Did you know that 70% of Ransomware attacks come via e-mail?

Email remains the No. 1 threat vector for businesses, with a full 76% of ransomware attacks starting with a malicious message.
According to a survey from Barracuda, phishing—and particularly spear phishing—has become a lucrative art. The attackers also do not discriminate based on company size. Email remains one of the most widely used business communications tools, as well as one of the most commonly targeted threat vectors.
“Whether you are a mid-sized business with limited staff and resources, or a 10,000-employee organization with a dedicated security team and budget—we are all feeling the impact of these attacks,” said Hatem Naguib, senior vice president and general manager for the security business at Barracuda. He noted that criminals are taking the time to personalize the messages, crafting them to be compelling and convincing.
The survey showed that more than half (56%) of those we questioned admitted to being targeted by cyberattacks, with 84% of those admitting their organization felt a significant impact as a result. In fact, on average, organizations had been targeted by cyberattacks five times, with 43% targeted more than five times.
An earlier Barracuda study found that 92% of people surveyed are concerned about ransomware hitting their organization, and nearly half, or 47%, of respondents had been a victim of ransomware already.
The effects of an attack are not limited to the organization itself. More than three in 10 of those we questioned admitted that their customers (35%) and even their employees (32%) had lost faith in their security because of an attack. Perhaps most shocking from a global perspective, around one in five report a temporary closure of business (21%) or a loss of customers altogether (17%).
These figures become even more surprising when assuming that the bigger the company, the larger the security budget.
“Having a sizable security budget isn’t enough to make you immune,” said Naguib. “After all, it doesn’t really matter how much money there is in the budget when the majority of threats are still infiltrating organizations via email. This point brings us back to the very important notion that the most effective security plans include a combination of people and technology.”
Specifically, given that human error is at play, organizations must be prepared with a layered security strategy. That could include spam protection and malware filtering at the gateway, advanced threat protection and sandboxing technologies, and dedicated spear phishing solutions designed to stop highly-personalized attacks.

I will tell you I do not click on any link I do not know. When I see an e-mail from a friend that usually never e-mails me a link I delete it. Being very careful helps a lot!

Protect your small business from [Ransomeware]

Ransomware is a growth industry – and it's growing because it works. Attacks by hackers that lock up data unless a ransom is paid shot up an unbelievable 6000% worldwide in 2016 over the previous year. According to the FBI, hackers “earned” over a billion dollars in ransomware attacks in 2016, some five times over the amount they netted in 2015.

Despite the big numbers, it's small users who may be suffering the most. There's reason to believe that small businesses are among the primary targets – perhaps even more than big businesses - of ransomware hackers. According to one study, the average payment demanded by hackers for releasing a system was $679 – an amount that seems paltry, almost, except when you put it in context with who the victims of these demands really are.

Perhaps the most important statistic – the one that makes the whole effort worthwhile for hackers  - is that some 70% of victims pay up, according to a report by IBM. Of those, more than half paid $10,000 or more in ransom to free up their data. A Ponemon Institute study shows that 56% of companies surveyed said they are not ready to fend off ransomware attacks, and just 38% said they have a strategy to deal with ransomware and other malware.

Another Ponemon study says that while 66% of respondents rate the threat of ransomware as very serious, only 13% rated their companies’ preparedness to prevent ransomware as high.

While most small business owners believe that they are more or less immune to ransomware – you can't get blood from a stone, after all – the truth is that hackers are far less selective in their targets. One study shows that in 2015, 43% of all cyber-attacks, especially ransomware attacks, targeted small businesses.  Given the fact that most companies, large and small, pay off the hackers, there's no reason to believe that things will change in 2017.

That's the secret of ransomware success: There really is no business too small to be attacked. While the database of a local dry cleaner may not appear to be as important as that of a national bank, it is to the dry cleaner; hence, his willingness to pay, and if he can get his business back for $679, then the expense is certainly worth it, isn't it?

That is certainly a secret to hackers' ransomware success: Data is important to someone, somewhere – and to get their data back, people will pay. Of course, paying up is no guarantee that the hackers will release the security key that opens up the locked data; if a victim is willing to pay once, why not twice or thrice? 

Once an attack occurs, it's usually too late – although some victims have likely had luck using decryption tools from sites like the No More Ransom Project. Having a good backup system could help a business quickly recover from an attack, but it's not foolproof. In one survey of medium and large companies who didn't pay up, 81% of IT pros said they were “confident” they could cope with an attack, fully restoring their data from backup – but only 42% were able to do so.

