WH: Participating in a video conference

Oh technology, how I love thee — but the video conference is one that I love to hate. Not because it isn’t a great tool, especially in the days of Covid-19, we can do more than ever before remotely. It enables people to work from home, collaborate and share ideas. At it’s best it also helps carbon emissions, reduces unnecessary travel (planes, trains, automobiles) and bloated expense accounts for meals and lodging… However, on the worst of days, it is a huge waste of time, distraction-filled and unproductive. A lot of that has to do with the presenter of the conference, which will be a topic for another day.

Today, we’re going to talk about how to be effective at participating in a video conference. After literally thousands of hours on both ends of a conference call, here are some lessons learned.

  1. Dress for the call – this isn’t a time to show off the joys of working from home, but to show that you’re still “showing up for work” and actually earning your keep.
  2. Join the call 10 minutes early – especially if this is your first conference with that specific person. If it’s new technology to you (Zoom, WebEx, etc) then plan perhaps even more time, 15 minutes or whatever. Don’t wait until the last moment.
  3. Check your background and lighting – unless you’re in witness protection, you want to be seen in a video call, that is the whole point. Make sure you have a plain background, usually a white wall. And then enough lighting to see your face. You need more light coming at you than behind you. Also, some apps like Zoom let you either blur out the background, or replace it with some sort of stock photo. Those are all great ideas. Because someone is going to zoom in and check out your home — ooh, they’re messier, cleaner, crazier.
  4. Announce yourself when you join the call – unless your specific room has a different etiquette. Out of the gate, it’s better to announce yourself than not to.
  5. Mute your microphone/phone – start off with mute, especially if it isn’t a free for all discussion. Beyond the auto distraction of background noise, some conference systems will automatically switch the video to whoever starts making a sound. So if your cell phone starts ringing in the middle of the call, all of a sudden, you’re the big-screen video, and everybody knows it was you. Oop! Mute the auto (mic, phone, etc)…
  6. Turn off all other audio distractions – More important if you’re the presenter, but do put your cell phones to silent, turn off your computer notifications, etc. Also, I will close my email application (Outlook, Gmail, etc) on my desktop/laptop altogether.

WH: Dress Code

After working from home for years, I put together this new series of posts to help those who are working from home for the first time. Tips and tactics to get more done in a day.

Today we’re going to look into the dress code when you work from home. There are many different views on this topic. Here are a few of mine:

I learned from an early age that how you dress actually affects you – it goes beyond just comfort. Sure one of the nice things about being socially distant is that you could work in your pajamas, but should you?

Much study has gone into this, and what has been discovered is that those who work in non-standard work attire (pajamas, sweats, etc.) have a lower overall performance IF your job is a typical desk or professional job. So from a performance, and getting stuff done approach – get dressed like you’re going to the office. And for me, it is typically head-to-toe — yes socks and shoes too.

Just like having a separate work area, it helps keep you in that “work mindset”. So even a casual answer of the cell phone generally has a more business versus casual tonality when answering. Plus if you have any impromptu webinars, video chats, zoom, google hangout, etc., you’re already set to succeed.

We’ve all seen the videos of people having absolutely no clue when on a video conference call. Don’t be “that guy” who looks like he just rolled out of bed, still have their curling rollers in their hair (do people really do that anymore?), or just are lounging on the sofa. Listen people are probably making fun of somebody, and I’d rather be made fun of for looking like I’m at the office, then the one who looks the worst. More on video conferences in another article.

But back to clothing… Keep up your routine — if you normally shower every other day, then keep doing that. Shave, keep yourself presentable. No need to return back to the office in a month looking like a caveman! Also from a phycological perspective, maintaining certain routines helps preserve normalcy in times of great change. It helps keep you calmer, more centered, about your work and life. And whatever you normally do when you get home from work (kick off the shoes, change into something comfortable, take off the tie, whatever) — do that. Keep whatever office schedule you set up for yourself.

Please take a moment and share in the comments below your routines for working from home dress code. What have you been wearing, and does this article change your mind in any way?

 

WH: Set a schedule

After working from home for years, I put together this new series of posts to help those who are working from home for the first time. Tips and tactics to get more done in a day.

Transitioning from working in an office to working from the home can be a lot like a teenager moving out of their parent’s house. From a structured environment to an unstructured one. And what at first seems like unlimited freedom devolves quickly into chaos. We all had different ‘out on your own’ experiences. Some more successful than others. My wife quickly noticed how many of her coworker’s natural schedules started to show through when they’d send emails. Some emailing really earlier, others late at night. Everyone isn’t a natural ‘day person’. I certainly am not.

