A lesser-known ransomware strain called AstraLocker has recently released its second major version, and according to threat analysts, its operators engage in rapid attacks that drop its payload directly from email attachments.
This approach is quite unusual as all the intermediate steps that typically characterize email attacks are there to help evade detection and minimize the chances of raising red flags on email security products.
According to ReversingLabs, which has been following AstraLocker operations, the adversaries don’t seem to care about reconnaissance, evaluation of valuable files, and lateral network movement.
Instead, they are performing “smash-n-grab” attacks to his immediately hit with maximum force aiming for a quick payout.
From document to encryption
The lure used by the operators of AstraLocker 2.0 is a Microsoft Word document that hides an OLE object with the ransomware payload. The embedded executable uses the filename “WordDocumentDOC.exe”.
To execute the payload, the user needs to click “Run” on the warning dialog that appears upon opening the document, further reducing the chances of success for the threat actors.
Unknown publisher warning(ReversingLabs)
This bulk approach is in line with Astra’s overall “smash-n-grab” tactic, choosing OLE objects instead of VBA macros that are more common in malware distribution.
Another peculiar choice is the use of SafeEngine Shielder v2.4.0.0 to pack the executable, which is such an old and outdated packer that reverse engineering is almost impossible.
After an anti-analysis check to ensure that the ransomware isn’t running in a virtual machine and that no debuggers are loaded in other active processes, the malware prepares the system for encryption using the Curve25519 algorithm.
The preparation includes killing processes that could jeopardize the encryption, deleting volume shadow copies that could make restoration easier for the victim, and stopping a list of backup and AV services. The Recycle Bin is simply emptied instead of encrypting its contents.
AstraLocker 2.0 ransom note(ReversingLabs)
AstraLocker background
According to the code analysis of ReversingLabs, AstraLocker is based on the leaked source code of Babuk, a buggy yet still dangerous ransomware strain that exited the space in September 2021.
Additionally, one of the Monero wallet addresses listed in the ransom note is linked to the operators of Chaos ransomware.
This could mean that the same operators are behind both malware or that the same hackers are affiliates on both ransomware projects, which is not uncommon.
Judging from the tactics that underpin the latest campaign, this doesn’t seem to be the work of a sophisticated actor but rather one who is determined to deliver as many destructive attacks as possible.
Attackers used a newly discovered malware to backdoor Microsoft Exchange servers belonging to government and military organizations from Europe, the Middle East, Asia, and Africa.
The malware, dubbed SessionManager by security researchers at Kaspersky, who first spotted it in early 2022, is a malicious native-code module for Microsoft’s Internet Information Services (IIS) web server software.
It has been used in the wild without being detected since at least March 2021, right after the start of last year’s massive wave of ProxyLogon attacks.
“The SessionManager backdoor enables threat actors to keep persistent, update-resistant and rather stealth access to the IT infrastructure of a targeted organization,” Kaspersky revealed on Thursday.
“Once dropped into the victim’s system, cybercriminals behind the backdoor can gain access to company emails, update further malicious access by installing other types of malware or clandestinely manage compromised servers, which can be leveraged as malicious infrastructure.”
SessionManager’s capabilities include, among other features:
dropping and managing arbitrary files on compromised servers
remote command execution on backdoored devices
connecting to endpoints within the victim’s local network and manipulating the network traffic
In late April 2022, while still investigating the attacks, Kaspersky found that most of the malware samples identified earlier were still deployed on 34 servers of 24 organizations (still running as late as June 2022).
Additionally, months after the initial discovery, they were still not flagged as malicious by “a popular online file scanning service.”
After deployment, the malicious IIS module allows its operators to harvest credentials from system memory, collect information from the victims’ network and infected devices, and deliver additional payloads (such as a PowerSploit-based Mimikatz reflective loader, Mimikatz SSP, ProcDump, and a legitimate Avast memory dump tool).
SessionManager targets (Kaspersky)
“The exploitation of exchange server vulnerabilities has been a favorite of cybercriminals looking to get into targeted infrastructure since Q1 2021. The recently discovered SessionManager was poorly detected for a year and is still deployed in the wild,” added Pierre Delcher, a Senior Security Researcher at Kaspersky’s GReAT.
“In the case of Exchange servers, we cannot stress it enough: the past year’s vulnerabilities have made them perfect targets, whatever the malicious intent, so they should be carefully audited and monitored for hidden implants, if they were not already.”
Kaspersky uncovered the SessionManager malware while continuing to hunt for IIS backdoors similar to Owowa, another malicious IIS module deployed by attackers on Microsoft Exchange Outlook Web Access servers since late 2020 to steal Exchange credentials.
Gelsemium APT group links
Based on similar victimology and the use of the OwlProxy malware variant, Kaspersky’s security experts believe the SessionManager IIS backdoor was leveraged in these attacks by the Gelsemium threat actor as part of a worldwide espionage operation.
This hacking group has been active since at least 2014, when some of its malicious tools were spotted by G DATA’s SecurityLabs while investigating the “Operation TooHash” cyber-espionage campaign. In 2016, new Gelsemium indicators of compromise surfaced in a Verint Systems presentation during the HITCON conference.
Two years later, in 2018, VenusTech unveiled malware samples linked to the Operation TooHash and an unknown APT group, later tagged by Slovak internet security firm ESET as early Gelsemium malware versions.
ESET also revealed last year that its researchers linked Gelsemium to Operation NightScout, a supply-chain attack targeting the update system of the NoxPlayer Android emulator for Windows and macOS (with over 150 million users) to infect gamers’ systems between September 2020 and January 2021.
Otherwise, the Gelsemium APT group is mainly known for targeting governments, electronics manufacturers, and universities from East Asia and the Middle East and mostly flying under the radar.
Do you want to send email to WordPress users from your admin dashboard?
It’s actually quite simple to use WordPress for sending emails to your registered users. This can be useful if you have a membership site and want to send email announcements or other updates to your site members.
In this article, we’ll show walk you through the steps for sending emails to WordPress users without needing any code.
When Should You Send Email to WordPress Users?
WordPress automatically sends transactional emails to your customers like order receipts and password reset links. But you can also send mass emails to your entire list of users from WordPress. While this isn’t a recommended practice, it’s a good option to have in case you don’t have a proper email list maintained in an email marketing service.
If your website allows users to register, learning how to email users right from your WordPress dashboard is always an important skill. You may want to send emails about new product updates, changes to your website, or other important announcements.
How to Send Email to All WordPress Registered Users
To send emails to your WordPress users, just follow the steps below. First, we’ll set up WP Mail SMTP to take care of your WordPress email delivery from the backend. Then, we’ll set up another plugin that lets you select your WordPress email recipients, compose an email, and send it.
First, you’ll need WP Mail SMTP on your site to deliver your emails reliably to intended recipients.
By default, WordPress uses PHP Mail for emails which is commonly responsible for poor email delivery and spam blocks by mailing servers.
A much more dependable method for sending emails takes advantage of SMTP. In SMTP, your emails are properly authenticated, so their legitimacy is easy to verify. As a result, your WordPress emails are able to avoid spam filters and reach recipients without fail.
To install WP Mail SMTP on your site, first select a plan that’s appropriate for your needs.
You’ll be able to log into your WP Mail SMTP account area once you’ve purchased a plan and created your account. From your account area, click on the Downloads tab.
Now, press the Download Mail SMTP button to start the ZIP file download.
While the download is in progress, it’s a good idea to use this moment to copy your WP Mail SMTP license key. You’ll need this later on.
When the file has finished downloading, open your WordPress dashboard. Then, go to Plugins » Add New.
Here, you can upload the plugin file that you just downloaded. Click on the Choose File button and locate your WP Mail SMTP zip file in your download folder.
After selecting the file, click on Install Now. It will only take a few seconds for WordPress to install this plugin.
Press the blue Activate Plugin to activate WP Mail SMTP on your site.
Great job! Now we just have to configure a mailer with WP Mail SMTP to finish the setup.
2. Integrate WP Mail SMTP With a Mailer
WP Mail SMTP needs an API connection with a mailer service in order to deliver your WordPress emails properly.
The WP Mail SMTP setup wizard allows you to set up a connection between your WordPress site and a mailer service very easily.
After you activate the plugin, the setup wizard should launch automatically. But if for any reason it didn’t start, you can launch it manually.
From your WordPress dashboard, go to WP Mail SMTP» Settings. Underneath the Mail section, find and click the Launch Setup Wizard button.
The wizard will ask you to select an SMTP mailer service from a wide range of options.
If you need a reliable and reasonably priced mailer, we recommend SendLayer. However, you’re free to choose from other available options.
When you’ve selected a mailer, click Save and Continue. You’ll need to fill out a few fields to configure the mailer connection.
If you need help setting up a particular mailer, click one of the links below for detailed instructions.
In the final step of the setup, WP Mail SMTP will ask you to check the features that you want to enable. If you have the paid version, you can enable extra features like email logs (which we highly recommend for the purposes of this topic).
If you check the Pro features, the setup wizard will then require you to add your license key (which we copied in an earlier step). Insert your license key and then press Verify License Key.
