Saturday, March 31, 2012

Data breaches and you

Whenever another major data breach is announced, whether you get a letter from the card provider or not, it might have been one of your cards whose personal information is now in the hands of hackers.  Today's Washington Post story makes clear that this particular data breach affects both Visa and Master Card, and took place at one of the service providers for both cards.

This breach will spawn other attempts to get further information from you.  If you receive an email that purports to be from Visa or MasterCard saying that your account has been compromised, and which asks you to "click here," DO NOT CLICK.  You will never be contacted by email to rectify problems like this. 

It will probably not be clear for some time exactly what or whose information was exposed, so your best recourse is to monitor any accounts you have with either Visa or Master Card for the next several months.  If you find unauthorized charges, contact the issuer immediately to get the charges reversed.  And ask them what they have done to make sure this does not happen again with their subcontractor(s).

Friday, March 30, 2012

It takes a lot of nerve travel only with a smartphone, but here's a writer who did it and lived to tell us the story via a ComputerWorld article of the applications he added to his phone in order to do it.

Certainly traveling with only one small device lightens the load significantly.  I alternate between taking my iPad2, for which I've obtained a lightweight keyboard and a version of  applications like Word, PowerPoint and Excel, on long trips so that I can leave both my netbook and my Kindle at home....and taking my netbook because I have to be able to do long pieces of writing while on the road. There's no doubt at all that it's easier to read anything on the iPad2 -- including newspapers, magazines, books, videos -- but it's not easier to type longer pieces of writing.

As I read the ComputerWorld article, I realize I could and probably should be using my smartphone for music while I take walks (rather than my old MP3), and a host of other activities I had not previously considered.

Take a look and see what you think.

Thursday, March 29, 2012

Your resume and employment application

I attended an interesting workshop this morning that involved a technical discussion of the types of background checks that are available for employers.   While most of the discussion was on criminal background checks, evidently a recent study shows that 67% of all resumes contain errors, misstatements or outright fraud.

Most companies who perform background checks for employers are updated regularly on "diploma mills" so that certifications or degrees that are false can be caught.

In a competitive work environment, candidates may be tempted to embellish their work history or education.  Please don't do it -- your personal integrity is at stake, and no employer will hire you (or keep you) if they find false information in your application.

On a related note, here's a helpful article from the New York Times on ten things job applicants should do.

Tuesday, March 27, 2012

Facebook fights back

I don't know how many of you saw the article earlier last week that suggested that both college recruiters and some employers were asking applicants for their Facebook passwords -- a tough spot for anyone looking for college admission or a job to be in.

Now it looks like Facebook is going to push back, from this CIO magazine article.  Until this practice of asking for the password ceases, it would probably be best for anyone who is asked for their password to simply respond by saying that, in line with security best practices, you never share any of your passwords with anyone, for any reason.  

It may be the case that higher ups are unaware that recruiters are asking for such information, so it is always worth it to send a note to any version of a "contact us" option you can find on the organization's website.

Friday, March 23, 2012

911 Scam

From Mark Clemens at the Washington State Emergency Management Division:

"Residents of Washington, Michigan, Pennsylvania and other states have reported receiving calls from someone requesting money for 9-1-1 services. The caller claims that residents must pay a fee to register their house in a 9‑1‑1 database so first responders can locate the home in an emergency. The caller also requests names and medical information from the residents.

This is a scam. 9-1-1 services are funded through dedicated 9-1-1 excise taxes on telephone bills and by other local government funds.

Any request for 9-1-1 funds over the phone is a fraud. Residents who receive these calls should hang up and report the suspicious call to their local police or sheriff’s non-emergency phone number. "

Thursday, March 22, 2012

Northwest Emergency Management

Thanks to Pascal Schuback for the photo from yesterday's Emergency Management  magazine conference here in Seattle for public sector officials -- state, county, city and civic professionals who are the front line of emergency response and recovery.  I was impressed with the keynote addresses and the discussion that took place at the end as well.

Barb Graff, director of Seattle's office of emergency office management, set the tone when she characterized the work her team was doing as moving toward a more inclusive style.  Seattle leads the country in putting in place a succession plan to move retired professionals into a volunteer corps during disasters; in an ordinance put in place so that employees can donate vacation time, which is turned into cash and then donated for disaster relief; and in training it is doing with immigrants and refugees, to train trusted elders on safety equipment and practices.  She recommends a book she is currently reading, by Parker Palmer, titled "Healing the Heart of Democracy."

My colleague Garry Briese, former head of the fire chiefs association and former FEMA administrator for the Denver area, offered a provocative look at the flip side of leadership -- followership.  In identifying key traits of a follower, he presented us with several news makers, like Greg Smith from Goldman Sachs, whom he characterized as the ultimate follower, loyal and a challenger to leadership.  I was especially taken with his own story of speaking up in a meeting where an epithet had been used after having carefully considered and written down what he wanted to say.

Author Gerald Baron spent time on the power of social media, asking us what the following organizations had in common.  Can you guess?

