You can’t stop what you can’t see coming. Understanding the value of intelligence gathering on the Dark Web and gaining Open Source tools to better protect your company

The Dark Web is inherently scary for those who are unfamiliar with it, which to be frank, is most of us. Even asking most regular internet users to define what the Dark Web is could be quite a stretch. Most will probably rattle off something about open-air drug markets, illicit pornography, and possibly something about it being used by the Islamic State for planning their plots with sleeper cells in the West.

While some of these nasty groups have found their home on the less traveled parts of the internet known as the Dark Web, the real story and how it affects the world of security, is far, far more interesting than drug dealers and pedophiles.

What is the Dark Web?

In the simplest of terms, the Dark Web is a part of the World Wide Web that is accessible through special browsers like Tor. Built with layers of encryption, the Dark Web provides a level of anonymity and freedom from surveillance that is no longer possible on the open web.

The Dark Web and browsers like Tor were originally built for activists living under repressive regimes to be able to organize and communicate without fear of reprisal, using mirroring tools to hide their identities. A deeper look into the history shows that the U.S. Navy had a hand in this project, seeking a way for undercover agents to send information anonymously. Unsurprisingly, hackers looking to engage in illegal activities, like selling stolen identities and credit cards, also found it a great place to set up shop.

Over time, a collection of chat forums and other online spaces have popped up to serve the hacker community. Need a fully ready exploit kit for your next ransomware attack? Looking for partners to attack that bank in Madrid? Want to take credit for a string of database hacks and find interested customers for the information?

All you need to do is dig a little and you’ll find your niche chat group. More importantly, these are places where hackers can discuss how to carry out attacks and share knowledge. This can be as simple as asking who wants to join in a hack against a specific target. In other cases, they can talk about vulnerabilities in certain kinds of widely used code, utilizing the hive mind to problem solve.

However, just as the black hats have taken a tool designed for good (the Dark Web) and used it for crime, the white hats are entering their sanctum sanctorum, turning the tables on some of these no-goodniks.

Observing Hackers in the Wild

Just as intelligence gathering plays a crucial role for stopping crime in the physical world, the security industry has realized that the discussions playing out online can be just as important — if not more so. Cyber security companies stake out chat rooms and message boards, listening and recording important bits of information, so that they can be in the know and ready to predict the next wave of attacks from hackers.

One interesting case of picking up chatter in Dark Web chat rooms that produced surprising results was discussed in a 2012 study by the cyber security company Imperva. In their report detailing the most popular topics of conversation in Dark Web forums, they noted that SQL injection (SQLi) and DDoS attacks were tied for first place with 19% of the total thought pie. For a researcher that is worth their salt, this should indicate that a whole lot of hackers are very interested in these two techniques, and their clients had better be prepared to handle them.

Beyond techniques that talk about how to carry out hacks, there are often discussions surrounding vulnerabilities that companies should take notice of. Whether they concern vulnerabilities in a widely utilized open source library, or the fact that hospitals are more likely to pay ransoms quickly to get their data back, these forums provide important insights into the hacker mind space.

But gaining access to the deeper level, invite-only chat groups takes time, and frankly a lot of luck. Security researchers are under no illusion that they are about to interrupt the intricate battle plan for the next WannaCry ransomware attack by stumbling through a low level forum of n00bie hackers.

However, the game is less directed at finding that one tip off, and more about watching the herd. Hackers are at their best when they work as a community. Therefore, any noticeable changes in the kinds of job postings that are going up for dirty work or in the kinds of questions that are quickly rising to the top of the heap can lead to some very actionable intel.

Sharing is Caring

So, what can your company do to protect itself against the hordes of hackers that seem to loiter around the shadier corners of the internet, plotting together to undermine your product’s security?

Thankfully, the developer community knows how to come together as well, working to protect each other with information sharing. Once a piece of malware or information regarding an upcoming attack is found, it can be transmitted through various channels, including a number of tools that were set up by the open source community.