The wizard will now send a test email to make sure your configuration is properly set up. If all is good, move to the next step.
3. Get the Send Users Email Plugin
Now that you have WP Mail SMTP configured, you can rest assured that your emails originating from any plugin on your site will always deliver successfully.
But by default, there’s no way in WordPress to write an email and send it to your WordPress users at will.
To be able to send emails to any recipient of your choice in WordPress, you’ll need to install a plugin called Send Users Email.
When the plugin is installed and activated on your site, you can start sending emails to your WordPress users easily.
4. Send Email to Registered Users
Open your WordPress admin area and then click Email to Users » Email Roles.
You should now see a page with options to send emails to people selected by their assigned WordPress roles. If you want to send the email to all of your WordPress subscribers, checkmark the box against Subscriber.
You can also select other types of users as your recipients such as administrators and authors. The email subject field lets you write a subject line for your email. There’s also a rich text field for composing the body of your email message.
After selecting recipients and writing the email, press the Send Message button,
Your email will now start sending to all WordPress users that you selected by role above.
But what if you only want to email individual users rather than mass emailing your entire list?
The Send Users Email includes a feature that lets you individually select each registered WordPress user you wish to send your email to.
To access this feature, go to Email to Users » Email Users. Here, you’ll see a list of all registered WordPress users on your site. You can simply select the users that you want to send emails to from this list.
As before, you can use the email subject field and email message fields to customize your subject line and email content.
Press the blue Send Message button to send your email to individually selected WordPress users.
Congratulations! You now have the necessary tools to send emails to WordPress users entire individually or to your entire subscriber list.
5. Track Your WordPress Emails (Optional)
Generally, WordPress isn’t the best way to send emails and run email marketing campaigns. This is because of the inherent limitations of the platform when it comes to email functionalities.
WordPress is primarily a content management system, so its email capabilities are only basic. For the best results and much easier management, you should consider using a dedicated email marketing service (Sendinblue, Constant Contact, and MailerLite to name a few).
However, if you are going to send some of your emails from WordPress, then it’s wise to log and track your emails.
One of the many benefits of WP Mail SMTP Pro is that it includes email tracking features. With this feature, WP Mail SMTP can track how many times your emails were opened and clicked by your subscribers.
To enable this feature, navigate to WP Mail SMTP » Settings.
On the top of the Settings page, click on the Email Log tab.
Here, make sure that the Email Log option is enabled.
Now scroll down to view additional email tracking settings. You can enable open and click tracking to collect open and click rate data for every WordPress email you send to users.
With email tracking enabled, you will be able to see engagement metrics for each email right within your WordPress dashboard.
This information is extremely helpful as it allows you to experiment with different subject lines to produce higher engagement levels.
And that’s all! You now know how to send email to WordPress users (by role and individually) and also track the performance of your emails from your admin area!
Ready to fix your emails? Get started today with the best WordPress SMTP plugin. WP Mail SMTP Elite includes full White Glove Setup and offers a 14-day money-back guarantee.
At Wordfence our business is to secure over 4 million WordPress websites and keep them secure. My background is in network operations, and then I transitioned into software development because my ops role was at a scale where I found myself writing a lot of code. This led me to founding startups, and ultimately into starting the cybersecurity business that is Wordfence. But I’ve maintained that ops perspective, and when I think about securing a network, I tend to think of ports.
You can find a rather exhaustive list of TCP and UDP ports on Wikipedia, but for the sake of this discussion let’s focus on a few of the most popular ports:
20 and 21 – FTP
22 – SSH
23 – (Just kidding. You better not be running Telnet)
25 – Email via SMTP
53 – DNS
80 – Unencrypted Web
110 – POP3 (for older email clients)
443 – Web encrypted via TLS
445 – Active Directory or SMB sharing
993 – IMAP (for email clients)
3306 – MySQL
6378 – Redis
11211 – Memcached
If you run your eye down this list, you’ll notice something interesting. The options available to you for services to run on most of these ports are quite limited. Some of them are specific to a single application, like Redis. Others, like SMTP, provide a limited number of applications, either proprietary or open-source. In both cases, you can change the configuration of the application, but it’s rare to write a custom application on one of those ports. Except port 443.
In the case of port 443 and port 80, you have a limited range of web servers listening on those ports, but users are writing a huge range of bespoke applications on port 443, and have a massive selection of applications that they can host on that port. Everything from WordPress to Drupal to Joomla, and more. There are huge lists of Content Management Systems.
Not only do you have a wide range of off-the-shelf web applications that you can run on port 443 or (if you’re silly) port 80, but you also have a range of languages they might be coded in, or in which you can code your own web application. Keep in mind that the web server, in this case, is much like an SSH or IMAP server in that it is listening on the port and handling connections, but the difference is that it is handing off execution to these languages, their various development frameworks, and ultimately the application that a developer has written to handle the incoming request.
With SSH, SMTP, FTP, IMAP, MySQL, Redis and most other services, the process listening on the port is the process that handles the request. With web ports, the process listening on the port delegates the incoming connection to another application, usually written in another language, running at the application layer, that is part of the extremely large and diverse ecosystem of web applications.
This concept in itself – that the applications listening on the web ports are extremely diverse and either home-made or selected from a large and diverse ecosystem – presents unique security challenges. In the case of, say, Redis, you might worry about running a secure version of Redis and making sure it is not misconfigured. In the case of a web server, you may have 50 application instances written in two languages from five different vendors all on the same port, which all need to be correctly configured, have their patch levels maintained, and be written using secure coding practices.
As if that doesn’t make the web ports challenging enough, they are also, for the most part, public. Putting aside internal websites for the moment, perhaps the majority of websites derive their value from making services available to users on the Internet by being public-facing. If you consider the list of ports I have above, or in the Wikipedia article I linked to, many of those ports are only open on internal networks or have access to them controlled if they are external. Web ports for public websites, by their very nature, must be publicly accessible for them to be useful. There are certain public services like SMTP or DNS, but as I mentioned above, the server that is listening on the port is the server handling the request in these cases.
A further challenge when securing websites is that often the monetary and data assets available to an attacker when compromising a website are greater than the assets they may gain compromising a corporate network. You see this with high volume e-commerce websites where a small business is processing a large number of web-based e-commerce transactions below $100. If the attacker compromises their corporate network via leaked AWS credentials, they may gain access to the company bank account and company intellectual property, encrypt the company’s data using ransomware, or perhaps even obtain customer PII. But by compromising the e-commerce website, they can gain access to credit card numbers in-flight, which are far more tradeable, and where the sum of available credit among all cards is greater than all the assets of the small business, including the amount of ransom that business might be able to pay.
Let’s not discount breaches like the 2017 Equifax breach that compromised 163 million American, British and Canadian citizen’s records. That was extremely valuable to the attackers. But targets like this are rare, and the Web presents a target-rich environment. Which is the third point I’d like to make in this post. While an organization may run a handful of services on other ports, many companies – with hosting providers in particular – run a large number of web applications. And an individual or company is far more likely to have a service running on a web port than any other port. Many of us have websites, but how many of us run our own DNS, SMTP, Redis, or another service listening on a port other than 80 or 443? Most of us who run websites also run MySQL on port 3306, but that port should not be publicly accessible if configured correctly.
That port 443 security is different has become clear to us at Wordfence over the years as we have tracked and cataloged a huge number of malware variants, web vulnerabilities, and a wide range of tactics, techniques, and procedures (TTP) that attackers targeting web applications use. Most of these have no relationship with the web server listening on port 443, and nearly all of them have a close relationship with the web application that the web server hands off control to once communication is established.
My hope with this post has been to catalyze a different way of thinking about port 443 and that other insecure port (80) we all hopefully don’t use. Port 443 is not just another service. It is, in fact, the gateway to a whole new universe of programming languages, dev frameworks, and web applications.
In the majority of cases, the gateway to that new universe is publicly accessible.
Once an attacker passes through that gateway, a useful way to think about the web applications hosted on the server is that each application is its own service that needs to have its patch level maintained, needs to be configured correctly, and should be removed if it is not in use to reduce the available attack surface.
If you are a web developer you may already think this way, and if anything, you may be guilty of neglecting services on ports other than port 80 or 443. If you are an operations engineer, or an analyst working in a SOC protecting an enterprise network, you may be guilty of thinking about port 443 as just another port you need to secure.
Think of port 443 as a gateway to a new universe that has no access control, with HTTPS providing easy standardized access, and with a wide range of diverse services running on the other side, that provide an attacker with a target and asset-rich environment.
—
Footnote: We will be exhibiting at Black Hat in Las Vegas this year at booth 2514 between the main entrance and Innovation City. Our entire team of over 30 people will be there. We’ll have awesome swag, as always. Come and say hi! Our team will also be attending DEF CON immediately after Black Hat.
Written by Mark Maunder – Founder and CEO of Wordfence.
If you’re like me, you often find yourself feeling like there’s not enough time in the day—and by often, I mean pretty much every day. When there’s no time to waste and you have to nail down your priorities, adding structure and consistency becomes a necessity. That’s where time blocking apps are an excellent way to manage your schedule: they force you to plan out every minute of your day.
