100,000 Mark


I recently was reviewing some of the statics and discovered we have over 100,000 views not including search engine crawling. A couple of more interesting statistics:

Thank you to all of my readers who are enjoying all of the posts, and finding them valuable!  It has been a lot of fun sharing the technical information I have with everyone and helping give back to the online community which has taught me so much…


~ Enjoy!

Hashed Passwords

Something making a lot of news in the papers recently is compromised usernames and passwords. This has been seen from companies such as LinkedIn, Yahoo and DropBox. In some of these cases they are storing passwords unencrypted, so that once someone captures the data, they know you actual password. And since many people share passwords among accounts (using the same password for LinkedIn and Facebook) it opens your account to be compromised on multiple systems. This is made worse when more sensitive logins, for back accounts or your work e-mail is the same password you used on Facebook.

One common technology used by web developers and programmers in general is to NOT store your actual password but rather to use a hashed version of your password. Hashing is a form of one-way encryption where once has been hashed it cannot be reversed out (hence the one way part). It also is specifically designed so that there is no two inputs which can create the same output. In fact, even a single character difference usually results in radically different outputs. So this often used so that nobody, not even the database needs to know your real password. All that they do is when you enter your password at login, it will run the password through the same hashing algorithm and then make sure the output matches what is stored in the database for your password.

To make this more secure, many web developers will also add “salt” to the hashing process. That is, they add some extra information to your input before it is hashed. Then benefit of this is that as long as the salt is kept secret, it makes it significantly more difficult for your actual password to be discovered.

What brings this to mind was something I recently encountered today. I forgot the password for a specific online portal that I rarely use, and since I never document passwords, it is really all left up to my memory to recall. Typically when you go to a website and click “forgot password” they will e-mail you a new password or a link to create a new password. However in this case, they e-mailed me my password. What this illustrates to me is that they don’t actually hash their passwords, and don’t likely encrypt them either. With this, I can know, for certain, that it is possible for someone at that company (or someone with malicious intent) can access my passwords. This is very concerning.

In the day that we live in, it is very important that we ask our vendors to be using more secure methods for storing our passwords. If they can tell us what our passwords are, this is concerning.

Also, since we cannot always force a vendor to do something, please remember to be vigilant in how you handle passwords. Avoid using the same passwords online, and ensure that you are changing them periodically. If one of the services you use (such as LinkedIn) has a data breach, be sure to change all passwords for places which you used that password at.


Welcome to Apple

Apple is recognized as one of the world leaders in innovation and bringing consumer products to market with outstanding success. While there are some amazing leaders at the company who are visionaries, including the late Steve Jobs, there is a lot more at play going on. There is a company culture which empowers all of their employees. I received a copy of their “welcome to Apple memo”, which, while short, is amazing powerful. It speaks to the culture of the company, where they encourage their employees with an enhanced sense of purpose.

In the book Drive: The Surprising Truth About What Motivates Us by Daniel Pink, which is backed up by several published academic studies, purpose is one of the driving factors of what motivates us in life. There is a shift taking place in workplace as it relates to motivating employees to improve productivity. Our industrial era management thinking says that placing a proverbial carrot (bonus, fear, or other monetary pain/pleasure) was effective when the labor required no cognitive thought (assembly line work), but as the nature of work in the majority of western countries evolve into positions requiring cognitive thought processes, the concept of the carrot provides worse results.

What Pink speaks about, which can be seen at TED, as well as animated at RSA, is that we are motivated by purpose, autonomy and mastery. This welcome memo to all new employees at Apple is an excellent example to reinforcing the culture of purpose.

Management Section Import

I brought over to this blog several (okay 50) blog posts I did back in 2007-2009 on management, business growth and managed services. The are now part of this website with the original date intact. Here is a quick highlight of some of those:

Customer Service is about the relationship between a great customer experience contrasted against minimizing corporate liability.

Employees is the old adage, slow to hire, quick to fire.

Spend money to save time – I share about the relationship between time and money and at which point it is valuable to spend money instead of time on specific tasks.