The Structured Threat Information Expression (STIXTM) format was developed by the OASIS Open organization as a machine readable standardized language to help share cyber threat intelligence. When a researcher or developer spots a piece of malware or other intel in the wilds of the Dark Web, they can pass the information on using STIX’s application transport protocol known as the Trusted Automated Exchange of Intelligence Information (TAXXII).

The MISP project is another open source threat intelligence platform with its own open standards for sharing information. This free platform also relies on user input and automation to help get the word out quickly.

All these tools detailed above are open for review on GitHub with full documentation.

For those looking for an even more expansive list of resources for tackling threats, feel free to peruse the resources that were compiled by the GitHub user called hslantman.

What does the future hold for staying secure on the Dark Web?

Even with these numerous resources, the Dark Web can still feel like a scary place because — like its cousin the Deep Web — it is uncharted territory. Hoping to shed some light here, the U.S. defense establishment’s DARPA group has backed the Memex project, which aims to build machine learning-based crawlers that are capable of searching through the Dark Web.

While the creator’s objective thus far has been to laudably help law enforcement root out human traffickers, these types of efforts to scan through the murkier sides of the internet should be met with some caution.
As privacy becomes harder to maintain online, the public may turn to the Dark Web for greater anonymity. Like freedom of speech, once anonymity is gone for those we disagree with, it is lost for the rest of us as well.

Even as more tools are developed for automating the search for threats on the Dark Web, much of the hard work will remain in human hands keeping their fingers to the pulse of the forums, listening to chatter, and waiting for new threats to emerge.

Author Bio:

Rami Sass is CEO and Co-Founder of WhiteSource , the leading open source security and compliance management platform. Rami is an experienced entrepreneur and executive with vast experience in defining innovative products, leading technology groups and growing companies from seed level to business maturity.

https://samplecic.ch/discovering-the-threats-below-the-surface-on-the-dark-web-4.html

When it comes to smart city innovation, it’s arguable that most use cases are not that exciting to the average resident. A connected garbage bin, traffic light or parking meter is not going to cause applause and adoration for city officials at least in the first instance. But as more and more local systems start to communicate, it will start to make more sense and increase consumer satisfaction, at least until residents forget a life before they existed.

I spoke to Peeter Kivestu, director of travel industry solutions and marketing from analytics solutions and consulting services company, Teradata.  Kivestu believes that much of the focus has been on connecting the ‘things’ rather than the data within. The value of data grows with use according to Kivestu: “If you have data and you use it, it increases in value, particularly if you curate it, integrate it or get to use it in a purposeful way.”

He believes that there’s an opportunity for cities to embrace a platform business model where the city enables a level of connectivity around its data. Inherent to this is what he calls a smart data exchange, a new kind of asset that enables cities to evolve into a new way of delivering value for its citizens so this when it gets back to the social economic benefits.

Smart data from cities is, for the most part, siloed and fragmented

According to Kivestu:

“A city is working when all of its systems work together and when all of its people benefit in some way. But when systems are disconnected or parts of the population are disconnected and not able to access value, then the city is dysfunctional. A city is a system of systems. Yes the systems themselves are physically connected. So you’ve got highways, energy systems and buildings and city services they’re all there happily coexisting in the real universe, but digitally they’re not connected at all.”

Kivestu offers the example of wanting to attend a football game at a local stadium, mindful that traffic around the stadium will be at capacity:

“I’m just going to drive my car to a local parking lot and park there and take transit. So that’s a reasonable thing to do and I can do that in the physical world. Digitally I can find out when the transit is leaving, the departure times and so forth. But I really don’t have any idea about the situation in the parking lot so I drive my car to the parking lot. I find out the parking lot is full and therefore I miss the transit and I miss the football game.”