Connect your time-tracking app to your other tools
Some time blocking apps work better for people who are more visual, while others are better for those who need more organization. Some apps are geared towards solopreneurs and freelancers, while others are designed for folks who work as part of a corporate team. That’s why I spent several weeks testing dozens of time blocking apps—to figure out which ones were the best for which people.
Whatever your reason for time blocking, one of the time blocking calendars here should speak to you and your needs.
Time blocking is a time management technique where you schedule how you’ll spend your time during every minute of every day. Each task you need to complete gets time scheduled on your calendar, so you can make sure you have the bandwidth for every to-do list item.
Most people’s work calendars look like this:
Your meetings are there, and the rest of your time is just assumed to be open. A time blocked calendar, meanwhile, fills in all of those gaps:
Time blocking as a time management technique was popularized by Cal Newport, author of Deep Work. Newport says he dedicates 10-20 minutes every evening to time blocking his schedule for the next day, but when you choose to block your time and create your schedule depends on what works best for you. You might create your schedule every day when you get to work, at the end of every work day for the next day, or at the beginning of each week for the rest of the week.
Additionally, you can approach the time blocking method in a couple of different ways. You might schedule time blocks for specific tasks around your meetings and other commitments, or you might choose to schedule time specifically for meetings and other commitments.
For example, instead of accepting meeting invites for whenever people send them, you may block off Monday, Wednesday, and Friday for working on tasks and leave Tuesday and Thursday open for people to schedule meetings. Then, you can break those big sections for Monday, Wednesday, and Friday down into specific tasks—daily or weekly, based on your priorities.
Scheduling time for tasks forces you to think about how long each task is going to take you to complete, which, over time, can help you form more realistic estimates.
What makes a great time blocking app?
How we evaluate and test apps
All of our best apps roundups are written by humans who’ve spent much of their careers using, testing, and writing about software. We spend dozens of hours researching and testing apps, using each app as it’s intended to be used and evaluating it against the criteria we set for the category. We’re never paid for placement in our articles from any app or for links to any site—we value the trust readers put in us to offer authentic evaluations of the categories and apps we review. For more details on our process, read the full rundown of how we select apps to feature on the Zapier blog.
You could just use your calendar app to time block your schedule, or even a sheet of paper, but dedicated time blocking tools make the process a lot easier. Here are the criteria I used to determine the best time blocking software:
Integration with your current calendar. Being able to sync a calendar with a time blocking planner saves time and helps keep schedules error-free, so this is a must-have.
Ease of use. Some apps are just downright hard to figure out, so it was essential that my picks had a simple, intuitive interface that was easy to navigate.
Calendar and tasks in one place. No one wants to deal with having their projects and to-dos scattered in too many places. The purpose of a time-blocking app should be to simplify, which means being able to find and review your tasks in a central place.
Customization. While the ability to customize features like colors, themes, lists, alerts, and notifications is of varying importance, I chose apps that I felt provided enough flexibility to fit most people’s day-to-day needs.
Integration with other tools. Integrating your time block planner with your calendar is just the standard, but integration with other apps and tools is a wonderful cherry on top.
Sunsama is by far the best-designed app on this list. The app wastes no space, and after setting it up, you’ll immediately understand how to use it. There’s a task list, sorted by date, and there’s a sidebar with a calendar. You can flip this around if you want, but either way, it’s quick to drag tasks over to your calendar, making it convenient to jot down all your duties for the day and then focus on planning them all out accordingly.
Another neat feature is the ability to properly categorize all your tasks. Most time blocking apps have some kind of tagging aspect, but Sunsama takes it a little further with what they call contexts and channels. Contexts are essentially overarching categories, like Work or Personal. Within those categories, you can create sub-categorizations, like Focus Time, Creative Time, or Family Time to further drill down the organization of tasks.
Where Sunsuma really stands out is how it helps you plan out your day. Sign on in the morning, and you’ll be asked which tasks you have to work on, how long you think they are, and when you want to do them all. It really makes the process of blocking your day painless, and there’s even support for sending a summary of your plan for the day over to Slack in a single click. When nearing the end of your day, Sunsama will prompt you to jot down what you finished that day and what you didn’t get to, which I found a nice way to regroup before logging off.
The app is full of little touches like this, and the result is that time blocking your daily to-do list feels easier here than in any app we tested. And integrations with Trello, Gmail, GitHub, and Jira mean you can drag tasks over from a variety of apps. Google and Outlook calendars are both supported. The main downside: there’s no free plan.
Sunsama pricing: Starts at $20/month. No free version, though there is a 14-day free trial.
If you’re looking for a Sunsama alternative, try Timepage. It’s not a traditional time blocking app, but the sleek interface and added features, like weather reports and RSVP reminders, make it a worthy option.
HourStack is well-suited for teamwork, with the ability to add multiple users and manage an entire team’s workflow. But it also works well as a task tracker app for individual professionals who just want to keep track of their work, monitor how much time is spent on each task, and block time out to focus.
You start by blocking time for the day/week. Then, when you’re ready to start on each task, click the task, and select Start to initiate a timer. When you’re finished working on the task, you can complete it if it’s finished, or if you run out of time, you can roll the task over to work on it again later. In the Reports section, you’ll see detailed metrics for the time estimated and spent on each task. And as bonus, you can integrate HourStack with Google Sheets to export all your insights, which is very useful when you need to present or share your time spent with people who don’t use HourStack. I also personally loved how visual the platform was—you can see all your tasks and events for the week as cards on your dashboard (Sunsama actually does this similarly, too).
HourStack will pull events from Google Calendar and Outlook 365, but it doesn’t add those events directly onto your HourStack calendar. Instead, you’ll see them in a sidebar on the right side of the screen and can drag and drop them onto your HourStack calendar.
The main downside to HourStack is that it doesn’t have a place to keep a to-do list. Instead, you’re mostly using your calendar to capture your to-dos. But it does have native integrations with apps like Trello, Todoist, and Asana, so you can see your to-dos from another app within HourStack to plan and schedule in one place. There are also integrations with HubSpot, GitHub, and Google Sheets—plus basically every other app, thanks to HourStack’s Zapier integrations, which let you do things like automatically adding new calendar events to your HourStack calendar and vice versa.
Add new Google Calendar events to your HourStack week
HourStack Pricing: 14-day free trial. Personal plan starts at $9/month.
Timely is an HourStack alternative that also allows you to track billable projects within a team. One of the biggest differences is the lack of an actual timer—instead, it uses a Memory app to track time automatically, which is nice, especially if you’re working on other projects in the background.
If you use Trello or Jira as your to-do list or project management tool, Planyway lets you block time on your calendar using those tasks.
You can easily create and place all your tasks into your pre-created Trello lists (or create new lists within Planyway), and then just drag and drop them onto the Planyway calendar. Connect your existing calendar, and you’ll see those same tasks or events with the rest of your schedule. The app did take a bit of time to think about integrating with my Google Calendar, but after a few refreshes, it wound up working just fine.
Planyway also gives you the option to connect it to your Google, Outlook, or Apple calendar, so you can see your calendar appointments in context. On its Free and Basic plans, Planyway supports one-way syncing: you can see your Planyway cards in your calendar using an iCal URL, but you can’t see your calendar events in Planyway. Two-way syncing that keeps both calendars in sync is available on the Pro plan.
Planyway Pricing: The Free plan includes one-way calendar syncing; from $3.99/month for the Pro plan that includes two-way calendar syncing and recurring tasks.
TickTick Premium lets you compile your tasks in a to-do list and then block time for those tasks on your calendar. But TickTick offers a feature that the others don’t: a Pomodoro timer. So if you want to combine time blocking with the Pomodoro Technique—or if you’re looking for the best task management app with built-in time blocking—TickTick Premium may be the best option for you.
Adding tasks to your calendar in TickTick isn’t as simple as it is in some of the other apps. Instead of dragging and dropping tasks onto your calendar, you have to take a few steps. While adding a task, you can use natural language processing to add a due date—for example, you could type “walk the dog tomorrow.” Do that, and your task will have a due date. If you forget, that’s ok: you can edit a task and select a due date. It will then show up on your calendar as an all-day event—you can drag it to whatever time you want.
TickTick can also pull events from your existing calendar and display them on your TickTick calendar; or you can set it up to push TickTick events to your main calendar. You can’t manage calendar appointments in TickTick, though—the appointments from your calendar are basically only there for reference. But it’s enough to plan your day.
Another neat feature to take advantage of is the Eisenhower Matrix. The name may sound a little intimidating, but it’s actually very simple. You can use the matrix to organize your tasks according to Urgent & Important, Urgent & Unimportant, Not Urgent & Important, and Not Urgent & Unimportant. This system essentially provides a way to properly prioritize and tag your tasks with a simple drag and drop. As someone who can get overwhelmed with the number of tasks on my plate, being able to see a visual representation of my tasks prioritized was a huge help.
