Thursday, June 13, 2019

Need export help? Here are some small business resources - Star Tribune

Need export help? Here are some small business resources - Star Tribune


Need export help? Here are some small business resources - Star Tribune

Posted: 12 Jun 2019 11:51 AM PDT

NEW YORK — Small business owners who are interested in exporting, or who need education and assistance about issues like tariffs, can get information or assistance online or from federal, state or local government agencies.

A look at some of the resources:

Online help:

The Small Business Administration has a guide to the basics of exporting, including how to find buyers and financing. www.sba.gov/business-guide/grow-your-business/export-products .

The U.S. Commercial Service operates www.export.gov , a portal that also has educational materials, information about trade with specific countries and links to export services such as product analysis, aimed at determining if a product is ready for export. Some of the services are free, while others have fees. The site also has a section to help companies deal with trade problems.

The Office of the U.S. Trade Representative's website, https://ustr.gov also has information about individual countries and references such as a glossary of trade terms.

Some states and cities have export assistant offices; search online to find out if there's one in your state.

In-person help:

The U.S. Commercial Service has offices in most of the states and nearly 80 locations outside the U.S. You can find them at www.export.gov/locations .

Small Business Development Centers, or SBDCs, give free counseling to small companies and can provide information on exporting and export resources. You can find one at www.sba.gov/local-assistance . Many are located on college or university campuses.

SCORE, the organization that gives free advice to small businesses, has mentors who can help companies on a range of topics including exporting. You can meet with one in person or connect with them via phone or online. You can find a mentor at www.score.org .

_____

Follow Joyce Rosenberg at www.twitter.com/JoyceMRosenberg . Her work can be found here: https://apnews.com

Small Business Administration Contracting Programs: Additional Efforts Needed to Implement GAO Recommendations - Government Accountability Office

Posted: 12 Jun 2019 11:38 AM PDT

What GAO Found

The Small Business Administration (SBA) has not fully implemented GAO's prior recommendations to address oversight deficiencies in the Women-Owned Small Business (WOSB) and Historically Underutilized Business Zone (HUBZone) programs and to improve evaluation of its procurement scorecard. GAO maintains that its recommendations should be addressed.

Women-Owned Small Business Program. In its March 2019 report, GAO found that SBA had not addressed WOSB program oversight deficiencies identified in GAO's 2014 report (GAO-15-54). For example, GAO had found that SBA did not have procedures related to reviewing the performance of the four third-party certifers—private entities approved by SBA to certify the eligibility of WOSB firms—as well as information the certifiiers submitted to SBA. GAO recommended that SBA establish procedures to assess the performance of the certifiers and the information they submitted. While SBA conducted a compliance review of the certifiers in 2016, SBA said in June 2018 that it had no plans to conduct further compliance reviews until a final rule implementing a new certification process was completed. SBA officials said that they expected the rule to be implemented by June 2021. By waiting to improve its oversight of the WOSB program, SBA cannot provide reasonable assurance that certifiers are complying with program requirements and cannot improve its efforts to identify ineligible firms or potential fraud.

HUBZone Program. In September 2018, GAO reported that it had reviewed case files for a nongeneralizable sample of 12 firms in Puerto Rico that received HUBZone certification between March 2017 and March 2018 and found that SBA did not consistently document or follow its policies and procedures for certification reviews. For example, SBA did not have complete documentation in nine of 12 cases and did not follow its policy to conduct three levels of review when determining whether to approve or deny a firm in four of 12 cases. As a result, SBA did not have reasonable assurance that firms meet HUBZone criteria. SBA said that it planned to implement GAO's recommendations that SBA (1) update internal policy manuals for certification and recertification and (2) conduct and document reviews of staff compliance with relevant procedures. However, as of May 2019, SBA had not provided documentation showing that it had completed these planned actions.

