A recent report by NCC Group found that many security appliances such as email gateways, firewalls, web content filters, terminal services, unified threat management (UTM) systems and other appliances were filled with vulnerabilities.

The report highlighted products from Sophos, Citrix, Pfsense, Symantec and Trend Micro showing that many had vulnerabilities such as:

• Cross-Site Scripting (XSS)
• SSH or WebUI susceptible to brute-force attacks
• Unpatched operating systems
• Privilege Escalation
• Command-Injection via the WebUI

Many users may feel that because these are security appliances that they must be inherently secure, but the report clearly shows that this is not the case.

Security appliances are not just a cause of concern, many other services now come in an appliance form-factor. Services such as IP Telephony PBXs, environmental management and network management come as appliances that you just drop and configure within your network. Also consider the many network devices that have mini operating systems within them such as environmental monitors, network printers or security systems. All of these are applications that need to be managed and secured.

While the risk that those vulnerabilities may be exploited by outside attackers may be small, simply because an appliance or device is not directly connected to the Internet does not mean that it is not at risk and that you should not make all attempts to secure it. Attacks can originate from the inside of the network, or in the case where a user PC may be compromised, allow a way for the attacker to gain even more control of your network.

To reduce the risks of these appliances and devices consider implementing the following:

• Change the non-default usernames and passwords on all appliances and devices. Use a strong password.
• Avoid exposing the management interfaces of these appliances and devices to the internet or other unprotected networks.
• Consider placing the management interfaces in a protected network behind a firewall within your internal network.
• Keep the operating systems and firmware of the appliances and devices updated.
• Ensure that logging is enabled on all the devices, and if possible, set up alerts to be sent for any login attempt.
• Disable unnecessary or insecure services on appliances such as telnet, http and ftp. Use encrypted protocols such as SSH, SFTP and HTTPS.

If there is anything here that you wish to ask about or get more information, feel free to add your comments below or send me an email at sganpat@interxect.com.

Did you like this article? Then please share it with others who may benefit from the information.

Original article: or you may find yourself becoming a victim of irony'">Ensure that you secure those security appliances or you may find yourself becoming a victim of irony

©2013 Interxect - Business Technology Consultants - Helping Your Business Use Information Technology Effectively. All Rights Reserved.

Zeus is a malicious software application (termed malware) that is designed to steal online credentials and other personally identifiable information (PII); it is geared to stealing banking credentials and information from users.

Zeus is a trojan, so it is disguised as something ‘safe’, and usually spread by links via email, comments on websites, and through social media, especially facebook.

SMBs are particularly attractive because they have more money than the average individual and often have lax security mechanisms in place to mitigate against malicious attacks. According to Symantec in its Internet Security Threat Report 2013, the largest growth area for targeted attacks in 2012 was with small businesses. As it says, “money stolen from a small business is as easy to spend as money stolen from a large business.”

Symantec had found in an earlier survey that many small businesses are not concerned about IT security and usually believe that the data that they have holds little value to attackers.  I have also had to educate some of my clients about the risks involved if their data, or even their servers, were stolen.

The Federation of Small Businesses in the UK reported that small businesses lose £785 million to cybercrime per year. The sad thing is that many a small business would go bankrupt if an attack was successful at draining their bank accounts.

Not only small businesses should be on the alert, but many small financial institutions, such as credit unions, should be aware of the threats and risks. Many of these institutions lack the resources and infrastructure of their larger counterparts and may be ill prepared for those attacks.

So what are some of the ways that small businesses can protect themselves.

