Retailers aren’t the only targets of cyber crime, especially recently. The most notable breach was at Anthem, the largest for-profit managed health company in the Blue Cross and Blue Shield Association. The hackers made off with up to 80 million records including names, dates of birth, Social Security numbers, health care ID numbers, home addresses, email addresses, and employment information. While Anthem doesn’t believe any credit card information has been stolen, that doesn’t mean this breach won’t hurt the victims.

So what do thieves do with PII data? It’s a different strategy than credit card fraud. When these cyber criminals manage to collect social security numbers, addresses, etc., they store them in order to create an elaborate identity theft plan. While this sort of breach may not be immediately damaging, over time it can be worse than similar credit card fraud. These criminals can use your information to bill your insurance for prescriptions and medical services–all of which would remain on your personal record. This can impact the quality of care you receive if your record begins to reflect another person’s health history and preexisting conditions instead of your own.

What’s more is that this breach in particular is very hard to track. Records belong to both current and former Anthem members, plus they have uncovered 14 million incomplete records that they’re struggling to link.

With PII data being as valuable as payment data, it’s important that merchants take the necessary actions to keep it secure. So how do you keep Social Security Numbers and other personal information as save as credit card numbers? Simple. With the exact same technology.

The Anthem breach, with its eye-popping 78.8 million comprised records, is yet another reminder of the risks involved when businesses are not securely protecting our sensitive information. Hacking networks and databases is like cracking a giant safe – once inside, you have access to all the jewels. Had Anthem implemented the simple process of tokenizing sensitive data upon entry, all personally identifiable information would have been replaced by irreversible, impossible-to–decrypt tokens – in essence, fool’s gold.

 

Rush Taggart, Chief Technology Officer, CardConnect

Yep, that’s right. It’s completely possible to tokenize and encrypt Social Security Numbers and other PII data in the exact same way as payment cards.In fact, so many of our clients have requested to use our tokenization solution for PII, that we transformed this feature into a standalone product.  That way if anyone ever does force their way into your system, they wouldn’t be able to use any of the data they uncovered. Simple.

Learn more about tokenization for PII

In the past decade, the payments industry has made technological leaps and bounds, but one thing has remained the same—the looming threat of retail attacks. In fact, according to the Privacy Rights Clearinghouse, “more than 260 million retail records have been reported as leaked, lost or stolen in the US since 2005.” Shockingly, over 99% of these compromises resulted from the manipulation of an endpoint or the use of malware.

Overview of the total number of retail records lost and methods of loss (excluding hacking or malware) in the US since 2005

Overview of the total number of retail records lost and methods of loss in the US since 2005

Overview of the total number of attacks against the retail sector in 2014

As the first graph demonstrates, POS systems are frequently infiltrated by criminals who use malware as their weapon of choice. Simply put, malware seizes a payment card’s track 1 or track 2 data that is housed on the card’s magnetic stripe. Once this information has been acquired, criminals are able to re-code the data onto counterfeit cards.

In order to combat retail data loss, it is important to understand the different methods in which data is exploited. This blog will primarily focus on today’s most prevalent types of POS malware and following methods of attack—Command Injection and Shellshock—in addition to how CardConnect can help you defend yourself against an attack.

Common POS Malware

BlackPOS

This particular POS malware was used for The Home Depot breach and was uncovered by the Russian security company, Group-1B in March of 2013. Black POS scans the memory of track 1 and 2 credit card data that is stored in a merchant’s system. Once the data is retrieved, it is housed in a file (called output.txt) and transferred to a FTP server.

Dexter

Dexter is a Trojan horse that was disclosed by the Israeli cyber security firm, Seculert in December of 2012. Dexter scans a system’s memory in search of track 1 and 2 card data. Once retrieved, it uses HTTP communications with a command and control (C2) server to transmit card data and receive updates.

Vskimmer

McAfee disclosed Vskimmer in March of 2013 and unlike Black POS and Dexter, only searches for track 2 data. It uses HTTP to transfer stolen card data to a C2 server. If a criminal is unable to connect to the Internet, Vskimmer can be set up to copy data to a USB device.

