Peter Bauer, founder of Mimecast security company, offers some advice for SMEs looking to avoid email-based cyberattacks.

The first mistake that businesses make when it comes to email is to think that it’s a secure way to share information. So argues Peter Bauer, co-founder of Mimecast, an international security company that handles 145 billion emails worldwide.

“Email was never intended to be used in the way it is now. It’s not really kitted out for all of the risks associated with the internet; it was designed for a more trusting environment,” he explains.

And it’s a mistake to think that SMEs don’t present a worthwhile target. In fact, they present attractive opportunities. By simply setting up a free email address and a LinkedIn account for research, a hacker can go far.

“What does worthwhile mean?” asks Mr Bauer. “It’s relative to the cost of putting on an attack, and to the downside of getting caught.” Both are low when it comes to an attack on an SME, which makes them more appealing than larger corporations.

Each time an attempt to hack your company is made via email, there are one of two aims at play: to steal money, or gain information.
Small businesses should bear those purposes in mind, because they can be key to spotting – and stopping – hacks.

Do you really know who’s asking you for information?

“Hey, are you at your desk?” is often the first question an email hacker will ask, says Mr Bauer.

Having researched a company on Linkedin – or if they are already in the system, having read emails between colleagues to garner a sense of tone and topic – the attacker will build a dialogue and wait a realistic amount of time before sending responses.

Someone pretending to be the chief executive emailed the head of HR and said they needed the data

The only way to combat this, says Mr Bauer, is to make sure that two-step procedures are in place around transfers of business to confirm a person’s identity (known as a two-step verification). Ways to do this include an SMS message or a phone call with the person in question.

But beware smart hackers’ attempts to overcome security protocols with a carefully-tailored statement. “They will say that it’s confidential; it’s board-only knowledge, so don’t tell anyone. Not breaking those procedures becomes very important,” says Mr Bauer.

And having a process in place is only effective if it’s used every single time, he adds. “Many businesses fail to follow their own protocols.”

Small data leaks can cause a flood

The security costs of letting someone have access to financial or personal data can be epic. Mr Bauer cites Snapchat, which had the equivalent of its entire P60 data stolen. “Someone pretending to be the chief executive emailed the head of HR and said they needed the data for a review. It was just sent over. It was leaked,” says Mr Bauer.

Attackers aren’t always asking for big chunks of data or banking details. The request can be smaller and more subtle. A good example of this, says Mr Bauer, is the recent hacking of an email account of a key person in Hillary Clinton’s presidential campaign. The attacker sent someone an email saying that suspicious activity meant that they needed to change their login details as a precaution.

In this instance, even a cautious user wasn’t safe. “They forwarded the email to their IT department to check it was okay. The expert said it looked fine,” says Mr Bauer. “They followed the email link and entered their password. The attacker got into the inbox and stole emails before the person realised their password change hadn’t worked.”

Get security on the agenda and keep it there

As an evolving and costly threat to business operations, Mr Bauer believes that it’s time to get cybersecurity on the meeting agendas of SMEs. “There should be a [dedicated] section on it. Give a voice to people who know your [IT] vulnerabilities.

“You might not even realise that a laptop was stolen from a worker the week before with unencrypted information on it. Out of sight, out of mind.”

For businesses unsure of where to begin with their email security efforts, a good start is to educate users by showing them what scams look like. This will, he says, teach them to scan for “red flags”.

Any business that is alarmed will also be troubled by Mr Bauer’s prediction for the future cybercrime opportunities posed by the Internet of Things. “The biggest cybersecurity threat that’s coming up is from the number of devices that are being connected to the internet,” he says.

“We’ve grown up thinking of the web as something that’s on servers and displayed on screens, and the security industry has matured around that. But my new car is a computer on wheels. If someone hacks an electric car, which is permanently connected to the internet, they could crash it. It’s entirely plausible.”


