A Business Technology Place

All I ever needed to know about information security awareness training

This week I completed the annual information security awareness training module. This material is now required for every employee of the company as part of the growing compliance controls for information security. Over the past several years, the core content in the training has changed little. So I’m thankful the group making our content updates the modules to give it a fresh look-and-feel each year.

It occurred to me, as I listened to the audio of the training content, I could summarize information security awareness with three important principles I learned as a young child:

  1. Don’t talk to strangers

The most prevalent way criminals steal sensitive information is by taking advantage of our good nature. In fancy-speak, the term is social engineering. The most common examples we experience today are email and phone messages asking us to respond or click. Some attempts I receive are comical, but in recent years they’ve become better disguised. The simplest action is to not respond to any unsolicited communication. But, if you think it’s legitimate, then contact the person or organization on your terms via channels they establish.

  1. Know your address

I remember as a young child learning my address and phone number. It was part of my identity and something I had at all-times. In information security we prove our identity by wearing identification badges and signing-in at security checkpoints. ID badges are helpful in large building settings so everyone can distinguish me from a visitor or contractor. In simplest terms,  Knowing my address and who lives/works with me, increases my chances of staying safe.

  1. Treat others as you want to be treated

Earlier this year I wrote about the data we see and are exposed to at work. In today’s information age, the most valuable asset we protect is information about people in our systems. This could be employee data or data about other people our customers share with us. Information security training covers several classifications for data, including NPI, PII, PHI, and PCI. But the key concept is the same in all cases. We should protect and hold this data confidential. In simple terms, we should treat others data as we would want them to treat our personal data. It’s an extension of the Golden Rule relevant in our information driven society.

Long live moms and kindergarten teachers.

Onward and upward!

(Photo credit: Public Domain Image)

Alexa, play my podcast

How hard can it be?

This week I wanted to play a podcast through my Amazon Echo Dot. It seemed so simple. I would have Alexa learn a skill for a podcast player and then queue the podcast to play. My preferred podcast player is Google Play Music because that’s where I keep my digital music. But I had forgotten Amazon and Google don’t play together. Silly boys.

Here are the options I found:

  1. Enable a skill on Alexa that plays podcasts. Some of the more well-known providers are iHeartRadio, TuneIn, and Stitcher.
  2. Use the Echo Dot as a bluetooth speaker. In this option, the Echo Dot can be paired to another device such as phone or tablet. Then play the podcast on the app installed on the other device.

Pick and go

For option 1, I didn’t want to register a new account. Since I don’t have accounts on iHeartRadio, TuneIn, or Stitcher I chose option 2.

Pairing the Echo Dot to my phone was easy. I turned on bluetooth on my phone and then said “Alex, pair bluetooth”. When I did this the Echo Dot showed as a device that could be paired. The obvious downside to this method is I have to use a second device to play the podcast through the Echo Dot instead of using the Alexa voice commands. I’m OK with that.

One thing to note if you try this. Other family members might not like your podcast content or want to listen at the same time. You might have to move Alexa to a private space. 🙂

Onward and upward!

Photo credit: F. Delventhal via Creative Commons

 

Battling Urgent

Picking my battles

Every day I am tempted to work more on what’s urgent than what’s important. Somedays I do better at working on important tasks, but it’s a constant wrestling match. Important tasks help to achieve my overall goals. Urgent tasks usually involve fixing something that is broken for someone else. Urgent tasks may not always be beneficial to everyone and tend to be subject to interpretation of the one asking for something to be completed. In other words, if I ask someone how urgent something really is, I will usually receive varying answers.

For me, it all starts with a service desk ticket, a system-outage, equipment failure, unexpected email, etc. Something happens that seems to always turn my time management routine upside down. Even if I’m working on important tasks related to larger goals, there are interruptions for urgent things by way of phone, in-person office visit, text, email, etc.

7am quiet time

At one time, the 7am hour was my stress-free plan-the-day time. It was quiet and I could plan the day or work on important tasks. Nice.

But I’ve noticed lately, the battle-of-urgent is starting more often during the 7am hour. More colleagues and customers are working flex-hours and home office hours these days. That means more workers are online at 7am trying to use computing equipment or starting to go through their daily tasks and reaching out for help.

Different Perspectives

I realize my purpose at work is to help others and to connect them to solutions. So while I may have lost my 7am hour as a planning time, I need to adjust and think smarter about how to approach the battle of urgent versus important.

I also realized the reverse is true; my important tasks could be someone else’s urgent tasks. If our goals are not aligned then it’s easy to create this type of mismatch.