This kind of technology in progress and shared data would increase opportunities for innovation in this space. For example, smart app, Just Park, that sells parking spaces that guide you not only to the stadium but your seat. Smart stadiums can also benefit staff and officials through accurate real-time data such as the number of people present and their locations, tools that are useful in case of an emergency or a missing child. Smart surveillance can also be utilized to provide safety evacuation information such as instructions and directions in the case of an emergency analytics can be coordinated with weather and traffic information outside of the stadium. This means fans can leave happy, with the knowledge of their fastest route home.

Connecting Commercial and Public Infrastructure

However, for this to happen outside of the commercial arena, like smart stadiums, the data needs to be connected across the city and commercial infrastructure. As Kivestu explains:

“There are lots of cases where we have data but it resides in silos as it was built for different purposes. For example, there are safety implications to create variable speed limits on highways. If there’s been a blockage on the highway up ahead of you then the variable speed limit sign shows a lower speed to warn drivers that ahead of traffic congestion.

However, the two systems of data that collect the blockage on the highway and determine the speed shown on the highway live in two different environments. So if somebody comes along and asks a question ‘Do variable speed limits work?’ The next thing they find it will not be easy to answer not knowing that they operate in two different systems. Then, in the process of bringing the data together, you find that the data is measured in different units or the speed limits are on roadway mile markers and the highway speed data is referenced in some other way making them difficult to compare from a data perspective.”

 Good data is open data with cities setting their own needs based local agenda

Integral to the notion of a shared data repository is accessible open data, a concept embraced in many cities including LA, Barcelona and New York. Many cities are opening their data to both businesses, universities, and citizens to enable them to gain in-depth insight into the lived reality of the city.  Every guy who wants to build an app like that if they have to go build their own data systems it is going to take longer.”

Ultimately, Kivestu believes that each city needs to determine what data is most fundamental to the life of their city.

“It may be sustainability, greenhouse gases, the best way to distribute electric vehicle charging stations or what should be built and where. The growth of electric vehicles means that it makes sense for car and electricity grid data to be connected.

You want to give developers the information so that they have so that they are encouraged to do the right thing. Smart cities need to make life better in the city especially with an aging population base. These problems are not going to go away.”

https://samplecic.ch/smart-data-exchange-will-bring-value-to-smart-city-innovation.html

According to Gartner forecast, there are 8.4 billion internet-connected IoT devices in use currently and most new business systems and business processes will incorporate IoT. Ericsson Mobility report predicts that the number of IoT connected devices will reach 28 billion marks globally by 2021 and it would surpass the number of mobile devices.

Cisco estimates endorses that point as they predict that there would be 3.4 connected devices per person by 2020. All these statistics shows why IoT is the hottest emerging technology and it has a bright future ahead. Even businesses have started taking IoT seriously and are looking to maximize their efficiency by using internet of things. We might see a significant increase in investments in the field of internet of things.

See also: Vint Cerf sees big IoT security issues in our future

Every coin has two sides. Similarly, emerging technologies also have their drawbacks. One of the biggest downside of internet of things (IoT) is security and privacy because online privacy was never so exposed. Recent IoT breaches are a testament to that and many security professionals thinks that this trend will continue and we will see an increase in IoT attacks. In this article, you will learn about six technologies that will help you secure your IoT network.

#1: IoT Network Security

Unlike traditional networks, it is much more challenging to secure an IoT network. The reason is that there is wide range of communication protocols, standards and devices involved, which makes things more complex. Hackers will try to attack the network because it gives them the control of all the IoT devices in the network. Use antivirus, firewalls and other intrusion detection and prevention system to secure the IoT network and prevent any intrusion.

#2: Authentication

Another way to secure your IoT device from attacks is through authentication. Users have the options to go for simple authentication or complex and much more secure authentication in the form of two-way authentication, digital certificates and biometrics. Unlike traditional authentication methods, which require presence of human being, IoT authentication does not require human intervention for authentication purposes most of the time because it is mostly embedded sensors and machine-to-machine interaction in IoT. Therefore, you will have to go in with a different mindset when authenticating IoT devices.

