’t do.
3. Use a Remote Wipe Security Application
Remote wipe security applications give businesses the ability to “wipe” or lock down devices from a distance. The various location finding services above include some level of wipe or lock down protection. But many businesses need more protection. Consider a commercial remote wipe application for all devices used by employees for business purposes. Some wireless providers provide this, as do some Internet security software providers. Don’t just leave it up to each individual employee. A business-wide application can allow your systems administrator to secure sensitive company data in the event an employee leaves your employ (because the employee can’t supersede the security simply by reestablishing his or her individual account).
4. Use Encryption
Encryption converts data into code that is not easily deciphered. While not foolproof, encryption does make it harder for hackers to intercept data and communications transmitted wirelessly.
5. Avoid Open Public Wi-Fi
Admit it: when you travel to conferences, stay in hotels or work in the coffee shop, you sometimes rely on open and unsecured Wi-Fi, don’t you? When you connect your mobile device to public Wi-Fi, you leave your data open to potentially being accessed by anyone else on that Wi-Fi network. If you work while out and about, or if you travel a lot, consider investing in a mobile hotspot of your own, one that uses your wireless carrier’s network connection, and not rely on the coffee shop’s public Wi-Fi.
6. Disable Automatic Wi-Fi Connect Features
For the reasons mentioned in point 5, be sure to turn off your automatic Wi-Fi connection settings in your phone or tablet. Some devices have such settings enabled. Turn them off so your device doesn’t connect to an insecure network without you realizing it.
7. Deploy a Virtual Private Network
A virtual private network or VPN is a type of connection that allows all devices located remotely to securely share data to and from the company network. It creates a private encrypted tunnel for data to pass through between mobile devices and your company systems.
8. Back Up Data
You can’t completely prevent your device from getting destroyed, such as in a car crash or by dropping it off a boat. So just in case, it’s a good idea for you to automatically back up data and files such as photos and videos, in the cloud. That way you can still access data no matter what disaster befalls your device.
9. Research Apps Before Downloading
If an app isn’t from a trusted source, you could potentially be downloading malware or some other security threat to your device. The major app marketplaces such as Google Play and Apple Store have gotten good at screening apps for security issues. Before you download an app, though, do some research to be sure other users aren’t reporting security issues.
10. Use Anti-Virus and Security Protection
The major anti-virus and security software vendors such as Norton, Kaspersky and McAfee offer applications that protect mobile devices from viruses, spyware and other malware that can get in and spread to your business network. Some network providers and wireless providers also provide security. Look for mobile or multi-device protection application. Such software may be coupled with remote wipe/ lock protection, doing double duty.
These 10 techniques can make using mobile devices more secure. But I’d like to add one bonus tip: keep an eye on your device. Don’t let mobile devices out of your possession, or step away from them, even for a few minutes. When leaving planes, rental cars, taxi cabs, Uber rides, restaurants, security checkpoints at airports, trains and other places where things tend to get put down or fall out of tote bags or pockets – always check to make sure you have devices with you.
To read the original article, please click here.
Technology is in a state of continuous flux. While some businesses are adapting fast enough to brace this rapid evolution of technology, most businesses are reactive and unable to leverage technological advancement. That often becomes the key difference between surviving and thriving.
Pre-packaged applications help in rapid automation of some of the common organizational functions. However, every organization is unique and has certain special (core and support) processes that require either customization or application development.
Leading organizations are rapidly embracing technology as a competitive enabler through robust application strategy that is more aligned with their business strategy. Outsourcing the applications development and support can help businesses to improve their focus on strategic initiatives and core operations while the right partner takes care of their process automation through custom applications.
(+) Improved Business IT Alignment
(+) Enhanced focus on Strategic Initiatives
(+) Shorter Time to Market
(+) Increased Productivity
(+) Process and Cost Optimization
“Effective, efficient applications that delight the end user.
Enterprise Application Maintenance
Businesses nowadays have hundreds of applications implemented at various points during their growth cycle. These applications have varying levels of maturity, performance and ability to talk to third party applications as they are implemented at various points of time and technological evolution. Over time, these applications fall out of line with the business direction and hence need continual effort at alignment. This is over and above the regular support and maintenance.
BrightStar ’s Application Maintenance Service helps clients to take a step back and look at their application portfolio from a fresh new perspective that is a blend of macro level business alignment and micro level usability and performance issues, before beginning to deliver value. BrightStar always endeavours to understand the client, their business and objectives along with the processes before we dive into the technological support to deliver results.
With years of experience behind us in providing multi-level (Level 1, 2, 3, 4) support with a focus on continuous service and quality improvements, we are the rightly scaled partner to provide multiple business benefits.
(+) Improved Business IT Alignment
(+) Significantly Reduced Downtime
(+) Considerably improved performance
(+) Shorter Time to Market
(+) Reduced Total Cost of Ownership
Oracle REPORT upgrade, migration, modernization, analysis and development made easy!
BrightStar specializes in migrating/upgrading reports from Reports 2.5/3.0/6i/9i, Report writer 1.1, and SQL*Report (RPT) to the latest versions (Reports 10g and 11g). High productivity migration tools ensure a rapid and very cost effective upgrade is possible. If you have legacy reporting tools, please contact us so we can provide you with a quotation for their upgrade.
