April 10, 2014

You should change your Internet banking passwords *now*

Naturally at 1300 Web Pro we keep a close eye on Internet security advisories. At 5AM yesterday I read about the scariest vulnerability I have ever seen. I am writing to you this evening to explain, in laymans terms, what this "Heartbleed" security issue is all about and what you (definitely, as a matter of priority) need to do about it.

Background

A webserver is a specialised computer that sits on the Internet waiting to exchange information with a website visitor. When you pull up Internet Explorer and type in www.1300webpro.com.au, our webserver gives you a bunch of text, images and other information that collectively form our “website.”

When visiting a website that requires you transmit sensitive information, such as an Internet banking portal or online shop, your browser enters a secure browsing mode. You may have seen a padlock icon or green bar appear when using these types of websites. In this secure mode, your credit card details and login passwords are encrypted and become illegible gobbolygook to anyone that cares to look. Only the owner of the website possesses the ability to decrypt this gobbolygook back into your credit card number or password.

At least that’s the way it’s supposed to work

Two years ago, a routine upgrade was released for a piece of software that is run on many, many webservers that handles the encryption and decryption of sensitive information. Unbeknownst to anyone, that upgrade contained a bug – an error in the programming code – that has only very recently been discovered.

This bug makes it possible for ‘bad guys’ to decrypt the illegible gobbolygook that is being transmitted between your PC and a secure website and read it in plain text. It’s that simple, and it is very scary.

The good news

Needless to say, people that write the vulnerable code had a fix available very quickly. In fact, as the vulnerability was discovered by security researchers at Google, the fix was prepared before the vulnerability was even made public. Operators of Internet sites, like 1300 Web Pro, also acted quickly to identify any at risk servers and apply the fix to them. At 5AM yesterday when I heard about the issue, Google had already fixed their servers (which had been vulnerable). Yahoo had not fixed theirs when I originally checked yesterday AM, but by close of business they had caught up. All of the major Australian banks appeared to be protected early yesterday.

The bad news

Unfortunately the bad news far outweighs the good.

1) This issue has existed for more than two years. Google’s internal security team identified and announced it. What we don’t know, and probably never will, is whether ‘bad guys’ discovered this issue first and have been quietly stealing our passwords for years.

2) This issue is extremely simple to exploit. Most security vulnerabilities require a reasonably high level of technical competency. This one doesn’t.

3) This issue doesn’t have any limiting pre-conditions. Often the ‘bad guys’ need to know something about the network they are targeting, need some initial access to the network or system they are targeting, et cetera. In this case, they don’t.

4) Most of the time, a ‘bad guy’ exploiting a security vulnerability leaves tracks. In hindsight, we can see they have been there. In this case, they can safely observe from afar without leaving any sort of trace.

5) Applying the fix isn’t adequate to protect users of webservers that were vulnerable. Additional steps must be taken, such as reissuing the digital keys that unlock the gobbolygook. I expect that whilst lots of system administrators are being proactive (like we are), that there are also many system administrators that are not being proactive.

What you need to do

1) You need to change the passwords for your Internet banking sites, and any other websites you wouldn’t like some ‘bad guys’ to access and impersonate you.

A good rule is to use a different password for Internet banking than for any other websites. If you use the same password for your Commonwealth Netbank as you do for Facebook, if your Facebook password is compromised then, ipso facto, your Commonwealth Netbank password is too – even if Commonwealth didn’t have a problem to begin with. Always use a different password for Internet banking that you don’t use anywhere else. Systems like Lastpass make it easy to use a different password for every website you use and are a great option.

2) Monitor all of your Internet banking carefully and be on the lookout for any unauthorised transactions.

Not too hard, right?

Were sites hosted by 1300 Web Pro vulnerable?

Prior to applying system updates, we tested our systems and did not detect any issues. We also found that the versions of the relevant software running on our servers were not affected. We have no reason to believe our systems were affected.

However, we have undertaken a number of precautions to be safe including applying software updates and re-issuing digital certificates. We will be watching the situation carefully.

We do note that customers who have used the same password they use at our websites at an affected website may be compromised through that password.

Summing up

Simply put: the Internet has suffered a terrible security breach. The only way to protect yourself is to change your passwords and use dedicated, highly secure passwords for critical sites like Internet banking.

James Deck
1300 Web Pro
Phone: 1300 932 776
Web: www.1300webpro.com.au
Facebook: faecbook.com/1300WebPro

April 08, 2014

You need to say farewell to Windows XP

Today, April 8, is the date that Microsoft officially ends support for Windows XP. The 1300 Web Pro team farewelled the 12-year-old operating system with a lunch time celebration.

Computer users need to be aware: Security updates will no longer be issued for Windows XP, and users of Microsoft Security Essentials will not receive virus definitions for viruses discovered from today onwards.