That's likely with the advanced backup systems such organizations would have; most small businesses aren't that fortunate, and for most small business people, educating themselves – or paying a consultant to do it for them – about how to use the dizzying array of cyber-defense tools is probably a non-starter.

For them, prevention is going to be key. Indeed, preventing ransomware attacks from reaching companies in the first place is a lot like avoiding any other kind of malware – except that the stakes are higher, so organizations need to be very aware of what they can do, what they can't do, and what steps they need to take to upgrade their capabilities.

Prevent how? According to a report by Osterman Research, “email was the most likely attack vector for ransomware, either via email attachments or malicious links in email messages.” According to the report, 31% of ransomware attacks entered a business via a direct email link, while 28% entered via an email attachment (a Word document with “dirty macros,” for example). Only a quarter entered when engaging with a web site or an application – while infection rates from social media or USB sticks were negligible.

One effective way of disarming such attacks is to use a system that stops rogue files from getting onto the system in the first place, a “gatekeeper” that nabs malware-laden files before they are passed through to users. Instead of concentrating on detection, installing a system that prevents bad files from getting through in the first place.

Technology exists that allows systems to examine files before they are “waved through” by examining the code in an attachment or what lies behind a link, dissecting and reconstructing them to examine what is at their core. If an email or attachment checks out, it is allowed to proceed, and if not, it gets dumped, kept away from users and rendered harmless.

In any event, the bottom line for small businesses is clear: Get control of your email and/or how you engage with it, and you'll reduce your chances of becoming a ransomware victim by a whole lot. 

Remember it is not about you when working with clients [it is what you can do for your clients]

Great article by Chaz Horn!

IT'S NOT ABOUT YOU

The most useful thing I've learned and can teach you is to take your attention OFF of yourself and put it on the people who need your help. We can't help others when we are focused on ourselves.
At the end of the day, your potential customers don't give a crap about you. They need help, they need it now, so who CARES what kind of House you have on the Coast or how great your accomplishments are... How does what you do provide a specific and amazing OUTCOME for your clients/customers? If you truly care about the welfare of your clients/customers, but you are unable to reach them. Let's talk.
Everything in your business, from your offer, your sales process, marketing to your pricing, to your service & delivery, should be built around one big question:
"What Outcomes do we provide for our clients?"
At Mastery of Selling B2B, this is our mantra. It determines what we teach, whom we hire, and whom we do (and do not) let into our programs.
That one question will never, ever steer you wrong.
Money comes from serving. Serving comes from making the clients' success your #1 priority.

\I am guilty of forgetting this at times even after all of my years in sales. Listen to your client and then try to help them!

More to come later.

Joe Rossini

Marketing and sales and planing do hook together

Plan your work and work your plan that is an old saying but it still works today. This week I planned where I was going to make calls and as I like it they were all in an area that would save me on wear and tear and also I could make a lot of calls without wasting a lot of time. Time is money and by maximizing my time I set myself up to make more money.  If you are a young sales representative, consider mapping out your area and see how many potential customers are in that area.  Male calls on them, telephone then cold calls or set up calls and I bet you that you will increase your sales.  If you need help just call me at 913-244-6132 I can give you a few tips.

More to come soon.

Joe Rossini

Important security alert

Please read.....

National Cyber Awareness System:

TA17-164A: HIDDEN COBRA – North Korea’s DDoS Botnet Infrastructure

06/13/2017 11:45 AM EDT

Original release date: June 13, 2017

Systems Affected

Networked Systems

Overview

This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). This alert provides technical details on the tools and infrastructure used by cyber actors of the North Korean government to target the media, aerospace, financial, and critical infrastructure sectors in the United States and globally. Working with U.S. Government partners, DHS and FBI identified Internet Protocol (IP) addresses associated with a malware variant, known as DeltaCharlie, used to manage North Korea’s distributed denial-of-service (DDoS) botnet infrastructure. This alert contains indicators of compromise (IOCs), malware descriptions, network signatures, and host-based rules to help network defenders detect activity conducted by the North Korean government. The U.S. Government refers to the malicious cyber activity by the North Korean government as HIDDEN COBRA.
If users or administrators detect the custom tools indicative of HIDDEN COBRA, these tools should be immediately flagged, reported to the DHS National Cybersecurity Communications and Integration Center (NCCIC) or the FBI Cyber Watch (CyWatch), and given highest priority for enhanced mitigation. This alert identifies IP addresses linked to systems infected with DeltaCharlie malware and provides descriptions of the malware and associated malware signatures. DHS and FBI are distributing these IP addresses to enable network defense activities and reduce exposure to the DDoS command-and-control network. FBI has high confidence that HIDDEN COBRA actors are using the IP addresses for further network exploitation.
This alert includes technical indicators related to specific North Korean government cyber operations and provides suggested response actions to those indicators, recommended mitigation techniques, and information on reporting incidents to the U.S. Government.
For a downloadable copy of IOCs, see:

• IOCs (.csv)
• IOCs (STIX)

Description

Since 2009, HIDDEN COBRA actors have leveraged their capabilities to target and compromise a range of victims; some intrusions have resulted in the exfiltration of data while others have been disruptive in nature. Commercial reporting has referred to this activity as Lazarus Group[1] and Guardians of Peace.[2] DHS and FBI assess that HIDDEN COBRA actors will continue to use cyber operations to advance their government’s military and strategic objectives. Cyber analysts are encouraged to review the information provided in this alert to detect signs of malicious network activity.
Tools and capabilities used by HIDDEN COBRA actors include DDoS botnets, keyloggers, remote access tools (RATs), and wiper malware. Variants of malware and tools used by HIDDEN COBRA actors include Destover,[3] Wild Positron/Duuzer,[4] and Hangman.[5] DHS has previously released Alert TA14-353A,[6] which contains additional details on the use of a server message block (SMB) worm tool employed by these actors. Further research is needed to understand the full breadth of this group’s cyber capabilities. In particular, DHS recommends that more research should be conducted on the North Korean cyber activity that has been reported by cybersecurity and threat research firms.
HIDDEN COBRA actors commonly target systems running older, unsupported versions of Microsoft operating systems. The multiple vulnerabilities in these older systems provide cyber actors many targets for exploitation. These actors have also used Adobe Flash player vulnerabilities to gain initial entry into users’ environments.
HIDDEN COBRA is known to use vulnerabilities affecting various applications. These vulnerabilities include:

• CVE-2015-6585: Hangul Word Processor Vulnerability
• CVE-2015-8651: Adobe Flash Player 18.0.0.324 and 19.x Vulnerability
• CVE-2016-0034: Microsoft Silverlight 5.1.41212.0 Vulnerability
• CVE-2016-1019: Adobe Flash Player 21.0.0.197 Vulnerability
• CVE-2016-4117: Adobe Flash Player 21.0.0.226 Vulnerability

We recommend that organizations upgrade these applications to the latest version and patch level. If Adobe Flash or Microsoft Silverlight is no longer required, we recommend that those applications be removed from systems.
The indicators provided with this alert include IP addresses determined to be part of the HIDDEN COBRA botnet infrastructure, identified as DeltaCharlie. The DeltaCharlie DDoS bot was originally reported by Novetta in their 2016 Operation Blockbuster Malware Report. This malware has used the IP addresses identified in the accompanying .csv and .stix files as both source and destination IPs. In some instances, the malware may have been present on victims’ networks for a significant period.

Technical Details
DeltaCharlie is a DDoS tool used by HIDDEN COBRA actors, and is referenced and detailed in Novetta’s Operation Blockbuster Destructive Malware report. The information related to DeltaCharlie from the Operation Blockbuster Destructive Malware report should be viewed in conjunction with the IP addresses listed in the .csv and .stix files provided within this alert. DeltaCharlie is a DDoS tool capable of launching Domain Name System (DNS) attacks, Network Time Protocol (NTP) attacks, and Character Generation Protocol attacks. The malware operates on victims’ systems as a svchost-based service and is capable of downloading executables, changing its own configuration, updating its own binaries, terminating its own processes, and activating and terminating denial-of-service attacks. Further details on the malware can be found in Novetta’s report.