#3: Encryption

Encrypting data in rest and data in motion will help you to maintain the integrity of your data and reduce the risk of data sniffing by hackers. Due to varying hardware profiles of different devices, no standard protocol and encryption that can be implemented across all IoT devices. This pose a big challenge when it comes to encrypting your IoT data as you will have to use a different encryption technique for every device. To matters even worse, encrypting IoT data requires efficient encryption key lifecycle management. Inefficient key management can make you more vulnerable to IoT security attacks and increases the risk of data breach. On the bright side, if you could encrypt your IoT data, then you can save it from attackers.

#4: Public key infrastructure

With varying hardware capabilities, some IoT devices might limit or prevent the use of public key infrastructure but that does not mean that it is not effective in securing your IoT network. It take advantage of complex digital certificates and cryptographic keys and offer extensive key lifecycle management capabilities including generation, distribution, management and revocation of public and private cryptographic keys. You can load these complex digital certificates into IoT devices that are enabled by third party public key infrastructure software, which enhances the security of communication between IoT devices. Manufacturers could also install these complex digital certificates after manufacturing.

#5: API security

Securing API is also critical to ensure that the data transmitted through end-point to back end system is only done by authorized persons. It will not only help you in making sure that authorized devices, developers and apps are using the API but also aids in detecting threats and attacks on APIs. According to Muneeb Qadar Siddiqui App developer at Branex, “App developers will have to be vigilant during app development process because any security flaws in APIs can wreck havoc on your IoT application.” App developers will have to make sure that their IoT app not only connects and performs concurrently but also secure their apps too. Keep an eye on specific threats against any API you are using take security measures to protect it.

#6: Security analytics

From collecting to aggregating data, from monitoring to normalizing data from IoT devices, you need a monitoring that provide you options for reporting as well. Security analytics act as a brilliant way to alert organizations about any malicious activities that might be taking place in the background and breaching the set policies. It takes full advantage of big data techniques, artificial intelligence and machine learning and let you predict anomaly detection, which goes a long way in reducing the number of false positives. There is still a lot of work to be done to ensure that these security analytics could prove to be helpful in detecting IoT specific attacks and intrusions that goes under the radar of traditional network firewalls.

But no single magic bullet

It is important for businesses to balance the benefits that IoT devices can deliver with a recognition that the same IoT devices have become a soft target for hackers and cyber criminals who are looking to intrude into your IoT networks and get access to your confidential and sensitive information.  Remember that there is no single magic bullet to fix all IoT security issues. In order to protect your IoT networks from external attacks, you will have to use a combination of these technologies. Authentication and encryption is crucial and so does the measures to secure your network. Establishing an efficient public key infrastructure will help you manage the whole process from key generation to key revocation effectively. You will have to follow a proactive approach and make security a priority.

https://samplecic.ch/6-technologies-you-need-to-know-to-secure-your-iot-network-4.html

There’s no question that the Internet of Things is the new security battleground. Internet-connected webcams, HVAC systems, cars, TVs, watches, printers and more are giving people more use out of their devices. But these devices also open doors to hackers who want to steal corporate data, lasso thousands of devices into botnets that can launch DDoS attacks, or even set off Dallas’ 156 emergency outdoor sirens.

See also: Will these Chinese satellites provide hack-proof data security?

When it comes to security, corporations are struggling to keep up with the speed at which problems evolve. For example, a researcher with Google Project Zero recently discovered a flaw in Broadcom Wi-Fi chips that could allow someone to remotely execute code on affected iPhones, Nexuses and Samsung devices just by being in their general vicinity. Another researcher found 40 zero-day vulnerabilities in Samsung’s Tizen operating system for smart watches, phones, and TVs —  he said the code may have been the worst he’s ever seen.

Meanwhile, a new version of the Mirai botnet was recently discovered to be capable of launching application layer attack, not just DDoSing websites, and turning large swaths of the internet dark.