Bank of America

And of course it is that each of these organization reversed course on decisions they had publicly announced after feeling the pressure of social media reaction.  He redefined "media" as "anyone who amplifies your message."

It was a terrific conference, that will take place in 13 more cities.  I am thrilled that the magazine is giving away a copy of  Advice From A Risk Detective  as a door prize in each of those cities.

Monday, March 19, 2012

The risk of office burnout

Though some of us can work from remote locations, the greater majority of the workforce still goes to the office -- and that's the audience I was writing for in the Advice From A Risk Detective.  Risk presents itself in several forms in the office  -- from fellow employees, to the environment and external events.

I was bemused yesterday to read a set of business section stories, including this New York Times article, which look at the effect of environment on productivity and creativity.  The idea is that you can wander into lovely light-filled spaces from your work area for inspiration and to increase productivity.  Such spaces are the exception to the rule, at least from what I've seen in my consulting work.  Most workers labor away in cubicles or in jammed up spaces like the trading floor at Russell Investments pictured above.

Workers' commonest complaints in such areas is centered on the lack of privacy and the inability to concentrate with all the chatter around you.  So what can be done to lower the risk of burnout and enhance your work experience if you're in an open workspace?

Wear a headset.  I saw a study last week that indicated those who listen to music while working get more done.  If you've got cubicle walls, consider also adding a plant or two and pictures to personalize the space.  You work best where you are comfortable.

Schedule your work.  Sometimes the best time to get a project finished is when your colleagues are away from their desks at a meeting.  You can look for other occasions as well.

Group agreements.  I've seen situations where everyone in a group knows that the time from 8-10am is for quiet work only, like study hall.  Or where everyone takes a break at staggered times so that the rhythms of the space change perceptibly.

Look for new spaces.  Whether or not your workspace has "open concept" areas built in like the Gates Foundation or Russell Investments, look for those areas you might spend an hour or two in that change out the pace for you.

Take a walk.  You can get a big jolt of energy from simply leaving your workspace and walking around the building.  It's like resetting a switch.  I find that mid-morning and mid-afternoon short walks even out the amount of focus and energy I bring to my work.  Give it a try.

I have a very comfortable office, but like to change things out -- my favorite walkable alternate work space is Ravenna Third Place Books, where I get both a pot of Darjeeling tea and Internet access.  I even schedule some of my meetings there to mix things up even more. 

The risk of burnout never goes away, so do what you can on a regular basis.

Tuesday, March 13, 2012

Risk and Uncertainty

The Memorial Cenotaph, Hiroshima Prefecture, Chugoku Region, Honshu, Japan
I'm getting ready to start teaching an operational risk course at the University of Washington, preparing lectures and discussion material.  One of the topics we will cover is the type of risk generally characterized as "unknown."

Some of the strategic planning work that ASA does with clients involves the identification of these unknown risks.  It's puzzling in life, as in work, why we can't otherwise identify and name certain types of risks and then work to reduce their potential impact.  Unknown risks remain that way because we evidently just can't bear thinking through the steps it would take to prepare for less frequent but highly impactful risks -- examples might include loss of one's job, loss of one's home, sudden wealth, or even sudden death of self or loved ones.  On a corporate level, examples might include gaps that inadvertently permit insider fraud, security breaches,  technology failures, or even botched implementations of new customer services. Yet the evidence shows that having a worst-case plan, or a backup/backout plan, makes all the difference in the world to managing both personal and corporate crises.

On the known risks side, Mother Nature leaves us no choice about identifying risk.  We clearly see what devastation can result from tornadoes, floods, high winds, hurricanes and earthquakes.  We were reminded just last Sunday on the anniversary of the Honshu earthquake and tsunami in Japan just how long it can take to recover and rebuild.  For the Japanese farmers who have lost their homes and their lands to radiation, it's not clear that they will ever be able to return home to farm the land.  It's a level of uncertainty that will persist for some time.

Japan offers those of us who live in earthquake zones some sobering but illustrative lessons.  We can remove some of the uncertainty around high impact events like earthquakes if we complete our preparations now to evacuate our homes if necessary, and to live off the grid for three to five days.  

Saturday, March 10, 2012

RFID cards


I had a great time at Costco headquarters yesterday, presenting as part of the company's "lunch and learn" program.  I got lots of questions and comments, and the identification of a risk that I do not cover in the book:  the risk of walking around with credit cards that have RFID chips in them.  Here's a quick link to All Clear ID for more information on this risk.

When the Department of Licensing delivered my enhanced driver's license to me, it came in a special envelope coated on the inside with aluminum to block the RFID chip from emitting signals to any scanners in the area.  But many of your credit cards may be RFID-enabled so that you can use that technology in a grocery store or gas station.  Though the risk of having your data stolen from signals emitted appears to be relatively low, I am looking into housing my cards in a case that will block the ability to pick up transmissions of data on my driver's license or my credit cards.

I was impressed with the level of questions and intelligence in the room at Costco.  It's clearly a company that helps employees manage their personal and professional risks.