You can integrate TickTick with thousands of apps using Zapier’s TickTick integrations. This is great for adding tasks to your calendar or pulling in tasks from other apps like Gmail or Slack.
Create TickTick tasks from new saved Slack messages
TickTick Pricing: The free TickTick product doesn’t include a calendar view; from $2.79/month for TickTick Premium that includes the calendar view and RSS feeds to and from third-party calendars.
Best free time blocking app for Apple users (and hyper-scheduling)
Sorted^3 is the self-proclaimed app for hyper-schedulers—and as someone who self-identifies that way, I’d absolutely agree.
Sorted^3 has an excellent onboarding flow. When you sign up, you’ll be immediately directed to a tutorial showing you how to use app shortcuts and other unique features, like Magic Select (more on that in a bit). While the amount of information may seem overwhelming at first, it does a superb job of guiding you through all the features that are available to you as you start using them.
On the hyper-categorization front, there’s a tab for lists that has sections for errands, notes, links, and groceries, so you can put any tasks or information that you want to store for later—but you can also schedule out any tasks from the lists as well.
Back to Magic Select. This feature lets you quickly highlight multiple items in your schedule. This means you can delete, recategorize, retag, or reschedule multiple tasks without too much effort. Surprisingly, out of all the other apps I tested, none had this feature.
You’ll also get an auto-scheduling feature. You can add all your tasks to the schedule section, assign a certain period of time for each one, and then let Sorted^3 do the heavy lifting of blocking out time for all your tasks. You can even add an automatic buffer period between tasks, and you’re able to move things around after they’ve been scheduled.
Sorted^3 also has some nice Apple-specific features. For example, you can sync to iCloud and can take advantage of Siri to plan out tasks.
Sorted^3 pricing: Free; PRO version is $14.99
SkedPal also has great auto-scheduling capabilities, and it’s worth a look if you like the idea of Sorted^3 but don’t use Apple devices. SkedPal’s time map feature allows you to throw a task into a category, like Focus Time or Weekends, and then automatically schedules it within that task category.
Do you need a time block app?
You might decide that you don’t need a dedicated app for time blocking, and that’s fine. Here are some other ideas:
We included TickTick in the list above, but some of the other best to-do list apps also have basic time blocking features, including Any.do and Todoist.
Honestly, any of the best calendar apps could work for calendar blocking. Just add your tasks as calendar appointments.
Serene is a distraction blocking app that also works great for planning your day. It’s not exactly a time blocking app, but might be better for some people.
Also worth noting: if you already have a great to-do list app and a great calendar app, you could just connect the two using Zapier.
Google Calendar + Jira Software ServerMore details
But if you want everything in one app, one of the tools in this list should do the trick. Each app offers a free plan or free trial, so you can try them all and pick the one that works best for you.
I’m pretty much always thinking about the prospect of starting an eCommerce business. I like my job, but I do not enjoy labor, and the siren songs of any number of passive income streams call to me daily. Tragically, however, I am not cut out for entrepreneurship. I spent a few years freelancing full-time in my early 20s, and I nearly bankrupted myself—I just never did any work.
If you’re thinking about diving into eCommerce entrepreneurship, you should have a clear and thorough understanding of exactly what it takes to be successful as an online seller. So before you start loading up on craft resin or earring hooks, read on to find out exactly what it takes to start an eCommerce business.
Pros and cons of running an eCommerce store
You don’t have to search very far to see what it is that draws people to the idea of starting their own eCommerce business. No micromanaging supervisors to answer to or fat cat executives living off of the fruits of your labor, and without any physical assets or locations, you can go wherever you want and still run your operation.
In short, many people are drawn to eCommerce selling because they think it’s their key to freedom. To those people, I say: au contraire. In many ways, eCommerce sellers are more limited than regular employees.
Sure, I may have to answer to my manager, but if I mess something up, there’s no chance of her requesting a refund on my last paycheck or claiming the work I emailed her got irretrievably lost. I may not make my own hours, but since my salary is fixed, I can take days off knowing that there’s no chance of it impacting how much money I make. You need to decide for yourself whether the benefits of launching an eCommerce business outweigh the risks of flying without the safety net of job security to fall back on.
How to tell if eCommerce is right for you
In the same way that some kids are terrible at homework but are great test-takers, there are some personalities that do thrive under the pressure of relying on their business’s success for their survival. When it comes to employment vs. entrepreneurship, there is no objectively better, more flexible, more independent choice—there’s just what works better for you.
Here’s a quick self-screener you can use to determine if you’re cut out for online selling:
Do you like what you do? This is something you’re going to be spending hours on, day in and day out—and you’re going to have to work really hard to get your business off the ground. Unlike traditional small business owners, you won’t have a staff, coworkers, or a physical workplace; it’s just going to be you, likely in your home, making the thing you sell. If you’re not truly passionate about your product, you’ll be miserable within a few weeks, tops.
Are you self-disciplined? It’s not easy being your own boss, especially in an industry as isolating as eCommerce. Many other small businesses don’t have this problem—I taught piano lessons for a period of time and didn’t have a boss then, but knowing that my students were relying on me to be prepared for their lessons still kept me accountable. It’s a lot easier to stay motivated when you’re interacting with customers or a small staff.
Do you have a lot of commitments? Anyone who has ever tried to work remotely from their parents’ house can tell you that, for whatever reason, people simply do not perceive solo work on a computer as “real work,” so if you want to run a successful online store, you need strong boundaries and a close relationship with the word “no.”
Can you take on the financial risk?Starting a store on the side while you stay in a day job is one thing, but if you’re making a complete leap to entrepreneurship, you need to be able to get by for a few months or even a year without much income. If you have lots of debt or a family to feed, this might not be the career for you.
Provided you’ve given it some thought and you’re ready to make the leap—or if you’re starting your business part-time until it takes off—you’re ready to get started on launching your business.
Choose an eCommerce business model
When I think of small eCommerce businesses, I think primarily of some of my favorite niche Etsy shops selling things like taxidermied squid jewelry and D&D dice with real mushrooms inside. (I am a very fun person to know at Christmas.)
But eCommerce selling includes far more than traditional consumer retail. Depending on your needs, you may find that one of these alternatives suits you best:
Dropshipping: Dropshipping is a type of eCommerce business where you sell products without carrying any inventory. When a customer places an order on your site, you simply contact the supplier (or have the order sent automatically) and have them ship the product directly to the customer. Dropshipping is a popular eCommerce business model because you don’t need to spend a lot of money up front.
Print on demand: Print on demand is similar to dropshipping, but instead of shipping products from a supplier, you have your products printed and shipped by a print-on-demand service. This type of eCommerce business is often used for selling custom-printed products like t-shirts, mugs, and stationery.
Retail arbitrage:Retail arbitrage is the process of buying products from brick-and-mortar stores and selling them online at a higher price. This type of eCommerce business can be profitable, but it requires a bit more work than dropshipping or print on demand. You also need to identify a product niche that allows you to do this profitably, where you can be confident that customers won’t just go to the original source to make their purchase at a lower price.
Wholesaling: Wholesaling is a type of eCommerce business where you sell products in bulk to retailers. The benefit of wholesaling is that you can get discounts on the products you purchase, which allows you to sell them at a higher price and still make a profit. But this requires a large initial investment since you’ll need to stock inventory in bulk quantities.
Subscriptions: Subscription eCommerce businesses sell products or services on a recurring basis, most commonly in the form of a monthly box of curated products (or, in my dog’s case, a monthly delivery of different home-style baked treats). But there are other types of subscription businesses, such as online courses and members-only clubs.
What business model you choose will also rely heavily on the product market you want to target, since not all models will work with all types of products. Naturally, dropshipping won’t work to sell hand-knitted sweaters, while very few people are likely to buy a subscription for artisan coffee tables. The other thing that will help you decide what products to sell is your chosen target market.
A broad target market is the kiss of death for a budding eCommerce entrepreneur. There are over 9.1 million eCommerce retailers in the world, 2.5 million of which are located in the United States. Do you want to compete with between 2.5 and 9.1 million businesses? I didn’t think so.
When you choose a product market, you’re isolating a part of this larger market of retailers that you want to compete within. The more specific your product market is, the fewer competitors you have; the fewer competitors you have, the more likely you are to succeed. In eCommerce, the most successful sellers home in on extremely small, highly specific product markets—also called micro-markets or niches.
How to find your eCommerce niche
A product niche is a very small sliver of a product market that is both large enough to contain a robust customer audience but small enough that it doesn’t contain many competitors. The best way to identify your niche is to start with a product market and whittle it down from there.
To choose a product market to start with target products that:
You’re capable of creating (at high quality)
You enjoy creating (even at scale)
Have a small market/minimal competition
People want or need
Are profitable
Let’s break down each of these characteristics in detail.
Pick something you’re good at
It’s perhaps the most obvious of the five characteristics listed, but it still bears mentioning: when starting an eCommerce business, choose something that you can do or make well. If you choose something extremely unique and specific that no one else is doing, you may be fooled into believing the lack of competition will make up for poor quality. But the moment you gain some popularity, if someone else can create your product better than you can, your business will be dead in the water.