Detection and Response

HIDDEN COBRA IOCs related to DeltaCharlie are provided within the accompanying .csv and .stix files of this alert. DHS and FBI recommend that network administrators review the IP addresses, file hashes, network signatures, and YARA rules provided, and add the IPs to their watchlist to determine whether malicious activity has been observed within their organization.
When reviewing network perimeter logs for the IP addresses, organizations may find numerous instances of these IP addresses attempting to connect to their systems. Upon reviewing the traffic from these IP addresses, system owners may find that some traffic corresponds to malicious activity and some to legitimate activity. System owners are also advised to run the YARA tool on any system they suspect to have been targeted by HIDDEN COBRA actors. Additionally, the appendices of this report provide network signatures to aid in the detection and mitigation of HIDDEN COBRA activity.

Network Signatures and Host-Based Rules

This section contains network signatures and host-based rules that can be used to detect malicious activity associated with HIDDEN COBRA actors. Although created using a comprehensive vetting process, the possibility of false positives always remains. These signatures and rules should be used to supplement analysis and should not be used as a sole source of attributing this activity to HIDDEN COBRA actors.

Network Signatures

alert tcp any any -> any any (msg:"DPRK_HIDDEN_COBRA_DDoS_HANDSHAKE_SUCCESS"; dsize:6; flow:established,to_server; content:"|18 17 e9 e9 e9 e9|"; fast_pattern:only; sid:1; rev:1;)
________________________________________________________________
alert tcp any any -> any any (msg:"DPRK_HIDDEN_COBRA_Botnet_C2_Host_Beacon"; flow:established,to_server; content:"|1b 17 e9 e9 e9 e9|"; depth:6; fast_pattern; sid:1; rev:1;)
________________________________________________________________

YARA Rules

"strings:
$rsaKey = {7B 4E 1E A7 E9 3F 36 4C DE F4 F0 99 C4 D9 B7 94
A1 FF F2 97 D3 91 13 9D C0 12 02 E4 4C BB 6C 77
48 EE 6F 4B 9B 53 60 98 45 A5 28 65 8A 0B F8 39
73 D7 1A 44 13 B3 6A BB 61 44 AF 31 47 E7 87 C2
AE 7A A7 2C 3A D9 5C 2E 42 1A A6 78 FE 2C AD ED
39 3F FA D0 AD 3D D9 C5 3D 28 EF 3D 67 B1 E0 68
3F 58 A0 19 27 CC 27 C9 E8 D8 1E 7E EE 91 DD 13
B3 47 EF 57 1A CA FF 9A 60 E0 64 08 AA E2 92 D0}
condition: any of them"
________________________________________________________________
"strings:
$STR1 = "Wating" wide ascii
$STR2 = "Reamin" wide ascii
$STR3 = "laptos" wide ascii
condition: (uint16(0) == 0x5A4D or uint16(0) == 0xCFD0 or uint16(0) == 0xC3D4 or uint32(0) == 0x46445025 or uint32(1) == 0x6674725C) and 2 of them}"
________________________________________________________________
"strings:
$randomUrlBuilder = { 83 EC 48 53 55 56 57 8B 3D ?? ?? ?? ?? 33 C0 C7 44 24 28 B4 6F 41 00 C7 44 24 2C B0 6F 41 00 C7 44 24 30 AC 6F 41 00 C7 44 24 34 A8 6F 41 00 C7 44 24 38 A4 6F 41 00 C7 44 24 3C A0 6F 41 00 C7 44 24 40 9C 6F 41 00 C7 44 24 44 94 6F 41 00 C7 44 24 48 8C 6F 41 00 C7 44 24 4C 88 6F 41 00 C7 44 24 50 80 6F 41 00 89 44 24 54 C7 44 24 10 7C 6F 41 00 C7 44 24 14 78 6F 41 00 C7 44 24 18 74 6F 41 00 C7 44 24 1C 70 6F 41 00 C7 44 24 20 6C 6F 41 00 89 44 24 24 FF D7 99 B9 0B 00 00 00 F7 F9 8B 74 94 28 BA 9C 6F 41 00 66 8B 06 66 3B 02 74 34 8B FE 83 C9 FF 33 C0 8B 54 24 60 F2 AE 8B 6C 24 5C A1 ?? ?? ?? ?? F7 D1 49 89 45 00 8B FE 33 C0 8D 5C 11 05 83 C9 FF 03 DD F2 AE F7 D1 49 8B FE 8B D1 EB 78 FF D7 99 B9 05 00 00 00 8B 6C 24 5C F7 F9 83 C9 FF 33 C0 8B 74 94 10 8B 54 24 60 8B FE F2 AE F7 D1 49 BF 60 6F 41 00 8B D9 83 C9 FF F2 AE F7 D1 8B C2 49 03 C3 8B FE 8D 5C 01 05 8B 0D ?? ?? ?? ?? 89 4D 00 83 C9 FF 33 C0 03 DD F2 AE F7 D1 49 8D 7C 2A 05 8B D1 C1 E9 02 F3 A5 8B CA 83 E1 03 F3 A4 BF 60 6F 41 00 83 C9 FF F2 AE F7 D1 49 BE 60 6F 41 00 8B D1 8B FE 83 C9 FF 33 C0 F2 AE F7 D1 49 8B FB 2B F9 8B CA 8B C1 C1 E9 02 F3 A5 8B C8 83 E1 03 F3 A4 8B 7C 24 60 8D 75 04 57 56 E8 ?? ?? ?? ?? 83 C4 08 C6 04 3E 2E 8B C5 C6 03 00 5F 5E 5D 5B 83 C4 48 C3 }
condition: $randomUrlBuilder"
________________________________________________________________

