I’ve come a long way in my personal development, but still have a way to go. That’s why when I read this article by Bryce Christiansen, Tina Fey’s Rules For Improv…And Your Career, I knew I had to go to an improv class. In improv, there is no place to hide. There is no script, no director, no costumes, no lighting, no set – nothing but you, your partners, your wits, and an idea shouted from the audience. It sounds a lot like starting a business.

I have zero experience with theater or acting, so the thought of getting on stage wasn’t exactly comfortable for me. Fortunately, one of my coworkers is a theater grad and he said that he’d love to go. So we headed to class at the Onyx Theather, which by the way, has a fetish store as its lobby. Viva Las Vegas!

What I Took Away From the Experience

1. Changing your natural way of thinking and interacting with others requires purposeful effort and practice.
2. You can’t be judgmental and creative at the same time. Turn off the judgmental inner voice.
3. Improv requires openness, trust, cooperation, a sense of giving, and a complete lack of selfishness. Does this describe you or your workplace?
4. You have to go wherever the scene takes you. It might not be where you want to go, but go anyway. If it doesn’t work, it will be obvious. The point is to go there together and come to that conclusion together. You can review later and adjust the next time.
5. You help your partner and the scene by saying, “yes, and” to everything your partner says. When was the last time you saw this type of thinking in your workplace?
6. Asking questions or saying “no” brings the whole thing to a halt. It’s an inertia thing. You have to stop what you’re doing, come up with something new, and try to get the scene and your partners to go in that direction. Very tough to do on the fly. In business, saying “no” makes people shut down and stop participating.
7. Saying “yes and” would be a great way to improve brainstorming sessions.
8. Doing something new is good for your brain – try it!

While most of us aren’t actors or artists, our work requires an awful lot of creativity and cooperation. Imagine how powerful it would be to walk into your next meeting, presentation, or sales pitch with the improv mindset. Next time, change your goal from the perspective of winning and losing to one of cooperation and mutual benefit. And sign up for an improv class – it’s a lot of fun!

Thank you Bryce (and Tina) for your article and for giving me a new perpective and new hobby. I hope this article encourages others to try a new way of thinking and working together. Leave a comment or contact me on Twitter telling me what you are doing to help grow and adapt – I’d love to hear about it.

These are tough times, and only a fool would ignore high unemployment, mortgage defaults, tight credit, and the general uncertainty that surrounds us. Many if not most businesses are operating on tight budgets, putting even more pressure on employees. It’s tough to simply say, “Oh well, I’ll go get another job someplace else” because someplace else has most of the same problems your current employer has. Before jumping ship, take a look at your leadership team.

A good leader knows that fear is a destroyer. It closes down creativity and distracts from the solution. At times like these, a good leader will increase visibility to the company’s strategy, tactics and finances. A good leader will be visible, available and communicate, communicate, communicate. A good leader will stay on message and make sure the team stays on message. A good leader will answer tough questions openly, avoiding any trace of management speak.

Look around where you work. Is there a plan and are people focused on working the plan? Or are people sitting around, scared, keeping their heads down when management comes near and grumbling when they’re not around? The answer to that question clearly tells you the quality of your leadership team.

I am certain that my fellow Americans expect that on my induction into the Presidency I will address them with a candor and a decision which the present situation of our people impel. This is preeminently the time to speak the truth, the whole truth, frankly and boldly. Nor need we shrink from honestly facing conditions in our country today. This great Nation will endure as it has endured, will revive and will prosper. So, first of all, let me assert my firm belief that the only thing we have to fear is fear itself—nameless, unreasoning, unjustified terror which paralyzes needed efforts to convert retreat into advance. In every dark hour of our national life a leadership of frankness and vigor has met with that understanding and support of the people themselves which is essential to victory. I am convinced that you will again give that support to leadership in these critical days. Franklin Roosevelt first inauguration speech

As early as my middle school years I’ve wondered when my generation would face its great challenge. We’re in the middle of it right now. This is more than an economic downturn. It’s more than a banking crisis. It’s more than an ill-defined war on terror. The ground under our feet has changed and we’re all trying to figure it out. The rules we were taught by our parents, family, and society have changed, but no one has told us how. I believe this is what the Occupy Wall Street protests are reacting to.

The Old Script

We were taught the script: go to school, do well, go to college, get a good job, do a good job, get married, buy a house, and save for your kids’ education and your retirement. Sure we had to borrow money for college and our mortgage, but we’d make it up over the years of employment with a good company. We’d need a lot of money for our retirement, but many good jobs had pensions and we could make up the difference with our 401Ks. We had hoped Social Security will be there, but we did not count on it.

That script might have worked for my parents’ generation, but it’s proven horribly wrong for mine, and many of us are so far down the road that we don’t have time to make up our financial losses. That’s downright scary for millions of people.

Learn the New Script

You’re an independent agent. You’re the product that you need to develop and market. Like an elite athlete you have to keep yourself in shape, keep your skills sharp, and be versatile doing whatever is needed to contribute to the success of your team. This isn’t easy and it isn’t passive.

You need to learn how to get things done, how to solve problems, and how to work with groups of people. Getting things done, things that show up on the scoreboard (the bottom line) is what gets you more salary. Will college degrees help you with that? If not, then don’t waste your time or money on them.

Find a job where you can learn and develop the skills you need to stay employed or to employ yourself. Keep learning and developing. Keep finding things you’re good at that people will pay you for. Learn how to market yourself and show your value.

Watch your debt. Debt is slavery. Cash gives you freedom to take a job at a lower salary, but one that will teach you valuable skills . Cash gives you the freedom to work the way you want or to walk away from a bad job. Cash gives you the freedom to start your own business.

