During the summer of 2010, I undertook research on the attitudes surrounding and the use of Web 2.0 and social media in the recruitment sector in Ireland. Ireland seems to have been an early adopter of these technologies, more out of necessity rather than choice. As jobs became scarce during the global economic crisis toward the end of the first decade of the 21st century, the traditional recruitment agency business model became untenable and a number of established recruitment agencies fell victim to the recession. Many employers opted for resourcing candidates directly because of the ease of attraction of talent and as part of cost-cutting measures. These difficulties forced recruitment agencies to look at alternative business models, and Web 2.0 and social media offered a low-cost marketing and resourcing strategy. Since 2007 there has been a rising emergence and integration of Web 2.0 technologies into mainstream recruitment practices in Ireland to create a new breed of innovative, adaptive and flexible recruitment business model.

The market research, gathered in the form of a questionnaire, aimed at ascertaining (a) the adoption of and (b) the attitudes towards the use of social media resources in the recruitment sector in Ireland. The target market for the questionnaire was key stakeholders in the recruitment process – (a) HR and recruitment professionals and (b) jobseekers. The ultimate goal was to ascertain and map the changes that have taken place within the recruitment sector in Ireland between 2007 and 2010.

Download the Full Paper Here

The rise of the Blog is a recent phenomenon, with Jorn Barger coining the term “weblog” on Dec 17th, 1997 to describe his collection of links logged from the internet. This was further cropped to the term “blog” and in the 12 years since the first blog was published, the blog phenomenon has mutated from a geek niche to a world-dominating online publishing medium (Wortham, 2007). Some one hundred and thirty three million (133,000,000) blogs have been indexed by Technorati since 2002 (McLean, 2009), however there is uncertainty regarding the actual number of real active blogs online; how many of these are maintained regularly and how many were just sporadic flights of fancy for the online hobbyist? According to research conducted by Technorati in 2009 (McLean, 2009), four distinct sub-groups of bloggers exist:

(a) Hobbyists (72%) – by far the largest cohort in the study, hobbyist’s blog for fun and the majority do not want their blogging activities to be commercial.

(b) Part-Timers (15%) – blog to supplement their income, but don’t consider it to be a full-time job. They blog to share their expertise and to attract her business to their company.

(c) Self-Employed (9%) – blog full time for their own company or organisation. They value page views as opposed to personal satisfaction as a success metric. 70% report that they own a company.

(d) Corporate (4%) – blog full time for a company or organisation. Again, they place emphasis on page views as a success metric.

General Considerations when Writing for the Web

Writing for the web has evolved into a distinct style when compared to traditional media, such as books, magazines and newspapers. According to Nielsen, users behave and read differently online, with only 16% of users reading an article word-for-word (Nielsen, 1997). Users have a tendency to rapidly ‘scan’ online material. Nielsen’s famous 2006 eye-tracking study found that the dominant scanning pattern is an ‘F-shaped pattern, with users initially scanning horizontally across the page, then moving down slightly followed by a second shorter horizontal scan, finishing with a vertical scan down through the rest of the content (Nielsen, 2006). This scanning behaviour means that a number of factors need to be considered when writing online to facilitate this reading style.

Constructing the Headline

The headline should be carefully considered, short and snappy. The purpose of the title is to draw readers into the rest of the blog post. Most users will come across a blog post via RSS, a search engine listing or through links from other bloggers – hence the requirement for the snappy headline to captivate and draw them in (Rowse, 2008a). A number of different techniques have been put forward to achieve captivation of the reader through a headline including (a) Communicating a Benefit, (b) Creating Controversy or Debate, (c) Personalising Titles (using words like ‘You’ and ‘Your’), (d) Asking a Question, (e) Using Power Words such as ‘Free’ and ‘Secrets’ and (f) Humour (Rowse, 2008b).