We can take your application, quickly migrate it to the newer versions of the Oracle tools, and return it ready for testing. It will be complete with all the necessary documentation and tools for your staff to continue to maintain the new application.
Upgrading Reports 2.5/3.0/6i/9i
These are generally easy to upgrade, though there are some specialist issues regarding PDF and other formats. The key to a good conversion is to integrate the reports output into the web based environment, a benefit of the Facelift service is the automation of this process.
Migrating Report-writer 1.1
This version is occasionally seen with Forms 3.0 or earlier. We have converted these to Reports 10g/11g using our migration process.
Upgrading Oracle RPTs (Sql*report)
This is a conversion from the oldest version of Oracle’s reporting tools. BrightStar offers two possible upgrades for this to pl/sql with HTML output or migration to Reports 10g/11g.
This is an automated process tool that is used as part of our SQL*Report Conversion Service. It allows SQL*Report’s RPT to be converted with 100% accuracy into PL/SQL Stored Procedures. The output files generated from the conversion can then be compiled within the desired Oracle Database version for subsequent deployment as PL/SQL Reports.
Report output generated is an exact identical match to the original and can be in Text, HTML or PDF format. HTML Reports can be further customized to make full use of HTML Tags, CSS, etc. The converted reports can be called from any front-end application such as Oracle Forms applications, which will display the generated output of these reports within the same application or in a separate web browser window, when deployed as part of a Client/Server or Web-based application. Instead of manual conversion that can take up to 1 day per RPT program, the use of this Parser allows thousands of programs to be converted in just a few hours to expedite the entire process of subsequently transforming these “legacy” applications into the latest, modernized and user-friendly Client/Server or Web-based applications.
The conversion takes place with NO change to existing functionality and business logic of the original RPT programs. The entire migration process strictly adheres to Oracle’s Best Practices and in conformance to our well-proven methodology for upgrading SQL*Report applications. The migrated PL/SQL code can be maintained by the client for future enhancements and modifications.
Upgrading Pro*C and other 3GLs
We have excellent experience of upgrading Pro*C code to work with Oracle 10g/11g. We have performed this process for several clients and the resulting migrations have been quick and cost-effective. The testing involved post-migration is the most time-consuming aspect of the migration, and we have generally performed testing utilising a partnership approach, sharing the effort between ourselves and the client. This has produced excellent results as well as a significant reduction in the costs of the upgrade.
We are a company and a community of passionate, purpose-led individuals. We think disruptively to deliver services and solutions to address our clients’ toughest business development, financials, supply-chain and communication challenges. We are small, but we are evolving every day.
Three ways you can integrate the IoT into your ERP
by Rick Carlton
ERP is about creating managed information control, whereas the Internet of Things (IoT) is really more about trying to drink data through a fire hose; so how does one get from here-to-there without choking? Well, it ain’t easy…but it can be done as long as you’re willing to embrace the necessary awareness, patience and persistence required.
Consequently, and since we’re always up for an editorial challenge, we decided to identify three ways that ERP operators can start incorporating near-term IoT elements in their recurrent business operations. These points are based on the technologies available today, since God only knows what is likely to show up down the road.
1. Expand ERP-driven delivery/warehouse/distribution activities using RFID/NFC devices
Radio frequency identification, or RFID, has been part of the market’s technical lexicon for many years, however these send/receive systems, usually associated with product-applied firmware ‘devices’, or thin adhesive strips, have gotten a lot smarter. Today RFID systems are represented by hosts of sensor arrays that talk and respond within the IoT constellation in real-time; or downstream, which can be directly integrated with ERP project or product management processes.
Another IoT, ready for prime-time firmware/software system, relates to Near Field Communications (NFC) devices. In this event, these smart devices project specific data packets that, in turn, can be received by various, compliant receiving systems, such as merchant terminals. A simple example here would be waving one’s smartphone over a intelligent terminal at a consumer product sales check-stand, or tracking elements across the manfacturing floor.
Once requisite data has been received and processed locally, the packet stream can be directly integrated and applied to various home or remote ERP management, production, and financial modules.
Practical use examples include:
-Merchant transaction processing
-FTE clock-in/out processing
-Raw-to-finished goods tracking
-Warehouse equipment management
-Overall end-to-end production measurement
2. Enhancing enterprise revenue management by leveraging an ERP/IoT device matrix
In the same way that RFID/NFC represents the combination of firmware/software processes; general inventory, warehousing; FTE time/motion; transaction, and virtually any other revenue/cost-related element, can be identified, processed and pushed along to necessary home, or remote, ERP bookkeeping/finance modules in real-time.
Practical use examples include:
-Inventory bin calculations
3. Expand ERP-supervised production operations utilizing IoT control systems
On the manufacturing floor, various IoT enunciators comprised of combinations of RFID/NFC, or purpose-built control elements can manage the evolution of an entire raw-materials-to-finished product chain; in addition to stability monitoring, or triggering various active-status, and functional-state processes. In turn, these active system-states can be trapped and stored for follow-on action for affiliated system actions; or they can also be logged and stored within ERP’s various manufacturing modules in the event that remedial action is called for later.