Small Business Procurement Scorecard. For fiscal year 2017, SBA revised the methodology for its Small Business Procurement Scorecard, which assesses the efforts of federal agencies to support contracting with small businesses. For example, one revision reduced the share of the total scorecard grade devoted to prime contracting achievement (the dollar amount of contracts awarded directly to small businesses). GAO recommended in September 2018 that SBA design and implement a comprehensive evaluation to assess the scorecard revisions. Since that report was issued, SBA has proposed but not yet implemented a two-phase evaluation of the scorecard to include an evaluation of the scorecard's effect on federal agencies achieving small business contracting goals. SBA said that it expects to complete phase one by September 2019 and has not provided a time frame for phase two.

Why GAO Did This Study

Federal agencies conduct a variety of procurements that are reserved for small business participation through small business set-asides. These set-asides can be for small businesses in general, or they can be specific to small businesses that meet additional eligibility requirements in programs such as those for WOSB or HUBZone. SBA administers both the WOSB and HUBZone programs. SBA also produces an annual Small Business Procurement Scorecard to measure how much contracted spending federal agencies allocate to small businesses and whether the federal government is meeting its goals for awarding contracts to small businesses.

GAO issued three reports between September 2018 and March 2019 on SBA contracting programs (see GAO-18-666, GAO-18-672, and GAO-19-168). This testimony is primarily based on these three reports and discusses prior GAO findings and SBA's progress on implementing GAO's recommendations on (1) the WOSB program, (2) the HUBZone program, and (3) SBA's procurement scorecard.

To update the status of prior recommendations, GAO reviewed updates from SBA and interviewed officials.

For more information, contact William B. Shear at (202) 512-8678 or shearw@gao.gov.

More Than 150,000 U.S. Small-Business Websites Could Be Infected With Malware at Any Given Moment. Here's How to Protect Yours. - Entrepreneur

Posted: 12 Jun 2019 12:03 PM PDT

Small-business victims were involved in 43 percent of data breaches over the course of a year, according to a recent report.

9 min read

It was March 2, 2016, and Melissa Marchand's day on Cape Cod started out like any other. She drove to her job at Hyannis Whale Watcher Cruises in her mid-size sedan, picked up a latte with 1 percent milk at her local coffee shop and sat down at her desk to check her email. Then, Marchand got the call no website manager ever wants to receive: The site was down, and no one knew how to fix it.

After she dialed up the web hosting provider, the news went from bad to worse: Whales.net had been hacked and, to her horror, all visitors were being redirected to porn sites. Google had even flagged the company's search results, warning potential customers that the site may be hacked.

"It was a total nightmare -- I had no idea that something like this could happen," Marchand said in an interview with Entrepreneur. "I'd say 75 to 80 percent of our bookings are done online, so when our site is down, we're just dead in the water."

At the provider's suggestion, Marchand called SiteLock, a website security company, and granted its representatives site access. SiteLock discovered the hackers had exploited a security hole in a Wordpress plugin, which gave them the access they needed to redirect visitors to racy websites.

By the end of the work day, Marchand sat in her car in her gym's parking lot, speaking on the phone with a SiteLock representative to review the plan of action. She finally felt like things were going to be OK.

Within three days, Whales.net was back up and running, though it took another three weeks for Google to remove the blacklist warning from the company's search results.

The hack hit about a month before the whale-watching season began in mid-April, and though it wasn't peak season, the company still missed out on pre-booking tour groups from schools and camps. Marchand estimated the attack lost the company about 10 percent of its March and April business.

A risk for small businesses everywhere

Small-business owners were victims in 43 percent of data breaches tracked between Nov. 1, 2017, and Oct. 31, 2018, according to a 2019 Verizon report. The report tracked security incidents across all industries, but the most vulnerable sectors this year were retail, accommodation and healthcare.

What does the issue look like on a national scale? If we take the sample size of infected sites SiteLock said they found in 2018 -- approximately 47,244 out of 6,056,969 checked -- and apply that percentage to the country's estimated 30.2 million small-businesses websites, minus the estimated 36 percent that don't have one, then we can loosely estimate the amount of infected small-business websites to be around 150,757.

