Heartbleed and passwords

First, the heartbleed bug doesn't mean that your passwords have been compromised.  It's a bug that allows memory overflow and could have been used by someone to mine spills for useful data.  There's no reason to believe that anyone knew this was possible before this week - no hacker chatter - but there's no way to know for sure.

Think of it like this:  You've been living in your house for two years, and one day while working in your garden, you find an extra house key under a gnome, hidden there by the realtor.  You have no reason to think that anyone has used it to get into your house, but they could have gotten in and out without you knowing about it.  Now the key is going to be locked up, but should you change your locks anyway, just in case someone found it and made a copy?  To be really safe, yes.

But the greatest security issue with passwords isn't the heartbleed bug.  It's the tendency for people to choose by patterns.  These patterns are often English words, names or other patterns that make a password guessable within a range of only a few million possibilities - a manageable number for a computer.

Naturally, people like to use passwords that they can remember, but the problem with that is that our memories are pattern-based, and patterns are guides for hackers.  There are only a few hundred thousand commonly known English words, and fewer if you're looking for a word that's easy to remember and spell.  These are considered "weak" passwords.  Hackers can use software to test for them.

But if you use a random combination of characters and numerals, the number of possibilities is exponentially larger.  Using a mix of both upper and lower case, numeric and punctuation characters, an eight character password can have 576 trillion possibilities - that's literally about a billion times more "unguessable" than a known English word.  "Strong" passwords are those that do not emulate known patterns.

(Use this link to make a strong password: http://steponebusinessservices.com/strongpassword)

The other major vulnerability is making all of your passwords the same - again, to make them easier to remember.  The down-side of that should be obvious.  The solution is to use a different strong password for each site, and keep a list of all of them in a safe place (more than one place).  There are password managers (like LastPass and many others) that encrypt and store all of your passwords for you, so that you just have to remember the one for the manager - if you feel comfortable trusting a service like this with everything, it's an easy solution.

"Big data" hype: Is there anything in it for small business?

If you read or even browse business or tech blogs, you’ve probably heard that something called “big data” is changing the business world – specifically the big business world.  In the past few years Google, Facebook and other big players have been collecting huge amounts – more than could be managed and analyzed by methods and tools available until recently.  That data flows into their big data stores and their big analytic systems.  It’s used to create predictive models of consumer behavior based on complex correlations and other analysis, anything from product and media evaluation to design feedback about what colors on a webpage header lead to more desirable clicks.  The sheer volume of data available to major corporate retailers allows them to perform fine-grained scientific analysis on consumer behavior, including reactions to the fine details of stimuli.  It’s almost a new kind of psychology, with quantitative methods that statisticians could only dream of until recently.

This is possible because tools like Hadoop and MapReduce have solved the scaling problem for databases, and big businesses are investing to take advantage of the petabytes (1 PB = a quadrillion bytes) that flow in from their heavily marketed products and services.  So can small business join the big data party?  

Bad news first:  Unless you’re the next Sam Walton or Jeff Bezos, your small business is never going to have the data volume or analytic tools (an staffing) for big data research.   And while it might be nice to have a ton of detailed behavioral research on your potential consumers like Walmart does, you probably don’t spend your days worrying about that or the many other advantages held by big business economies of scale.   Actually, big data is one of the less important of those advantages. 

But the hype around big data reminds us that there is value in data – any data – that has comes from your business, whether from your customers or your own work processes.    While your small business may not need big analytics, it can easily afford (and probably already has) good ole fashioned "structured data" – the stuff that lives in SQL-based systems from MySQL and Oracle to desktop apps like MS Access and FileMaker.  The question is, are you using those tools to their full potential? 

There are obvious benefits in time-savings, error reduction and other efficiencies to be gained by creating and using structured data for reporting snapshots of what’s happening, and as a guidance system to automate or direct activities like order fulfillment, complaint tracking, or sales contacts.  In fact, there's really no other way to stay on top of business processes.

But the benefit is too often forfeited by small businesses in some aspects of their business.  Most everyone keeps sales stats, and probably website hits and ROI on advertising, but what about fulfillment, complaints, supply lines, time-in-process for all of the above?  Any data point in your system can become a criteria group with counts, sums and averages, compared against other criteria and used to identify success and problem areas.

Small businesses should have software that lets them look at any shared data point and group by values. A small business owner should be able to see at a glance where data falls by location, by manager, by product. Is one team leader having more than her share of delays? What’s your average return rate based on time of day shipped and shipping manager?  What about the next thing you haven’t thought of yet?  With a good database app, you decide what to analyze.  Don't forget what the databases can do for you.

At Step One we can help you set up all the "buckets" you need, and you can modify them as needed. And our flexible reporting tool will let you group by any non-unique criteria in your database and apply any filter.