Constructing and Formatting Content

To retain the interest of readers, content should be relevant, timely and scannable. No one will bother to spend time reading a blog which is nonsense, out-dated (except if it contains relevant or instructional information) or presented in a bland fashion with no sub-headings, links or formatting. According to Nielsen a number of strategies can be used to increase the scannability of a page, which can increase the likelihood of a post being assimilated (Nielsen, 1997). These include:

(a) The use of highlighted keywords, either using typeface variations

(b) The use of hypertext links to reference sources, to explain unusual words or concepts, to refer to further reading or to interlink to other content

(c) Sub-Headings which are relevant and meaningful, not cryptic or clever

(d) Bulleted lists, which order the information in an easily scannable format

(e) The ‘Inverted Pyramid’ writing style, where the most important information or conclusion is at the beginning of the post, lesser information towards the end.

(f) One idea or concept per paragraph

(g) Try to keep the content concise and short; a general rule is half the word count or less than conventional writing.

Sources & References

It is good practice to reference sources in a blog post with both a mention and a hyperlink (Sullivan, 2006). Sometimes it is good practice to include a complete bibliography of sources at the end of the post for clarity – this will add creditability to the post as readers can see at a glance the research that has gone into creating it. From a usability standpoint, include hyperlinks to references so readers can easily navigate to the source for confirmation or further reading; however ensure this hyperlink has a ‘_blank’ attribute and opens a new tab or users may permanently navigate away.

Spelling & Grammar

Spelling and grammatical errors in a blog post can detract from the creditability of the site. In a study of 4500 web users by Fogg (2002) of Stanford University, correct spelling was identified as one of the top 10 factors affecting the perceived creditability of a website (Fogg, 2002). It is straightforward and highly advisable to perform a spelling a grammar check prior to publishing online; most blogging platforms now have built-in plugins to automatically spell check posts.

Universal Audience

When writing for the web it is important to remember that not all readers are at your level of language comprehension or intelligence. Unless the post is highly technical or for a specific niche, it is best practice not to use sophisticated or highly technical language (Sullivan, 2006). Some readers may only have English as a second language and will navigate away if comprehension is too challenging. Some readers may be novices at a particular subject and will get bored if the language is too technical.

Corporate and Business Blogging

Blogging and social media for business are fast becoming a revolution in the online world, with company blogs and Facebook pages consistently moving toward mainstream adoption (Weil, 2009). There are many benefits to having a corporate blog or social media footprint, however a note of caution for the inexperienced user must be noted – as positive as they can be for business, they can be equally as damaging if not used correctly (O’Raghallaigh, 2010).

Corporate blogs offer a unique level of interaction with the customer – they can communicate information rapidly and receive feedback in the form of user comments. This creates a personal or social touch to a company, increasing trust and communication. Social Media for business, such as Facebook, Twitter and LinkedIn also have a similar effect, with the added benefit of access to niche and targeted groups, which can increase marketing effectiveness.

However, there are also a number of dangers associated with corporate blogs and social media for business if these tools are not used correctly. The nominated blogger or bloggers for a company must be in a position of trust, as their comments must represent the company’s message, not their own opinion. Horror stories of ‘loose-cannon’ corporate bloggers, who communicated their opinion rather that the company’s stance, has ended up in numerous libel cases in the US and lost business and reputation due to loose comments regarding other companies or customers in general (Broache, 2008). Twitter is especially dangerous as sometimes the language can be colloquial and company representatives can forget their context and tweet something rash. Once a comment is tweeted, there is a permanent record of it online, even if it is deleted from the users account.

A number of special considerations should be taken into account when blogging for business in addition to the general considerations outlined above (O’Raghallaigh, 2010).