1. Have up-to-date anti-virus, anti-spyware and anti-malware software installed and running.
2. Keep your PCs updated to all the latest software and security patches.
3. Use strong passwords on banking websites. If your bank offers a hardware security token, consider getting that service.
4. Train employees to recognise and avoid suspicious emails or links. Also keep an open environment that allows employees to report if they accidently click on a link; time is of the essence for these attacks.
5. If you have any suspicions about an email or message (such as snail mail) received that purports to be from your bankers, call them using the number from the phone book to verify the information. Do not use any numbers, email addresses or internet addresses from the message to contact them.
6. Use a computer account without administrative rights.
7. Always type in the internet address of the bank into your browser. Do not click any links within emails to access the online bank.
8. Limit access to computers that will be used to access online bank applications. Also limit the applications or sites that those computers will be allowed to access to limit exposure to malicious content.
9. If you can’t dedicate a computer to access online banking, then consider using a Live CD of an operating system to just access the online banking system.

For small financial institutions:

1. Make the required investments to secure your data and network.
2. Perform regular security assessments to identify and address risks.
3. Train your employees to become more aware of security risks and what they must do to reduce those risks.
4. Educate your customers as to what they can do to protect themselves.

Online banking is a huge timesaver for many a small business and with the right checks and balances can continue to be a safe way to manage your business’ finances.

Do you have any other tips that I should have mentioned? Or do you have any questions that you want answered? Feel free to comment below or send me an email to sganpat@interxect.com.

Original article: SMEs and Small Financial Institutions Beware'">Zeus Malware Reboot SMEs and Small Financial Institutions Beware

©2013 Interxect - Business Technology Consultants - Helping Your Business Use Information Technology Effectively. All Rights Reserved.

While the report focused more on Latin America (the only Caribbean country with significant attention was Jamaica), our close proximity to South and Latin America means that we should consistently remain abreast of the developments there.

I read the reports and have distilled some of the highlights for you.

In General

A general increase in cyber incidents were reported by most countries. However, the belief is that this was due to better detection and security mechanisms put in place, indicating that attacks were happening all the time but were previously undetected. The report noted that in many instances there was no rating or scale used for the incidents that were detected.

Growth of Hactivism

An interesting trend that was noted was the growth in hacktivism or politically motivated hacking. These instances were not driven by financial gain, but were coordinated attack campaigns in response to legislative initiatives. These attacks brought the issue of cyber security to the forefront, and may have provided some benefit by making those in authority more aware of the threats out there.

Financial Losses

The report wasn’t able to quantify the losses caused by hacking, stating that it was impossible to gather, but still said that it was very high, possibly even greater than losses of any other form of crime. I find this a rather dubious claim though, and would prefer to see more evidence before stating such.

Threat to Industrial Control Systems

Industrial Control Systems (ICS) are at an even greater risk in the region, than in many other parts of the world. I gather that the report also included financial, transportation, healthcare, and telecommunications as having ICS. Trend micro found many ICS devices connected to the Internet, possibly for remote management and administration. This may not be a problem in itself, but it found that these systems will both unprotected by a password or unpatched. I know of a few cyber scams that have hit telecommunications companies within the region, but none that have hit industrial systems… as yet!

Keeping up with Cybercriminals

Trend micro found that the hackers in the region were learning from their counterparts in other developed countries, mainly from Eastern Europe. Meanwhile, law enforcement authorities were having a hard time keeping up with the cybercrime developments. The report cited inexperienced cybercrime investigators and the shortage of prosecutors who specialize in technology related offenses. There is also a need for highly skilled professionals who can secure networks, diagnose intrusions, and effectively manage cyber incidents.

Inadequate Security and Awareness of the General Citizenry

One of the conclusions formed was that the greatest form of attack was via file infections. This is an indication of insufficient security mechanisms on personal PCs and a lack of awareness of the general citizenry of how to protect themselves from cyber threats.

Impediments to Cybersecurity within the Region

The report brought to fore some of the major issues impeding the region’s cyber security efforts.

• Lack of information being shared about security events such as breaches, intrusion attempts, or attacks.
• Lack of law enforcement or federal laws and regulations.
• Skewed data about security incidents that may not be factual or just anecdotal evidence (“I heard that this happend…”).
• Differing standards as to what constituted a cyber incidents. Some countries only counted attacks on the Government as incidents, while others count everything.
• Lack of National Computer Security Incident Response Team (CSIRT).
• Lack of highly skilled professionals in the area of cyber security.