Pick something you like
Choose something you enjoy making, looking at, and thinking about. More importantly, choose something you won’t hate after the tenth, fiftieth, hundredth, or thousandth time you’ve sold it. Selling can be tedious work, especially if you make your products yourself. Don’t build your business around a product market only to find that you can’t stand working in it.
Pick a small market with limited competition
eCommerce sellers can’t use the same logic and strategy that regular companies do to choose their target markets. You’re one person, with one person’s resources and power—if you try to enter a market where you’re competing with full-sized companies and brands, you’ll be out-marketed and out-maneuvered every time.
Be specific: instead of lawn services, target the market for environmentally sustainable lawn care in one finite geographical location. Instead of publishing eBooks on finance, publish eBooks on investing for American women ages 18-24. Keep narrowing it down until you’ve found your product niche (more on that later).
Pick something people want or need
This is just common sense: you need to sell something that people will actually buy. Even the biggest brands still mess this up every once in a while (looking at you, Colgate-brand frozen dinners and the Bristol-Myers Squibb nightmare that was the “Touch of Yogurt” shampoo). Don’t wait until after you’ve launched your product to try to match it to a potential customer market. Do your research, and narrow down your target customer’s pains and gains, or the problems they need to solve and the enjoyable things they want to enhance. Make sure there’s a large enough demographic of people who are in the market for what you can provide.
Pick something profitable
There’s no surefire way to guarantee that a product or business will be profitable, but with some thorough research, you can certainly strengthen your odds. Ideally, you want to choose a product market with a strong balance between a large potential customer base and a small number of competitors. You’re also more likely to succeed if your product is truly unique in some way—if you offer a feature or element that no other competitor offers. Keep narrowing down your market until you’ve found your unique niche.
Narrowing down your product niche
Once you’ve identified a promising product market, you can start adding details to whittle your target market down to a target niche.
For example, let’s say that you make clothes in your free time, and you’re interested in figuring out how to turn that into an eCommerce business opportunity. In the broadest sense, you want to target the clothing industry, but since this is an extremely saturated market—meaning that it contains many, many competitors—it’s not one where you’re likely to succeed as an individual eCommerce seller.
You need to find a more unique product category within the larger framework of the clothing industry. One good choice might be pet clothes, since there are far fewer designers and retailers in the pet fashion industry than the human one. But “pet clothes” is still a pretty broad category, so you might narrow it further to pet clothes that are specifically for dogs.
When solo eCommerce selling was still a burgeoning market, handmade dog clothes may have been a narrow enough niche to pursue since there were so few non-corporate sellers and even fewer online marketplaces where sellers could compete. But today, you’ll want to get even more specific—perhaps by focusing on dog clothes for specific occasions, like weddings and engagements.
That’s as far as I’m taking this example, but if I were actually launching this business, I’d probably drill down even further just to really make sure that I had my unique micro-market cornered. I might narrow it down by size, theme, or even specific clothing items until I hit on my ultimate niche: floral-themed wedding bow ties for small and medium dogs. (Though there’s truly no limit to how far you drill down your niche—until, perhaps, you reach CelebriDucks levels of specificity.)
Your niche isn’t a permanent designation—if your product does well in your corner of the market, you’ll have more capital to invest in better marketing, audience targeting tools, and maybe even an employee or two. The more your company grows, the more resources and power you have to capture a larger market share.
Set up your store
You’ve found your market, honed your niche, picked your product, and you’re ready to start generating inventory and selling it to your customers. It’s time to choose a platform and set up your eCommerce store.
Choose an eCommerce platform
Talk about a crowded market—there are a ton of different platforms you can use to create a store online. You also don’t necessarily need your own online storefront; you can sell on marketplaces, crowdfunding sites, or a number of other eCommerce alternatives. If you do go with an eCommerce platform, here are a few different guides and comparisons that can help you find the right site for your business:
The platforms above fall into one of two categories, each with different setup requirements.
A standard website builder (like Wix, Weebly, Squarespace, or WordPress) will allow you to create an entire website, only part of which needs to be dedicated to your actual store’s functions. If eCommerce selling is only part of your business plan—for example, if you’re a professional photographer who sells prints and posters as a side hustle—you would want your site to be dedicated to your store as well as pages housing biographical information, your professional portfolio, booking information, recordings of photography classes or talks you’ve given, online course signups, and anything else that pertains to your career.
If your primary goal is eCommerce selling, you’re better off opting for a purpose-built eCommerce platform like Shopify or WooCommerce. Both platforms are capable of many of the same features as a general website builder, like adding about pages, forms, image displays, and blogs. These platforms also grant you access to more advanced features and integrations designed specifically for eCommerce sites, which can help supercharge your selling and help your store gain momentum early on.
Ready to build your store? Check out these step-by-step guides to building your store in the platform you want:
With your eCommerce shop all set up, it’s time to throw everything you’ve got into making sure that it succeeds. You can’t wait for your customers to come to you—you need to go out and find, reach, and convert your target audience.
Target inbound sales leads
Inbound sales strategies are designed to draw people to you, instead of the other way around—think search optimization (SEO), paid search, social media, email marketing campaigns, and content marketing.
Explore potential sales strategies in more detail with these guides:
As a small business owner, your plate is going to be full most of the time (frankly, it will often be full-on, Thanksgiving-style overflowing). If you want to keep up with it all, you need to learn to be efficient about using what you already have and drawing multiple marketing materials out of one asset.
For example:
Get into the habit of snapping and recording your day-to-day processes and behind-the-scenes moments, so you always have material for social and website visuals.
If you’re researching a topic, if it’s related to your business, consider adding an extra step to turn your research into a marketing email or SEO post.
Whenever you design a new marketing asset—an email layout, an Instagram Story, a blog structure—aim to turn it into a template that you can use again, instead of starting from scratch on your next asset.
Marketing as a small business owner is a “work smarter, not harder” game. Get as much mileage as you possibly can out of everything you create, and you’ll free up time and attention that would be better spent on business strategy and growing your company.
Automate as much as possible
There are lots of opportunities to automate parts of the eCommerce process. Invest time in setting up automations at the outset, and you’ll save far more time and energy avoiding unnecessary busywork once your store gets off the ground.
In fact, most of the risks specific to eCommerce entrepreneurship come down to the fact that it’s an overwhelming amount of work for one person to handle, so automating as much of your workload as possible can materially increase the likelihood of your business’s success.
Here are a few guides on the kinds of automation that work best for eCommerce and how to set them up:
Mind mapping is a creative way to brainstorm and find connections between different ideas. Done right, it’s a great way to come up with new ideas and solutions to tricky problems, outline an article or presentation, and generally just get your thoughts in order.
Use automation to support brainstorming, delegation, and communication
I do most of my mind mapping digitally—and even when I don’t, I often recreate a paper mind map online so that I can have it safely stored and easily searched. (It’s a weird hybrid approach, but it works for me.)
Over the past several years of updating this list, I’ve tested close to 50 different mind map tools, many multiple times as they’ve been updated and added new features. I’ve also made dozens of mind maps myself, both on paper and digitally. Pen and paper set a very high bar to clear, but these are the five best mind mapping apps that manage to clear it.
Traditionally, a mind map is done with a pen (or, ideally, loads of colored pens) and paper. You start by writing a central idea or theme in the middle of a blank sheet of paper. Then the fun starts: around your central theme, you create “nodes” connected by lines, each with its own related idea or theme. For example, if the central theme was “Summer” (say, for a marketing campaign), the first five or so nodes might be “Good weather,” “BBQs,” “Vacation,” “Air conditioning,” and “School’s out.”
From each node, you then repeat the process, drilling deeper into the different concepts. “BBQs” might lead to “Family time,” “Good food,” and “Burgers.” “School’s out” could lead to “Summer jobs,” “Extracurriculars,” and “Alice Cooper.”
Some ideas will also connect back to other ideas. “Family time” could also link to “Good weather” and “Vacation.” “Burgers” could link to “Summer jobs.” But by getting all these branching concepts down on paper, you can start to see the relationships between different things and generate new ideas. Who’d have thought before we started brainstorming that Alice Cooper flipping burgers at a family BBQ (or maybe in a fast food joint?) could make for a killer summer ad?
What makes for great mind map software?
How we evaluate and test apps
All of our best apps roundups are written by humans who’ve spent much of their careers using, testing, and writing about software. We spend dozens of hours researching and testing apps, using each app as it’s intended to be used and evaluating it against the criteria we set for the category. We’re never paid for placement in our articles from any app or for links to any site—we value the trust readers put in us to offer authentic evaluations of the categories and apps we review. For more details on our process, read the full rundown of how we select apps to feature on the Zapier blog.
Mind mapping with a sheet of paper and a pen is an incredibly intuitive and natural way to work. You just start drawing and go from there with almost nothing in your way.
It does have its downsides, though. Unless you have a gigantic whiteboard knocking around, you’re limited to a fairly small piece of paper. It’s not searchable, and you can’t easily undo things or make edits. And, worst of all, if you lose your mind map, you don’t have a backup. So even though pen-and-paper mind mapping is delightful, it might be worth considering a mind map app.