Make content short, responsive and simple, and cut the steps involved in purchasing processes, say these experts.

1. Have you stripped away any unnecessary content?

Tips by Dean Ronnie, content marketing manager, Miromedia

“Get rid of any graphics, videos, animations or anything else that means your mobile website takes forever to load. When optimising, consider that the visitor may not be viewing your site using a strong Wi-Fi connection. They could be viewing it via a prehistoric 3G connection (or worse). Slow loading means frustration for the customer, which means they will tap away and shop somewhere else.

“You also need to make sure that your mobile landing pages are right for the user and that they navigate to the page that’s relevant. If a user is looking to purchase fireworks, for instance, the page should have clearly laid-out products that can be quickly and easily purchased without having to navigate elsewhere. Also ensure that pages are easy to move around, easy to buy from and, of course, make sure your products are at the right price.

“Don’t be precious about anything. If it’s unnecessary for mobile, get rid. Most of the time, people are using their mobiles to make a decision, not research.”

2. Have you made the purchasing process ludicrously easy?

“Mobile browsing is all about convenience. People want to do things quickly. They don’t want to be going through multiple stages before they can buy something. So make the purchasing process as simple as possible by using the available technology – and that includes in-store. Make paying as simple as entering a password or scanning your fingerprint.

“Simplify the checkout process as much as you can. Ask your customers to enter only the necessary information. Ideally, your checkout process should be three steps or fewer.

“Think about integrated marketing as well. If using an app, include a ‘buy’ button that seamlessly allows the person to purchase without an interrupted experience.

“If you want to look to the (near) future, the next big thing looks to be shopping via Instagram. With its new ‘shop now’ feature, retailers will be able to tag products in images. By tapping these, users will immediately be taken to the relevant webpage to buy. It’s welcome news for businesses that sell niche products.”

3. Consider the context of the user experience

Tip by Inigo Antolin, head of marketing, Appleyard London

“Make your mobile site as fast as you can. Half of users expect mobile websites to load in less than two seconds, or they will leave, according to data from Kissmetrics. Bear in mind that mobile usage is already bigger than desktop, but it tends to be more on the go. It can happen on a short tube ride, or in a supermarket queue. Whatever the situation, mobile experiences tend to be really short.

“SMEs have just a few seconds or minutes before the user jumps into the next thing, because, for example, the train has already arrived at its destination.”

4. Does your website fit the device screen size?

“Having a responsive site is a must. I would recommend that businesses start by asking themselves: what time of the day and which days of the week do mobile users visit our site? Which devices do they use? Do they spend less or more than desktop? How do they pay for purchases?

Google Analytics is a free tool that can help you work out the answers to these questions. The next step is to run different tests for a limited time and learn from them. This needs to be an ongoing process, because mobile usage also depends on different factors, such as the weather. Sunshine, for example, means that users tend to spend more time outdoors and using more their mobiles.

“As a flower retailer, Monday is a really important day, on mobile and desktop. But this depends a lot on the industry, or even the specific page of the site. For example, the pages that we have promoting Sunday delivery don’t get any traffic until Wednesday, peaking on Saturday morning.”

5. Are you trying to run before you can walk?

Tip by Daniel Döderlein, chief executive, AUKA

“SMEs must figure out how using mobile can enhance the customer’s existing experience. For retailers, the end goal is to make their life as easy and pain-free as possible, to keep them coming back.

“That includes making it easy for shoppers to put items in their shopping basket, right through to the payments process (even providing automatic e-receipts). All of these things make the difference on mobile.

“Other examples of how we used m-commerce include scannable purchase codes in shop windows and magazines, with special offers to entice people in store. Remember, m-commerce also facilitates push-notifications based on geo-locations, enabling you to target and market like never before.

“The data you collect via mobile also gives you, as the retailer, a deeper level of customer insight, which is the key to unlocking a whole new level of marketing power for your business.”