Recommendations

The report included three recommendations for governments and organizations in the region to help improve the state of cyber security.

1. Raise awareness of safe cyber habits and general cybersecurity awareness among Internet users, critical infrastructure operators, and government employees.
2. Invest in and promote enrollment in technical degree programs to ensure an ample pool of qualified candidates from which to draw professionals that would be needed to fill the increasing number of information security careers.
3. Continue strengthening policy mechanisms to assign governmental roles and responsibilities related to cyber security and codifying information sharing and cooperation mechanisms.

I would also include that the formation of CSIRT’s at both the organizational and the national levels, even at the regional level. This would help coordinate activities in addressing cyber security. And while I do not think we need to go as far as having degree programs, we do need to increase the pool of people who deeply know information security.

I recommend that you read the report here (pdf), and please forward it to others, especially those in the position to take the cause forward.

Do you think that enough efforts are being made to improve cyber security at both the organizational and that the governmental levels? Leave your comments below.

Original article: ... and what we can do about it!'">Trend Micro – Cybercrime on the Rise in Latin America and the Caribbean ... and what we can do about it!

©2013 Interxect - Business Technology Consultants - Helping Your Business Use Information Technology Effectively. All Rights Reserved.

The attacks use bots to attempt a brute force attack on WordPress installations using the default “admin” username and a dictionary of passwords.

Many websites, including ours, run on WordPress. It is recommended that you use a different administrative username and a strong password. Even if you are using a different administrative username, you should still use a strong password. See our article - 5 Tips To Help You To Secure and Manage Your Passwords – on tips for strong password creation.

The attacks have died down over time, and many ISPs have put in measures to secure their users. Our ISP put out this notice yesterday. But this is no reason to relax. Security is about eternal vigilance, and you can bet that the next wave is coming.

Original article: Widespread Attack on WordPress Websites

©2013 Interxect - Business Technology Consultants - Helping Your Business Use Information Technology Effectively. All Rights Reserved.

The insurance industry is based on risk and a person purchasing insurance does so based on all of the possible costs that may be incurred based on the probability of the risk occurring. So someone may spend the $50 to buy some accident insurance that has a probability of 1 in 100 happening that can may incur a cost of $1000.

Now securing IT is also based around the cost that may be incurred based on risk of an incident occurring. So for example if I have a piece of equipment that costs $500 that holds data that is worth $500, then I may spend $50 to secure that $1000 worth of equipment and data from a risk that has a 1 in 100 chance of happening.

Do you notice any similarities? Of course!

I may have oversimplified a few things, but the concept is basically the same.

The only thing to consider is that in insurance, they only insure you against the risk of something happening; IT security on the other hand puts mechanisms in place to minimize the risk of something happening.

With insurance you must take appropriate steps to prevent what to avoid it particular accident from happening, while with IT security, you’re spending money to reduce the risk of a particular threat happening.

The thing with IT security, as with insurance, is that you may never eliminate a risk. You may spend thousands and millions of dollars and still a risk may remain. But if you look at the similarities of IT security and insurance it doesn’t stop there.

Another way in which they are very similar is the way that they are sold. Have you ever been sold insurance before? I have, and I personally hate insurance agents! Insurance agents sell and fear uncertainty and doubt – FUD. They sell with statements such as, “You must think about your family,” or, “What would happen if you are sick or an accident happens and you are unable to work; how are you going to support them?”
They play on fears and appeal to your darkest emotions.

IT security vendors play a similar game. They also use FUD to put buyers in an uneasy and uncomfortable position where they believe that their risk is much greater than they may perceive it to be. This is one of the reasons that I hate sales pitches from IT security vendors.