As a small-business owner, you may not believe anyone would target your website, but that's just it -- bad actors are likely not seeking out your site specifically, said Mark Risher, head of account security at Google.

"Sometimes, we talk about the distinction between targets of choice and targets of chance," Risher said. "Targets of chance is when the attacker is just trying anything -- they're walking through the parking lot seeing if any of the car doors unlocked. Target of choice is when they've zeroed in on that one shiny, flashy car, and that's the one they want to break into -- and they'll try the windows, the doors … the moon roof. I think for small businesses, there's this temptation to assume, 'No one would ever choose me; therefore I'll just kind of skate by anonymously.' But the problem is they're not factoring in the degree of automation that attackers are using."

Even the least-trafficked websites still average 62 attacks per day, according to SiteLock research. "These cybercriminals are really running businesses now," said Neill Feather, president of the company. "With the increasing ease of automation of attacks, it's just as lucrative to compromise a 1,000 small websites as it is to invest your time and try to compromise one large one."

John Loveland, a cybersecurity head at Verizon and one of the data breach report's authors, said that since the report was first published 12 years ago, he's seen a definite uptick in attacks at small and medium-sized businesses. As malware, phishing and other attacks have become "more commoditized and more readily accessible to lesser-skilled hackers," he said, "you see the aperture open … for types of targets that could be valuable."

So what are the hackers getting out of the deal? It's not just about potentially lucrative customer information and transaction histories. There's also the opportunity to weaponize your website's reputation. By hosting malware on a formerly trustworthy website, a hacker can increase an attack's spread -- and amplify the consequences -- by boosting the malware's search engine optimization (SEO). They can infect site visitors who search for the site organically or who access it via links from newsletters, articles or other businesses, Risher said.

Even if you outsource aspects of your business -- say, time and expense reporting, human resources, customer data storage or financial transactions -- there's still no guarantee that that information is safe when your own website is compromised. Loveland said he saw an uptick in email phishing specifically designed to capture user credentials for web-based email accounts, online CRM tools and other platforms -- and reports of credential compromise have increased 280 percent since 2016, according to an annual survey from software company Proofpoint.

How to protect yourself and your customers

How can small-business owners protect themselves -- and their customers? Since a great deal of cyberattacks can be attributed to automation, putting basic protections in place against phishing, malware and more can help your site stay off the path of least resistance.

Here are five ways to boost your small-business's cybersecurity.

1. Use a password manager.

There's an exhaustive amount of password advice floating around in the ether, but the most important is this, Risher said: Don't reuse the same password on multiple sites. It's a difficult rule to stick to for convenience's sake -- especially since 86 percent of internet users report keeping track of their passwords via memorization -- but cybersecurity experts recommend password managers as efficient and secure workarounds. Free password manager options include LastPass, Myki and LogMeOnce.

2. Set up email account recovery methods to protect against phishing attacks.

Phishing attacks are an enduring cybersecurity problem for large and small businesses alike: 83 percent of respondents to Proofpoint's annual phishing survey reported experiencing phishing attacks in 2018, an increase from 76 percent the year before. Embracing a more cyber-aware culture -- including staying vigilant about identifying potential phishing attacks, suspicious links and bogus senders -- is key to email safety.

If you're a Gmail user, recent company research suggests that adding a recovery phone number to your account could block up to 100 percent of cyberattacks from automated bots, 99 percent of bulk phishing attacks and 66 percent of targeted attacks. It's helpful because in the event of an unknown or suspicious sign-in, your phone will receive either an SMS code or an on-device prompt for verification. Without a recovery phone number, Google will rely on weaker challenges such as recalling last sign-in location -- and while that still stops most automated attacks, effectiveness against phishing drops to 10 percent.