1. Think before you blog or tweet – is this a message the company would post on its website? if you said this to your manager would he/she agree with it and post it via mail to your clients / customers? Would you see this on a memo from the CEO of the company for distribution to the media?
2. Keep opinions to a minimum as an opinion is subjective and there is bound to be at least one or two people that disagree with it; and the people that disagree with it could have been your next customer.
3. Keep it factual, but relevant – facts will enhance your reputation as a knowledgeable and intelligent corporate entity.
4. Avoid destructive criticism – no one likes people that put other people down or who lavishes in others misery.
5. Avoid giving away too much personal information – it’s a business blog, use your personal blog for this
6. Avoid giving away too much company information – competitors read your company blog too

Legal Considerations

As discussed briefly in the preceding section, there is the potential for legal consequences if any material published online constitutes an infringement of the law. This area is a legal minefield as the issue of jurisdiction becomes important – if an Irish resident publishes an inflammatory article on their blog that does not break libel or defamation laws in Ireland, but does constitute an infringement in the USA, there seems to be little if any recourse for the subject of the defamation from the USA. To this end, most of the case law surrounding defamation and libel by bloggers has come from America. The first recorded successful libel verdict against a blogger in the United States occurred on the 16th June 2004 (Bayard, 2007). In Banks v. Milum, the defendant David Milum, upset with his lawyer Rafe Banks over the handling of a prior case posted defamatory comments on a local political forum. He accused Banks of delivering bribes to judges on behalf of drug dealers. After deliberating for two days, the jury found Milum liable for defamation and awarded Banks $50,000 in general damages, but no punitive damages (Bayard, 2007). Although blogs appear to be an informal method of dissemination of information, bloggers should still be aware that there could be consequences if the posted material is potentially defamatory or libellous.

Conclusions

Writing for the web involves becoming familiar with a new type of audience; a reader who scans information rapidly, expects relevant information to be presented immediately and who will navigate away from the page at the slightest suggestion of incredibility. Headlines with capture attention, content which is presented in a formatted and scannable fashion with the most relevant information presented at the start will give the post the greatest chance of captivating an audience.

References

Bayard, S (2007). “Banks v. Milum” | www.citmedialaw.org | Retrieved online: 04.04.2010 | http://www.citmedialaw.org/threats/banks-v-milum

Broache, A (2008). “Corporate employee blogs: Lawsuits waiting to happen?” | www.cnet.com | Retrieved online: 05.04.2010 | http://news.cnet.com/8301-10784_3-9903070-7.html

Fogg, B.J. (2002). “Stanford Guidelines for Web Credibility.” A Research Summary from the Stanford Persuasive Technology Lab. | Stanford University | Retrieved online: 04.04.2010 | http://credibility.stanford.edu/guidelines/index.html

McLean, J (2009) “State of the Blogosphere 2009” | www.technorati.com | Retrieved online: 05.04.2010 | http://technorati.com/blogging/article/state-of-the-blogosphere-2009-introduction/

Nielsen, J. (1997) “How Users Read on the Web” | www.useit.com | Retrieved online: 05.04.2010 | http://www.useit.com/alertbox/9710a.html

Nielsen, J. (2006) “F-Shaped Pattern for Reading Web Content” | www.useit.com | Retrieved online: 05.04.2010 | http://www.useit.com/alertbox/reading_pattern.html

O’Raghallaigh, E. (2010) “Blogging and Social Media for Business – Powerful yet Dangerous Tools” | www.webscience.ie | Retrieved online: 05.04.2010 | http://webscience.ie/blog/2010/blogging-and-social-media-for-business-powerful-yet-dangerous-tools/

Sullivan, D. (2006) “Good Blog Writing Style” | www.blogscoped.com” | Retrieved online: 05.04.2010 | http://blogoscoped.com/archive/2006-10-11-n47.html

Rowse, D (2005) “Writing Blog Content – Make it Scannable” | www.problogger.net | Retrieved online: 05.04.2010 | http://www.problogger.net/archives/2005/08/19/writing-blog-content-make-it-scannable/

Rowse, D. (2008a) “How to Craft a Blog Post – 10 Crucial Points to Pause” | www.problogger.net | Retrieved online: 04.04.2010 | http://www.problogger.net/archives/2008/08/12/how-to-craft-a-blog-post-10-crucial-points-to-pause/

Rowse, D. (2008b) “How to Craft Post Titles that Draw Readers into Your Blog” | www.problogger.net | Retrieved online: 04.04.2010 | http://www.problogger.net/archives/2008/08/20/how-to-craft-post-titles-that-draw-readers-into-your-blog/