Here are some tips that I’ve collected over the years:

  • Make your bed after you get up – I know it’s a crazy idea, it’s based on a book I read years ago by the same name by Admiral William H. McRaven. The concept is simple, no matter what happens to your day’s schedule, you’ll have accomplished at least one thing.
  • Clean the kitchen – following quickly on the first item – get the simple, easy things out of the way. I do it while making breakfast. Slay those easy to do tasks nobody really wants to do.
  • Have a specific work area and clean anything with-in eyesight of it. And if there are others home with you, make sure they know that is your work zone. Have little ones at home, then you’ll need to manage this differently than those without — more on that another day. (I’ll link it here when I get around to writing it!).

Okay, so right now you’re probably asking if you’re reading the right list. Yes, you are – this is for people who have regular day jobs, white-collar, work from an office or classroom. Stick with me. One of the biggest distractions from people getting stuff done from home is the distractions of the house. These first three help avoid those distractions and get stuff actually done.

  • Set specific “work hours” – otherwise things get out of hand really quick. This is both for your sake and your coworkers, managers, etc. One benefit of working at home is often scheduled flexibility. But what messes this up is bosses who expect you to always be available, and home/family needs who feel you’re totally accessible. Boundaries need to be set on both ends.
  • Reinforce your work hours by managing when you communicate with coworkers and the office. If you want to be available 9 to 5, but are sending late-night emails, it communicates that you’re available after hours. Is that what you really want to communicate? Likewise, if you’re tending to your kids during the normal day and really only work before breakfast and after dinner, likewise reinforce that with how and when you communicate. There are several ways (depending on how you’re setup) to even write an email and schedule it to be delivered later, during your ‘office hours’. I used this extensively. I would sometimes burn the midnight oil, but not necessarily want to be ‘available’ for an immediate reply or give the impression that I normally work that late. Instead, I’d write a lot of emails that would go out at 9am.
  • Protect your privacy with a virtual phone number – Only answer work calls during your specific work hours. More details at Virtual Phone Numbers article.

 

This article will be updated as I create more articles that cross-reference each other. None of the links to products or services on here are affiliate links (I don’t make any revenue from them.) Additionally, the WordPress platform I use does provide other advertisement links that generate them revenue but I receive zero financial benefits.

 

 

WH: Virtual Phone Number

After working from home for years, I put together this new series of posts to help those who are working from home for the first time. Tips and tactics to get more done in a day.

If your work has issued you a work phone (cell, desk, virtual phone) you can skip this article. This is for those of you who have only your personal phone to communicate with workers, students, etc, the last thing you want to be doing is giving out your personal cell to everyone. And as part of maintaining boundaries with coworkers, you need to be able to turn off those calls.

Imagine this:

You can give a number out to your coworkers/students/etc, that they can call and it automatically forwards to your cell or home phone. That this magical number you can have it only forward those calls during your ‘office hours’, and the rest of the time it goes to voicemail. And perhaps after all of this Carona/Covid shelter-in-place is over, you can turn off that number and still keep your personal phone number private!

There are two great ways you can do this:

  1. Google Voice is completely free and if you have a Google account, such as gmail.com it’s really easy to set up!
  2. Ring Central is a fantastic business level option, and during this Carona/Covid situation, if you’re in education, healthcare, non-profit or a few other cases get Ring Central Free at this link. I have personally used Ring Central for years – and they’re great, and I was really excited to see they’re offering this free for select industries. Of course, they’re hoping you’ll fall in love with it and pay to continue service, but there is zero obligation. And remember Google Voice is permanently free!

 

Also, be sure to watch to pay special attention to the feature that prevents your personal voicemail/answering machine from grabbing the message. Both Google Voice and Ring Central have options for this – that way your work and personal voicemails stay separate.

Finally, be sure to check out the texting options also available on these platforms!

 

This article will be updated as I create more articles that cross-reference each other. None of the links to products or services on here are affiliate links (I don’t make any revenue from them.) Additionally, the WordPress platform I use does provide other advertisement links that generate them revenue but I receive zero financial benefits.