Alina

Alina is a Trojan horse that was exposed by the SecureWorks Counter Threat Unit (CTU) in March of 2013. It searches running processes for credit card track data, and uses HTTP and a C2 server to upload stolen card data and download updates.

Citadel

Citadel is a widely used malware kit that compromises online banking and credit card data. It is used to track an individual’s web browsing movements and contains a variety of implanted features that allow criminals to locate and infiltrate POS systems. Citadel also gathers information about the different types of software that are installed on a compromised system; criminals can then harvest this data.

Command Injection

Command injection is used to infect a web page with an HTML code that is implanted by a hacker. When users visit the infected page, their browsers translate the code, which results in the deployment of attack commands against the users’ computers and associated networks. The absence of data validation executed by POS and e-commerce security administrators makes command injection a popular method of attack in the retail area.

Shellshock

Shellshock attacks have become increasingly popular since September of 2014. These attacks affect the GNU Bash shell and exploit a 20+ year-old bug (referred to as Shellshock) that exists within the system. Bash is a program that is commonly used on Linux, Solaris and Mac OS systems to implement command lines and command scripts. Overall, these systems use Bash as a command and a command interpreter. With that being said, a hacker can manipulate the bug to allow remote implementation of arbitrary commands on computers and servers with no authentication required.

—————————

P2PE: Your Solution to Retail Attacks

Retail attacks show no signs of stopping, so it’s important for merchants to make sure their technology is malware resistant. Point to point encryption (P2PE) is an important step in the right direction when it comes to protecting against cyber criminals. P2PE encrypts cardholder data before a transaction is executed so the merchant will never come in contact with sensitive cardholder information, thereby cutting off a potential hacker’s access to vital personal information. As a result, our merchants are able to conduct business with the confidence that no unencrypted cardholder data will be stored in their system–not even for a moment. Combined with tokenization, the two technologies are an unbeatable pair against card fraud. Learn more here.

Not every customer has an American Express® card, so why bother accepting them? Most people have alternate methods of payment anyway—what’s the point?

Well for one, American Express is undergoing some serious changes making it much easier for businesses to accept AMEX. Under a new program, merchants will be able to accept American Express in the same way they accept all other major card brands. Until now AMEX acted as a separate network and merchants would receive separate statements. This program allows for streamlined payment acceptance that can result in reduced costs for qualified merchants.

Giving your customers flexibility in regards to their payment method is always a good thing. Plus, when you accept American Express, you open yourself up to accepting over 150 card products. Sure, customers can always use a different card or pay with cash, but allowing the customer’s preferred method goes a long way. In fact, it can be a huge deciding factor and incentive to get customers in the door—and if you take American Express, they’re more likely to come back. American Express cardholders are unique in a few ways that make them great customers. The great thing about American Express cards are the reward programs and benefits it offers, so cardholders generally want to use their AMEX card as often as they can.

Small businesses in particular can benefit from American Express acceptance. Programs like Shop Small and Small Business Saturday help to encourage individuals to patronize independent businesses in their neighborhood. The goal is to keep the money shoppers spend in their own community to support local business.

Shop Small on Small Business Saturday

Since 2010, American Express has been putting small businesses on the map with an annual shopping day following Black Friday. It gives shoppers who want to support their community and local businesses an easy way for them to find one another. Participating businesses are listed on the Shop Small online map that customers can use to plan their day of small business support.

The businesses that partner with Shop Small are showered with free personalized marketing materials including banner ads, printable signage, social media and email templates, and more. They go by a “what you’re known for” theme, and any small business can apply to be a partner—even if you don’t accept American Express. Yep, you can be a Shop Mall partner without taking AMEX. However those who take AMEX may be eligible for additional benefits.

The bottom line

American Express has taken the last few years to really cater to smaller businesses and incentivize their acceptance methods—and it’s working. They’ve shown that they realize the value of small businesses and have done an excellent job of developing programs to empower shops, even if they don’t accept American Express. Now it will be much easier and more cost effective for businesses who thought AMEX acceptance wasn’t an option to expand their payment card acceptance, and ultimately, their customer base.

Interested in accepting American Express? Have questions about Small Business Saturday? Drop us a line and we’ll be in touch.

