A Business Technology Place

Level loading straight talk

Listen to the clues.

This week was not unlike many others. I had multiple conversations with colleagues about the amount of work expected of them. Common phrases include:

“We don’t have enough resources.”

“I’m overworked.”

“We are working hard, but are we working smart?”

“I’m drowning.”

“Are we working on the right things?”

“I plan my day with important activities, but then urgent activities take my time.”

Thoughtful answers to this classic dilemma usually involve some form of level loading to try to even-out and prioritize the work expected from employees. Last year I wrote about one technique my group uses to try to control the volume of input on our development team leads.  One the biggest challenges in controlling work inputs is a concept I call organizational entropy. I define organizational entropy as a measure of disorder or randomness by which work is created within a company.  This ultimately causes workers to be out of alignment.  The misalignment isn’t necessarily with organizational goals; rather it’s more so a timing alignment with other workers and expected delivery dates for projects.

It’s chaotic in the middle of it all.

A common scenario helps add color to my thought. Jane is a manager of a team that provides customer service functions. Jane is asked by HR to complete a new required training by a specific date. Jane is asked by a process improvement analyst to participate and own tasks in a customer service improvement project. Jane is asked by a Sales manager to participate in a project to onboard a new customer. Jane is asked by a compliance analyst to update a process because new compliance regulations require it. Jane is also asked by her manager to complete managerial and process tasks related to her day-to-day operational jobs. The chaos ensues when the due dates conflict with each other.

Unfortunately, situations like this are not uncommon. All the colleagues that asked Jane to complete work by a certain deadline do not know if their due dates overlap or cause conflict with Jane’s schedule (and truth be told, they usually only care about their project deadlines). So it’s very easy for Jane to quickly become over-tasked. If Jane is late on a task, then the project leader may escalate to management. Escalation does have a purpose, but it also can easily promote more organizational entropy.

How do we find relief?

There are no easy answers to this dilemma, but I have a few thoughts that may drive conversation between employees and managers to reach a better understanding of what is happening and to better load level expected work:

  1. Managers need to acknowledge the employee may have been asked to do more than is possible in a standard week. Seek more input from the employee, examine their workload. Ask for visibility to the situation in a tangible format. You can’t help level load and employee’s work for what you don’t see or acknowledge. This is the best way to help lead your employee and position them for success.
  2. The employee should provide visible proof of the situation and not just say “I’m overworked”.  This means listing tasks, requested due dates, and effort required to complete them. You can’t expect a manager to help level load your work unless you give them specific and actionable evidence. This isn’t a call to make excuses or place blame. It’s a call for an honest assessment of your situation and to make it visible.
  3. Time management techniques like the Eisenhower Method provide good tactical methods for organizing multiple tasks.
  4. As much as possible try to perform level loading before committing to new work. Over extending commitments creates more unmet deadlines, causes irritation with requestors and customers, and creates more process waste. But remember to use the tangible evidence when making your case.

Maybe this topic is proverbial elephant in the room for you and others. I don’t proclaim to have all the answers. But I’m wrestling with the concept and looking for ways to improve.

Onward and Upward!

Photo Credit: Graeme Newcomb via creative commons

Built-in automobile technology is distracting our driving

We’ve all seen the consequences of texting and driving.  The National Highway Traffic Safety Administration has education content for public awareness campaigns. But, do you think we have a myopic focus on cell phones as the device providing the distraction? Touch screens and electronic functions built-in the latest automobiles can provide as much temptation and distraction as cell phones.  Cars today come with a variety of electronic options including GPS navigation, bluetooth audio, streaming music services, and yes even texting.

My car has a text function that is part of the bluetooth handsfreelink feature. The feature only shows messages when the car is stopped. However, it will read messages out loud using a text-to-speech module when the car is in motion. I use the physical controls to manipulate the function. But wait, there’s more. This feature also allows me to select pre-written replies using the physical knobs in front of me.

I have used this feature in the past, but I’m left to wonder, why is this legal? There isn’t much difference from texting and driving from a phone keypad.  I have to take my eyes off the road to read the display, turn a knob, and select a choice. That’s a distraction. That’s eyes off the road even if only for a second or two.

It’s clear the boundaries are not clearly defined when it comes to safety and automobile features. It certainly feels like automobile manufacturers are getting a pass for what a car owner would not get in the eyes of the law.  I support free enterprise and profits so car makers can sell more units, but the lack of laws and regulations are too light in this area. It feels like a few tragedies waiting to happen.

A good start would be no active text functions when the car is not in park.  Period.

Be smart on the road.

Onward and upward!

Easier password rules

Somebody give these guys a high-five.
Finally. There is a glimmer of hope for resolution to the insanity that has become password complexity rules. The National Institute of Standards and Technology recently revised guidelines for password complexity. The prescribed password complexity recommendations are detailed in Appendix A – Strength of Memorized Secrets. The NIST findings not only acknowledge the impact to usability of the existing recommendations for complex password rules, but they reveal the impact to improved security is not significant. This will make you smile and is sure to get a round of applause from everyone. Here’s an excerpt:

“Humans, however, have only a limited ability to memorize complex, arbitrary secrets, so they often choose passwords that can be easily guessed. To address the resultant security concerns, online services have introduced rules in an effort to increase the complexity of these memorized secrets. The most notable form of these is composition rules, which require the user to choose passwords constructed using a mix of character types, such as at least one digit, uppercase letter, and symbol. However, analyses of breached password databases reveal that the benefit of such rules is not nearly as significant as initially thought [Policies], although the impact on usability and memorability is severe.”