Now don’t get me wrong, I believe that IT security devices are an important part of protecting an enterprise environment. But what I also believe is that a lot of people overestimate what is required to protect their environment and, in some instances, underestimate what they should be protecting.

IT Security is not as simple as just throwing technology in there and thinking that you are protected.

IT Security involves a full holistic approach with technology, your people and executive management to bring a certain level of awareness and behaviour that will ensure a secure environment. However many businesses don’t look at the people aspect and use too much technology for their IT security needs, often based on the advice of the same IT security vendors.

Take my advice and take everything that IT Security vendors say with a tablespoonful of salt.

I understand that having a lot of IT Security systems in place helps you feel comfortable and secure. But just as you can have too much insurance, you can have too much IT Security systems.

And too much IT Security systems can have the opposite effect of what you are trying to achieve. More on that point in another article.

Original article: Two sides of the same coin'">IT Security and Insurance Two sides of the same coin

©2013 Interxect - Business Technology Consultants - Helping Your Business Use Information Technology Effectively. All Rights Reserved.

This incident reminded me of something similar that I witnessed during the Christmas season when I was shopping for some presents for my children in a toy store. While browsing I overheard a customer asking two sales clerks to see an item on one of the higher shelves. One of the clerks told the customer, “I’m not seeing any of the fellas around. Check the other aisle to see if you see any of the boys and ask them to get it for you.” The customer then said, “You want me to find the boy?” and the clerk said yes. The customer said thanks and promptly left the store. The sales clerks started the laugh and one said, “Well that’s her loss!”

The above two examples show a failure of where a small step wouldn’t have caused major satisfaction, but not taking that step caused major dissatisfaction. In fact in the second example the store lost a possible sale, and worst, the clerks thought that it was the customer who lost. No! It was the store that lost, and perhaps your jobs might be next.

We might look at these examples and relate to it, but how many times within our own businesses we are guilty of these same missteps? We don’t follow up with the customer. We don’t deliver when we say we will deliver. We don’t pass a simple message on to someone when asked to. Even when providing service to our own co-workers.

We must all be cognizant that we are in the business of providing service and must do so to the best and greatest of our ability. And sometimes doing the best and greatest is simply to take that one step that others wouldn’t.

Original article: Bad service has more to do with what you don't do.'">A Culture of Service Bad service has more to do with what you don't do.

©2013 Interxect - Business Technology Consultants - Helping Your Business Use Information Technology Effectively. All Rights Reserved.

This is purely an issue of work ethic, and the business is hardly to blame for the actions of the employee, however, if any damages were to occur because of it, the business may have been held accountable for it. To the business’ credit, it had performed a security audit and was able to detect the act. But how many other businesses do not do the same? What other activities are taking place within your business that you are not aware of and has the potential to bring you heavy losses, both in reputation and finances?

Unethical behaviour in IT departments is of particular concern, as there is real potential of serious damage.

How can we prevent this?

The question remains how can businesses protect themselves from unethical behaviour such as this? I have pondered this for some time as many businesses use the NDA – Non-Disclosure Agreement – as a way to keep workers honest, but this still depends on ethics. You can act like “big brother” and monitor your employees’ every move, but that will just decrease morale. A regular and consistent audit may be the best way to capture these events, but this suffers from two disadvantages – it’s a costly recurring expense, and it captures incidents after the fact, when the damage is already done.

There is one thing you can try that I think is the best option.

Another Approach

The best way to approach this, in my opinion, is to try to prevent it from happening at all. We do this by maintaining a proper and open relationship with your employees.

Be approachable to employees and allow them speak openly about their concerns. Sincerely try to address their concerns and be honest about situations – if they can’t trust you, then they will have no qualms about betraying your trust.

Create a culture of ethical habits by setting the example for the employees to follow, such as giving recognition and credit where due, by not engaging in corrupt practices, or by not pushing the envelope of what might be ethical behaviour.

The Best Way?