Weil, D. (2009) “Corporate Blogging Inches up Gartner’s Slope of Mainstream Adoption” | www.debbieweil.com | Retrieved online: 05.04.2010 | http://www.debbieweil.com/blog/corporate-blogging-inches-up-gartners-slope-of-mainstream-adoption/

Wortham, J. (2007) “After 10 Years of Blogging, the Future’s Brighter Than Ever” | www.wired.com | Retrieved online: 05.04.2010 | http://www.wired.com/entertainment/theweb/news/2007/12/blog_anniversary

When an ERP system works as designed, the benefits to the company can be immense – individual units can share information and tracks each other’s progress through business processes, allowing for decreased lead times and increased processing speed. For example, the finance department can check to see if an order has been shipped by accessing the logistics department or the human resources department can query the finance system automatically to see if an employee has been paid without having to pick up the phone.

Critical Issues & Success Factors

An ERP system implementation is a major undertaking for any company and can take considerable time to implement and cost millions of Euros. Once a system is implemented it can be very difficult and expensive to reverse or ‘roll back’ to the previous systems so significant planning is required to ensure the systems meets user requirements. It has been noted in the literature that the implementation of many ERP systems fail (Legare, 2002).

Definition of Business Processes

Having well defined business processes within a company prior to implementation of an ERP system is critical. In a recent paper the failure of an ERP system in a manufacturing company was examined. The authors noted that the management concluded that the system failed as no major differences in scorecards of management or operations were observed after a number of years running the new system. Following a consultation process the authors found that the main reason behind the disappointing performance was the absence of well-defined business processes rather than ERP software (Jong-Sung and Aggarwal, 2009). Prior to any implementation, business process reengineering needs to be undertaken to ensure success.

Management Buy-in

The literature surrounding implementation of information technology and software projects clearly demonstrates that if the project is to succeed, buy-in and support from top management is critical (Johnson, 1995). Management must recognize the strategic importance of the implementation of an ERP system as opposed to just viewing it as the roll-out of a new software system.

Collaboration with External Consultants

Because the ERP market has grown so rapidly, there has been a shortage of competent ERP consultants (Bingi et. al., 1999). Finding the right external consultants can be difficult and the challenge lies in managing them through the implementation. Because of this skills shortage, if an integral internal employee leaves a road block can be hit in the project, leading to significant costs and time loss, with the potential of project failure.

Project Champion

A project champion is more important in ERP implementations than in other IS implementations because ERP success hinges on overall organizational commitment and perseverance. The project champion should be a high-level executive within the organisation with the power to set business goals and implement change. Their role is critical in driving consensus among other executives and middle management and in overseeing the entire life cycle of the implementation (Fui-Hoon Nah, F. et. al., 2003). The project champion must constantly resolve conflicts and manage resistance as well as change to ensure the project move to successful completion (Stefanou, 1999).

Project Management

Good project management is essential because success in ERP implementation, as in most IS projects, is commonly evaluated based on the degree to which time and budget requirements are met (Fui-Hoon Nah, F. et. al., 2003).  The length of implementation is affected to a great extent by the number of modules being implemented, the scope of the implementation (different functional units or across multiple units spread out globally), the extent of customization, and the number of interfaces with other applications (Bingi et. al., 1999). Budgetary factors hinge mainly around human capital factors – the cost of proprietary software is economical compared with in-house development and the cost of implementation could be as high as three to five times the cost of the software. The greater the degree of customisation required, the greater the cost of the project (Bingi et. al., 1999). The cost of hiring external consultants can sometimes consume up to 30% of the total project budget, however hiring in expertise in the form of internal consultant present its own difficulties. The danger lies in highly-invested, highly trained staff being poached by competitors as their skill set is so much in demand (Bingi et. al., 1999).

Other critical success factors which are seen as essential to a successful implementation included; end-user involvement, communication and teamwork, training and support for users, a comprehensive change management plan, selection of the correct ERP system to meet the businesses goals, a vision statement and adequate business plan (Fui-Hoon Nah, F. et. al., 2003).