Battling Urgent

A great approach to time management is defining leader standard work (LSW).  When I documented my leader standard work, I defined the important activities I perform daily, weekly, monthly, quarterly, annually, etc. If I plan my day around leader standard work activities I should see the following benefits:

  • Working on what’s important – LSW defines activities that are important to the execution and management of my team and work.
  • Addressing what’s urgent through assignment and delegation. Whenever possible, I should delegate urgent work.  My LSW is structured in such a way as to review work queues for the entire team and make assignment shifts or inquiries as necessary.
  • Leading by teaching – LSW should be setup to make me more visible to my team and customers not less visible because I’m hidden behind a computer screen. LSW creates opportunities for engagement with other team members and customers.
  • Reflecting and 5S – I fail most often on this task because I work until I reach that stopping point at the end of the day.  If I can take 10 minutes at the end of the day to reflect and jot down any important tasks for tomorrow then it should help towards a great start against battling urgent.

Battling urgent never ends and some days I do better than others. But I try to prepare for the battle everyday by defining what’s important first and then executing that plan.

Onward and upward.

Photo Credit: https://flic.kr/p/21aTYi5 – Marco Verch via Creative Commons.

Media subscriptions – Where do you spend your media dollars?

A recent article in the Wall Street Journal about Bloomberg charging for access to their content reminded me digital content providers are competing for my wallet-share. In 2015 I cut the cord with cable/satellite and haven’t regretted it. Now, the digital content I consume for video is based on month-to-month subscriptions. I choose the content valuable to me or that I consider worth paying for. No obligations. Easy. My current list:

Increasingly, news and media providers are also moving to subscription models for their digital content. As the number of subscribers for paper content decreases the media outlets need sources of revenue to sustain themselves. Currently, I don’t pay for online news, data analysis, and opinion articles. I still retrieve news on the internet from ad-only sites, teaser rates, or free allowances. To be fair, I listen to some news on the radio or through a XM satellite subscription. I do enjoy in-depth and good analysis on topics. I just haven’t settled on a favorite to lock-in.

What does that mean for all of us now and in the future? As more providers move toward subscription models, we’ll have to make choices on our media subscriptions to keep our overall spending in-check. How much will brand loyalty influence our decisions?  For me initially, I chose Sling TV as an online streaming provider. After a couple of years I switched to PS Vue based on different in programming packages for live sports. But with Netflix, I haven’t really actively shopped them for alternative providers like Hulu and Amazon.  Have I developed brand loyalty to Netflix? If I pay for a subscription to the New York Times (which I don’t) would I not pay for a subscription to additional online new providers like Bloomberg and the Washington Post?

Where do you spend your media dollar?

Root cause analysis for team building

Early in my career we used a process that loosely resembled a root cause analysis after a severity 1 production outage. The intent of the process was to determine why the severity outage occurred and then fix the problem so it didn’t happen again. No one liked process and the documents we produced were rarely used to influence process improvement. It was a checkbox and an exercise to fill-in-the-blanks to say we completed it. I always thought the name post-mortem was bit odd as well and we were certainly dead to the process. Looking back, I see post-mortem efforts can be valuable if championed and executed correctly. But there is a better way.

Twenty years later, we are learning to implement root cause analysis (RCA) into our recurring operational procedures. Like a post-mortem exercise, a RCA is typically done after an event has occurred with the intended benefit to prevent problems from recurring. If done correctly, this can reduce waste and downtime.

But a RCA is distinct with its own set of advantages. Our team is using lean A3 problem solving techniques as the backbone for RCAs.  It is apparent to me the RCA process, if supported and executed routinely, can shape a culture of continuous improvement. Here are a few practical ways:

  • The outputs can be used as a proactive measure to predict and prevent future failures. Problem solving focuses on examining why events occur coupled with action items and sustainment activities. This is a great way to identify potential future problems.

In one recent 5-why exercise about a database failure we identified a few weaknesses in a process in addition to the root-cause of a failure. Our corrective action plan addressed multiple weaknesses and has undoubtedly prevented some of the weaknesses from becoming service outages.

  • A systematic approach to RCA involves setting a recurring cadence for problem solving. RCAs require a wide range of knowledge to identify problems, compile documentation, and create sustainment activities. Individuals will struggle, but teams can thrive solving problems like this.

We post our RCAs on our department flow-and-performance board to make them visible, promote discussion, and to keep the process top of mind. Our standard is to perform one RCA per month. This reinforces that RCAs are part of the culture of the team.

  • Done correctly, RCA focuses on resolving process deficiencies instead of blaming people. It’s not always easy but we remind ourselves to focus on behaviors and results over individuals.

Onward and Upward!

Photo Credit: ResoluteSupportMedia via creative commons – https://flic.kr/p/88Kdgw