There’s been a lot of changes recently to Internet security done mostly by browsers to improve the online safety of Web users. Even though I have a security background, I have some serious issues with the stance browsers and other technology companies have been taking in improving Internet security. My major concern is that not enough is being done to educate end-users.

I understand that there has always been an epic battle between businesses, tech people, and end-users, in regards to educating the everyday computer user. I know it has been a losing battle and understand that companies often resort to “well, if the user is going to be dumb, then I’ll just do everything I can to prevent them from making a mistake”. This mentality is, in an of itself, a mistake. Non-educated users are prone to finding innovative ways to make mistakes, regardless of the safeguards we put in place, despite the amount of preventive security that is put in place.

If you’ve ever seen a site that looks like this, you’ve been “saved” by a browser’s attempt to block “bad” sites. The problem with this is that your safety net, as a user, is dependent entirely upon a browser‘s ability to scan millions of sites and be able to differentiate between those that are good and those that are bad.

Unfortunately, browsers will never be able to catch all bad sites, some are going to get through and users will be defenseless. At some point, we will need to weight which losing battle we will want to fight. So far educating users has not been a popular choice of action, however, there are some changes in the horizon.

I came across a new Web site by Verisign, Phish or No Phish, which quizzes users on which sites are phishing Web sites, and which are real Web sites. It then promotes the use of EV (Extended Validation) SSL Certificates (the green bar on the browser) to identity secure domain names. I like that the approach taken was to educate the end-user on the reality of bad online and how to spot those sites that are bad. I also thought that the Verisign quiz was biased towards having users miss more questions than normal so that they can then show how bad the problem really is. Again, I have a security background and admit that I did not get 100% of the phishing sites on the quiz.

The problem, really, is that most phishing Web sites come from non-standard domain names for the company being copied. Verisign, on the otherhand, user man-in-the-middle (same domain name on both screenshots) for all but one of their quiz questions. Hate to break it to Verisign, but very little of the phishing sites out there operate this way. Most are coming from the garbage domain names. In any case, the overall, the positive effect here is that more emphasis is being placed on educating users.

As technology professionals we can only do so much. Eventually, our users will be left on their own and will have to stand on their own two legs, the question, then, is “will they do the right thing?” I certainly hope that we see more of this from technology companies.

Bookmark This...

I read an article recently regarding employee recognition and incentive programs in the workplace and what employers can do to keep employees happy and products. I have to say, the suggestions by the HRTools author were lacking in real substance to really keep top talent interested in working for the company long term.

I understand that for organizations currently not employing ANY incentive or recognition program for employees everyone has to start somewhere. Too often, however, companies wanting to implement recognition programs or incentives, do so improperly or poorly. The result being that the incentive or recognition does not have a positive effect on employees and many times, has a negative effect on employees and employee morale.

These programs, incentives, and awards have their right place at work and can be extremely useful in showing your employees appreciation, recognition, and has great power to continually motivate employees to maximize their efficiency in their line of work and become a more productive professional.

HRTools recently discussed the usefulness of these programs and stated that:

Recognition programs and positive reinforcement are needed in every organization.

Creating a balance of formal and informal recognition programs is a recommended practice and is an effective way to keep employees motivated and happy.

There is a great fallacy in that ANY recognition and incentive will keep employees motivated and happy. I think some HR experts and the managers who truly believe this are living in a fantasy business world that doesn’t exist. Here are the suggestions to keeping employees “happy”, according to the article:

Service awards based on tenure—This type of reward is pretty common in lots of companies.

Employee of the Month/Quarter/Year awards.

Performance-linked bonuses.

Monetary awards for money-saving suggestions that improve the company’s products, services or processes—oftentimes these suggestions can save a company millions of dollars; therefore, you want to make sure that the award is reflective of the cost savings for the company.

Annual trips or conference invitations based on outstanding performance.

At first glance, I admit, we may think that these suggestions are great, and that they do actually fulfill the implied result of keeping employees happy and motivated. As we really begin thinking about this, however, I think that we come to the realization that these suggestions may only be successful if they are used to call-center atmosphere where they are regularly abused and neglected. Or if they are used to hard-labor with task-masters over them who berate employees and squeeze out every single drop of productivity from employees until near the point of exhaustion.

Here’s why:

Service awards based on tenure - Awards based on tenure are nearly useless now-a-days. Research by the U.S. Bureau of Labor & Statistics (1979) has shown that employees currently are changing jobs about 10 times in their career. Since the data is old, it is thought that currently that number is probably higher than previously stated in the study. Rewards for employees at their 5- and 10-year mark have little value since most employees may not have plans to be in that specific position in 5 or 10 years.

Employee of the Month/Quarter/Year - This is another ineffective program that will either polarizes your outstanding employees and your mediocre-performing employees. Think about it, if you are truly rewarding your best employees, you may have a handful of excellent employees who will always win the award. This will not motivate the mediocre employees because despite all of their effort, they will won’t match the best performing employees for some time. At the same time, if you spread out the reward so that when the mediocre employee who shows a little improvement gets rewarded, the top-performing employees will no longer be excited about maintaining their top performance since others who don’t perform that high level are also rewarded.

Performance-linked bonuses - Now we’re getting somewhere, as long as the bonuses are not linked to group performance. Group performance-based incentives will reward mediocre when generally the bulk of the work done will be completed by the top-performing employees.

Monetary awards for money-saving suggestions - This idea sounds great, until the employee realizes that they just received a $1000 bonus for saving the company hundreds of thousands or even millions of dollars. Most of the time, when the employees sees the bonus compared to the amount he just saved the company, he’ll feel like he got the short-end of the stick.

Annual trips or conference invitations - This is another suggestion that, again, sounds great until you begin to think of the implications it has on the group of employees. What will everyone think when you have one or two employees who always get the company trip at the end of the year? What implications does that have on the entire team at the company? On the surface, it’s a good suggestion but one that will, in the end, only manage to hurt your employee base more than it will help.

The next time you’re thinking about implementing an incentive program for employees, think of the real implications that it will have on your employees in the entire company, and determine if the incentive program is really just “throwing peanuts” at your employees or if your program is really targeted to drive your employees to become better, smarter, more successful, efficient, and motivated at driving the company forward.

Bookmark This...

I think that computer companies too often get caught up on petty ad wars “I’m a Mac…”, “I’m a PC.” Not enough is being done to show consumers where we’re going and why we should stick with a computer company.

I came across a great video that gives us a glimpse of things to come. We should see more of this. People want it, need it. Yeah, you’ll get a few laughs when the PC guy sneezes (supposedly having a virus), and the PC guys will scoff at the Mac people and their having to pay the “Mac Tax“. Overall, what keeps customers and keeps them happy is to see where we’re going and to feel like they’re part of that future.

Bookmark This...