Will this prevent bad behaviour from ever happening? No,  I seriously doubt that. Within everyone there is a bad and good side – yin and yang – and what you need to do is create an environment where it is easier to do good, and be good. Perhaps I’m being optimistic, but I’d rather be a wrong optimist than a right pessimist.

Original article: Can you stop this from happening in your business?'">Security audit finds dev OUTSOURCED his JOB to China to goof off at work Can you stop this from happening in your business?

©2013 Interxect - Business Technology Consultants - Helping Your Business Use Information Technology Effectively. All Rights Reserved.

I’ve come up with eight technologies that we should continue to monitor and consider how you can use them in your business.

1. Cloud Services (SAAS and PAAS)

What is it?

Cloud computing is a model whereby you may make on-demand access to computer resources and services. There are three models of cloud computing, Software-as-a-Service (SAAS), Platform-As-A-Service (PAAS) and Infrastructure-As-A-Service (IAAS). I will go into more detail about cloud computing in a later article.

Why is it important?

Cloud Services has the potential to save businesses on infrastructure costs and simplify administration.

By cloud services I am referring specifically to SAAS and PAAS. I know that cloud services is not new, but it continues to have a serious impact on how businesses are run, and the direction that software vendors are now going. Almost all vendors are now offering some type of SAAS package – even Microsoft has embraced SAAS with their new Office 15. I see some impact of IAAS on voice and video services.

What should your business do?

Take some time to evaluate your current infrastructure and determine whether there are gains to be made by moving to cloud services. All costs should be considered as businesses often do not consider the price of changing providers.

Understand privacy and security issues as many of the cloud services are hosted in the United States and falls under their jurisdiction. One of the major concerns with Caribbean businesses on cloud services has been on how secure is their data.

2. Big Data and Data Analytics

What is it?

Big Data is the term given to vast amounts of data that companies may have amassed through the years. This data may be based on sales, marketing, production or customer behaviour. Data analytics is the process of going through that data to gain valuable insights for future decisions.

Why is it important?

Coming on the tails of Cloud Computing, Big Data and Data Analytics have become buzz words with many large enterprises, mainly because cloud computing allowed the analysis of these large amounts of data. Analysing data is not something new, as companies large and small have used historical data to determine trends. Big Data is used to find insights that never existed before. For example, historical analysis might show that sales are seasonal and when is the best time to bring out a new product. Big data may show who the most likely people to buy a product are, when the most likely time they will buy the product is, and how you can encourage them to buy your product.

What should your business do?

Start pulling your data sources together. In the Caribbean, we don’t have as much data as other parts of the world, as we do not have as large a market and we haven’t been collecting data as much or as long as we should. If you aren’t collecting data, then you should start. Just be wary of collecting customer’s data without their consent, especially if you plan to give that data to another party.

Understand the options for analysing data and have an idea of what kind of insight you are looking for. It’s no use crunching a whole bunch of data hoping to find something; there is a scientific method of analysing data by coming up with a hypothesis then testing it.

If you plan to analyse data then get a statistician or data analyst on board who understands how to do the type of analytics required. Do not think that the IT department has those set of skills, as they generally do not.

3. Truly “Personal” Computing

What is it?

The personal computer is meant for use by individuals. By “personal” computing I mean that computers become more customised to the individual user offering services and information suitable to that person.

Why is it important?

People want information quickly, but not just any information, the right information. But each person is unique and this involves an individual allowing a huge amount of personal information to be gathered so that trends can be analysed for better guesses later on. Google Now is one service that is making some serious headway with this.

What should your business do?

As people become more expectant of real-time, accurate information, your business will also need to be able to meet such needs. Consider portals that users can connect to that provide information on orders, queries and billing so that there is less hassle. Ensure that this system is secure to limit the risk of malicious attacks.

Collect data on customers for analysis so that you can be better equipped with information more suited to the individual rather than your entire market, even if you have them categorised by groups.

4. Smartphones

What is it?