One of the most talked about gifts this holiday season might not be a physical one, but a digital one. According to a recent Mercator Advisory Group study, egifts accounted for 18 percent of the reported gift card loads in 2015, an 80 percent increase from the previous year. With the rise in popularity among consumers, retailers are beginning to leverage egifts for more than just products to sell and are incorporating them into reward and rebate programs.

Electronic gift cards, or egift cards, are delivered digitally, including via email, SMS text, social media or app, and can be redeemed either in-store or by using the gift code online. Ease-of-use, personalization options and fast delivery are a few of the reasons egifts are quickly increasing in popularity.

Here’s why, in addition to being a valuable gift option, egifts are also a valuable rebate reward or incentive option for retailers and consumers around the holidays.

Omnichannel flexibility

Savvier shoppers combined with innovation in retail have transformed the landscape of holiday shopping into an omnichannel experience. Consumers quickly move from shopping at brick-and-mortar stores to shopping online or on their mobile devices and back, and want to do so seamlessly. According to a recent study by the Retail Gift Card Association, omnichannel flexibility is key for consumers, with 87 percent of gift card recipients wanting to be able to redeem their cards online or in-person as they choose. Egifts responds to this desire better than other promotional rewards.

Holiday shopping or gifting with egift rewards

Around the holidays, some shoppers may like to use loyalty program and rebate rewards to help offset the cost of holiday shopping and gift giving. Retailers can make it easy for shoppers to redeem and use their rewards via various channels or even gift them to someone else. Once an egift reward is received, the recipient can print it out, store it on their phone, save it to their mobile wallet—or, in some cases—re-gift it to someone else entirely.

Elevated brand interaction

When a traditional reward check is cashed, a consumer’s experience with the brand is over. With egifts, however, the brand can remain top of mind for much longer. First, the reward is received via email, text or app, and the retailer’s messaging is present. Next, as the reward is saved or stored, it acts as a mini billboard in the recipient’s mobile wallet or inbox. Finally, when the reward is redeemed, the recipient is reminded of his or her engagement with the retailer.

Directing spendback is also valuable during the holidays. Unlike checks, egifts offered by retailers as rewards incent shoppers to return to that store (online or in person) and, according to the consumer gift card survey by RGCA, the consumers surveyed typically spend more than they have on a gift card by $20.

As retailers plan their holiday promotional and loyalty strategies, egifts should be considered for inclusion in the reward mix as a win-win option. Recipients will appreciate the flexibility, ease-of-use and fast delivery. Plus, retailers can find value in the additional opportunities for brand messaging and interaction with their consumers during the hectic and crowded holiday marketing season.


Everywhere you look, at any time, everyone seems to be using their smartphone. Whether they are texting, using social media or shopping, these on-the-go consumers are living a digital lifestyle and taking their mobile devices with them.

With 64 percent of U.S. consumers now owning smartphones, more brands are turning to mobile, not only to reach and engage with consumers, but also to drive offline traffic and sales.

In fact, according to Forrester Research, mobile and marketing are the top two digital priorities for 59 percent of North American retailers. 

As the holidays approach, mobile has the ability to make or break retailers’ peak shopping season.
Preparing now will help brands be mobile-ready for this year’s holiday rush by increasing brand awareness, driving online and offline traffic and increasing sales.

Retailers can do that two main ways: with mobile monetization campaigns that users will not want to ignore, and with contextually-triggered digital messaging that drives action in the real world.

Think user-first to create breakthrough mobile campaigns and experiences
With a smartphone in nearly every pocket, mobile will be the key to driving brand awareness and loyalty this holiday season through branded experiences never before possible.

For true mobile monetization success, brands must think beyond basics such as banner ads, which are disruptive and often drive consumers to tune out or, worse, block the content all together.

Instead, they should take advantage of the immersive experiences that mobile enables, letting users interact in new and engaging ways, via swiping, tilting or shaking their phones.