To combat these issues, companies are constantly inventing new solutions. For example, a new Microsoft project, dubbed Sopris, is aimed at solving some security issues with IoT by redesigning Wi-Fi microcontrollers. And while efforts like this help, more must be done within corporations to address the IoT security problem in a scalable way.

How? Here are three things companies making IoT devices should do to improve the security of their products:

#1: Be accountable

Many companies developing IoT products aren’t technology companies, so they don’t necessarily design products with security in mind, or know the best practices to ensure security. Vendors getting into the IoT market must realize that their devices will have vulnerabilities and that connecting them to the internet increases the likelihood the devices will be attacked or used in attacks. If companies sell products without acknowledging this reality, they have already failed, and are putting not just their customers at risk, but the internet as a whole.

#2: Automatically update

Products that don’t have a way to automatically update are sitting ducks.

For instance, the moment they left store shelves, devices vulnerable to the Mirai botnet were effectively at the end of their life — there was no way to update the devices or to fix the vulnerabilities, so the only option owners of affected devices had was to buy a new device. Device recalls are expensive, so providing a way to update the device is essential in avoiding instant obsolescence, which turns customers off.

Even Windows XP, which had a 10-year life cycle, shipped security patches to customers to install manually. Microsoft planned for customer support and maintenance, like employing more security engineers, over the long run and factored that into the upfront costs or subscription.

In the same vein, Nest charges $10 a month for upkeep services, which enables it to make one of the most secure IoT devices on the market.

#3: Embrace disclosure

IoT device manufacturers must also make it easy for ethical hackers to report vulnerabilities to them. Companies should have a vulnerability disclosure process with an easy-to-find email address or web form to which to send bug reports. If they want to encourage more security scrutiny to help them find and fix bugs, companies can also set up a bug bounty program that compensates hackers for reporting vulnerabilities.

No product is immune to bugs, and given how widespread IoT devices have become, and how vulnerable they are to hacking, it’s essential for companies that make IoT devices to take all the precautions necessary to ensure that people’s privacy is as protected as possible.

https://samplecic.ch/three-things-every-iot-manufacturer-should-do-to-improve-security-4.html

It can be challenging to realize that you are in the midst of a moment of personal growth when it comes to business. As the day-to-day of your professional life moves more quickly, you are likely to evolve in your career.  Sometimes you change in your leadership role without even realizing a transformation has occurred. But, you’ll want a leadership guide for every business growth stage.

Through every stage of growth, your business transitions to new knowledge, systems, and management.

As this transition occurs, you and your role within the company changes too. I have found that revenue and headcount together are useful markers for uncovering where you are as a business. These precursors are there to warn you about the leadership role required. Typically, more revenue leads to the need for more employees. And, more employees leads to greater business complexity.

As tangible growth occurs, you will need to adjust your leadership style.

Fewer touchpoints with the expanding employee base alone can drive this need for change. Looking back on how I have evolved as an executive, I’ve come to delineate my transitions to four distinct stages. Each stage has informed and evolved my personal leadership growth as well as the skills and approaches required of those around me.

• Stage 1: This first phase is associated with roughly $0 and $10 million in revenue and typically less than 50 employees. Usually, everyone in the organization knows a lot of the organization’s day-to-day and interactions are very cross-functional; sometimes, a single individual is wearing multiple hats of responsibility.
• Stage 2: The second phase is demarcated somewhere between $10-25 million, and you are likely approaching the 100-employee mark. In this phase, cross-functional responsibilities and “athletes” begin to be replaced with individuals with specific domains of expertise.
• Stage 3: The third phase is far removed from the first phase. ARR is now moving from $25M to over $100M, and your headcount has at least doubled to the north of the 200 million mark.
• Stage 4: In the fourth phase, revenue is moving to the north of $500 million, and headcount is likely expanding rapidly on both an organic and inorganic (M&A) basis. Phase IV begins to mark the transition into a platform business as opposed to a limited product company.