Impact

A successful network intrusion can have severe impacts, particularly if the compromise becomes public and sensitive information is exposed. Possible impacts include:

• temporary or permanent loss of sensitive or proprietary information,
• disruption to regular operations,
• financial losses incurred to restore systems and files, and
• potential harm to an organization’s reputation.

Solution

Mitigation Strategies

Network administrators are encouraged to apply the following recommendations, which can prevent as many as 85 percent of targeted cyber intrusions. The mitigation strategies provided may seem like common sense. However, many organizations fail to use these basic security measures, leaving their systems open to compromise:

1. Patch applications and operating systems – Most attackers target vulnerable applications and operating systems. Ensuring that applications and operating systems are patched with the latest updates greatly reduces the number of exploitable entry points available to an attacker. Use best practices when updating software and patches by only downloading updates from authenticated vendor sites.
2. Use application whitelisting – Whitelisting is one of the best security strategies because it allows only specified programs to run while blocking all others, including malicious software.
3. Restrict administrative privileges – Threat actors are increasingly focused on gaining control of legitimate credentials, especially credentials associated with highly privileged accounts. Reduce privileges to only those needed for a user’s duties. Separate administrators into privilege tiers with limited access to other tiers.
4. Segment networks and segregate them into security zones – Segment networks into logical enclaves and restrict host-to-host communications paths. This helps protect sensitive information and critical services, and limits damage from network perimeter breaches.
5. Validate input – Input validation is a method of sanitizing untrusted input provided by users of a web application. Implementing input validation can protect against the security flaws of web applications by significantly reducing the probability of successful exploitation. Types of attacks possibly averted include Structured Query Language (SQL) injection, cross-site scripting, and command injection.
6. Use stringent file reputation settings – Tune the file reputation systems of your anti-virus software to the most aggressive setting possible. Some anti-virus products can limit execution to only the highest reputation files, stopping a wide range of untrustworthy code from gaining control.
7. Understand firewalls – Firewalls provide security to make your network less susceptible to attack. They can be configured to block data and applications from certain locations (IP whitelisting), while allowing relevant and necessary data through.

Response to Unauthorized Network Access

Enforce your security incident response and business continuity plan. It may take time for your organization’s IT professionals to isolate and remove threats to your systems and restore normal operations. Meanwhile, you should take steps to maintain your organization’s essential functions according to your business continuity plan. Organizations should maintain and regularly test backup plans, disaster recovery plans, and business continuity procedures.
Contact DHS or your local FBI office immediately. To report an intrusion and request resources for incident response or technical assistant, you are encouraged to contact DHS NCCIC (NCCICCustomerService@hq.dhs.gov or 888-282-0870), the FBI through a local field office, or the FBI’s Cyber Division (CyWatch@fbi.gov or 855-292-3937).

Protect Against SQL Injection and Other Attacks on Web Services

To protect against code injections and other attacks, system operators should routinely evaluate known and published vulnerabilities, periodically perform software updates and technology refreshes, and audit external-facing systems for known web application vulnerabilities. They should also take the following steps to harden both web applications and the servers hosting them to reduce the risk of network intrusion via this vector.