What do restaurants and specialty retail stores have in common? They’re both a perfect fit for a Clover POS system.

Fancy, huh? From designers that worked on Tesla and Dr. Dre Beats, Clover’s basically the cadillac of POS systems. The smooth lines paired with white glass and brushed aluminum make a for a very eye-catching station. Clover isn’t just attractive, though–it’s also extremely functional. The patent-pending swivel arm allows you to spin Clover’s tablet around to face your customer when it’s time for them to sign.

The Clover POS is an all-in-one system with tablet-mentality that serves as a cash register as well as a terminal. So what makes it particularly useful for restaurants and retail? Applications. Clover allows you to do a lot more than process payments. Clover’s Android-based software allows you to not just download a variety of helpful apps from their App Market:

And that’s just a sampling. Clover offers plenty of other apps to help organize employee and customer data, print receipts and tickets, and more. They’re also adding new apps all the time, so it’s functionality is ever-increasing.

Life in the Cloud

“Cloud” has become such a buzz word lately that it’s meaning can sometimes get lost. So what does “cloud-based-software” mean for a merchant. Simple; the Internet. The cloud is where your email lives, it’s where you check your bank account balance, and it’s where your Facebook photos are stored. When data is kept online rather than in a computer’s hardware, you can access it from anywhere. This means all of your orders are synced to all of your stations, and you access everything from a web browser–even on your smartphone. And since no sensitive data is stored within Clover itself, your system is outside the scope of PCI compliance and your customer’s card information is safe.

CardConnect + Clover

CardConnect is thrilled to be part of Clover’s pilot program. Our customers can now combine CardConnect’s traditionally low, transparent processing rates with a cutting edge (and beautiful) POS. As a company highly sensitive to payment security, we can also say that Clover delivers trusted security. Transactions are encrypted at swipe using First Data’s TransArmor® technology, taking Clover out of PCI scope. The entire Clover station is PA-DSS reviewed for Android through a trusted QSA. All of Clover’s apps go through rigorous testing to become Clover-certified, and independent code assessments and penetrations tests are done quarterly.

Check out Clover in action

Interested in finding out if Clover is right for your business? Just have a question? Drop us a line below and we’ll be in touch.

On this blog, we talk a lot about processing payments for merchants. But payments aren’t the only instance in which money needs to change hands securely. Today, I want to talk to you about one of these instances—donations.

You may know that last October, CardConnect teamed up with DonorPro to provide a secure payment solution for nonprofits that integrates DonorPro’s fantastic CRM. First, let’s talk about DonorPro.

DonorPro’s philanthropic CRM gives nonprofits and charities a platform that focuses just on donations and fundraising efforts. It allows for nonprofits to keep their prospects all in one place and convert them into donors. The fact is, nonprofits without the ability to raise money online are missing out on donations. Individuals donate far more often than foundations, corporations, or bequests, and younger people are becoming more likely to give. This younger generation vastly prefers to donate online, and any group without the technology to make that happen is doing themselves a disservice.

This is particularly important for nonprofits right now, because with the recession it’s going to take another six years for giving to be back where it was. And the catch 22 is that during a recession, needs tend to go up where donations go down. Basically, nonprofits need fundraising tools now more than ever.

The DonorPro solution is proven effective. Their clients grow donations around 10x the national average. And they don’t just increase the amount of donations—the amount of donors and the size of the gifts they receive also increase.

Anyone involved in nonprofits knows how valuable that is. But how does DonorPro do it?

An integrated approach to development and outreach

The DonorPro CRM is the foundation from which all of the other DonorPro offers stem. It has all of the features you would expect from a relationship management system, including reporting, a place to organize and develop email and direct marketing campaigns, and a hub for social media management—but with nonprofits in mind. Nonprofits can track and target LYBUNTs and SYBUNTs and produce reports within the program. The DonorPro CRM also allows nonprofits to organize their members, which is particularly helpful for nonprofits who constantly have new volunteers coming and going.

After receiving a donation, the nonprofit has the ability to instantly send a thank you to the donor. They can also automate pledges for recurring donations so they never miss a gift.

