This week I completed the annual information security awareness training module. This material is now required for every employee of the company as part of the growing compliance controls for information security. Over the past several years, the core content in the training has changed little. So I’m thankful the group making our content updates the modules to give it a fresh look-and-feel each year.
It occurred to me, as I listened to the audio of the training content, I could summarize information security awareness with three important principles I learned as a young child:
- Don’t talk to strangers
The most prevalent way criminals steal sensitive information is by taking advantage of our good nature. In fancy-speak, the term is social engineering. The most common examples we experience today are email and phone messages asking us to respond or click. Some attempts I receive are comical, but in recent years they’ve become better disguised. The simplest action is to not respond to any unsolicited communication. But, if you think it’s legitimate, then contact the person or organization on your terms via channels they establish.
- Know your address
I remember as a young child learning my address and phone number. It was part of my identity and something I had at all-times. In information security we prove our identity by wearing identification badges and signing-in at security checkpoints. ID badges are helpful in large building settings so everyone can distinguish me from a visitor or contractor. In simplest terms, Knowing my address and who lives/works with me, increases my chances of staying safe.
- Treat others as you want to be treated
Earlier this year I wrote about the data we see and are exposed to at work. In today’s information age, the most valuable asset we protect is information about people in our systems. This could be employee data or data about other people our customers share with us. Information security training covers several classifications for data, including NPI, PII, PHI, and PCI. But the key concept is the same in all cases. We should protect and hold this data confidential. In simple terms, we should treat others data as we would want them to treat our personal data. It’s an extension of the Golden Rule relevant in our information driven society.
Long live moms and kindergarten teachers.
Onward and upward!
(Photo credit: Public Domain Image)
A recent article in the Wall Street Journal about Bloomberg charging for access to their content reminded me digital content providers are competing for my wallet-share. In 2015 I cut the cord with cable/satellite and haven’t regretted it. Now, the digital content I consume for video is based on month-to-month subscriptions. I choose the content valuable to me or that I consider worth paying for. No obligations. Easy. My current list:
Increasingly, news and media providers are also moving to subscription models for their digital content. As the number of subscribers for paper content decreases the media outlets need sources of revenue to sustain themselves. Currently, I don’t pay for online news, data analysis, and opinion articles. I still retrieve news on the internet from ad-only sites, teaser rates, or free allowances. To be fair, I listen to some news on the radio or through a XM satellite subscription. I do enjoy in-depth and good analysis on topics. I just haven’t settled on a favorite to lock-in.
What does that mean for all of us now and in the future? As more providers move toward subscription models, we’ll have to make choices on our media subscriptions to keep our overall spending in-check. How much will brand loyalty influence our decisions? For me initially, I chose Sling TV as an online streaming provider. After a couple of years I switched to PS Vue based on different in programming packages for live sports. But with Netflix, I haven’t really actively shopped them for alternative providers like Hulu and Amazon. Have I developed brand loyalty to Netflix? If I pay for a subscription to the New York Times (which I don’t) would I not pay for a subscription to additional online new providers like Bloomberg and the Washington Post?
Where do you spend your media dollar?
A few weeks ago I read a passage from John Maxwell in his book The Maxwell Daily Reader about scurvy. The passage summarizes difficulties in implementing the cure for the prevention of the disease during the time of European exploration of the Americas. Multiple sources knew about the effect of fresh fruit and vegetables, but due to poor communication, stubbornness, and pride of the medical establishment, the change needed to prevent the disease was delayed.
I polled a couple of my colleagues to ask them what they thought is a modern day business scurvy. One of them replied, “This is a good question. Sometimes, forced change can hide needed change, and the two become hard to distinguish for relevancy and value with so much activity happening at once.”
His answer summarizes both the challenge faced by European sailors as well as leaders in our business environment today. I thought about this for a few minutes and then wrote a quick list to try to distinguish between ‘forced change’ and ‘needed change’. I did this quickly so as to record my “gut feel” and then observed the list as a means of reflection and learning.
- Reporting structure reorganization
- Technology platform adoption
- Technology platform migration
- Removing waste from processes
- Adding value to a customer relationship
- Cross-department collaboration improvements
When I read the list a few patterns occurred to me:
- The items in the ‘forced change’ list concern people, tools, and rules. The items in the ‘needed change’ list are about process, value, and communication.
- The items in ‘needed change’ are more impactful and longer lasting to the business. The items in ‘forced change’ can be tactical tools to help drive needed change if executed for the right reason. For example, some technology adoption is aimed to reduce the process steps in product delivery (remove waste) to the customer. Likewise, some compliance changes will help an organization tighten their processes to be more secure in how they handle data (add value to customer relationship).
- The challenge with the items in the ‘forced change’ list is we often implement before there is a common understanding with all the employees about why those changes are enacted. Implementation of forced change truly feels forced. When that happens, the change will either fail outright or fail to achieve the desired results.
So what is our modern day business scurvy? I would answer; it is the failure to align the reasons for needed change in an organization with the tactical implementation of change. With that thought, I see signs of scurvy in my own management and leadership approach. Ouch. It’s time to find some citrus for my business diet.
Onward and upward!
Photo credit: Pablo Vidosola via Creative Commons – https://flic.kr/p/pGWebT
A couple of weeks ago Mark Zuckerberg announced he is changing the mission of Facebook. He wants to move beyond connecting people and more towards connecting groups of people in community. I commend Zuckerberg for establishing a written mission statement that aims to be something more than growing big and making lots of money. Although I do wonder what the shareholders of Facebook think about the new mission. After reading his statement, the question is in my head was, can an online forum bring community together in meaningful dialogue that promotes better understanding of opposing viewpoints?
Creating a place for a public forum is easy. Changing behavior of individuals to have an effective forum, not so much. I thought of two recent examples:
- NPR.org, a large well known media outlet for local, national, and world news discontinued public comments in 2016. Why? They described it very eloquently as “the c comment sections on NPR.org stories are not providing a useful experience for the vast majority of our users.” I personally read comments prior to their decision and I can affirm they are correct. The comments section was intended for readers to pass along further insights or even ask questions about the topic of the article. Unfortunately, the public comments section was mostly a shouting match and full of hateful words. It wasn’t even close to meaningful dialogue.
- During the past presidential election, political posts on Facebook were common. The dialogue became so charged that in the days leading up to and after the election there was quite a bit of ‘unfriending’ happening as people looked to silence and rid their daily feeds of political bickering. I’ll admit it; I muted quite a few people during the presidential process.
Online community groups and interest pages are not new. Just look at twitter hashtags, Google+ Collections and Communities, or even online blogs. Getting people to engage in an online interest community is an easy connection to make. Members participate because they share a common interest. They share a common viewpoints or interest.
But beneficial discussion with true debate and openness around opposing viewpoints has become problematic in our society. This isn’t a technology problem. It’s a heart problem. For Facebook, or any online community, to create meaningful dialogue around opposing viewpoints to succeed, people must first choose to behave with common courtesy and respect towards one another. Here are some courtesies: Listen first, smile often, apologize, speak in a conversational tone, and share. Sounds alot like love your neighbor. We would all do well to start on this foundation.
Onward and upward!