While each mind mapping tool on this list has its own unique benefits, they all meet at least the following criteria:
It’s actually a mind mapping app. A lot of drawing, diagramming, and flowchart apps are marketed as mind map apps—but they aren’t. While you could make a mind map in them, you could also use PowerPoint, Photoshop, or MS Paint. You could even get a key and carve a mind map into your computer screen. Just because something can be used to make a mind map, doesn’t mean it should or that it will do it well. These more general-purpose apps tend to lack the features that make creating a mind map digitally as easy as possible, like automatically linking nodes, brainstorming modes that let you get a lot of concepts down quickly, and search. For an app to make this list, we dug past the marketing and made sure it was designed from the ground up for brainstorming, not for drawing or creating professional diagrams or charts.
It gets out of the way. Mind mapping with a pen and paper is a joy. No app is ever going to be quite as intuitive, but it should come as close as possible. After a short learning period to get up to speed, you shouldn’t have to stop and think to create a node, or dig through menus to connect two ideas. The app should just fade into the background—the same way your web browser does.
It offers an unlimited canvas. A digital mind map tool should have a practically unlimited canvas size, so you can make a mind map as big as you can conceive of, connecting huge numbers of ideas if you want. Using an app is all about overcoming the analog downsides, not reinforcing them.
It allows you to attach files. Sometimes you need more than a few words to fully illustrate a concept—and doodling is a big part of analog mind mapping. For an app to make this list, you need to be able to attach images, videos, documents, web pages, and other assorted extras to your mind maps.
It allows you to save and export. You can’t easily edit, save, or share your paper mind maps, so one of the big reasons to go digital is that you can. The best mind map software lets you come back to a mind map later and change it up, save it, and export it in different formats, so you can send it to your colleagues, classmates, or anyone else.
This is my third year keeping this list updated, so I’m very familiar with all our top picks—plus all the apps that come close to breaking into this list but just fall short. To test each mind map app, I use it. I start with some silly concept and just mind map away to see how it works and feels. (I’m always comparing things back to both paper and the other apps.) If it’s nice to use and ticks all the boxes, it goes on a shortlist to be considered for inclusion. If it’s awkward, gets in the way, or doesn’t have a key feature, I leave it off the list (though all the testing notes get added to an increasingly complex spreadsheet, so I can check if things improve next year). From that shortlist, I pull out the best of the best. So, here are the five best mind mapping apps.
Best mind mapping software for beginners and occasional use
Coggle is, in many ways, the mind map maker to beat. It’s fast, intuitive, and easy to use (with great keyboard shortcuts)—even though it’s only available through your web browser. Perhaps best of all, Coggle is free for up to three private mind maps. As long as you save your mind maps as PDFs, plain text documents, or images, you can delete your old drafts and basically have unlimited free mind mapping. If you’re only looking to use a digital option every few months, it’s practically perfect.
The moment you start a diagram in Coggle, you’ll see the central node of a new mind map. From there, you can create new nodes by clicking on the plus sign or—if you want a faster experience—tapping the tab key. There’s a handy cheatsheet of all the keyboard shortcuts in the bottom-right corner of the app, and it’s worth learning to use them.
Coggle is packed with thoughtful touches. One of my favorite features is that you can format your mind map items and messages with Markdown, so you can get as fancy as you need to while adding your text, images, and links to the canvas. There’s also collaboration built in. If you want to bounce some ideas off a colleague, you can go ahead and add them to your mind map, carry on a conversation in the messages sidebar, or go into full-screen presentation mode to take a step back and do more high-level ideation.
In short, for occasional mind mapping (whether on your own or with colleagues), Coggle nails it, and it’s your best option s for free mind mapping software. Its paid offering is also great, but for $60/year, you can get other mind mapping apps that work natively rather than just through a web browser.
Coggle pricing: Free for up to three private diagrams; $5/month for unlimited private diagrams and extra mind mapping tools (like additional shapes and color control).
Best mind mapping software for collaborating with a team
MindMeister is one of the best collaborative mind mapping tools out there. It’s a little less intuitive to use than Coggle, and some features—like exporting your mind maps as a PDF or image, or attaching images and videos—are limited to paid plans, so it’s a less enticing option for solo mind mappers. For teams, though, its collaboration features are great: you can add team members and guests to your mind map, leave comments for each other, and otherwise work together to brainstorm or present ideas.
It also has a sleek modern interface and plenty of customization options (including some more corporate layouts). Plus, it automatically aligns your nodes, which makes it easy to create great-looking mind maps that won’t look out of place in a meeting room.
MindMeister is owned by the same people that make MeisterTask, a web-based, kanban-style project management app. The two tools are integrated, so you can turn your brainstorm session into an actionable project, assigning individual items on a mind map to members of your team, tracking task progress, and syncing it all with your other project boards inside MeisterTask—which even integrates with Zapier.
MindMeister pricing: Free for the Basic plan that includes up to three mind maps and real-time collaboration. From $4.99/month for the Personal plan that includes unlimited mind maps, file attachments, and PDF exports.
Best mind mapping software for a modern mind mapping approach
Ayoa is the follow-up to one of our previous mind mapping picks, iMindMap. It was created by Chris Griffiths, a mind mapping expert and author who has collaborated with Tony Buzan, the man responsible for popularizing mind mapping in the 1970s. Put simply, it’s got a serious mind mapping pedigree—and it shows.
Open Ayoa, create a Mind Map, and you have a choice of making an Organic Map, a Speed Map, a Radial Map, or a Capture Map—though you can also change between them at any time with a dropdown menu. (You can also make a Whiteboard or Task Board if you’re doing some more corporate-style brainstorming, though these features are limited to the more expensive plans.)
The Organic Map is the most traditional and mimics the kind of thing you’d draw with a pen and paper. You aren’t confined to just putting words in boxes. Instead, you’re encouraged to label the swooshing, Sharpie-like branches that connect different ideas. It’s a much more natural process than a lot of the other apps.
A Speed Map is similar, but with a stripped-down setup designed for rapid brainstorming. You’re almost forced to use keyboard shortcuts, like Tab for a new child branch and Enter for a new sibling branch, as the buttons to do the same are hidden away unless you deliberately click on a node. It’s great when you want to ideate quickly.
A Radial Map is a totally modern approach to mind mapping. Instead of nodes and lines, every idea becomes part of a series of concentric circles. A peripheral segment of your central idea becomes the center of its own circle of ideas as you move outward. It’s mind mapping that’s moving beyond the limits of what can even be imagined with paper.
A Capture Map is a blank canvas that allows you to quickly add ideas, whether they’re related or not. They float around the page as little thought bubbles. You can then connect them and turn your rough outline into an Organic Map, Speed Map, or Radial Map.
And Ayoa isn’t just limited to basic (and not-so-basic) mind mapping. The chat, real-time collaboration, whiteboard, and task management features make it ideal if you’re part of a small team looking to realize your ideas. It’s also designed to be accessible to neurodiverse people. Ayoa is under rapid development, so it’s worth keeping an eye on their roadmap to see what features are coming down the line. When we reviewed this app two years ago, the whiteboard features didn’t exist. Last year, they were worth mentioning. Now, they’re so good that Ayoa almost made our list of best whiteboard apps.
This year’s surprise feature addition was GenerateIdeas.ai—an AI-powered brainstorming tool (though it’s only available on the most expensive Ultimate tier). Click Open in GI, then right-click on any node and select Ideas, Questions, or Explain, and it will come up with up to four related concepts. I found it was a little too willing to dive into controversial concepts like weight loss (a problem with many AI-powered tools). Using “Spring” as a test bed, I quickly generated ideas like “go for a morning jog” and “chocolate Easter eggs,” which, when the AI expanded on them, led to suggestions like “go for a morning jog to lose weight” and “develop a healthier chocolate to help with weight loss.” Keep this in mind if you’re going to use it in your workplace.
Ayoa pricing: Mind Map plan for $6.95/user/month with all mind mapping features. The Pro plan for $13/user/month adds whiteboards and other advanced features.
Most mind mapping apps are web apps, and if there’s a native app available, it’s really just a shell for the web app. It’s fine if you want the collaboration, sharing, and other features you get with an online service, but what if you just want a simple way to brainstorm by yourself?
MindNode, a native Mac, iPhone, and iPad app, is perfect for Apple users (and when I’m in a big mind mapping buzz, it’s my go-to app). Start a new map on one device and it instantly syncs to your other devices using iCloud. The app is just as easy to use (and as powerful) whether you prefer to tap the plus icon to add a new node on your iPhone or click it on your Mac. And since it’s a fully native app, no internet connection? No problem.
MindNode also has a load of other features that will keep you happy if you’re deep in Apple’s ecosystem, like a Quick Entry dialog in the Menu Bar on your Mac, Widgets for the Home screen or Notification Center, a Watch app, Apple Pencil support, and integration with popular to-do apps Apple Reminders, Things, and OmniFocus. Select any node, and click Add Task to turn it into a to-do item. Or click the share menu and Export to Things (or OmniFocus), and your mind map will get converted into a project in your chosen app with all your to-dos ready to be checked off. It’s a great brainstorming app that lets you turn a brainstorming session into something actionable.