Benefits of ERP systems

One of the most important benefits of an ERP system for an organisation is that it provides the enterprise with the capacity to plan and manage its resources based on an integrated approach (Turban et al., 2003). ERP systems reduce operating costs, facilitate day-to-day management of business activities and support strategic planning. Many business functions can be integrated under one unified system including financial information management systems (FIS), human resource management systems (HRM), manufacturing information systems (MFIS), supply chain management systems (SCM), customer relationship management (CRM) systems and management information systems (MIS).

This integrated approach allows for ease of access to information in real time by different users along different points along the ERP. A user of the SCM system can query the MFIS to check lead time on product manufacturing and modify raw material stock levels accordingly or organise logistics for finished product. This ability to query different modules without the need for human interaction leads to an increase in efficiency and productivity, and ultimately profitability. Furthermore, it allows for reduced operating costs such as lower inventory control cost, lower production costs, lower marketing costs and lower support costs. The availability of shared information across different units also allows for an increase in the accuracy of forecasting which allows the organization to strategically plan future requirements. Successful planning and forecasting can decrease manufacturing lead times and product delivery times for customers, increasing satisfaction. An important example of how this has been used successfully within the supply chain is the ‘Just in Time’ (JIT) methodology, and is defined as a ‘philosophy of manufacturing based on planned elimination of all waste and on continuous improvement of productivity’. The basic elements of JIT were developed by Toyota in the 1950’s, and became known as the Toyota Production System (TPS) (Liker, 2003).

Benefits of Business-to-Business (B2B) SCM systems

Supply chain management (SCM) is the management of a network of interconnected businesses involved in the ultimate provision of product and service packages required by end customers (Harland, 1996). SCM incorporates all storage and movement of raw materials, in-process inventory and finished goods from the point of origin to the point of consumption, this progression termed the supply chain.

Organizations can benefit from SCM systems by reducing operating costs, reducing inventory and raw material warehousing costs, reducing wastage, optimizing logistics and increasing customer satisfaction.  Companies using an ERP SCM system have access to forecasting and analysis tools which allow supply chain managers to predict the amount of raw materials required in a defined future period. This forecasting system allow them to order the optimum amount of raw materials needed, within an acceptable level of error, so that unnecessary stock in not transported, off loaded and stored, as these processes cost money and resources. Similarly, with in-process inventory, warehousing costs can be reduced with tight control over the amount of goods traversing the supply chain at any particular point. With special reference to the food industry, wastage and spoilage can be minimized by effective supply chain management systems, however, special factors such as shelf life and storage temperature need to be taken into account. With increased operating efficiency, delivery times can be predicted with a level of accuracy and this can lead to an increase in customer satisfaction.  ERP SCM systems can also support complex supply chain methodologies such as make-to-order (MTO), make-to-stock (MTS) or just-in-time (JIT) and collaborative programs such as vendor managed inventory (VMI) and continuous replenishment programs (CRP).

Copyright Eamonn O’Raghallaigh 2010 / WebScience Ltd

E-commerce is defined as the buying and selling of products or services over electronic systems such as the Internet and to a lesser extent, other computer networks. It is generally regarded as the sales and commercial function of eBusiness. There has been a massive increase in the level of trade conducted electronically since the widespread penetration of the Internet. A wide variety of commerce is conducted via eCommerce, including electronic funds transfer, supply chain management, Internet marketing, online transaction processing, electronic data interchange (EDI), inventory management systems, and automated data collection systems. US online retail sales reached $175 billion in 2007 and are projected to grow to $335 billion by 2012 (Mulpuru, 2008).

This massive increase in the uptake of eCommerce has led to a new generation of associated security threats, but any eCommerce system must meet four integral requirements:

a) privacy – information exchanged must be kept from unauthorized parties

b) integrity – the exchanged information must not be altered or tampered with

c) authentication – both sender and recipient must prove their identities to each other and

d) non-repudiation – proof is required that the exchanged information was indeed received (Holcombe, 2007).