Online donations

Research has shown that the fastest growing channel for donations is the Internet. Today, nonprofits can expect to receive up to 20% of their total individual gifts online. DonorPro CMS is a website management tool designed with nonprofits in mind. As givers are trending younger, it’s important for nonprofits to be able to accept donations with their preferred channel—the Internet. The combination of DonorPro CMS with the DonorPro CRM gives nonprofits the vehicles they need to solicit and collect online gifts.

The DonorPro CMS solution provides nonprofits with a free, customizable, white-labeled donations page that is fully responsive. This allows for donors to donate online, on their phone, or on their tablet without compromising the experience.

Grassroots fundraising

Another tool branching off of the DonorPro CRM is DonorPro Friendraising, a peer-to-peer fundraising tool that allows for grassroots fundraising. This friends-asking-friends method of fundraising generates 6x the revenue of traditional fundraising. DonorPro Friendraising allows nonprofits to collect these types of donations have push them back to the DonorPro CRM.

Going mobile

Finally, the DonorPro Connect mobile marketing platform allows nonprofits to develop text message awareness and communicate with donors. DonorPro Connect pushes this awareness throughout the entire platform, using it to drive interest in websites, mobile giving pages, and Friendraising campaigns.

DonorPro + CardConnect

So where does CardConnect come in? Everywhere.

Our complete integration with DonorPro means that CardConnect users can enhance their donation processing on all levels. For example, electronic donations can be more effectively tracked with real-time reporting and reconciliation, donors can have their credit cards pre-authorized before an auction, and recurring gifts can be easily automated.  Most importantly, whenever a donor makes a contribution to a DonorPro client, their payments are now processed through the CardConnect Gateway. Their card number is encrypted, tokenized, and stored in our secure offsite vault—just like all of our transactions.

Are you a nonprofit interested in growing donations with DonorPro and CardConnnect? Contact us and we’ll be in touch.

It’s been a great first day at Oracle Collaborate ’14! We’re giving out some great CardConnect goodies (mini basketballs and business card holders, anyone?) so be sure to stop by booth 1425 and say hello. Also, if you’re playing the Passport to Prizes game–and you really should be–you can collect a stamp from us for a chance to win a PlayStation 4!

I also thought now would a good time to round up some can’t-miss sessions coming up this week.

Developers

Wednesday, 4/9

Latest Oracle E-Business Suite User Interface and Usability Enhancements
Presented by Oracle
2:00 PM
Sands 309, Level 1

“This Oracle development session details the latest UI enhancements to Oracle Application Framework. Developers and users will get a look at new features that enhance usability, and new capabilities for personalization and extensions. See new rich UI capabilities that make the interface more flexible and interactive than ever before. Learn about improvements to the home page and navigator, new widgets, interactive tables, mobile device support, and more.”

Thursday, 4/10

New 12c Database Features for Developers
Presented by Avout
4/10
9:45 AM
Murano 3203, Level 3

“In July of 2013, Oracle released the 12c version of its flagship database. While much of the initial focus was on the new structural capabilities (i.e. multi-tenancy), Oracle has also provided many new features available for developers. This presentation will outline some of the new 12c features of interest specifically to developers.”

Friday, 4/11

Thinking Outside the Box: Optimizing Oracle Essbase Performance
Presented by Beats by Dre
4/11
8:30 AM
Marco Polo 701, Level 1

“There are standard optimizations that developers do to improve performance, then there are those developers who think outside the box and create unique optimizations that can affect Calculations, data loads, data transfers etc. Come to this session to see some unique solutions and truly outrageous ways to improve performance.”

Security

Wednesday, 4/9

Oracle Exalogic Security Best Practices and PCI Compliance
Presented by Oracle
4/9/14
8:30 AM
Galileo 1005, Level 1

“Many Oracle Exalogic customers have security and compliance questions because of the integrated nature of the system. In this session we will discuss how Exalogic is not only capable of being secure but, because of its engineered nature, also makes it easier to meet a variety of requirements. The basis of this session is a white paper written by Coalfire (the largest independent IT audit, risk, and compliance firm in the U.S.) that discusses PCI and how Exalogic makes it easier to achieve compliance”

Oracle Security Vulnerabilities Dissected
Presented by Integrigy Corporation
11:00 AM
Murano 3306, Level 3

“Ever wonder what is being fixed in an Oracle Critical Patch Update?  This session will provide an inside look at the Critical Patch Updates (CPU) and the security bugs fixed by the SPU and PSU patches. Understand SQL injection and buffer overflow vulnerabilities by seeing how these types of security bugs compromise the security of the database.  Actual security bugs fixed in 2013 and 2014 will be dissected and demonstrated to show how they may be used to compromise a database and how Oracle fixed the security bugs.”