MindNode pricing: Free limited Mac and iOS app; $2.49/month for MindNode Plus with image support, tasks, themes, and styling options.
Best mind mapping software for personal brainstorming
If you just make mind maps by yourself and don’t need to constantly brainstorm with other people, then a lot of the tools we’ve looked at are overkill. A lot of development time goes into supporting real-time collaboration, versioning, and the like. With XMind, however, all that same dev energy goes straight into making mind mapping nicer, faster, and easier.
While XMind is available on the web (if you have mind maps stored in a cloud storage provider like Dropbox or Google Drive), its native apps are what shine. It’s available on Windows, macOS, iOS, Android, and even Linux. If you need something cross-platform so you and your family (or professional team) can all use the same app, even if you aren’t collaborating in real-time, it’s hard to beat.
While it’s subjective, I also feel that XMind makes the nicest mind maps by default. It’s got a slightly hand-drawn style that I wish I could mimic with a pen and paper. It’s professional enough for the office (especially if you use the built-in Pitch mode), but also nice enough that you’ll want to use it by choice.
Otherwise, XMind hits all the marks you’d expect from a mind mapping app. It’s intuitive to use whether you rely on keyboard shortcuts, a touch screen, or clicking buttons with a mouse. There are enough customization options and themes that you can make your mind maps how you like.
Really, the biggest downside is that, at ~$7/month, it’s expensive for one person—especially when you consider all the features it lacks compared to, say, Ayoa or MindMeister. If a nice solo offline experience is more important than the most features for the money, then it’s easy to recommend. On the other hand, if you’re not mind mapping that often or need to work in a more deliberate way with other people, it’s probably not for you.
XMind pricing:$39.99 for 6 months (or $59.99 annually) for up to five desktops and five mobile devices.
If you’re wary of subscription fees and want something for personal use, SimpleMind is a solid XMind alternative. It’s available from €24.99 for Windows or macOS (€44.99 for both), $9.99 for iOS, and $8.49 for Android.
Do you need a mind mapping app?
Mind mapping can be a great way to generate and connect ideas, but unless you do it all the time, you probably don’t need a dedicated mind map creator—or at least not a paid one. Because, when it comes down to it, mind mapping software is just brainstorming software—and you can brainstorm pretty much anywhere. If you want a compromise, Coggle is a great place to start for free mind map software, since the free plan is pretty generous.
Also, reconsider the pen-and-paper method. It’s really hard to beat—which is why there are so many mind mapping apps available and so few on our list—and you can always take a photo of it to save it or share it. It’s not as tech-y as an app, but it works if you don’t make mind maps all the time as part of your job, or even in your personal life.
A good morning routine sets the productivity tone for the day. But is it really as simple as a morning ritual and a healthy breakfast? After analyzing the advice and morning routines of six top productivity experts, we’ve pinpointed the most common practices of successful people for a productive morning. No matter how much chaos happens when your eyes open, know this: A morning routine for better productivity is a learnable science.
1. Wake up at YOUR right time
“Morning people” are supposed to be the high achievers. The early bird is supposed to catch the worm, right? And a cold shower to wake up? Groan. Where’s the snooze button on that? Can the early (or late) hours you sleep really make a difference?
One 2021 academic study found that waking up just one hour earlier was associated with a 23% lower depression rate. While some people who wake up earlier are more productive, night owls can still have a perfect morning routine that leads to a productive day. Think of it like breakfast and brunch. They’re both delicious, and they both work if you’re hungry.
Mike Vardy, productivity author, speaker, podcaster, and blogger at Productivityist, wrote, “Look, I’m a night owl—and proud of it. Why? Because despite having many say that my sleeping habits make me less likely to achieve, I prove them wrong. I don’t just do that every once in a while. I do it every single day.” The most important thing isn’t what time you get out of bed. It’s getting in tune with your body’s clock for a good routine.
According to Sleep.org, your body knows what it should be doing and when. Don’t force yourself to be part of the 5:00 a.m. club if you can’t fall asleep before midnight. Forcing yourself out of bed is a recipe for burnout. If you’re not a morning person, your body will only work with you for a few days before it begs for mercy.
2. Prepare the night before to eliminate morning decision making
Many productivity experts and successful people spend evenings preparing for the next day. Their recommendation: It leaves mornings free for an early start on important work (and breakfast).
Erik Fisher is the voice behind the Beyond The To-Do List Podcast. He’s interviewed over 100 different productivity experts on topics like lifehacking, work-life balance, and creativity. He points out that if you analyze productivity experts’ morning routines, you’ll find a few things in common. Most focus on big picture goals, gratitude, and planning for the day.
Productivity coach Zack Sexton’s morning routine looks like this:
Water (20oz. often w/ lemon)
Cuddles (w/ fiancée Nikida)
Coffee
Meditation
Read something inspirational (often in sauna)
Shower (if sauna-ed)
Look at calendar
Start first journal entry (including prompts about something learned, things to be grateful for, and what to focus on for the day)
Mental recitation of their personal mission statement
Listing three items of gratitude
Repetition of their three goals: Health, wealth, and love
Kevin thinks of what tasks he’ll do that day to help achieve each goal. “All that takes about five minutes,” he says.
You don’t need a lengthy meditation routine. Yoga, meditation, journaling, reading, or a quiet walk can help you focus on a positive outcome for the day.
4. Move around and hydrate in the morning
When you feel great, it makes it easier to handle the morning alarm clock. If it’s hard just get out of bed, you probably won’t be excited to run to the gym—and that’s ok. Simply moving your body will get your blood flowing and help get your day started.
While you’re moving, stay hydrated. What you put in your mug matters. Drink water in the morning to kickstart your day and give you lasting energy.
Jeff Sanders, author of The 5 AM Miracle and host of the podcast with the same name, says his favorite morning habit is to drink one liter of water within the first 45 minutes of bouncing out of bed. “Hydration is incredibly important, especially after waking up. I always find that this larger quantity of water provides incredible energy and prepares my body for the day ahead.”
5. Eat the frog—or tadpole—first thing in the morning
The “frog” is your most important task or work—the one you’re dreading the most because it’s large and looming over you. Build the habit of doing your biggest task first for a huge boost of accomplishment first thing.
But procrastination is real, making it even harder to get your day started. Whether you eat the frog or tackle some small tadpoles first, find your ideal morning routine rhythm and get started.
Create your ideal morning routine for a productive day
Mornings don’t have to be rough, and you can learn to become more productive throughout the day. No need to overhaul your morning routine all at once; introduce one new practice a week and track your improvement. They say if you win the morning, you win the day.
What is the right to disconnect? The term means exactly what it sounds like—your employee’s right to shut off work after hours without fear of repercussion. As Fast Company points out, legislation is mounting in support of an employee’s right to not be available off the clock in France, Italy, Spain, Ireland, and elsewhere. The European Union (EU) defines the right to disconnect as “a worker’s right to be able to disengage from work and refrain from engaging in work-related electronic communications, such as emails or other messages, during non-work hours.” What do “working hours” look like as the line between home life and work life blurs?
Know this: Overworked employees are overstressed employees, and the business impact of burnout is significant. A 2021 Employee Burnout Report from Indeed found that, “More than half (52%) of respondents are feeling burned out, and more than two-thirds (67%) believe the feeling has worsened over the course of the pandemic.”
A 2020 study from Deloitte estimates that employers lose approximately $56 billion a year in expenses that stem from burnout—including absence, presentee-ism (employees underperforming or functioning at reduced capacity), and turnover costs. And that barely begins to scratch the surface.
Make The Right To Disconnect From Communication A Priority
Employers who prioritize the wellbeing of their employees and their company create an environment where a healthy work-life balance isn’t just encouraged—it’s the norm. Build a culture in which considerate communication is the default. Adjust communication guidelines as needed to protect your employees.
Make Async Communication The Norm
An immediate response from a coworker should be the exception, not the rule, and employees should be encouraged to use asynchronous communication. Provide a maximum response time frame to keep projects moving forward (for example, within 24 hours, Monday through Friday), but let team members know they don’t need to be monitoring Slack, email, etc. 24/7.
Set And Share Working Hours
With employees on flexible schedules and/or across time zones, make sure it’s clear when people are available and when they aren’t. Google Calendar, for example, allows employees to set their working hours. And some teams have loosely scheduled face-time hours to allow for meetings across time zones (such as 9:00am-1:00pm). Encourage your team to set parameters to limit face-to-face meetings that don’t work for everyone. Help employees be respectful of their coworkers’ working hours and avoid scheduling snafus.
Embrace A “Schedule, Don’t Send” Policy
When employees know how they’re expected to communicate, it’s easier to make the decision to unplug once the workday is done. Clear communication expectations alleviate the pressure to check emails during dinner or frantically type up responses to questions that could wait until morning.