If you use Windows XP, you are now at risk and should upgrade as a priority.

Those developing applications, like our internal programmers, will now make the assumption that users are using at least Windows Vista as a minimum standard. You can expect programs to eventually stop working on Windows XP.

To protect yourself, you can either purchase a new PC that comes pre-installed with Windows 7 or Windows 8, or you can see if your existing computer is powerful enough to install a modern operating system.

Brand new desktop and laptops can be purchased through retail shops or your preferred IT supplier for as little as $500.

If you prefer to investigate upgrading your existing PC, or want advice on migrating data from your old PC to your new PC, here are some local Toowoomba IT businesses that can help:


In a business setting it is particularly important that you seek professional advice, as even having a single Windows XP PC in the office or factory can be a risk if it is network connected.

Join us in saying adios, au revoir, ciao, vaarwel and goodbye to Windows XP!

James Deck
1300 Web Pro
Phone: 1300 932 776
Web: www.1300webpro.com.au
Facebook: faecbook.com/1300WebPro

February 17, 2012

Tracking Return on Investments in Marketing and Advertising, and Measuring the Results, Lead to Greater Profit

All too often people read a headline like the one above and say, “I’m just a small business in Toowoomba – that does not apply to me.”

There is no denying the fact that most businesses in the Toowoomba region are indeed 1 to 2 person operations. Yet, the region is cluttered with an abundance of radio stations, television stations, several newspapers and letterboxes full of promotional activity. So it is safe to assume that advertising budgets are commonplace. Therefore, no matter how small your operation, there is a critical need to get the best return on your marketing investment. It could be argued that as a small business you have to measure marketing/media spending even more effectively as the dollars are so hard to find to pay for mainstream media.

Mainstream media is struggling to retain audiences as digital tools like the Internet make their way into the budgets and empower small business like no other time in history. This is why websites, and allied digital marketing tools, are the most cost effective tool for small business promotion ever devised.

According to a report published in 2011 by Forrester Research, within the next 5 years, traditional forms of marketing and advertising (billboards, television, print, etc) will be eclipsed by the online marketing market. By 2016, advertisers will spend $77 billion online, comprising 35% of all ad spending. Online advertising expenditure in 2010 alone was $26.1 billion, featuring 3% growth from the previous year. Although traditional forms of advertising like print media will continue to be used, the very fact that 75% of the world’s population will be online by 2012 makes online advertising a promotion avenue one can’t afford to ignore. According to IAB Online Advertising Expenditure Report 2011, the Australian online advertising market has continued to record double-digit growth, reaching $2.66 billion for 2011.

With the budgets for marketing increasing exponentially, it is becoming increasingly important for any business large or small to track ROI when it comes to marketing expenditures. Put simply – “if you can measure it – you manage it”.

A campaign/promotion/activity that generates more revenue than it costs is termed as “ROI positive” and is sustainable. This is always the goal and the expectation, however it is rarely the outcome. Most small businesses that have advertised on the radio could not tell you the ROI of a particular campaign. A business can only determine if it has achieved a ROI positive campaign if it has set Key Performance Indicators (KPIs) to measure the success (or otherwise) of the activity, and put measures in place to track those KPIs. The main KPI one needs to track is known as CONVERSIONS. For example, it might be the number of products purchased, the number of people that signed up for a newsletter, the number of people to book a consultation or the number of leads generated to further market to. Working on analysing these measurements, or KPIs, not only helps track the ROI on marketing expenditure but allows for tactical enhancements to improve a message within the campaign. Swift intervention in these matters can save a lot of money.

Tools like 1300 Web Pro’s database marketing system and Google Analytics can provide unprecedented insight into campaign ROI – and not just from your Internet marketing. As an example, a radio advertisement can promote an offer which directs a prospect to a particular website where we can capture their details and continue to market to them. We can definitively calculate the number of sales made from a particular radio campaign or tradeshow, and thus ensure those activities are ROI positive.

Do you have any tips on measuring the return on investment from your campaigns? Share them in the comments below...

James Deck
1300 Web Pro
Phone: 1300 932 776
Facebook: www.facebook.com/1300WebPro
Web: www.1300webpro.com.au

March 22, 2011

Marketing Lessons from Grantham Flood Support

Following the flooding that devastated parts of Queensland on January 10, I was involved in a small group that established a charity called Grantham Flood Support. Our mission was to raise money to assist the town of Grantham, which was particularly hard hit, with rebuilding their community.

As of today, Grantham Flood Support has raised $659,996.15 which we are very happy with. It will make a huge difference to the Grantham region.

The underlying reason for the success of this appeal is the nature of the events.

However the Grantham Flood Support management committee has employed a number of Internet marketing techniques that have amplified the success. Today I would like to share some of these techniques so that you may employ them in your organisation.