 

 

Password Tips for Businesses

This year Microsoft made a very public statement about how they’re fundamentally changing how passwords will work in Microsoft Windows 10 moving forward. Most significant is that they’re dropping the password expiration recommendation. This brings their recommended policies closer to what NIST also published on this topic. On one hand, these bring a collective sigh of relief from many end-users who are vexed when they see the dreaded “you must change your password in 14 days”…13 days…11 days… This was previously seen as ‘low hanging fruit’ for any IT consultant to come in and perform a security audit, and point out that they don’t force their users to change their passwords.

There are many reasons for the change in direction for both Microsoft and NIST recently. But the biggest reason I propose is that security threats to passwords have fundamentally changed in recent years, compared to the past. There is a good chance your email account is already known by hackers. But moreover, your password is even known by them. As of today over half-a-billion unique passwords have been compromised. And the ability to hack or compromise a password is far easier then it ever has been.

What the biggest things these shifts by Microsoft and NIST demonstrate are that ‘good enough’ approaches to security simply isn’t. Arbitrarity forcing users to change their passwords doesn’t make them more or less secure. And it has been argued that it often makes it less secure as users work harder to find ways to remember their passwords. Is ‘Th0rsHammer2’ any more secure than ‘Th0rsHammer1’? Likely not, but research consistently shows that is exactly what happens. Let’s step back and understand why we even consider changing passwords frequently. The fundamental reason is that the password becomes exposed, known to bad actors. The theory used to be that it was unlikely, but just in case, if we change passwords frequently it will reduce the impact. Nowadays we know better, it isn’t a question of “if” but when. And the follow-up question is, once your password is compromised, how long do the bad-guys need? Even the halflife of the typical 90-day forced password change is 45-days, more than enough to do damage.

The new model focuses on two elements:

  1. End-user education: Which primarily focuses on identifying threat vectors such as phishing attempts. But also in how to choose a good password, and avoid password reuse.
  2. Detection of compromise: This one is more technologically involved, but it basically required advanced threat detection to identify potentially compromised accounts or servers, and then using that to force a password change.

 

Recommended Action Items for SOHO (Small Office, Home Office)

  1. End-user education: Ensure that end-users receive training on how to identify and avoid phishing emails, how to choose a good password, and that business and personal passwords should never be the same.
  2. Ensure that every computer has a password required to log in — no accounts should be password exempt.
  3. Consider using a password manager like LastPass which will help create and manage your passwords. That way you can have unique passwords for every account.
  4. Consider using a Two-Factor Authentication (2FA) system whenever possible such as Microsoft Authenticator.
  5. Use OpenDNS which provides a basic level of threat protection for employee website activity.
  6. Pay attention to data breaches of large companies. Consider forcing password resets when such event occurs because there is a high likelihood your users are sharing the password between such large companies (LinkedIn, Yahoo, etc), and your network.

Recommended Action Items for Small Business (10-50 employees)

  1. End-user education: Ensure that end-users receive training on how to identify and avoid phishing emails, how to choose a good password, and that business and personal passwords should never be the same. Train on using password managers instead of sticky notes or excel files with password plainly documented.
  2. All systems should be domain-joined with password policies in place, ensuring that all accounts have strong and long passwords. Remove your password reset policy.
  3. Audit your existing use of role accounts, automatic login accounts, shared accounts, etc. Whenever possible eliminate such accounts so there is a one-to-one audit trail back to a specific user. When role or shared accounts are needed, they should generally have far fewer rights than normal users, and policies need to be in place to reset this upon any employee change.
  4. Consider using a password manager like LastPass which will help create and manage your passwords. That way you can have unique passwords for every account. Professional versions permit the ability to share passwords when needed.
  5. Consider using a Two-Factor Authentication (2FA) system whenever possible such as Microsoft Azure AD MultiFactor Authentication.
  6. Use OpenDNS which provides a basic level of threat protection for employee website activity.
  7. Pay attention to data breaches of large companies. Consider forcing password resets when such events occurs because there is a high likelihood your users are sharing the password between such large companies (LinkedIn, Yahoo, etc), and your network.

 

Recommended Action Items for Medium Business (51+ employees)

  1. All the items listed for Small Business PLUS:
  2. Ensure all public facing website exposing corporate resources (webmail, website, extranet, client-portals, etc) implement technologies like WAF, Fail2Ban, and more. Those resources should be placed in your DMZ, which is isolated from your local network and use completely different administrative credentials.
  3. Outbound traffic filtering including DLP (Data Loss Prevention), Advanced Threat Protection and Content Filtering.
  4. Consider implementing password auditing tools which compare your network passwords against the known password breaches.