Thursday, 4/10

Thou Shalt Not Steal: Securing Your Infrastructure in the Age of Snowden
Presented by Pythian
4:15 PM
Murano 3306, Level 3

“In June 2013, Edward Snowden triggered the most costly insider security leak in history, forcing organizations to completely rethink how they secure their infrastructure. Join Paul Vallée, founder of Pythian, to learn how he supervises over 200 database and system administrators as they perform work on the some of the world’s most valuable and mission-critical data infrastructures.”

Friday, 4/11

New Security Features in Oracle E-Business Suite 12.2
Presented by Integrigy Corporation
9:45 AM
Marco Polo 703, Level 1

“Oracle E-Business Suite 12.2 introduces a number of new security features, enhancements, and changes. This session will examine each of these security features to describe the impact on your implementation and how you can best leverage each of them. With the move to Oracle WebLogic Server for the underlying E-Business Suite application server, new required process and methods for securing the application server layer of E-Business Suite will be discussed.”

Finance

Wednesday, 4/9

E-Business Suite In-Memory Applications for Cost Management and Manufacturing
Presented by Oracle
4/9/2014
8:30 AM
Galileo 901, Level 1

“In this session, learn how Oracle E-Business Suite’s new product Oracle In-Memory Cost Management built with Oracle Engineered Systems helps businesses make decisions in real time to capture the highest possible profits and margins, and to discover hidden opportunities to shrink operational costs. Finance, Cost accountants and operations managers can use this solution to quickly perform what-if analyses and simulations to instantly visualize the impact of cost changes to their valuations, COGS, margins and profit.”

How to Upgrade to PeopleSoft 9.2 Financials in 100 days, on Budget, and with a Smile!
Presented by Empire City Casino @ Yonkers Raceway
11:00 AM
Lando 4305, Level 4

“The Finance team at Yonkers Raceway in New York City was finding it tough going. While the fastest horses were running on their tracks, their PeopleSoft FSCM applications were running on outdated PeopleSoft systems. To upgrade their systems they engaged Drivestream, their Oracle Platinum Partner, who helped them learn all of the new features from their current version to the new version. They identified all of their customizations, and calculated the level of effort required to retrofit these customizations to the new platform. Finally, they created a detailed upgrade project plan. Following this plan, Yonkers and Drivestream were able to successfully upgrade to PeopleSoft 9.2 in 100 days! That’s right -UPGRADE and DONE in 100!”

Friday, 4/11

EPM 101: Exploring the Oracle Hyperion Performance Management Suite
Presented by MindStream Analytics
11:00 AM
Marco Polo 703, Level 1

“Heard about Oracle Hyperion and interested to learn more? From Budgeting to Strategic Finance, this session covers all the modules and how they work together. Learn where to begin and how to get the most out of your Enterprise Performance Management initiatives.”
Don’t forget to visit CardConnect’s session, “The Path to Payment Security”, too! It’s on Friday the 11th at 9:45 AM, Murano 3205, Level 3. Here’s a summary:

“Cybercrime is not only increasing in frequency, it’s increasing in cost. With more sophisticated hacking methods constantly being developed, the danger of storing sensitive information is rapidly increasing. Recently, the massive Target data breach has taken over headlines. With up to 110 million customers at risk and a $1.2 billion potential price tag, their brand and bottom line are in jeopardy.