• Use and configure available firewalls to block attacks.
• Take steps to secure Windows systems, such as installing and configuring Microsoft’s Enhanced Mitigation Experience Toolkit (EMET) and Microsoft AppLocker.
• Monitor and remove any unauthorized code present in any www directories.
• Disable, discontinue, or disallow the use of Internet Control Message Protocol (ICMP) and Simple Network Management Protocol (SNMP) as much as possible.
• Remove unnecessary HTTP verbs from web servers. Typical web servers and applications only require GET, POST, and HEAD.
• Where possible, minimize server fingerprinting by configuring web servers to avoid responding with banners identifying the server software and version number.
• Secure both the operating system and the application.
• Update and patch production servers regularly.
• Disable potentially harmful SQL-stored procedure calls.
• Sanitize and validate input to ensure that it is properly typed and does not contain escaped code.
• Consider using type-safe stored procedures and prepared statements.
• Audit transaction logs regularly for suspicious activity.
• Perform penetration testing on web services.
• Ensure error messages are generic and do not expose too much information.

Permissions, Privileges, and Access Controls

System operators should take the following steps to limit permissions, privileges, and access controls.

• Reduce privileges to only those needed for a user’s duties.
• Restrict users’ ability (permissions) to install and run unwanted software applications, and apply the principle of “Least Privilege” to all systems and services. Restricting these privileges may prevent malware from running or limit its capability to spread through the network.
• Carefully consider the risks before granting administrative rights to users on their own machines.
• Scrub and verify all administrator accounts regularly.
• Configure Group Policy to restrict all users to only one login session, where possible.
• Enforce secure network authentication, where possible.
• Instruct administrators to use non-privileged accounts for standard functions such as web browsing or checking webmail.
• Segment networks into logical enclaves and restrict host-to-host communication paths. Containment provided by enclaving also makes incident cleanup significantly less costly.
• Configure firewalls to disallow Remote Desktop Protocol (RDP) traffic coming from outside of the network boundary, except for in specific configurations such as when tunneled through a secondary virtual private network (VPN) with lower privileges.
• Audit existing firewall rules and close all ports that are not explicitly needed for business. Specifically, carefully consider which ports should be connecting outbound versus inbound.
• Enforce a strict lockout policy for network users and closely monitor logs for failed login activity. Failed login activity can be indicative of failed intrusion activity.
• If remote access between zones is an unavoidable business need, log and monitor these connections closely.
• In environments with a high risk of interception or intrusion, organizations should consider supplementing password authentication with other forms of authentication such as challenge/response or multifactor authentication using biometric or physical tokens.

Logging Practices

System operators should follow these secure logging practices.

• Ensure event logging, including applications, events, login activities, and security attributes, is turned on or monitored for identification of security issues.
• Configure network logs to provide adequate information to assist in quickly developing an accurate determination of a security incident.
• Upgrade PowerShell to new versions with enhanced logging features and monitor the logs to detect usage of PowerShell commands, which are often malware-related.
• Secure logs in a centralized location and protect them from modification.
• Prepare an incident response plan that can be rapidly administered in case of a cyber intrusion.

References

• [1] IBM. Actor Lazarus Group – Blog Post by IBM X-Force Exchange.
• [2] Alien Vault. Operation Blockbuster Unveils the Actors Behind the Sony Attacks.
• [3] Symantec. Destover: Destructive Malware has links back to attacks on South Korea.
• [4] Symantec. Duuzer back door Trojan targets South Korea to take over computers.
• [5] FireEye. Zero-Day HWP Exploit.
• [6] US-CERT. Alert (TA14-353A) Targeted Destructive Malware. Original Release Date: 12/19/2014. | Last revised: 9/30/2016
• [7] Novetta. Operation Blockbuster Destructive Malware Report.

Advice on how to best drive user registration on mobile apps.

The article offers tips and advice on how to best drive user registration on mobile apps.

When it comes to creating, delivering, and optimizing apps, there are many questions that must be answered.
One of the most challenging questions to answer is “When is the right time to ask for registration?”
Done improperly or at the wrong time, it could cause users to churn. And when users churn, you have to work twice as hard to get them back.
Many app owners and marketers may think that they know how and when to ask users to register, but the most effective way to determine this is by testing and experimenting with the content and timing of the registration requests.
Here are a few tips to keep in mind:
Related Article: Mobile App Marketing: How Apps Contribute to the Consumer Journey

Asking Users to Register

For some apps, registration is an obvious requirement for accessing certain functionality. For example, banking apps may be able to locate the nearest ATM without registration, but to display account information, users must be registered.
If your app’s core functionality can only be accessed once users are registered, as is the situation with the banking apps, you should clearly explain the benefits to users when you ask them to register.
Otherwise, finding the right time to ask users to register, may be a little trickier. It might also require some testing until you get it just right. Your aim is to give your users enough functionality without registering that it will drive their desire to register.