The new advice is to consider the length of the password more important than the complexity. Shorter passwords are easier to break for computer programs. Longer passwords are more difficult to break after they have been encrypted and stored. The NIST acknowledges the over complex password rules we’ve been subjected to only enforce bad behavior when we strive to make the password easier to remember. In other words changing your password from “Password1!” to “Password2!” doesn’t really help the password to be more secure.

Randomly generated passwords are OK as long as they don’t create a usability hassle. Some users, like me, use a password vault tool that can randomly generate passwords to use with specific sites. Again, longer password length is better even when using random characters.

I looked at my accounts.
I used this guidance and examined three financial services sites where I have accounts. Here is a look at the current password complexity requirements from each site:

Site 1
At least 8 characters in length
Has at least one letter
Has at least one number

Site 2
Must contain 8 to 20 characters including one letter and one number.
May include the following characters: % & _ ? # = –
May not contain spaces

Site 3
Minimum of six characters
Must use a mix of letters, numbers, or symbols

The good news is I can use my random password generator to create passwords longer than say 8 characters. It’s no more work for me because I go to my password vault tool to retrieve passwords anyways. But even if you don’t use a password vault tool, you can make your password much more secure by creating a phrase that complies with the existing rules. For example: ILove2seemygrandmother would fit the requirements. It is easier to remember and more secure. Hopefully, the new guidelines will find a place with technology compliance and regulation and we’ll be able to more freely submit password phrases in the future.

Onward and upward!

The Yin and Yang of Security Patching

 

My computer is working, don’t change anything.

As an IT manager I observe this behavior regularly with end-users and product managers of eCommerce applications. It’s understandable. When a computer system is working and doing its job then “updates” are sources for creating failure. Updates change code. Updates rock the boat.

If a computer security update hasn’t bitten you yet, then it’s probably just a matter of time. My experience is the number of system issues related to operating system updates is growing.  It’s hard to test all the dependencies of code updates against every combination of hardware and software that exists on computing equipment. A couple of examples I can point to in 2017 are Microsoft Edge no longer working after installing the Windows 10 Creators Update.  Then there was the issue of Microsoft Outlook unable to open attachments which was later resolved with another hot fix.  

But we all know security updates are necessary. Why would we risk our personal data to thieves? In a business setting, why would put our customer’s data at risk? Why would we put the reputation of our business at risk?

Therein we find the yin and yang of security updates. We don’t want to upset the balance of a stable system, but we need to update the system so that it can remain stable in the future.

In the name of audit controls and security principles.

In the business environment, audit standards require staying up-to-date with security patches. ISO 27001/ISO 27002 and SOC2 have controls specifically addressing vulnerability patch management policies and procedures. To meet the requirements of the controls, a discipline in process and procedure is required.  These standards are there to help nudge all of us to change because we all know we resist change.

Plug those security gaps or face the consequences.

The consequences of not installing security patches can be devastating. In the worst case of cyber theft reported thus far, Equifax was robbed of information for 143 million individuals. The attackers found a weakness because Equifax failed to patch a known security vulnerability in website code they use.

Now hundreds of millions of people are exposed to the whims of criminals. The reputation of a large credit bureau is blown. The two highest ranking security officials within Equifax are out of a job. Patching known security vulnerabilities is serious business.

Complementary forces at play.

The next time someone schedules a security update for a system or application, understand the potential consequences fully. Intruders are at the gates. They make a living on our resistance to change.  But if we support the change and work with administrators to report any malfunctions, we can all help to build a safer tomorrow.  That’s how another yin and yang can make a more complete whole.

Onward and upward!

Hope @work

You are not here merely to make a living. You are here in order to enable the world to live more amply, with greater vision, with a finer spirit of hope and achievement. You are here to enrich the world, and you impoverish yourself if you forget the errand.” – Woodrow Wilson

Hope is the great motivator in our world. It gives us anticipation and an expectation for some desirable result. President Woodrow Wilson spoke of the spirit of hope in 1913 while addressing a group of college students. His hope was to inspire the next generation to leave the world a better place than they found it.

A few weeks ago, I watched the movie Dunkirk from director Christopher Nolan and I found the presentation of the historical events in the movie deeply moving. The film’s characters reacted to their situation in a variety of ways. Some exhibited a great hope for survival and acted courageously while others felt hopeless and resorted to acts of cowardice and selfishness.

I considered the role hope plays in an office environment:

  • Workers hope for advancement and it motivates them to go beyond their job description.
  • Workers hope to close a sale and it inspires them to create solutions that never existed for a customer.
  • Workers hope to create a new product and it drives them to consider new ways of thinking.
  • Workers hope for a job in a different field and it inspires them to train and study new skills.

The ability to influence actions is powerful. That’s what hope does. While people have different hopes based on their situation, one thing is the same. All of us are driven to action when we have a strong hope for a different tomorrow. Hope is the great equalizer that can help someone who is less skillful or knowledgeable out-perform a competitor. Where there is hope there is achievement.

May the hope be with you.

Onward and upward.