In an industry experiencing a 90 percent global growth in mobile ad blocking last year alone, it is imperative for brands to explore immersive and integrated ad experiences that go beyond sticking a standard banner on the screen.

With mobile now representing nearly two out of three digital media minutes, marketers must understand how to engage their users, leveraging creative approaches to break through the thousands of ads that consumers will encounter during the holidays.

Digital drives traffic and conversions both online and off
As brands prep for the holidays, success driving store traffic and influencing digital conversions will depend on understanding who and where your customers are.

Through mobile applications, marketers can tap into the billions of data points that users leave behind, using these extensive digital trails to gain deep insights into consumer profiles and behavior.

Thanks to mobile, brands have incredible opportunities to reach consumers throughout the day, with the ability to engage targeted audiences anytime, anywhere.

A recent study from Deloitte shows that U.S. consumers check their phones an average of 46 times per day, giving brands a staggering amount of time to reach and interact with consumers. What is more, consumers now spend 90 percent of their mobile-media time in apps.

Where brands traditionally relied solely on traffic data and cookies to gauge success of mobile Web sites, apps provide an unprecedented level of user insight.

From time spent per page to in-app advertising impressions and conversions and even lat/long location data, apps give brands a more detailed view of engagement and success.

Coupling app analytics with data from technology such as GPS, Bluetooth and Wi-Fi allows brands to drive mobile consumers to online stores and bricks-and-mortar locations more effectively.

During the holiday shopping season, tools such as mobile marketing automation and proximity marketing give marketers a way to drive consumers in-store and engage them 1:1 with a click of a button.

For example, through geo-fencing, brands can create virtual boundaries around neighborhoods and retail stores, sending triggered messages alerting nearby consumers of in-store sales, inventory updates or app-specific discounts, then driving in-store foot traffic and conversions.

Marketers can also take advantage of boundaries around competitor stores.

Tired of seeing consumers pass your store for another? Geo-conquesting allows you to geo-fence competitor locations and trigger campaigns when your users cross them.

Mobile gives us the ability to monitor X, Y and even Z coordinates – latitude, longitude and floor level – to engage users when it will be most powerful and relevant.

Physical and virtual beacons will also be critical for connecting with 1:1 with consumers during the busy holiday season.

Beacon technology is forecasted to influence more than $40 billion of United States retail sales in 2016, and 61 percent of consumers plan on increasing their smartphone usage in-store.

The ability to send relevant, timely and personalized messages will be crucial. Because beacons are small and inexpensive, they can be placed in a variety of places such as store entrances, shopping carts and dressing rooms, and can be used to trigger friendly welcome messages and special offers for frequent shoppers.

CONSUMERS WILL ONCE again turn to mobile for a faster, more convenient holiday shopping experience.

In 2015, holiday shoppers spent a whopping $12.7 billion on mobile, and that number is expected to increase once again.

Even better news for brands is that data shows that one-third of consumers who use mobile devices to shop have a 20 percent higher conversion rate than those who do not.

Whether in-store or not, enabling fast and easy mobile purchases will be critical for capturing busy, on-the-go holiday shoppers.

For a successful 2016 holiday retail season, think mobile-first.

Taking advantage of mobile’s many opportunities and tapping into the extensive user insights it provides will help retailers better engage consumers during the busiest shopping season of the year, driving awareness, traffic and sales.


It’s not only large companies that face cyberattacks – there are affordable steps small companies can take to protect their business data and IT systems.

You can’t assume that your small business is not a target for hackers. As many as three-quarters of smaller businesses are at risk, according to the latest Government Security Breaches Survey, with the worst breaches costing up to £300,000.

Small companies face attack from multiple angles. “Like [larger] enterprises, they face targeted attackers who are interested in intellectual property and other confidential data, as well as using smaller organisations as a way into larger ones,” says David Emm, principal security researcher at Kaspersky Lab. “And like consumers, they face random, speculative attacks that make up the bulk of the threat landscape and are distributed indiscriminately by cybercriminals.”