How to Drive Registration

Think of your users as being in a relationship with you. As in any relationship, there is give and take. The successful relationships are the ones that achieve a balance. In fact, consider the dating scene. Coming up to attractive strangers and asking for their phone numbers rarely ends well; however, after an engaging conversation, when strangers want to get to know you better, they will be glad to offer their number.
To drive registration, give your users a chance to get to know your app. For example, a grocery store app may give users the ability to browse their inventory, view special deals, and add items to their shopping carts freely without registering. But when users want to create their own personal grocery lists or check out, the app asks for registration. In the relationship between app and user, the app needs to give value to drive the “take” of registration information.

Source: ClickTheCity.com

The Best Registration Process

The best registration process is certainly not about the font you use or even the amount of information you collect. The best registration process is the one that is easiest and friendliest for the user.
While you want to keep the registration form brief, some apps may have customers who feel uncomfortable with a process that is too short, as it doesn’t seem secure. A friendly UX will give users a sense of security, and if it is a longer registration process, you could use a slider form that indicates progress.
Often, the easiest way to register is to link to social accounts. It’s fast, and users often prefer it for its ease. From your side, it often gives you access to all of the information you need, effortlessly. Make it very clear that you’re not going to use or share their data with any third party. Use privacy or regulation icons, as necessary.

The Worst Registration Process

If the best registration process is the friendly one, the worst is the annoying one.

• Don't ask for registration as soon as users open the app. It may sound obvious, but there are thousands of apps out there that still require up-front registration
• Don't ask for registration before users have had a chance to see the value in the app
• Don't take anybody else’s word for it. Always test the timing as it relates to your target audience and their real-time actions

Related Article: Launching An App? You Need These Tips for Promotion

Perfect Timing

Experimenting with the timing for requesting registration is important, and the concept of “give and take” is crucial, here. You must choose the right time to offer your users something that will be of value to them based on their current activities (e.g. access to additional features) so that they will also give you something of value in return (e.g. their personal details and preferences).
For example, if yours is a Fandango-style movie app, you can track unregistered users who are looking at the list of movies and cinemas in your app. In order to get them to register, you must give them something of greater value, like access to movie critic reviews. Promising access to additional features, like critic reviews, that offer a higher value to the user is a fundamental tactic for driving registration. Your users know that in exchange for registering, they also receive something that is useful to them.
You can also offer different levels of registration in cases where some users are not yet prepared to give all of their personal details. In the example of the movie app, people still need to submit their email addresses in order to purchase tickets, even if they do not create a profile within your system.
However, this minimum level of registration is a starting point for you to communicate and build trust with the users so that they will eventually feel comfortable enough to complete their profiles. Once they are familiar with your app and have good experiences using it, they will be more inclined to give you more information.

More to come on this important topic!!!!!!

Ranking first is not always the best:

1. It's not necessary to get as many visitors as possible

Many people optimize their web pages because they want to get more website visitors. This usually is a good idea. However, it's likely that won't double your sales if you get twice as many visitors as now.
The additional visitors must come through keywords that convert to sales. It depends on what the searcher is looking for. If you are booking hotel rooms in Miami Beach, then people who enter "book miami beach hotel room" in Google's search box are exactly the people you're looking for.
But that's the best case. Depending on the intention of the searcher, the search terms can be different: "hotel" (general interest in hotels), "miami beach" (interested in general information about the place), "miami beach hotel" (looking for different offerings), etc. Getting high rankings for "miami beach" will get you many new visitors, but few new customers.

✔ Time-saving conclusion:

When you optimize your web pages, optimize them for keywords with a high conversion rate. Avoid vanity keywords that just look good. The more targeted the keywords are, the better. A small traffic increase for good keywords is much better than a big traffic increase for low quality keywords.

2. It's not always necessary to rank higher than your competitors

For some keywords, it doesn't matter if your website is listed on position 2 or position 7. Searchers will check multiple results on the first results page before they make a decision. If your website is listed in the top 3 results, it is possible that the time and effort that is necessary to move your website to position 1 is better used to get high rankings for new keywords.
The number of targeted visitors that you get through the new keywords might be more than the additional visitors that you get by increasing the position for a single keyword.