It is worth noting that we have employed no traditional media advertising (eg. newspaper, radio or TV) however we have received good coverage from some members of the media.

The Website
The primary point of presence for Grantham Flood Support is the website. It is a very simple site, with only two pages: the home page containing information and a credit card donation page.

However despite being a simple, single page with a modest amount of information, it was designed with a specific call to action in mind (donating) and is designed to encourage this. The home page is also arranged to provide the most pertinent information at the top of the page.

The lesson here is that positioning, layout, copy and calls to action are integral factors in effective web design. Just because it looks pretty doesn’t mean it will work.

The Facebook Page
Like most organisations, word of mouth is the primary source of donors for Grantham Flood Support. The Grantham Flood Support Facebook Page currently has 5,789 fans that have all helped spread the word and encourage donations. A number of these fans changed their personal profile picture to raise awareness in the appeal’s early days. Other fans shared media coverage from around the world. Grantham residents are also fans and have shared their stories and feelings direct from “ground zero.”

Three keys to Grantham Flood Support’s success on Facebook are as follows:
  1. We focused on making it interactive. It was not a “news feed” broadcasting to our fans but rather a conversation with them.
  2. We kept it relevant and focused. We didn’t “post for the sake of posting.” We always beared in mind that we are entering someone’s personal virtual space and tried to ensure we were posting things they would find relevant.
  3. We used images, video and audio wherever possible. Standing out on the “feed” page of a fan can be a challenge. Multimedia certainly helped with this. We also employed links heavily to allow fans to find out more information if they were so inclined.
E-mail Marketing
1300 Web Pro has been working on some exciting opportunities in e-mail marketing over the last year. Grantham Flood Support is an excellent example of how effective carefully planned and executed e-mail campaigns can be.

We used our e-mail marketing system to send personalised e-mails to many of the donors, thanking them for their contribution whilst sharing the Facebook Page with them and encouraging them to tell their friends and family about Grantham Flood Support.

We also used the e-mail marketing system to distribute press releases easily to a database of media contacts that grew throughout the appeal.

The e-mails themselves were designed to promote a specific call to action. Using the reports generated from the campaigns we know that this directly increased the appeal’s bottom line substantially.

E-mail marketing is probably the “next big thing” in terms of marketing opportunities for small businesses. Any business not considering this medium is doing itself a disservice. At the very least, businesses should be collecting e-mail addresses and other demographic information to build a database. We can provide some advice on this – just reply to this e-mail.

E-mail marketing is a double-edged sword however. Many organisations are dabbling with it using a DIY approach which is not only going to be less effective but will also hamper future efforts to market to the same database.

Conclusion
Internet marketing is our area of expertise at 1300 Web Pro, and employing these skills to fundraise at no cost was, we felt, the best way we could assist the community of Grantham in recovering.

I would like to take this opportunity to thank Anthony Bigby and Tanya Wood.

Anthony owns Aden Lawyers in Toowoomba and has served as general counsel for Grantham Flood Support, also on a volunteer basis.

Tanya owns Avon Lodge, a B&B on Bribie Island, with her partner and has been an invaluable asset.

And I would like to thank our thousands of donors. The outpouring of support has been astonishing.

James Deck
1300 Web Pro
Web: http://www.1300webpro.com.au/
Facebook: www.facebook.com/1300WebPro

February 15, 2011

Never miss a P&C meeting again (or Rotary, or footy club...)

If you have ever participated in a service group, sporting club, P&C, networking group or anything similar, you will be familiar with the challenge of keeping an up-to-date group email list.

I participate in a number of groups and I have often found myself trying to find an old email circulated by another group member from which I could copy and paste the cc: list from.

This morning at SING, one of our members experienced the shortfall of this method -- he sat waiting at the wrong venue as he "didn't get the e-mail." Being a new member he wasn't on the list (sorry Chris!!).

An easy to use, free solution to this problem is Google Groups.

With Groups, you give Google a list of e-mail addresses and they in turn give you a single "group" email address to send emails to for distribution.

For example, you can set up a group called Neverland State School and add:
  • john@doe.com
  • bob@builder.com
  • tom@tankengine.com
Google will then give you an address, say neverland-pc@googlegroups.com. From then on, if you send an e-mail to neverland-pc@googlegroups.com it will be forwarded, by Google, to the three list members.
The best part of this is that one person can manage the list. For example, the Secretary or President could add and remove people from the list as required and emails will automatically get sent to the current members.

Setting up a Google Group is very simple. Simply point your browser to:

http://groups.google.com/groups/create

It is a short process and well documented.

You can return to the website at any time to revise the list of group members.

James Deck
1300 Web Pro
Web: www.1300webpro.com.au
Facebook: www.facebook.com/1300WebPro