Smartphones are feature-rich mobile phones, typically running a mobile operating system that allows the installation and running of third-party applications, so that they may be used, almost, as a personal computer.

Why is it important?

The numbers of smartphone purchases are steadily increasing as the number of non-smartphone (called feature phones) are steadily decreasing. As smartphones become cheaper, almost everyone will have one, and, coupled with higher and cheaper data rates by service providers, will allow users to have on-the-go access to information, both work and personal. The number of applications available for smartphones now range from games, to social networks (Facebook, Twitter, etc), to cloud-based services.

Customers and consumers can use smartphones to research products in the store and get feedback and reviews from friends or strangers. More users are using their smartphones for general purpose web-browsing and e-mail access rather than desktops.

Employees can now use smartphones to connect to company applications to perform business tasks, such as sales order generation or invoicing, in real-time. As more employees are coming in with their own smartphone into the workplace, the bring-your-own-device (BYOD) movement will become more important. I’ll speak more on BYOD in a later article.

What should your business do?

Start by developing a mobile strategy from both the corporate side and the consumer side. By mobile strategy, I mean how your business is going to position itself to take advantage of the advances in mobile.

Understand the risks of mobile, particularly with company data on mobile devices; mobile devices are lost regularly and the data on the devices are usually more valuable than the device itself.

5. Augmented Reality and Location-Based Services

What is it?

AR is the enhancement of the visualisation of the physical environment with computer generated information. An example of this is the Google Project Glass concept.

LBS is specific services that is offered based on your location. An example of this is performing a search on Google for restaurants – a search while you are in Trinidad will bring up Trinidadian restaurants, while a search if you are in Barbados will bring up Bajan restaurants.

Augmented Reality (AR) and Location-Based Services (LBS) are two different applications, but the business potential are similar. LBS is available now, while AR is still under development, but I believe that AR will make some rapid leaps this year.

Why is it important?

AR and LBS will allow businesses to offer more relevant information to consumers, and combined with data analytics, can offer valuable insight into your customers’ behaviours.

What should your business do?

How you use AR and LBS will depend on your mobile and marketing strategy. Using LBS, you can develop a mobile application that notifies a user of a sale on a particular item when they are close to a store, for example, and then use AR to help that user navigate your store. Remember that AR is a developing technology, while LBS is currently in use.

6. The Internet of Things and Pervasive Computing

What is it?

The Internet of Things (IOT) and Pervasive Computing envisions a world where everything is connected in some way to an “Internet”; Internet is in quotes, because that Internet may not be the Internet we now know. This technology will allow us to communicate with everyday devices such as clothing and refrigerators, to the machinery in the manufacturing plants.

Why is it important?

Pervasive computing can open the market to new products using old products. For example, Nike created it’s Nike+ series of products that allows consumers to gather biometric information while at play to help them measure and improve their performance.

Businesses can use the IOT to gather information from the plant to make more timely business decisions such as supply chain management and enterprise resource planning.

What should your business do?

Start thinking inside the box, where you look at your current products and determine if there are advantages to the consumer of connecting your product to the internet.

Review your current plant infrastructure and determine if you can benefit from more real-time information of how they are being used.

Also be cognisant of data security when connecting devices to networks, so ensure that access to these devices are protected.

7. 3D Printing

What is it?

3D printing is a process for making 3-dimensional objects from computer generated designs. The process is currently performed by using a layering or additive method by laying material upon each other until the object is completed. The majority of 3D printers create plastic objects, but there are some that create metal ones.

Why is it important?

3D printers have been around for some time, but now have become much more affordable; even domestic printers are available for hobbyists.

These printers allow manufacturers to create rapid prototypes, allowing them to test designs before moving them to more permanent lines. Because the cost of prototyping is less, designers can be more open to trying new and creative designs that may have been previously cost prohibitive.

The printers also allow for rapid manufacturing where small quantities of parts might be required for a small order. Manufacturers will not need to adjust a line just to create those parts.