✔ Time-saving conclusion:

It's sometimes better to optimize for new keywords than to optimize for keywords for which you already have good rankings.

Keywords have been mentioned often in this article by Axandra and it makes me continue to tell people that keywords are important still very important. Many people I have talked to do not think they need keywords anymore, I say bull, you still need them and we can provide them for you!

More to come soon.

Joe Rossini

An interesting offer from Rossini.com

Build a Google ready website, internal reporting, the ability to make changes, hosting, e-mail, standard marketing for one year and more $4995.00. Cannot afford that at once then we finance it for $500.00 per month for one year! Twenty pages, twenty pictures, social media links and more. Contact me at 913-244-6132.

What do our web sites look like? Why don't you go look at http://rossini.com/portfolio.html

Did you want a phone application? Our pricing is generally around $2000.00 to create an Android app.

Examples of Mobile Applications: (Future options) Ottawa Kansas Coop

https://play.google.com/store/apps/details?id=com.conduit.app_70f82b685226435eb397063a16ad7351.app Mobile application for large Coop offering information about the company, list of contacts, descriptions and contact information for locations, access to customer functions, access to crop prices, and more. More to come soon!

Rossini.com can bring you leads!

How can we help you in your business? We can update your web site so it conforms more to what Google is looking for. We can make sure your keywords internally are keywords that people are looking for. We can do web based pr releases to push new products. We can add reporting that can tell you what is working and what is not on your marketing campaigns. We can submit you to the leading search engines. We can create e-mail campaigns to boost sales.  We can do a lot more but this is just a taste if you choose Rossini.com to help you in your business marketing.

More to come soon!

Internet security sort of

This is a short snippet about the way browsers I think will ove and combat retargeting. Retargeting is sometimes a neat way to follow potential web visitors but it can be pesky and sort of intrusive. Ever see a picture or an ad you might have clicked on a few days ago and then sudeenly you see it all the time, this is a form of retargeting.

Apple may be starting to fight this:

Among the announcements coming out of Apple’s WWDC developer conference is news that Safari will prevent cross-site tracking.
Apple Senior VP Craig Federighi said “intelligent tracking prevention” uses machine learning to keep trackers, namely ad trackers and third-party data trackers, from following users as they browse from site to site.
That browsing information data is routinely used for retargeting, interest and other behavioral ad targeting.
Ads themselves aren’t blocked, just the user’s previous browsing data. The move is “not about blocking ads — the web behaves as it always did, but your privacy is protected,” said Federighi.
We don’t have all the details yet, and we will update here if we learn more. The move again sets Safari apart from Google’s Chrome from a privacy perspective.
Federighi also said Safari will implement auto-play blocking to keep music and video from automatically playing when a page loads on websites.

I believe this sort of privacy protection will spread and many will click on the link to give them more privacy.

More to come.

Joe

New capabilities to look at

I have recently been testing new capabilities that I can offer to my customers.  One such capability is the capability to give you exact information on who is visiting your web site and where they visited. This is not perfect but you now would get on several occasions the name and telephone number of the potential client so you could call them! Just think if you could double or triple your sales because your sales support knew exactly who to call!

Another thing to think about is a call to action button on your e mail or on your web site that gives something away or at least gets a person to sign up thus once again, you have a name and perhaps a why they came in.

Another method I am looking at would target or re target ads to people that might have visited you for a reason and your sales machine leaves them a cookie so when they are surfing occasionally an ad from you shows up thus reminding them about your product!  If they came in, looked and left without buying,now you kinda follow them around occasionally and remind them on what a great product you have.

Reporting is another very important way to track if your marketing is working. Yes I have looked at Google Analytics but there are other packages that give you so much more information and are easy to use. If you are using adwords or email blasts or other marketing ideas, would it not be nice to know exactly if they are working?

I have also looked at various SEO products that assist you in making sure your product has good keywords, and proper SEO in place. If you spend a good chunk of change on making a new web site should  yo not know if the internals are right? Many people can write a we age but that is about as far as they can go, we go that extra step. Make sure your website is responsive. Make sure you have good keywords internally.

Just think, what would one or two more large orders be worth to you by using some of these new tactics. The new programming and reporting might only cost you as little as Two hundred per month, certainly one big lead would be worth this.

More to come soon.

Joe Rossini