Building relationships is about cultivating key relationships with individuals who can help your business grow

Building your legal team – I share about the value behind establishing your legal team early, and before you really need them

Building a moat is sound advice from Warraen Buffet regarding building an economic moat to protect your business by creating a market differentiation

The Principle of the Mater is about the cost associated with doing something out of the staying “principle of the mater” instead of a sound judgement.

Virtual Office Space is how to provide a big business look and feel without the associated costs. This is a great option for professionals who can work from home, but need an upscale meeting place.

Changing Services speaks to the importance of keeping to your key areas of expertise and avoid branching out unnecessarily after money.

The Counter Offer is about the growing trend in attempts to retain departing employees, and the risks in trying too hard to keep them at your company.


2011 in review

The WordPress.com stats helper monkeys prepared a 2011 annual report for this blog.

Here’s an excerpt:

The concert hall at the Sydney Opera House holds 2,700 people. This blog was viewed about 20,000 times in 2011. If it were a concert at Sydney Opera House, it would take about 7 sold-out performances for that many people to see it.

Click here to see the complete report.

The Counter Offer (part 2)

I just completed importing several older blogs, and among them there was one titled The Counter Offer. This is the second installment of that article which was never published. In that article we discussed that a growing trend is to offer departing employees a counter offer in an attempt to retain their skills. However, often these efforts are risky and do not necessarily ensure that we have the best environment moving forward.

With that stated, it begs the question, “so what should we do with departing talent.” The best thing you can do is typically let them go, unless you have a short term strategy to retain them just long enough to replace them.

So beyond that, what are you to do. It is an excellent opportunity to a very open and honest exit interview. Beyond simply their manager or HR performing the interview, consider having someone they trust such as a different department manager, supervisor or even a peer. The goal is to obtain the best information on why they are really leaving. From that data, it should be incorporated into a 360 degree review of the department, manager and organization as a whole. How does the departing employees fit into the organization as a whole.  Typically if you were considering a counter offer this isn’t an employee you typically want to loose, and you find value in what they bring to the company.

Usually the first great employee leaving is the tip of the iceberg and we need to pay serious attention to discover what we’re doing and if we need to adjust our employee retention process. What? You don’t have a formal employee retention process? It is time to start putting one together. Here are a couple of ideas for you:

First, you don’t need to begin with compensation. Most managers who have the title because of a natural promotion instead of training or education, begin with compensation. As a matter of fact, several well published studies outright say that financial reward for performance, when even minimal cognitive skill is required, results in worse performance. Yes, this is opposite of our expectation. In our industrial era mentality, we have been raise to believe that the effort-reward system works. That bonus program is successful when we are talking about tasks which do not require cognitive thought. Areas such as assembly lines or manual labor. But the moment individuals are required to turn on their brains and use their thoughts to create productive results, money has a negative affect on performance.

What researchers have discovered is three things which lead to better performance and personal satisfaction, and isn’t that key to retaining talent:

  • Autonomy
  • Mastery
  • Purpose

Evaluate for a moment in what ways you can encourage your staff to be more autonomous (which isn’t working solo, but rather self directed); mastery (which is enabling them to become an expert at something); and purpose (the “why” behind what they get up for everyday, and it should be a paycheck). Take a look at this YouTube video: The surprising truth about what motivates us.

The next area is understanding the workplace environment. It is amazing how much the culture can impact the overall workplace satisfaction. The late Stephen R Covey, in his book The 8th Habit shares about the 6 cancers which inhibit greatness in people which include: Cynicism, Criticism, Comparing, Competing, Complaining, and Contending. This is something that is best change from the top down, as well as identify several key people in your organization at the lower levels which can be intentional about building a positive workplace environment. Also understanding how your current management processes might be encouraging these cancers.

A second perspective on the workplace environment is to understand the actual physical working space. Do your employees have the tools they need to perform their jobs, do they have the basic environmental needs met. Environmental change can be something as basic as ensuring a clean, working (non broken) environment, to very elaborate office setups designed by professional workplace designers. There is one place where in the bathroom, for years, the mirror wasn’t hung on the wall, the hand towl dispenser was broken so it was just a stack on the counter, and the TP dispenser was broken as well. Seemingly unimportant things, but it is has a slowly deteriorating effect on employee morale and pride in their workplace. A quick coat of paint, and basic maintenance made an immediate improvement in several employees pride.