What should your business do?

If you are a manufacturer, explore your design process and determine if there are opportunities for rapid prototyping and whether 3D printing can help improve your time-to-market of new products.

8. New and Improved Human-Machine Interfaces

What is it?

A human-machine interface is the process by which humans interact with a machine or a computer (sometimes called a human-computer interface). This interface is mostly known as the keyboard and monitor, but can also be the control screens of process plants, or the touch screens of phones.

Why is it important?

After many years of interacting with computers by keyboard and mouse, technology has improved where voice commands are more reliable, and gesture controls are more capable. Not only do these new interfaces allow you to improve the speed of computerised processes, but it’s also very cool.

Apple’s Siri generated a lot of interest when Apple introduced it back in 2010; although it has not quite lived up to the hype, it opened ourselves to a new way of interacting with our mobile devices.

Microsoft’s Kinect system, while originally developed for it’s Xbox gaming system immediately found favour with hacking enthusiasts who used it to create gesture controls for computer applications including educational and medical uses.

What should your business do?

As always, peruse the technology landscape and see what improvements are available to allow you to improve your business processes.

Don’t be afraid of being innovative and try to develop new ways of using these technologies in your current processes to improve usability.

Conclusion

So there they are, my predictions of the eight technology trends that will likely have a great impact on Caribbean businesses, and well, all businesses in general.

What do you think? Is there any technology that you think that I should have mentioned? Or do you think that I am wrong with my current predictions? Chime in below.

Original article: and what should your business do about them.'">8 Tech Trends for Businesses to Watch for in 2013 and what should your business do about them.

©2013 Interxect - Business Technology Consultants - Helping Your Business Use Information Technology Effectively. All Rights Reserved.

What’s the sense of purchasing or implementing new IT gadgets or tools – smartphones, tablets, cloud services CRM, ERP, etc – if it is not benefitting your business. New technologies in businesses means nothing if it is not going to either save you money or generate revenue.

Ask yourself, “Is this IT purchase going to bring me a return that is excess of the investment that I am making?”

Take a look at your past IT investments and think what your returns have been. Perhaps it’s time to start making better decisions?

Original article: Your Business Will Thank You'">What you should ask before making that IT Investment Your Business Will Thank You

©2013 Interxect - Business Technology Consultants - Helping Your Business Use Information Technology Effectively. All Rights Reserved.

One company, Company A, opened in the late 1970′s, and the other, Company B, opened in the mid 1980′s – about seven years apart.

Company A is a thriving, growing business that has diversified itself in different areas, while Company B is stagnated (even shrinking) and struggling. Although Company A had a seven year head start over Company B, the place where Company B is now is nowhere close to where Company A was seven years ago.

I had the opportunity to speak to both owners about how they run their business (not at the same time of course) and here are a few things that I found.

• Company B focuses on low price going after customers seeking low price. Company A goes after customers who want high-value and are willing to pay a higher price.
• Company B is using the same old printers that it had for decades. Company B has invested lots of time and money in new technology, including digital printing, continuously over the years.
• Company B has staff that is unionized, even though it’s a very small business, and the owner constantly complains about them. Company B has staff that is diligent and loyal to the business and is not unionized, and the owner constantly praises them.
• The owner of Company B wants to be involved in every decision and process that there is in the company. The owner of Company B delegates authority to others for getting things done.
• Company B is trying to do the same old things and hoping to get different results. Company A continuously looks at the environment and changes its strategy to suit.

You take a look at the stark differences in approach between the two businesses and think about why Company A is doing better than Company B.

Company B still would not listen to anyone’s advice, and still continues to struggle, but perhaps you may learn a thing or two.

Original article: How two companies, in the same business, can be totally different.'">A Tale of Two Printers How two companies, in the same business, can be totally different.

©2013 Interxect - Business Technology Consultants - Helping Your Business Use Information Technology Effectively. All Rights Reserved.