(For the sake of this discussion we will only focus on these first four phases.)

As an entrepreneur looking to become a business leader, you will need to know and anticipate how and when your role within the company will need to evolve. Watch and be aware of what is necessary as your organization matures through these phases.

The Entrepreneurial Spirit

The first phase is often a bit messy because it is the period when the entrepreneurial spirit is strong, and rapid pivots are often critical. A better moniker for this is the “figure it out” phase. To be clear, in this crucial phase long-term planning is not always optimal. This period is often focused merely on survival. The points may also be incremental points of substantiation to the company’s value proposition.

These incremental gains are critical to surviving your way to another investment cycle.

Watch as you move through each investment cycle contained in another quarter, another month, another week, and even another day. The company and all who work in it need to have a survival mentality. All of you must be trying to get the business off the ground with the goal of keeping it in the air. At this phase, your thoughts are not centered on leadership; it is a phase of pure entrepreneurship – pretty or sustainable are less important than good enough and validated.

This phase is often defined by the will of a single individual or a limited number of individuals putting the organization first no matter what.

Sometimes the founder is carrying all the weight on their backs and doing whatever is necessary to get to the $10 million thresholds of sustainable profitability and product validation. As your organization approaches $10 million in ARR, you start to understand better whether or not your concept has a market and is sustainable.

What is the primary value we provide to our customers? Think of the Pony Express.

Why do clients and customers buy from us repeatedly? What distractions or legacy thinking overhangs exist and is our value proposition in the best “package” or could that “package” change or evolve? I like to utilize the tale of two cities to illustrate this latter point best. I use the cities of St. Joseph, MO, and Kansas City, MO. I grew up in Missouri, and for me, the story of the evolution of St. Joseph and Kansas City typifies the potential pitfalls when you fall in love with your “package” vs. your “value.”

St. Joseph, MO was home to the Pony Express; this city was the hub for moving information and resources from the East to West. What the people of St. Joseph and the Pony Express were good at was moving information and goods. The moving of this information and goods was their value proposition.

The business of the Pony Express’ first business iteration was delivering this value (information and goods).

They came up with using a series of cowboys, on horses, creating a relay for the movement of this information and goods (not pretty, but practical enough).

However, a time came when the town of St. Joseph needed to move from its own Phase I and transition into Phase II. As the necessary “package” (the Pony Express business) was about to change. The entrepreneurial business plan was about to be replaced with a repeatable business model — because — it was scalable.

As the steam engine gained popularity and railroads became the next tool (package) for facilitating the value proposition.

The new tool (steam engine) was implemented for the moving of the goods and information. The city of St. Joseph passed on the opportunity to leverage this new technology. The city of St. Joseph erroneously believed their system worked the best (i.e., leveraging horses), and they had fallen in love with their system. The city was sure that what they had been doing in the past was the best, so they didn’t even consider a new idea, a new tool, or a new strategy.

Enter the railroad industry — a new tool.

When the railroad came looking (with their new tool) they looked elsewhere, ultimately discovering a no-name cow town further south to serve as their railway hub between the East and the West — and that town is now Kansas City.

The transition from Phase I to Phase II in business may very well facilitate some key pivots. You have to be laser-focused on your value proposition and to provide and to invest in a few core, repeatable strengths within your business.

Find Your Strengths and Double Down

In the second phase of your business, the focus will shift from survival to how you can hone the bullseye of your business’s core. You’ll focus on key strengths and the repeatability of your business’s solutions.

As an executive, you’ve evolved from being a startup entrepreneur to leading and initiating the creation of a system. Why something happens becomes more important than the fact that something happens.

You will need to begin to think and act for the long-term. Scalable thinking begins to replace survival thinking.

While you may have had an array of product offerings as you tried to find a market in the entrepreneurial phase by throwing a lot of spaghetti against the wall. By now, you will have discovered one or two individuals who are the main drivers of your business and value proposition.