 

The above lists are based purely on the topic of password-related security, and there are many additional security matters in general which need to be professionally assessed by any business. 

 

 

 

Dad needs a new computer?!

One of the banes of most IT Professionals is when family members ask for help with purchasing a computer, or worse yet, they just purchased something from a big-box retailer and need help.

This is a multi-part story inspired by my dad who called me recently for a computer question he had. It made me realize that 13 years ago I helped him purchase the computer he currently has. I couldn’t believe it’s been that long! I’m thankful that after he received the catalog for home computers from Dell that he immediately came to me to ask for advice…

Now I’ll get back around to what computer I help him select because I want this to sink in for just a moment…

My dad has a desktop computer,

that was purchased 13 years ago,

that he is still using…

And as for performance, it is working just as good today as it did when it was first purchased… Almost unbelievable! Oh, and he has no plans on replacing it either!

Okay, now as the commercials for miracle weight loss say, “results are not typical”… but they are not wholly unexpected. Let’s talk about this a bit.

My first advice to anyone purchasing a computer for home use, is to skip the big box stores, and even anything seemingly consumer grade. Everything in this real seems to be designed with a short lifespan in mind. Cheaper parts, poorer construction, etc. Not to mention all of the consumer bloatware that seems to come on them. So the first thing I tell everyone and everyone is to immediately go to a major computer sellers “enterprise” tab on their page, be it Dell or HP or whomever. Normally anybody can still just order these, and the benefits are more solid construction, longer MTBF and usually far less bloatware preinstalled. In this case, 13 years ago I had my dad purchased a Dell Optiplex Workstation.

Now if you simply did that, it shouldn’t be surprising to get 6+ years out of the hardware, to get over 10 years is to really be getting your money’s worth. Now truth be told, he did have to replace the power supply once but that was likely caused due to a recent series of lightning storms in his area that the little power-strip surge protector couldn’t really protect against.

But okay, let’s talk about performance… There are really two prongs to why this thing performs so well…

First, he uses his computer for just word processing — and printing — nothing else. Nothing online and he wanted his computer to be as secure as possible from such threats… So, that makes things really easy… Realize that if the computer is an island, there is no external connectivity – no internet, no USB drives, etc. Then it really is an island. What are the threat vectors in this case? None really. So, do you need patch management? Not of the system is working? Most ‘bugs’ patched these days are more about vulnerabilities, not functionally. And honestly, after 13 years, if there are any functionality quirks, he doesn’t seem them as such, but just work through or around them. It really is surprising to see how stopping patching significantly improves system performance and reliability!

For the record, I’m a huge proponent of patch management – but that is because in virtually all cases you have threat vectors you need to account for. But let’s pause for just a moment, and think about that — are there places or situations where you can vastly improve security and performance by outright removing a threat vector such as the internet? It’s also worth mentioning that because of this lack of patching, the 2007 Daylight Saving Adjustment was never patched on his computer. But there are ways to manually patch this yourself on such systems.

But beyond that, let’s talk about the statement that it runs that the same performance level. That is a true statement, although perhaps a bit misleading. Do you remember having to wait for Windows XP to boot up? I sure do. Although if you think back, XP made a lot of waves because it did boot much faster than prior operating systems of the day. But that aside, Windows 10 boots almost instantly. But that is what end users expect these days, my iPhone is instant on… The concept of having to wait befuddles us nowadays. So by today’s comparison, the computer is slloooooowwwww. But that is just my modern comparisons. But it works just as fast as it always has… After all, the processor is still ticking away at the same speed, and the software hasn’t changed at all.

The biggest reason it isn’t a problem for him is that he has no point of comparison. He is retired, the computer works the way it always has. He hasn’t worked on more modern, faster computers.

It’s also probably a mindset — my parents have hundreds of VHS movies. Sure, they have DVD and the latest blue ray discs. Mostly, however, because it’s virtually impossible to not buy a blue ray player. So sure, they’ve got the latest and greatest, and the quality is better than VHS. Although who knows how well they actually see with their aging eyes. But why throw out thousands of dollars worth of working (inferior) VHS movies and buy again higher quality movies, which, at the end of the day, is the exact same movie, story, actors, lines, etc., And most of those movies really were filmed using inferior camera equipment of the day… So is there really a big difference between Gone with the Wind on blue ray since it was captures with 70 year old, non-digital camera technology?