These basic maxims of eCommerce are fundamental to the conduct of secure business online. Further to the fundamental maxims of eCommerce above, eCommerce providers must also protect against a number of different external security threats, most notably Denial of Service (DoS). These are where an attempt is made to make a computer resource unavailable to its intended users though a variety of mechanisms discussed below. The financial services sector still bears the brunt of e-crime, accounting for 72% of all attacks. But the sector that experienced the greatest increase in the number of attacks was eCommerce. Attacks in this sector have risen by 15% from 2006 to 2007 (Symantec, 2007).

2. Privacy

Privacy has become a major concern for consumers with the rise of identity theft and impersonation, and any concern for consumers must be treated as a major concern for eCommerce providers. According to Consumer Reports Money Adviser (Perrotta, 2008), the US Attorney General has announced multiple indictments relating to a massive international security breach involving nine major retailers and more than 40 million credit- and debit-card numbers. US attorneys think that this may be the largest hacking and identity-theft case ever prosecuted by the justice department. Both EU and US legislation at both the federal and state levels mandates certain organizations to inform customers about information uses and disclosures. Such disclosures are typically accomplished through privacy policies, both online and offline (Vail et al., 2008).

In a study by Lauer and Deng (2008), a model is presented linking privacy policy, through trustworthiness, to online trust, and then to customers’ loyalty and their willingness to provide truthful information. The model was tested using a sample of 269 responses. The findings suggested that consumers’ trust in a company is closely linked with the perception of the company’s respect for customer privacy (Lauer and Deng, 2007). Trust in turn is linked to increased customer loyalty that can be manifested through increased purchases, openness to trying new products, and willingness to participate in programs that use additional personal information. Privacy now forms an integral part of any e-commerce strategy and investment in privacy protection has been shown to increase consumer’s spend, trustworthiness and loyalty.

The converse of this can be shown to be true when things go wrong. In March 2008, the Irish online jobs board, jobs.ie, was compromised by criminals and users’ personal data (in the form of CV’s) were taken (Ryan, 2008). Looking at the real-time responses of users to this event on the popular Irish forum, Boards.ie, we can see that privacy is of major concern to users and in the event of their privacy being compromised users become very agitated and there is an overall negative effect on trust in e-commerce. User comments in the forum included: “I’m well p*ssed off about them keeping my CV on the sly”; “I am just angry that this could have happened and to so many people”; “Mine was taken too. How do I terminate my acc with jobs.ie”; “Grr, so annoyed, feel I should report it to the Gardai now” (Boards.ie, 2008).

3. Integrity, Authentication & Non-Repudiation

In any e-commence system the factors of data integrity, customer & client authentication and non-repudiation are critical to the success of any online business. Data integrity is the assurance that data transmitted is consistent and correct, that is, it has not been tampered or altered in any way during transmission. Authentication is a means by which both parties in an online transaction can be confident that they are who they say they are and non-repudiation is the idea that no party can dispute that an actual event online took place. Proof of data integrity is typically the easiest of these factors to successfully accomplish. A data hash or checksum, such as MD5 or CRC, is usually sufficient to establish that the likelihood of data being undetectably changed is extremely low (Schlaeger and Pernul, 2005). Notwithstanding these security measures, it is still possible to compromise data in transit through techniques such as phishing or man-in- the-middle attacks (Desmedt, 2005). These flaws have led to the need for the development of strong verification and security measurements such as digital signatures and public key infrastructures (PKI).