As a leader in the growth stage, you will have taken the time to define the core areas of focus, and you begin to transition from a “get it done” mentality. You find your group of generalists and move to repeatable, systematic behaviors, approaches, and domain experts.

The entire business must become more systematic so that you can tweak and hone your processes for scalability.

In this business stage, you aren’t just using individual efforts to simply overcome or drive the outcomes for survival. The worry of day-to-day existence and the urge to simply intervene and “make it happen” must now be replaced with systemic learnings.

The stage of letting go of a few things can be a tough transition for many founders/entrepreneurs. For example, you’ll have to resist the urge to jump in and take over the sales meeting and allowing a new sales rep to fumble their way through.

Here is where your leadership has to move forward. You can’t stay in the “fumbles” approach.

You have to move to informing your team with a systemic approach to training, coaching, and onboarding key individuals. This can be accomplished even better with technology. I often refer to this stage with my colleagues as allowing ourselves to blow off digits (creating incremental learning lessons) vs. severing limbs (losing the sale, in this example).

It is a dangerous journey finding this balance and can be very difficult for managers. This stage is critical to making it through Phase II successfully.

While you’re identifying the vital aspects of the business and improving the system — something else — potentially dangerous happens if you don’t pay attention. You’ve added a large number of new employees, and the day-to-day decision-making moves further away from the leadership team.

The “central nervous system” of the organization has migrated. The effectiveness of the systems and processes that are created throughout Phase II — will now become exposed in Phase III.

Crossing the Founder’s Chasm: Entrepreneurship vs. Leadership

Phase II has been about leading the team to establish systems. You have removed the emotional tendencies to allow learning moments. Your system improvement observations have taken place. If you were effective in Phase II, you would have felt yourself begin to slide back, empowering the domain experts and allowing the business disciplines to take over.

Phase III is about the transition from the front of the line leadership to what I like to call dog-sled leadership.

In Phase III, the team and disciplines (processes, systems, cultural tendencies) must now guide the business. Your role is to support the identified needs of the team. Phase III is a natural transition to simply guiding the team vs. pulling the team. Leadership vs. Entrepreneurship is now in full effect.

In Phase III,  you know what the company can do well. You have faced what the market actually wants. The question now becomes at what velocity can you execute.

As the leader of the business, you need to develop new abilities.

You are no longer an entrepreneur focused on what the market is telling you. You need to step away from your emotions and pride of ownership and move into systems that empower others to be excellent in their roles.

You need systems and processes for almost everything your organization now effectuates.

• evaluating market/user feedback
• training
• onboarding the team
• aligning the team’s objectives
• assessing performance
• consistent sales, servicing models and escalations
• Standardization of the back-office. By now, mistakes can’t repeatedly be happening, as you shouldn’t be making the same mistakes twice.

Through the prior two phases, you have been the lead dog on the team. But as you cross the founder’s chasm to real leadership, you are now sitting in the musher’s chair.

As a musher, your job isn’t pulling in a single direction – you need to be focused on aligning the entire team, feeding and nurturing the team and letting the crew pull the sled. You are now merely setting the direction of the company, and the team is doing the pulling.

You must now focus on making sure they are happy, healthy, and pulling in the same direction. At this point, you and the leadership team have moved out of specialty roles where you know all aspects of the processes and operations to hire and round out teams of highly-specialized experts.

Show Me Your Friends, and I’ll Show You Your Future

The final stage of leadership is a bit more challenging to break down. The one key factor I’ve discovered that leads to success at this stage is the processes and systems that were key to leadership in the evolution of the business through the prior three stages.

At this point, you need to be critical of who you surround yourself with. Honestly, this is the key to ultimate success as you’ve grown into a substantial organization.

Placing your trust in your leadership team is crucial to ensuring that your business continues to be successful.

• You will need to trust them to understand the importance of having difficult conversations.
• Speaking up when something is going wrong
• Passing on to your team the ability to take a critical eye to the business and the rest of the organization.
• Ensuring the people who are going to take over your previous roles have the skills and confidence to run the company.