In the end its a bit of a philosophical discussion. Perhaps.

But what’s the takeaway from this article, if any? I would propose a few points:

  • Purchasing: realize that the enterprise gear is often worth it even for personal use because while it can be marginally more expensive, it can last far longer. I think his tower cost sub $500.
  • Security: Consider how in every environment security and performance can be improved by mitigating threat vectors. Remember that patch management is one tool we have to address threats and isn’t a panacea into itself.
  • Performance: Performance is very relative, and subjective. Each use application is different – purchasing or upgrading in blanket terms is wasteful. Each user, department, or situation can often be different and unique. Address them as such.

 

 

 

 

 

 

100,000 Mark

100thousand

I recently was reviewing some of the statics and discovered we have over 100,000 views not including search engine crawling. A couple of more interesting statistics:

Thank you to all of my readers who are enjoying all of the posts, and finding them valuable!  It has been a lot of fun sharing the technical information I have with everyone and helping give back to the online community which has taught me so much…

 

~ Enjoy!

Hashed Passwords

Something making a lot of news in the papers recently is compromised usernames and passwords. This has been seen from companies such as LinkedIn, Yahoo and DropBox. In some of these cases they are storing passwords unencrypted, so that once someone captures the data, they know you actual password. And since many people share passwords among accounts (using the same password for LinkedIn and Facebook) it opens your account to be compromised on multiple systems. This is made worse when more sensitive logins, for back accounts or your work e-mail is the same password you used on Facebook.

One common technology used by web developers and programmers in general is to NOT store your actual password but rather to use a hashed version of your password. Hashing is a form of one-way encryption where once has been hashed it cannot be reversed out (hence the one way part). It also is specifically designed so that there is no two inputs which can create the same output. In fact, even a single character difference usually results in radically different outputs. So this often used so that nobody, not even the database needs to know your real password. All that they do is when you enter your password at login, it will run the password through the same hashing algorithm and then make sure the output matches what is stored in the database for your password.

To make this more secure, many web developers will also add “salt” to the hashing process. That is, they add some extra information to your input before it is hashed. Then benefit of this is that as long as the salt is kept secret, it makes it significantly more difficult for your actual password to be discovered.

What brings this to mind was something I recently encountered today. I forgot the password for a specific online portal that I rarely use, and since I never document passwords, it is really all left up to my memory to recall. Typically when you go to a website and click “forgot password” they will e-mail you a new password or a link to create a new password. However in this case, they e-mailed me my password. What this illustrates to me is that they don’t actually hash their passwords, and don’t likely encrypt them either. With this, I can know, for certain, that it is possible for someone at that company (or someone with malicious intent) can access my passwords. This is very concerning.

In the day that we live in, it is very important that we ask our vendors to be using more secure methods for storing our passwords. If they can tell us what our passwords are, this is concerning.

Also, since we cannot always force a vendor to do something, please remember to be vigilant in how you handle passwords. Avoid using the same passwords online, and ensure that you are changing them periodically. If one of the services you use (such as LinkedIn) has a data breach, be sure to change all passwords for places which you used that password at.

Enjoy!

Welcome to Apple

Apple is recognized as one of the world leaders in innovation and bringing consumer products to market with outstanding success. While there are some amazing leaders at the company who are visionaries, including the late Steve Jobs, there is a lot more at play going on. There is a company culture which empowers all of their employees. I received a copy of their “welcome to Apple memo”, which, while short, is amazing powerful. It speaks to the culture of the company, where they encourage their employees with an enhanced sense of purpose.

In the book Drive: The Surprising Truth About What Motivates Us by Daniel Pink, which is backed up by several published academic studies, purpose is one of the driving factors of what motivates us in life. There is a shift taking place in workplace as it relates to motivating employees to improve productivity. Our industrial era management thinking says that placing a proverbial carrot (bonus, fear, or other monetary pain/pleasure) was effective when the labor required no cognitive thought (assembly line work), but as the nature of work in the majority of western countries evolve into positions requiring cognitive thought processes, the concept of the carrot provides worse results.

What Pink speaks about, which can be seen at TED, as well as animated at RSA, is that we are motivated by purpose, autonomy and mastery. This welcome memo to all new employees at Apple is an excellent example to reinforcing the culture of purpose.

Powered by WordPress.com.

Up ↑