One of the key developments in e-commerce security and one which has led to the widespread growth of e-commerce is the introduction of digital signatures as a means of verification of data integrity and authentication. In 1995, Utah became the first jurisdiction in the world to enact an electronic signature law. An electronic signature may be defined as “any letters, characters, or symbols manifested by electronic or similar means and executed or adopted by a party with the intent to authenticate a writing” (Blythe, 2006). In order for a digital signature to attain the same legal status as an ink-on-paper signature, asymmetric key cryptology must have been employed in its production (Blythe, 2006). Such a system employs double keys; one key is used to encrypt the message by the sender, and a different, albeit mathematically related, key is used by the recipient to decrypt the message (Antoniou et al., 2008). This is a very good system for electronic transactions, since two stranger-parties, perhaps living far apart, can confirm each other’s identity and thereby reduce the likelihood of fraud in the transaction. Non-repudiation techniques prevent the sender of a message from subsequently denying that they sent the message. Digital Signatures using public-key cryptography and hash functions are the generally accepted means of providing non-repudiation of communications

4. Technical Attacks

Technical attacks are one of the most challenging types of security compromise an e-commerce provider must face. Perpetrators of technical attacks, and in particular Denial-of-Service attacks, typically target sites or services hosted on high-profile web servers such as banks, credit card payment gateways, large online retailers and popular social networking sites.

Denial of Service Attacks

Denial of Service (DoS) attacks consist of overwhelming a server, a network or a website in order to paralyze its normal activity (Lejeune, 2002). Defending against DoS attacks is one of the most challenging security problems on the Internet today. A major difficulty in thwarting these attacks is to trace the source of the attack, as they often use incorrect or spoofed IP source addresses to disguise the true origin of the attack (Kim and Kim, 2006).

The United States Computer Emergency Readiness Team defines symptoms of denial-of-service attacks to include (McDowell, 2007):

• Unusually slow network performance

• Unavailability of a particular web site

• Inability to access any web site

• Dramatic increase in the number of spam emails received

DoS attacks can be executed in a number of different ways including:

ICMP Flood (Smurf Attack) – where perpetrators will send large numbers of IP packets with the source address faked to appear to be the address of the victim. The network’s bandwidth is quickly used up, preventing legitimate packets from getting through to their destination

Teardrop Attack – A Teardrop attack involves sending mangled IP fragments with overlapping, over-sized, payloads to the target machine. A bug in the TCP/IP fragmentation re-assembly code of various operating systems causes the fragments to be improperly handled, crashing them as a result of this.

Phlashing – Also known as a Permanent denial-of-service (PDoS) is an attack that damages a system so badly that it requires replacement or reinstallation of hardware. Perpetrators exploit security flaws in the remote management interfaces of the victim’s hardware, be it routers, printers, or other networking hardware. These flaws leave the door open for an attacker to remotely ‘update’ the device firmware to a modified, corrupt or defective firmware image, therefore bricking the device and making it permanently unusable for its original purpose.

Distributed Denial-of-Service Attacks

Distributed Denial of Service (DDoS) attacks are one of the greatest security fear for IT managers. In a matter of minutes, thousands of vulnerable computers can flood the victim website by choking legitimate traffic (Tariq et al., 2006). A distributed denial of service attack (DDoS) occurs when multiple compromised systems flood the bandwidth or resources of a targeted system, usually one or more web servers. The most famous DDoS attacks occurred in February 2000 where websites including Yahoo, Buy.com, eBay, Amazon and CNN were attacked and left unreachable for several hours each (Todd, 2000).

Brute Force Attacks – A brute force attack is a method of defeating a cryptographic scheme by trying a large number of possibilities; for example, a large number of the possible keys in a key space in order to decrypt a message. Brute Force Attacks, although perceived to be low-tech in nature are not a thing of the past. In May 2007 the internet infrastructure in Estonia was crippled by multiple sustained brute force attacks against government and commercial institutions in the country (Sausner, 2008). The attacks followed the relocation of a Soviet World War II memorial in Tallinn in late April made news around the world.

5. Non-Technical Attacks

Phishing Attacks

Phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication. Phishing scams generally are carried out by emailing the victim with a ‘fraudulent’ email from what purports to be a legitimate organization requesting sensitive information. When the victim follows the link embedded within the email they are brought to an elaborate and sophisticated duplicate of the legitimate organizations website. Phishing attacks generally target bank customers, online auction sites (such as eBay), online retailers (such as amazon) and services providers (such as PayPal). According to community banker (Swann, 2008), in more recent times cybercriminals have got more sophisticated in the timing of their attacks with them posing as charities in times of natural disaster.