If you are traveling at an excessively high speed, even a small wobble can cause the wheels to come off.

To avoid having any part of the business come apart, you need to surround yourself with people you trust to be willing, to tell the truth, and surface the difficult but necessary topics. It requires a high degree of confidence to believe that people will stand up and speak out when something is not optimal.

When you are responsible for running a business at scale, you need to be able to rely on a great leadership team who can avoid potentially harmful mistakes when something needs to be fixed.

As your business grows, the level of your day-to-day involvement will inevitably change. Hopefully, my own experiences serve as a rough guide to help you navigate your role during each step of your company’s journey.

https://samplecic.ch/leadership-guide-for-every-business-growth-stage.html

Can business run only on cold emails? Who reads emails these days? I know these questions must be popping up in your head. But let me tell you, cold emails can still help you in generating new leads for your business if done in the right way. Use the six steps to grow your small business with cold emails.

Many businesses still are using cold emails to drive sales. If you are in the notion that emails can only help you close small deals, then you’re mistaken. I have seen examples of companies using cold email to close large enterprise deals too.

These exact steps will help take you as a small business owner and generate great leads for your business. 1. Build a persona.

I have been into marketing for close to two years now, and my most important takeaway in this short span has been the importance of creating the right personas. If you can create the right persona, your half the job is done. But how can you create the right persona? Here are some tips.

The simplest way of creating a person is filtering people depending on certain factors. For example, if I run a marketing agency that serves startups, then I would target the Founders of the startup whose size is less than 50 employees. Get the details and let that help you to send targeted emails.

2. Investing in a tool.

Many people prefer sending cold emails manually, but that’s fine when you want to send 300 emails in a month. But what if you want to send emails at scale, let’s say around 100 per day. You’ll require a tool to help you send emails campaigns of this scale.

Not only will you be able to save on a lot of time, but it also helps you track a lot of metrics such as open rates, click rates & more. One tool that I came across the last few months that’s working well for me is Lemlist. It’s a great tool, especially when you are just starting out.

3. Sending the right emails.

The subject line & the email body is everything. It can make & break things for you. Let’s talk about the subject line first. Your subject line is crucial if you want your emails to be opened & read by your prospects. Try to be very precise with your subjects.

Some of the best subject lines include:

Quick Question
Question for <Company>

Keeping the subject line, a little simple helps a lot. Coming to the content, make sure you have these four elements in the body:

– Personalization (Name, Company Name ).
– Reason for reaching out (keep it short & simple).
– Social Proof.
– CTA (like a meeting link).

Avoid writing long emails as they tend to get fewer responses. Opt for short and sweet.

4. Follow up is the key.

Many people give up in the first followup itself. But following up multiple time is the key, there are times where people get replies even after the fourth or fifth follow up.

Also, make sure to personalize the follow-ups before sending them. Make sure to include a reason for following up each time. Unless you do this, there’s no use of following up, and you’ll end up getting mostly unsubscribes.

5. Quality vs Quantity.

Something that has always worked for me is focusing on quality rather than quantity. I know many would disagree with me, but quality always wins over quantity. So make sure to put your best efforts in each email so that you can end up getting more replies & open rates.

It’s not about the hard work but smart work.

6. Track your success.

Doing everything at the same time doesn’t help. Try to tabulate the success of each campaign before starting another one. By evaluating first, it will help you in executing the next campaign better. If you don’t want to invest in a tool, then you can use Google Sheets to track campaign metrics.

Some metrics you must note are – open rates, responses, link clicks & deals closed.

Conclusion

Hope you had few takeaways from the post. If you’re looking for other ways of the lead generation, then I’ll recommend you to try cold emails. They are still very effective if done correctly.

What are your tips for cold emails? Mention them in the comments below. I’d love to learn them.

https://samplecic.ch/6-steps-to-grow-your-small-business-with-cold-email.html