That’s problematic for SMEs, which are less likely to have a dedicated IT department staffed with security professionals. “SMEs typically don’t allocate resources to cyber security, and they allocate very few resources to IT,” says Andy Patel, senior manager for technology outreach at F-Secure. “This leaves them open to attack in a variety of ways. A cyber security incident is likely to cost an SME proportionally more to recover from than a well-prepared company.”

Improving the security situation at your small business doesn’t need to be expensive, and it could well save you money in the long run. We asked experts across the security industry for their tips on how small businesses can stay secure without breaking the bank.

Adopt two-factor authentication

Take security into your own hands and enable two-factor authentication on any service or device used by the company for email accounts, social media feeds or more sensitive systems. Anyone using these accounts will need an extra credential to gain access from a new device, or to change profile settings, which stops hackers from breaking in even if passwords are leaked.

“Multi-factor authentication reduces the risk of a compromise, since a password alone is not enough to gain access to an online account,” says Mr Emm. “At the very least, multi-factor authentication should be mandatory for changes to account settings.” He adds that it’s essential for companies to shut down accounts, or change login credentials, when someone leaves employment.

Two-factor authentication does add steps to employees’ login procedures, so avoid frustrating them by taking it one step at a time. “Start with the critical accounts and scale up from there as it becomes a habit,” advises F-Secure security advisor Sean Sullivan.

Get smart with email

Email is a weak point for smaller enterprises, with criminals targeting companies with malware via phishing attacks. This is where an email is crafted to look like it’s coming from a trusted source, such as a supplier or bank, but is loaded with dodgy attachments or links to malicious pages, says Trustwave’s threat intelligence manager, Karl Sigler. “Our research has found that the vast majority of companies have been targeted with a phishing attack at least once over the past year, and the number is set to increase over the next 18 to 24 months.”

Phishing messages can be sent to any email address at random, but clever hackers can also use information gleaned online – from social networks, data breaches, or even your company website – to make attacks more effective (a trick called spear phishing).

To avoid becoming a victim, Mr Patel says staff should be trained to pay attention when reading an unexpected email. “Check the sender address carefully. Don’t open attachments you weren’t expecting. If you’re unsure, ask the sender. Be suspicious of certain file types – most people don’t use zip files nowadays. If you are asked to ‘enable content’ on an office document, don’t.”

Mr Sullivan takes a different approach. “Almost everybody can spot phishing during training,” he says. “Phishing works when people are distracted – and people are distracted by tools they don’t use well. Pay for productivity training and you will end up with better email hygiene.”

Avoid ransomware threats – and don’t pay up

Ransomware is where hackers gain control of your data, encrypt it and demand a payment to hand over the key. Research by Kaspersky Lab found that 49pc of SMEs believed such “crypto-malware” was one of the most serious threats they faced , with two-thirds of SMEs reporting complete or partial data loss from such attacks.

To mitigate the threat, follow the the email security tips above, as malicious messages are a common delivery method for crypto-malware, says Mr Emm. And, ensure your company has up-to-date, secure backups, so you aren’t forced to pay criminals to get your data back.

Beyond these steps, control access to files to those who need them, to help limit the spread of malware, and ensure staff don’t have administrator rights, as that makes it easier for malware to spread more widely across your network.

If you don’t have a backup, should you pay the demand? Mr Sigler says: “We would advise against paying the ransom as there’s no reason for the attacker to keep their promise and restore the system. Communicating with cyber criminals also provides them with more information, such as IP or email addresses, which can be used in future attacks – very likely if a company is willing to pay up.”