3. Back up your data to protect against ransomware.

Ransomware -- a cyberattack in which a hacker holds your computer access and/or data for ransom -- has kicked off a "frenzy of cybercrime-related activities focused on small and medium businesses," Loveland said. In fact, it's the second leading malware action variety in 2019, according to the Verizon report, and accounted for 24 percent of security incidents. Hackers generally view it as a potentially low-risk, high-reward option, so it's important to have protections in place for such an attack -- namely, have your data backed up in its entirety so that you aren't at the hacker's mercy. Tools such as Google Drive and Dropbox can help, as well as automatic backup programs such as Code42 (all charge a monthly fee). You can also purchase a high-storage external hard drive to back everything up yourself.

4. Enlist a dedicated DNS security tool to block suspicious sites.

Since computers can only communicate using numbers, the Domain Name System (DNS) is part of the internet's foundation in that it acts as a "translator" between a domain name you enter and a resulting IP address. DNS wasn't originally designed with top-level security in mind, so using a DNSSEC (DNS Security Extension) can help protect against suspicious websites and redirects resulting from malware, phishing attacks and more. The tools verify the validity of a site multiple times during your domain lookup process. And though internet service providers generally provide some level of DNS security, experts say using a dedicated DNSSEC tool is more effective -- and free options include OpenDNS and Quad9 DNS. "[It's] a low-cost, no-brainer move that can prevent folks from going to bad IP addresses," Loveland said.

5. Consider signing up with a website security company.

Paying a monthly subscription to a website security company may not be ideal, but it could end up paying for itself in terms of lost business due to a site hack. Decreasing attack vulnerability means installing security patches and updates for all of your online tools as promptly as possible, which can be tough for a small-business owner's schedule.

"It's tempting for a small-business owner to say, 'I'm pretty handy -- I can do this myself,'" Risher said. "But the reality is that even if you're very technical, you might not be working around the clock, and … you're taking on 24/7 maintenance and monitoring. It's certainly money well spent to have a large organization doing this for you."

Small-business optimism rises to pre-shutdown levels - MarketWatch

Posted: 11 Jun 2019 05:05 AM PDT

Bloomberg News/Landov

The numbers: The index of small-business optimism from the National Federation of Independent Business rose to 105.0 in May. Economists surveyed by Econoday had forecast a 102.0 reading.

What happened: Six of ten survey components increased, three were unchanged, and only one fell in May. Nearly two-thirds, or 62%, reported hiring or trying to hire, a 5-point increase from April, but 54% reported "few or no qualified applicants for the positions they were trying to fill," also up five points during the month. And 64% reported spending on capital equipment, a 6-point gain and the best since February 2018.

Meanwhile, respondents saying they're raising their selling prices fell to a net 10%, and slightly fewer plan to raise prices than in April.

Big picture: After surging to an all-time high after the 2016 presidential election, the NFIB index slid to its lowest since 2016 earlier this year. Still, the small-business lobby called May's reading "historically high."

In its May release, the group said, "It is important to keep policy focus on the small business half of the economy to ensure that it is not dissuaded from investing and hiring because of 'policy oversight' like not making the tax cuts permanent." In fact, evaluations of the 2017 tax cuts have been mixed, and some analysts consider even the initial round of cuts problematic, with no sense of what making them permanent would do to the economy.

See also: Opinion: So much for the Republican tax cut as a game changer — the investment boom is fading fast

What they're saying: In a May research comment, Pantheon Macro Chief Economist Ian Shepherdson said NFIB's selling price index "does a decent job" as a leading indicator on the core inflation rate. Last month, Shepherdson said, "firms expect to pass on cost increases - labor mostly, but the impact of tariffs will become a more important drive over time, especially if they are broadened to cover all imports from China."

Market reaction: The Dow Jones Industrial Average DJIA, +0.13%   has gained more than 11% in the year to date.

Related: Economic expansion poised to become longest in U.S. history, leading indicators show

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.