Category: General

Security Suggestions and Keeping Safe From Hackers
The news is filled with stories about hackers and data theft. Although they are not to be ignored, hackers can be avoided or thwarted with some common sense. Let’s look at a few of these common-sense steps and some additional ways you can protect your self and site.

Secure Passwords

This is a common warning. Nevertheless, the vast majority of passwords are anything but secure. Studies have found that there are a large number of “default” passwords used. These include tough to guess ones like “password”, “123456”, and “qwerty.”

This password laziness is being combatted by rules applied to a lot of sites. This is where your password is required to include things like upper and lower case letters, a number, and maybe special characters. This is a great way to define all of your passwords. I find converting sentences to be great. For example, you can start with, “My three kids are Billy, Sara, and Michael” becomes “m3kaBSaM.” Note that I just took the first character of each word in the sentence and adjusted case while throwing in a number rather than word.

Avoid Phishing Attacks

These attacks are prevalent, but also easy to avoid. They typically take the form of an “important” email from a co-worker or financial institution. Some emails ask you to call a number and then that call will be a way for the scammer to get your information. This is solved by not calling or at least not providing private information on a phone call to someone you are not sure of. The other approach is to include an attached file that runs a program when opened. Do not open attached files unless you are sure of the sender. Even in those cases, make sure you have anti-virus software installed that will scan emails.

These attacks are more effective than one would expect. However, they prey on our lack of patience with email and our tendency to open and click on any attachment. If you are more intentional in how you process your inbox you will see these attacks for what they are.

Going Deeper

When you have a website or application to secure it requires more than avoiding hackers. In these instances, the hackers are likely to come to you. Thus, steps need to be taken to secure or harden your server.

The good news is that there are a number of step-by-step guides freely available on the Internet. There are even some great security portals like the Open Software Security Community. While most of these tutorials are well-intentioned, take a close look at the site before embracing any of the suggestions. The best sources are from security companies and vendor sites. When in doubt, do some checking to make sure the site is legitimate.

There are some general steps that all of these sites will recommend.
- Remove identification data to make it harder for hackers to learn about your system
- Limit ways that the site or application can be accessed
- Use strong passwords and accounts
- Configure security measures like firewalls and anti-virus to the recommended settings
- Keep all software up-to-date
These steps alone can make your site less a target. This is important as no site is 100% secure, there are always holes. When you make yourself less a target either by being hard for hackers to find or difficult to attack then they often will move on to easier targets. This is the old idea of not being able to outrun a bear, just being able to outrun the other people the bear is chasing.

Be Safe

As we said at the top, common sense is the best approach to Internet security. Hackers are not near as scary when you take these steps to reduce your risk. If we all follow the steps above we would make life a lot more difficult for the typical hacker.
October 31, 2017
Project Success – Solving The Right Problems

When we talk about starting a project off correctly, we often mention problems to be solved. Unfortunately, solving problems alone is not the path to success. We must also make sure we are solving the right problems. Luckily, this task is not challenging and just requires us to ask a few questions.

Who Do We Ask?

The first thing to do is to identify who speaks for the solution. This speaker is the person or persons that will use the product. They may be subject matter experts (SME), but more often are an end-user or a representative for the users. These people are easy to identify because they are the ones faced with the problems we are solving. These are the people on the front line that will be most impacted by the solution.

For example, an accounting package may be required to have features based on the desires of the CFO. However, the accountants using the software need to be able to enter and retrieve the data the CFO wishes. Since the users are ultimately providing the features to the CFO, then they are the ones that will best define the problem.

What Do We Ask?

Once the target speakers are identified, it helps to explore their routines. Make sure you go beyond daily routines as there are processes that only run weekly, monthly, or annually. As they share their schedule, there are opportunities to point out pain points and struggles they have. Ask them what they find most annoying or time-consuming in their routine. Look for repetitive tasks that can be automated or simplified.

Ask them how beneficial the solution is to them when the interview process is done. List out what problems are going to be solved. This list should get a response along the lines of “that will significantly improve my life.” Be clear about the solutions as far as what it will, and will not, provide. This is a critical part of setting expectations.

Digging Deeper to Find What We Are Solving

An important part of the interview process is digging down to the core problem. There are problems that only exist because of the current processes. Once you ask why something is done you might find a simpler solution.

A favorite example I ran into (and similar to several other situations) dealt with a large report. The solution was a web application that dealt with data on millions of objects. The user needed a report that could bring back millions of rows almost instantly. They were fine with a paging solution, but did not want to accept a solution where we asked for search criteria that brought back less data.

As we dug into the goals we found out that no one actually needed all those records returned. No shock there. No human can consume millions of records. They wanted the records so they could see the count of records returned. Yes, the end solution was to provide a record count based on any search. A single number is what was needed, not complex queries and paging solutions.

Never Stop Learning

The moral to this story is to understand the problems to be solved. Do not simply have them listed and then run off to craft a solution. Understand the “how” and “why” of the problems. This will help you design a solution that is useful to the end user and not a complex approach that is too slow, expensive, or hard to understand. Better yet, look for milestones where the speakers for the project can assess how the solution is going and provide feedback. It never hurts to check your work along the way.

February 27, 2017
Find The Why – Start a Project on the Right Foot

One of the biggest weaknesses I experience when consulting on projects is a lack of why. When the champion of the project is asked about the purpose of the project, there is an answer. However, the answer is about a vision, not about solving a problem. An ill-defined solution can be an issue for a project because having a cool idea is not the same as people needing a fresh idea to solve their problems. We see this all the time with products that have a lot of fanfare but then fall flat on their face. For those that remember the dot-com boom of the late nineties, there are several companies that fit this mold. Pets.com went nowhere, and I remember a whole series of groceries on demand websites that never got beyond a memorable mascot or name.

(more…)

January 13, 2017