Finally we get to compensation. It is always surprising to many people that this is at the end of the list. This is also surprisingly more complex than many people thing. Again, lets take a look at the first section about motivating people. Simply a bonus or higher hourly wage isn’t sufficient to improve productivity or worker satisfaction. There are two factors on compensation I’d like to focus on:

(1) is to take the issue of money off the table, employees should be compensated at a level which meets their needs, as well as provided measurable and predictable control over their compensation. An excellent tool I learned from Michael Brand, Executive Vice President at Cornish & Carey Commercial, was that he would have his team members interview with 3 competitors each year. They were required to report back on how those interviews went. Can you imagine! Encouraging your team to seek out the competition. That takes boldness. There are two takeaways from that exercise. First is that it forces the employees to evaluate their own real value in the marketplace. Many people have higher self-worth than is accurate, an interview forces that into reality, causing them to take an honest look at themselves, it can be very humbling. Imagine how your annual reviews would go if they were first required to have interviewed at three different competitors. The second was the other side of the same coin, this is the point where your organization is forced to evaluate how good is your environment to your employees. What are you doing to motivate employee loyalty?

(2) is to understand what would motivate them financially aside from their paycheck. Several places have employee owned companies or profit sharing plans. A recent survey of web developers showed, to my shock, that profit sharing was dead last in their different things which they care about, second to that was medical benefits (the group was primarily 20-somethings-think-they’re-invincible). For some employees compensation may come in the form of more PTO, better break room perks (free lunch, booze, etc), free massage or car wash. Some companies offer company vehicles, cell phones, laptops, etc. One company, Atlassian, actually gives you a one week vacation before your first day of work!

The overall goal is to ensure that you are ensuring a positive outlook and capturing the potential to become even greater with every change. Learn from departures, and bring about positive change in your environment. Not all employees who leave are those which you want to change your culture over, in fact, the majority of employees that leave are going to be incidental and insignificant to the company. However those employees which you would want to keep around, those which you have been tempted to offer a counter offer to, are the ones you can really learn something from.

In summary, be sure to capture the real reason why an employee is leaving, and leverage that to create an atmosphere where people want to stay and are not tempted to leave. Understand what motivates people is autonomy, mastery and purpose; create an environment free of the 6 cancers; ensure your environment is something you can take pride in; and finally understand compensation transcends the paycheck.

HIPAA Compliance & Faxing

The primary objective of HIPAA is that health organizations have the infrastructure and procedures – administrative, technical and physical – that allow them to safeguard patient health information from any kind of exposure or disclosure to unauthorized parties when this information is required to be transmitted or delivered to authorized individuals.

HIPAA does not prohibit the use of fax machines to communicate PHI; however the information is subject to strict regulations that protect the privacy and security of the information both at the point of dispatch, during transit and at the point of delivery.

The security provisions of HIPAA require “reasonable” efforts to make sure that the information delivery via fax has been sent securely and was received securely and by the person intended.

HIPAA makes a number of demands to ensure that patient health information is properly protected. These, in relation to security and privacy, include:

•All fax machines are to be placed in a secure area and are not generally accessible.
•Only authorized personnel are to have access and security measures should be provided to ensure that this occurs.
•Destination numbers are verified before transmission
•Recipients are notified that they have been sent a fax.
•Include a cover-sheet clearly stating that the fax contains confidential health information, is being sent with the patient’s authorization, should not be passed on to other parties without express consent; and should be destroyed if not received by the intended recipient.
•Any patient data should be in the fax body and not in any of the data fields.
•Faxes are to be sent to secure destinations; i.e., the fax machine of the recipient must be in a secure location, accessible only by those authorized to receive the information.
•Maintain a copy of the confirmation sheet of the fax transmission, including the necessary data such as time and recipient’s number.
•Confirm fax delivery by phoning the recipient.
•Received faxes are to be stored in a secure location.
•Maintain transmission and transaction log summaries.