-Materials handling measurement
-Line-based product completion announcements
-Production failure alarms
-Mechanical failure alarms
Again, these are only three ways that today’s IoT elements can be directly integrated with active ERP systems, but our very short list is nowhere close to being comprehensive. So, take your time, and above all, be sure that you fully understand and comprehend your own enterprise systems before you move on. Once that’s done, and if you’re confident enough to take a run at creating a fully-integrated ERP/IoT device matrix, there will be plenty of opportunities to choose from.
( To read the original article, click here )
As cyberattacks become more frequent and sophisticated, RSM advisors discuss how to protect your organization against 2016’s emerging cyberthreats.
INSIGHT ARTICLE | January 20, 2016
As companies become increasingly reliant on technology to improve efficiency, productivity and mobility, vulnerabilities to cyberattacks are growing. While breaches at large organizations make headlines, no organization is too small to be a valuable target, and most companies will likely suffer a cybercrime at some point. Criminals and attack methods are evolving and becoming more sophisticated, so organizations and individuals must fully understand emerging threats and proactively plan to protect themselves.
Security and privacy advisors at RSM US LLP, a national accounting, tax and consulting firm, have developed a list of five cybersecurity items that will likely emerge as significant threats to individuals and organizations in 2016. The five predictions are:
1. Cybercriminals will not just go after bits and pieces of data, as has been common practice in the past. Instead, cybercriminals will increasingly seek to build entire profiles from data collected and sell it as entire identities for monetization or for nation states to use for their targeted attacks.
This means cybercriminals are no longer going after just credit cards, health care data or even personally identifiable information (PII). They are building a complete victim profile and then selling it to the highest bidder. A complete profile could include traditional information forms (bank account data, credit card data and health information), but also social media information, past residence addresses, dependent information and more.
This threat calls for increased controls necessary to protect traditionally stolen information, as well as safeguards consumers must take to ensure they do not provide too much information through social media. It also brings into question the publication of traditional public information such as property tax, permitting and other public records.
2. The “Internet of things” is still growing as seemingly everything (vehicles, appliances, children’s toys, safety systems and others) a business or consumer purchases is “Internet ready.” Unfortunately, we continue to read about these systems being broken into and either remotely controlled in disturbing ways or used to gather information on businesses or families without their knowledge.
In general, most of these systems have a portal hosted by the product’s manufacturer or provider, or one of their business partners, and have relatively weak authentication controls that require only a username and password. For example, the next time you see your Internet-connected intelligent thermostat adjust the temperature in your home, ask yourself if it changed the temperature because it was needed or did someone break into the portal account and now is experimenting with your thermostat?
Best practice security measures for the portals are to use similar security controls equivalent to online banking and credit card portals with multifactor authentication, forced password changes and account lockout.
3. Cybercriminals will continue to use social engineering to facilitate their system breach efforts. Postmortem breach reviews indicate that many successful breaches are dependent on attacking the organization’s employees, customers or business partners through social engineering efforts.
People will likely be the weak link in security in the foreseeable future; and efforts to improve social engineering defenses must be implemented. Many organizations have security awareness programs and RSM advisors say they are slowly seeing improvement in the responses to their social engineering testing, but there is still room for improvement.
To improve security awareness, RSM advisors recommend conducting social engineering training and testing more than once a year, and then validating the effectiveness of the training through testing.
4. Health care information has more value per stolen record than most other forms of data theft (bank account, credit card, PII). Health care information is often tied to a social security number, and it is difficult to get a new number issued that does not tie back to the original number. It simply isn’t as easy as getting a new credit card.
RSM advisors anticipate more breaches will occur in the health care industry in 2016, as more eligible professionals and hospitals move to electronic health record systems. As the industry continues this transition, an increase in hacking events will occur due to medical data being shared via electronic exchanges.
5. System security configuration issues continue to be a common source of security incidents and potential breaches. RSM continues to see too many weak security implementations for servers, workstations and other network devices during testing. New systems should be implemented using a National Institute of Standards and Technology (NIST) security reference or other guidelines to create a “base” image. That base image should then be used as a starting point when new systems are implemented.
A short list of common “wall of shame” security issues (practices not to do) follow:
a. Using default administrative credentials. Most default credentials can be Googled.
b. Improper administrator password usage. Many companies use the same local administrator password on all workstations and servers.
c. Storing passwords insecurely. While conducting security testing for clients, RSM advisors find passwords on workstation shares, in text files, work documents and file names, and written on the side of monitors and keyboards.
d. Running services on servers with administrative rights. If the service is compromised, the attacker would have administrative rights in the system.
e. Weak passwords. Too often vendors use the same credentials on all of their customer systems.
All forms of data have value to cybercriminals, and hackers are using new methods and continually attempting to access sensitive information. Ignoring, or not properly addressing, security vulnerabilities can leave companies and individuals exposed to a breach with significant financial and reputational consequences. Understanding and addressing these emerging threats is critical to protecting your information, and reducing the potential for a data breach in the coming year.