Despite EMV “Chip-and-PIN” technology being heralded by the media as the answer to payment data breaches, there is much more to protecting your customers’ sensitive data. In this session, we will delve into the problems EMV and PCI 3.0 leave unsolved and offer a comprehensive solution through a combination of EMV, P2PE (Point-to-Point Encryption), Tokenization, and a secure, hosted Vault. By preparing for EMV technology and removing Oracle EBS and your business from PCI Compliance scope, the risk of compromised data and the cost of constantly having to monitor your system for breaches are removed.”

See you in Vegas!

In the days before mobile payments and virtual shopping carts, payment acceptance was rather one dimensional. Exchange goods/services for payment —end of transaction. As technology improved and additional payment channels were introduced, retailers developed what’s known as a multichannel approach. This meant businesses began to sell and accept payments at multiple different points-of-sale; at the physical store, online at the store’s website, over the phone, on a mobile device, etc.

This brings us to cross-channel. While multichannel allows for many avenues of payment, each one is disparate. Cross-channel allows the channels to interact. One great example of this is giving customers the option to purchase something online and then pick it up in the store rather than waiting for it to be delivered. Many merchants are offering these capabilities to their customers for the sake of convenience. As cross-channel selling continued to improve, and as transactional data became readily available for these different channels, cross-channel selling evolved into what is essentially cross-channel 2.0, or omni-channel.

An omni-channel approach takes all of the payment channels and integrates them into one seamless experience that can be personalized for the customer. This strategy takes the channels and fuses them together into one cohesive shopping experience. Consumers access a store through “touch points” rather than channels, because what used to be individual channels are now one unit.

An example of an omni-channel approach is giving customers the ability to initiate a return online for an item bought in the store. The store can then use that data to intelligently recommend alternatives for the returned item based on the customer’s purchase history and allow them to buy it online. They then have the option to have it shipped to their door or to go pick it up at the store. The customer enjoys flexibility and the merchant can use the integrated data to design offers based on that individual customer.

When the merchant uses an omni-channel strategy, every customer interaction with the company can be tracked and analyzed. This way the merchant can offer custom advertising and coupons that appeal to the customer’s preferences. You can tailor your marketing based on the products the customer has purchased in the past. Your customer can also have the ability to view their own shopping history on any of their devices. The name “omni-channel” is a bit controversial because it doesn’t describe the true focus of the approach. It’s not about the unification of payment channels, but a singular customer experience irrelative to the specific touchpoint.

In many ways, omni-channel is a simple philosophy—sync up your sales channels to create a seamless experience for your customer while gathering metrics to market as effectively as possible. To do this well, however, you need to address every aspect of your payment process and weave them together. For a truly omni-channel solution, your customers shouldn’t have a single interruption when switching between touch points. This can be an extremely difficult endeavor for merchants to take on alone, but if you find the right payment processor they’ll set you on the right path.

What do you think of the term “omni-channel”?  How would you describe it? Tell us in the comments.

After months of record-breaking snow storms and brutal cold—it’s finally the first day of spring! What better time to get your workspace in order? Come out of organization hibernation with these tips.

Tackle the paper monster

The concept of the “paperless office” is a nice thought, but a more reasonable goal is probably “as paperless as possible”. Go through your files and piles and start dividing into three sections.

1. Trash. Either you simply don’t need it anymore or you already have a digital copy.
2. Digitize. You don’t need a hard copy, but you do need the document itself. You can either do this the old fashioned way with a scanner, or use an app like Evernote to scan with your smart phone.
3. Keep. That particular hard copy is something you need. Make sure you have a digital copy just for peace of mind, and file it somewhere safe.Don’t forget to shred anything sensitive before recycling.

Cluttered desk? Use the breadbox test

If it’s bigger than a breadbox (or, say, a shoebox), it needs a home. Either put it in a drawer or a container to keep clutter under control. If your drawers start to get out of control, try using dividers to keep things organized and neat.

Still feel messy? Sometimes if we look at clutter for long enough it can be difficult to determine where the specific problems are. Snap a picture with your smart phone and analyze the photo rather than staring at your space.

Purge your devices

Computers can get even more cluttered than your desk. To clear out what you don’t need without investing hours, use a disk space analyzer like Grand Perspective  for OS X or WinDirStat for Windows. These programs will give you a visual of what’s taking up the most hard drive space so you can easily delete what you don’t need.