Encrypted E-mail Solutions

Here is some information on setting up secure e-mail encryption with outside parties. There are basically two options available. Prices can vary based on the selected vendor and the information provided is for very general planning purposes and we would need to formally quote these before going forward. The major difference is how widely you intend on sending encrypted e-mail, and cost.


This method is the simplest form of transmitting data between two trusted partners or individuals.

  • Pros: This security is built directly into Microsoft Outlook and it’s use is seamless for the sender and receiver. Meets HIPPA requirements for PHI. Best solution for a small number of users. Fastest method to receive encrypted e-mail. Lowest start up costs for a small number of users.
  • Cons: This requires a Digital Certificate to be purchased, renewed periodically and installed on both the sender and receiver systems. There is a degree of configuration required for all parties. Apex can provide support to other business with their permission and for an additional cost. E-mail is only encrypted when sent to recipients with Digital Certificates, you can accidentally send PHI or confidential information to the wrong person. Both users need to be configured before you can send encrypted e-mail.
  • Best Fit: When you’re exchanging secure e-mail with a well defined set of outside businesses and individuals which will not subject to change frequently.
  • Costs: $100 per user who will be receiving encrypted e-mail (reoccurring every 3 years); and $200 per user at an outside company who will be receiving encrypted e-mail (reoccurring costs every 3 years) – price include the rough estimate for labor and the Digital Certificate.

E-Mail Gateway:

This method will use a set of rules defined on the server to automatically determine PHI, such as sender/receipient/subject/content/etc. The system will automatically convert those e-mails into an encrypted format and send them to the recepient. There is no special software or configuration requirements for the sender or recipient.

  • Pros: This is good when the list of senders or recpients is not well define or may include home users. Automatically protects all PHI to avoid accidentally sending PHI in an unencrypted format, regardless of the recpient. On-the-fly encryption to anyone, which doesn’t require pre-configuration. 
  • Cons: It may require the recipient to go to a website to download the attachment, which makes frequent use of this method a slower method. Additional server hardware, software and maintenance is required.
  • Best Fit: If you’re exchanging e-mail with a diverse group of not-well-defined individuals, who may not have the ability or knowledge to work with Digital Certificates.
  • Costs: Around $3,000 per three year term, plus hardware around $1000 and installation labor and ongoing support. Pricing is subject to change, this was based on old pricing before Symantec Acquired the product from PGP. Another solution is the Cisco IronPort E-mail Security Appliance.

Hosted E-Mail Gateway:

Basically the same as the E-Mail Gateway from a security standpoint, with the only difference of the costs of implementation. The hosted solution doesn’t require a server nor the related hardware, software and support costs. However, it does have a higher ongoing service fee.

  • Pro/Con/Fit is the same as “E-Mail Gateway” above.
  • Costs: McAfee Email Encryption is $4,930 for a three year term for 100 users (again we need to do the entire company); or one year for $2,055.00 Other providers are McAfee/MXLogic Hosted Solution

IT Services Policy: Billable Hour

This is to help define what activity is billable versus non-billable activity under a typical Managed Services Agreement (MSA/MSP). Beyond the obvious that activity which is for the direct benefit of a client, and that activity relates to either an hourly billable event and/or counts against a contract – that activity is considered billable. However here are some additional examples of each:


  • Company internal work which is assigned a ticket from the IT Manager
  • Client work (ticket & project) which is assigned a ticket from the IT Manager
  • On-site, remote and bench work which is billable to the client
  • In-office prep time for billable on-site time (pulling equipment for install, etc)
  • Warranty work for “completed” tickets performed by someone else
  • Travel time to/from clients, except for before/after work/lunch periods.
  • Design & Implementation meetings for clients – “here is how we are going to go about backup”.


  • Training, education, conferences, etc.
  • Corporate meetings, one-to-ones, etc.
  • Warranty work for “completed” tickets performed by yourself.
  • Client “touches”: stats updates, “hi”, proposals
  • Training meetings regarding clients – “here is how you….”

Powered by WordPress.com.

Up ↑