Social Engineering

Social engineering is the art of manipulating people into performing actions or divulging confidential information. Social engineering techniques include pretexting (where the fraudster creates an invented scenario to get the victim to divulge information), Interactive voice recording (IVR) or phone phishing (where the fraudster gets the victim to divulge sensitive information over the phone) and baiting with Trojans horses (where the fraudster ‘baits’ the victim to load malware unto a system). Social engineering has become a serious threat to e-commerce security since it is difficult to detect and to combat as it involves ‘human’ factors which cannot be patched akin to hardware or software, albeit staff training and education can somewhat thwart the attack (Hasle et al., 2005).

6. Conclusions

In conclusion the e-commerce industry faces a challenging future in terms of the security risks it must avert. With increasing technical knowledge, and its widespread availability on the internet, criminals are becoming more and more sophisticated in the deceptions and attacks they can perform. Novel attack strategies and vulnerabilities only really become known once a perpetrator has uncovered and exploited them. In saying this, there are multiple security strategies which any e-commerce provider can instigate to reduce the risk of attack and compromise significantly. Awareness of the risks and the implementation of multi-layered security protocols, detailed and open privacy policies and strong authentication and encryption measures will go a long way to assure the consumer and insure the risk of compromise is kept minimal.

Copyright Eamonn O’Raghallaigh 2010 / Webscience Ltd.

Download the White Paper Here

Corporate blogs offer an unique level of interaction with the customer – they can communicate information rapidly and receive feedback in the form of user comments. This creates a personal or social touch to a company, increasing trust and communication. Social Media for business, such as Facebook, Twitter and LinkedIn also have a similar effect, with the added benefit of access to niche and targeted groups, which can increase marketing effectivness.

However, there are also a number of dangers associated with corporate blogs and social media for business if these tools are not used correctly. The nominated blogger or bloggers for a company must be in a position of trust, as their comments must represent the company’s message, not their own opinion. Horror stories of ‘loose-cannon’ corporate bloggers, who communicated their opinion rather that the company’s stance, has ended up in numerous libel cases in the US and lost business and reputation due to vitreous or loose comments regarding other companies or customers in general. Twitter is especially dangerous as sometimes the language can be colloquial and company representatives can forget their context and tweet something rash. Once a comment is tweeted, there is a permanent record of it online, even if it is deleted from the users account.

A corporate blogger should follow the following basic rules to ensure that they or their company doesn’t end up in court or suffer loss of reputation or business:

1. Think before you blog or tweet – is this a message the company would post on its website? if I said this to my manager would he/she agree with it and post it via mail to your clients? would you see this on a memo from the CEO of the company for distribution to the media?
2. Keep opinions to a minimum as an opinion is subjective and there is bound to be at least one or two people that disagree with it; and the people that disagree with it could have been your next customer.
3. Keep it factual, but relevant – facts will enhance your reputation as a knowledgeable and intelligent corporate entity.
4. Avoid destructive criticism – no one likes people that put other people down or who lavishes in others misery.
5. Avoid giving away too much personal information – its a business blog, use your personal blog for this
6. Avoid giving away too much company information – competitors read your company blog too

Blogs and Social Media can be very rewarding for business as long as the boundaries are drawn and that the company bloggers know their limits.

Keep it safe, keep it positive, keep it factual  and keep it coming…

The research has shown the most viewed areas on a web page, and it follows a ‘F’ shape pattern. This research is valuable as it points to where the most important content on a website should be. When writing content ensure the most important information is contained in the first paragraph, as many users will not read past the second paragraph.

___________________________________

The material in this post was researched at:

http://www.useit.com/eyetracking/

Findings from Nielsen Norman Group’s usability studies using eye tracking technology.

“Eyetracking Web Usability”, New Riders Press
December 14, 2009
ISBN-10: 0-321-49836-4
ISBN-13: 978-0-321-49836-6

Buy the book from from Amazon.co.uk, Waterstone’s, or WHSmith