As far as contact lists go, auto sync can get pretty messy. There are a bunch of apps out there to help you clean up your contact list, but I prefer the free method—manually. It takes more time, but it ensures you won’t lose anything you need

Refresh your web presence and resume

Log onto your LinkedIn profile and answer those question prompts. Fill in anything you may have forgotten to add in the past few months, and pay back any endorsements you’ve received. Go through your suggested contacts and add whoever you know. An up-to-date network is a happy network.

And don’t forget to update your physical resume. The next time you need it, you’ll be happy you did.

Get into a routine

1. Disinfect regularly. Did you know your keyboard and phone have more bacteria than a toilet seat? Disinfect them weekly to minimize the amount of harmful microbes you’re putting your hands on. Offices in general can be illness incubators, so it’s probably a good idea to keep hand sanitizer close by.
2. Stay on top of rogue papers. Keep them separate in their own file or organizer and go through them regularly to avoid being buried in documents.
3. Develop a filing system. Sit down and determine what types of documents need their own file subjects, then divide and conquer. Use filing cabinets, binders, file boxes—whatever you prefer.

What tips do you have to keep your workspace sparkling? Tell us in the comments!

Everyone has sat through a terrible PowerPoint presentation. Many of us have tolerated countless slides of spinning planet GIFs and paragraphs of 10pt font. Presentations aren’t a painful experience at their core, and following just a few simple rules will save your audience from PowerPoint hell.

Speak, don’t read

Your audience reads faster than you speak, anyway. Not to mention the site of a slide containing blocks of text sends most people into a bored stupor.

The slides should visualize your presentation rather than containing every bit of information you want to get across. This way, your audience will be paying attention to you and your words. Speaking to the audience rather than lecturing gives you the credibility rather than the slides themselves.

Ditch the print-outs

If your PowerPoint is designed well, your audience will be able to follow along just fine with the slides as they’re presented. Not to mention the slides shouldn’t have enough information on them to be valuable on their own anyway–your words should provide the meaning.

That said, there’s nothing wrong with providing a take-away resource. Either put together a document that highlights your points and gives a comprehensive overview of your presentation and email it after, or provide the PowerPoint along with detailed notes.

Think like a designer

You don’t have to be an artist to create an attractive looking presentation. Following just a few simple guidelines is all you really need to make professional looking slides

Clip art: not even once

And while we’re at it, ditch those pre-made themes within PowerPoint also. PowerPoint is a great presentation tool, but it is not a design tool. You’re better off sticking to quality stock photography or solid colors. There are plenty of great resources for free, original stock images.

Stock.XCHNG has hundreds of thousands of royalty-free photos and illustrations.
Flickr allows you to search for royalty-free images which are free to use as long as you give credit to the owner.

Choose a great color palette

Sometimes an attractive typeface and color combo is all you need to make a beautiful presentation. My recommendation? Use your brand colors as a starting point, then head over to Kuler. It has thousands of user-made color schemes for inspiration.

Don’t fear typography

Ask any designer—typography is important. Each typeface has its own personality and sends its own message. Some are clean and modern, while others are whimsical and unique. Both kinds have their place in presentations. Regular sans-serif fonts aren’t boring and should make up most if not all of your presentation. If you have a flashier font you really want to use, save it for headers and use them sparingly. Some great sites offering free typefaces for commercial use are Font Squirrel and Free Typography.

Most importantly, make sure it’s legible—particularly if you’re putting the text on an image background. White on white, even if it’s only for a small portion of the image, is a big no-no. In cases like that, either nix the background or put the text within a solid color block on top of it.

Still need some guidance? Try the 10/20/30 rule

The tried and true method from Guy Kawasaki is a great guideline if you’re lacking confidence in the presentation department.

10 slides
One concept per slide, with each slide speaking directly to a problem or key point.

20 minutes
Even if you have an hour set aside. This allows you to account for technical problems and set-up, as well as a Q&A.

30 point font
This forces you to keep your slides concise and focus on one concept at a time, plus ensures it’s easy to read. A great constraint for those of us who are tempted to cram every word they intend to say on their presentations.

Do you have any tips for making great presentations? Share them in the comments.