Coach teams to schedule Slack messages or emails (in Outlook or Gmail) for the following morning instead of sending them when the recipient is “off the clock.” For communication that’s not time-sensitive, employees should preface requests with language like “this isn’t urgent” or “later this week” so people know there’s no rush to respond.
Encourage Healthy Work-Life Balance
Sure, you may offer unlimited vacation time or flexible hours. But if your employees don’t feel they can take that time off without negative repercussions (like being passed up for a promotion), then they’re likely to burn out.
Model your company’s commitment to boundaries around work-life balance with internal policies that promote flexible work schedules, vacation, and time to relax outside of working hours. Evaluate your organization’s existing policies and ask if they provide clear expectations. And if you’re not doing so already, offer your employees the following:
Hybrid And Remote Work Options
Who can work remotely? And are there different expectations for remote workers vs. office workers? Spoiler alert: In equitable workplaces, there shouldn’t be.
Could hybrid work be an option for some teams or individuals? While the pandemic forced a mass office exodus, it also created a new landscape of options. Evaluate your building capacity and decide who can safely return, and when. Employees need to know exactly what working remotely or on-site entails to decide what they enjoy and find productive.
Outline Tasks, Expectations, And Goals
Flexible work is great, but it needs parameters for success beyond just sitting at a keyboard for a certain number of hours. Provide employees with written guidelines on how much work they’re expected to complete each week, each month, or each quarter. To embrace flexibility and avoid burnout, employees need guide rails and metrics to know when their work is done.
Remind Employees To Use Their Benefits
Make certain employees understand all their benefits, including health and wellness perks such as mental health services or gym membership. And more importantly, make sure leaders and human resources use positive language when discussing these benefits to encourage their use. If employees feel like they can’t or shouldn’t use their benefits, they won’t, which drives them toward overwork.
Respect Vacation Time—And The Right To Disconnect
A generous vacation policy is only beneficial if employees actually leave the office behind when they’re away.
In the When Vacations Aren’t Enough survey by Visier, over a third of respondents surveyed said their employer expects them “to check in with work during vacation.” And 49% said taking time off alleviates feelings of burnout temporarily, but the prep work and catch-up work takes a toll.
Encourage creativity and productivity by ensuring employees get stress-free time away to recharge without interruptions. Consider the following vacation etiquette guidelines for your teams:
List And Delegate Tasks Upfront
Chances are that coworkers and/or managers will need to step in and help while an employee is out of office. Ask employees to create coverage documents that clearly define who will take care of each task in their absence. This resource gives everyone ample time to connect, gather relevant details, and clarify coverage questions before the vacation begins.
Promote Radio Silence
Remind your team to mute email, Slack or other work notifications while they’re on vacation. And create a shared public calendar or a Trello board where everyone can see out-of-office dates across the team.
Track Team Updates In One Place
Nothing is worse than returning from vacation to a mountain of messages and trying to figure out what happened while you were gone. Set employees up for success with an enterprise-level work management system to catch all project info, files, and updates in one place.
With these safeguards in place, you’ll enable your employees to spend vacation the way it should be spent—in blissful, guilt-free relaxation! And you’ll reap the benefits of them returning to the office refreshed, inspired, and ready to hit the ground running.
Create A Company-Wide Knowledge Base
Tracking internal guides, notes, onboarding resources, and training materials is often a time-consuming nightmare.In the IDC white paper The High Cost of Not Finding Information,
60% of executives feel that time constraints and lack of understanding of how to find information prevent employees from finding the information they need. With a knowledge base in place, teams can get more done, and save time and effort with a single, organized repository where all knowledge is housed.
A knowledge base tool such as Trello Enterprise can centralize large catalogs of content for your organization. Playbooks, operations, and how-to guides can be found easily by anyone at any time. Knowledge bases benefit companies—especially enterprises—many ways:
A Knowledge Base Ensures Consistency
Ask three people to explain how to complete a specific task, and chances are they’ll all give different answers. With hundreds or thousands of employees, this variation can become problematic, or even chaotic. Knowledge bases eliminate this issue by standardizing how information is explained and/or learned company-wide, saving your team time, effort, and rework.
Knowledge Bases Help Employees Function Autonomously
Questions should always be encouraged, and a knowledge base makes it possible for employees to proactively find answers on their own. A solid information repository eliminates the need to reach out to a manager for clarification and promotes self-direction in the workplace.
A Working Knowledge Base Is Efficient
Repetitive tasks, such as routine training for new hires, is a time suck. With a knowledge base in place, your HR department (or any team with repetitive tasks) can turn training materials into an accessible library of written or video content to save time. Added bonus: New hires have a simpler, more engaging learning process.
With a great knowledge base in place, you can save time, increase productivity, and help employees to unplug. They’ll rest easy after hours knowing their coworkers have access to all the information they need. And team leaders have peace of mind that your internal systems for knowledge sharing are always-on.
Make The Right To Disconnect Easy
Encourage a healthy work-life balance across your org. Decrease burnout company-wide and make guilt-free unplugging a reality for everyone. Protect your teams’ right to disconnect and set up your company for success.
Human error can open up your business to serious security vulnerabilities. Add security for hybrid or remote businesses presents extra challenges. Think third-party applications and slow response times from workers in scattered time zones on flexible schedules, and IT has a long row to hoe. In one 2021 IBM report, the average data breach costs $4.24 million, plus $1.07 million more when remote work is the reason behind the breach. And, 17.5% of companies report cyberattacks due to remote work.
A Verizon 2021 Data Breach Investigations Report found that “85% of breaches involved a human element.” And that same IBM study found that compromised credentials, phishing, and vulnerability in third-party software were among the top causes of a security breach. What do all of these vulnerabilities have in common? They could’ve possibly been prevented with better cybersecurity skills and awareness for teams.
In one 2021 IBM report, the average data breach costs $4.24 million, plus $1.07 million more when remote work is the reason behind the breach. And, 17.5% of companies report cyberattacks due to remote work.
Employees need a solid understanding of security risks for your business. And these three tactics—with a little help from Trello—can help you build a cybersecurity fortress to protect your remote and hybrid workforce.
Make IT security education part of onboarding
Instill good IT security habits from the start. Work with human resources to ensure IT security training is part of onboarding. Let new team members start their job with a clear understanding of your enterprise’s IT policies and procedures, like maintaining password hygiene or discouraging shadow IT.
Trello Enterprise can help teams with a standard onboarding workflow for new hires to follow, with IT security awareness built in. You can use a template like this 30 60 90 Day Plan, or create a board from scratch. And, of course, you can customize it for your organization or team needs.
Use a Trello board like this one to develop an onboarding system with IT security training
Within this board, you can incorporate essential IT education for each column (or stage) of onboarding. In “Onboarding essentials,” you can add security awareness training in the “Important items” card, or make it a checklist item. In the “Helpful links” column, there’s a “Training resources” card to attach your IT policies and procedures. And within each timeframe column—from the first week to the first 90 days—you can add an IT-related goal.
New hires will become well-acquainted with everything they need to know about enterprise security. And you’ll have helped protect them (and your organization) from outside threats.
Conduct regular cybersecurity training
Cybersecurity threats grow and evolve, and consistent cybersecurity training is a necessity. While many industry experts recommend quarterly training, we recommend a cadence that supports your company goals.
And there’s plenty to cover. According to the (ISC)² 2021 Cloud Security Report, the top IT security training topics enterprises find valuable include cloud-enabled cybersecurity, incident response, risk-based frameworks, and application security.
Compromised credentials, phishing, and vulnerability in third-party software were among the top causes of a security breach. What do all of these vulnerabilities have in common? They could’ve possibly been prevented with better cybersecurity skills and awareness for teams.
Use Trello to make a board dedicated to security training topics and progress. You can create columns for topic ideas, such as phishing prevention or mobile security, approved apps, and upcoming training sessions (with dates). Stakeholders can upvote their most pressing initiatives with the Voting Power-Up, an app integration that lets team members decide on the topics they want to learn most.
Add the Trello Voting Power-Up to Trello Enterprise to give teams a vote on which security training topics to tackle
Build a knowledge hub of cybersecurity assets
There’s a lot for your remote workforce to absorb when it comes to cybersecurity—IT policy and procedure handbooks, training videos, and more. Your team needs a source of truth for reference materials: An accessible knowledge hub where all IT security resources live.
Building an easy-to-update knowledge base specifically for IT information on a Trello board has many advantages for simplicity and organization:
You can quickly make columns for different resource categories, like videos, policies, playbooks, or reporting procedures.
Within columns, a card for each asset nests copy, images, videos, and other related material all in one place.
Employees can ask questions within cards on any resource. They can also comment to let your IT team know if a resource is outdated.
Cards are easy to move, and easy to share, across different boards and board views.
Promote and protect enterprise security with Trello
Trello Enterprise relies on enterprise-grade security to help build cybersecurity awareness and keep your business safe.
.png)
Use a Trello board like this one to develop an onboarding system with IT security training
Add the Trello Voting Power-Up to Trello Enterprise to give teams a vote on which security training topics to tackle