Undertake regular assessments

It’s an industry cliché, but the weakest link in any network is the people – and this applies to company leaders, as well as the IT department. “Security assessments should not be treated as a one-time event. It’s vital to perform regular testing to keep track of the fast-moving security landscape, especially if the business expands or implements new technology,” notes Mr Sigler, adding that Trustwave research revealed that one in five companies hadn’t done any testing in the past six months, “leaving them blind to new vulnerabilities and threats”.

So, what new threats are looming on the horizon? Kaspersky’s Mr Emm warns SMEs to keep an eye on the Internet of Things (IoT), which includes everything from smart CCTV cameras to connected children’s toys. “The IoT is bringing not only risks to privacy, but also the danger that connected devices will be used as a weak link to gain access to other systems,” he warns. Perhaps think twice before buying that web-connected coffee machine for the office kitchen.


When you read the following list of advantages of ecommerce for businesses and customers, you will get the sense that ecommerce is the holy grail of retail.

1. Overcome Geographical Limitations

If you have a physical store, you are limited by the geographical area that you can service. With an ecommerce website, the whole world is your playground. Additionally, the advent of mcommerce, i.e., ecommerce on mobile devices, has dissolved every remaining limitation of geography.

2. Gain New Customers With Search Engine Visibility

Physical retail is driven by branding and relationships. In addition to these two drivers, online retail is also driven by traffic from search engines. It is not unusual for customers to follow a link in search engine results, and land up on an ecommerce website that they have never heard of. This additional source of traffic can be the tipping point for some ecommerce businesses.

3. Lower Costs

One of the most tangible positives of ecommerce is the lowered cost. A part of these lowered costs could be passed on to customers in the form of discounted prices. Here are some of the ways that costs can be reduced with ecommerce:

  • Advertising and Marketing
    Organic search engine traffic, pay-per-click, and social media traffic are some of the advertising channels that can be cost-effective.
  • Personnel
    The automation of checkout, billing, payments, inventory management, and other operational processes, lowers the number of employees required to run an ecommerce setup.
  • Real Estate
    This one is a no-brainer. An ecommerce merchant does not need a prominent physical location.

4. Locate the Product Quicker

It is no longer about pushing a shopping cart to the correct aisle, or scouting for the desired product. On an ecommerce website, customers can click through intuitive navigation or use a search box to immediately narrow down their product search. Some websites remember customer preferences and shopping lists to facilitate repeat purchase.

5. Eliminate Travel Time and Cost

It is not unusual for customers to travel long distances to reach their preferred physical store. Ecommerce allows them to visit the same store virtually, with a few mouse clicks.

6. Provide Comparison Shopping

Ecommerce facilitates comparison shopping. There are several online services that allow customers to browse multiple ecommerce merchants and find the best prices.

7. Enable Deals, Bargains, Coupons, and Group Buying

Though there are physical equivalents to deals, bargains, coupons, and group buying,online shopping makes it much more convenient. For instance, if a customer has a deep discount coupon for turkey at one physical store and toilet paper at another, she may find it infeasible to avail of both discounts. But the customer could do that online with a few mouse-clicks.

8. Provide Abundant Information

There are limitations to the amount of information that can be displayed in a physical store. It is difficult to equip employees to respond to customers who require information across product lines. Ecommerce websites can make additional information easily available to customers. Most of this information is provided by vendors and does not cost anything to create or maintain.

9. Create Targeted Communication

Using the information that a customer provides in the registration form, and by placing cookies on the customer’s computer, an ecommerce merchant can access a lot of information about its customers. This, in turn, can be used to communicate relevant messages.

10. Remain Open All the Time

Store timings are now 24/7/365. Ecommerce websites can run all the time. From the merchant’s point of view, this increases the number of orders they receive. From the customer’s point of view, an “always open” store is more convenient.

11. Create Markets for Niche Products

Buyers and sellers of niche products can find it difficult to locate each other in the physical world. Online, it is only a matter of the customer searching for the product in a search engine. One example could be the purchase of obsolete parts. Instead of trashing older equipment for lack of spares, today we can locate parts online with great ease.