What Are You Going to Do

That pain, that frustration, that confusion we’re feeling is because reality doesn’t match our frame of reference. It’s time to change our picture to match reality. It’s time to adapt. Those who adapt survive. That’s the way it’s always been.

Cisco Networking Academy Offers Health Information Networking Course

Per an email sent to Academy students, Cisco Networking Academy is offering a specialized Cisco Networking Academy Health Information Networking (HIN) course to help retrain workers in the area of healthcare IT through Cisco’s Workforce Retaining Initiative. This is supplemental material for students in the CCNA and it covers:

• Basic information on healthcare environments
• Principles of security and privacy in healthcare
• Fundamentals of electronic health record (EHR) systems
• Basic information on medical practice workflows and how to adjust workflows for EHR implementations
• Designing a network to support a medical group
• Securing a network for a medical group
• Troubleshooting a network for a medical group

Cisco Network Academy is the best value for your money if you want to get started with computer networking. Learn more and enroll with an Academy school if you are interested.

 ESET Offers Webinars on Securing Your SMB

ESET is celebrating Security Awareness Month by offering 4 free webinars on securing your SMB. Follow the links below to sign up.

• Simple Steps to Secure Your SMB (October 5th)
• Creating and Managing a Cybersecurity Policy (October 12)
• Securing Your Network: Safeguarding Your Business Data (October 19)
• The Impact of SMB Security on Our Nation’s Critical Infrastructure (October 26)

In the first three articles in the SMB Security series, I discussed some reasons why you should take computer security seriously.

In the next series of articles, I’ll discuss steps you can take right now to reduce the likelihood of suffering a data breach or loss. Help make your business more resilient and less attractive to computer thieves by implementing these basic steps. These are the same things larger companies do to protect their businesses.

And don’t think that just because you are small you are safe. The graph to the left indicates that small businesses are being targeted at a much hirer rate than larger businesses. Hackers are now targeting the little guy because they know small businesses are less secure than big businesses, and you have information worth stealing.

5 Simple Steps to Improve Your Computer Security

1. Backup your data
2. Patch your operating system and your applications
3. Use individual logins and passwords
4. Encrypt your wireless network
5. Protect remote access
6. BONUS: Shred printed documents that have sensitive customer or business data

Backup Your Data

How long can you stay in business if you lost your customer data, contracts, or financial information? How much time would you have to spend to try to recover that data? Can you afford that cost?

Do you have paper copies? Are they in the same building as your computers? What happens if there is a fire, flood or burglary?

• Keep a copy of your critical data offsite; far enough away that the same disaster cannot wipe out both copies.
• Make a backup as often as needed. How much data are you comfortable losing? One day? A Week? The answer is up to you, but you’ll need to make backups on a regular basis.
• Verify that things are working as you expect. Test your backups by trying to restore or build from your backups. Do this at least once a year.
• Consider using service like Iron Mountain.  They’ll help you get started and help you if you have to recover your data.

Patch Operating Systems and Applications

One way hackers steal information stored on computers is through known flaws in software. You can think of these flaws like open windows to your car or home; most people won’t take advantage, but some will.

• Set your operating system (Windows, Mac, Linux) to automatically check for patches. Make sure to backup your critical data before patching.
• Set your applications to automatically check for updates. Common applications are: Adobe Acrobat, MS Office, Outlook
• Set your browser software to automatically check for updates. (Internet Explorer, Firefox, Safari, Chrome)
• Do you have a website? You need to patch and back that up too.

Use Individual Logins and Passwords

• Make a login and require a password for everyone that uses a computer
• Do not give any user administrator rights
• Make an administrator account that is used for administrative work only. Do not share this account – make more if needed
• Delete any group login accounts
• Require strong passwords, but don’t go crazy. People will write down their passwords if you get too strict.
• Tips for creating a strong password

Encrypt Your Wireless Network

One of the largest and most expensive data breaches in history took advantage of weak wireless encryption. It is one of the easiest ways for computer criminals to steal your data.

• Set your wireless access points and clients to use WPA-2 encryption.
• Do not use WEP – it is too easy break the encryption
• I strongly recommend that you make the investment on new equipment if yours is too old to support WPA-2
• Use RADIUS if you have it, if not use a strong pass phrase if you are going to use WPA-2 Personal
• See instructions for your operating system and access points for details on how to set this up. There is a lot of information on the Internet.

Protect Remote Access

• Decide if you really need to allow anyone to access your computers from outside the office
• Disable remote access if not needed
• Use the firewall settings on your computers to block remote access for file sharing
• Require a VPN if you are going to allow remote access. This limits who has access to your computers and encrypts the connection making it difficult to eavesdrop on your communications.
• This step is more technical than some of you might feel comfortable tackling, so seek help from a security or computer network professional to help you. This is a very important step, so don’t skip it.

Shred Printed Documents

A couple years ago I went to a mortgage company to inquire about a loan, and I saw stacks and stacks of documents in the office, but not a single shredder or shredder bin. It made me very nervous about doing business with them. I suspected that all of those documents with personal and financial data would one day end up in the dumpster.

What information are you throwing in the trash? Anything with Personally Identifiable Information (PII)? Bank or credit card account information? Job applications? Customer contact information? Do you know you are responsible for protecting this data?

• Get a shredder if you have a few documents to shred
• Get a shredder service if you have a larger volume of documents to shred. Some will shred onsite in your parking lot, some will take the documents back to their office and shred there. Know how the service will handle the documents before you hire them.
• Make sure the shredder bin remains locked to protect the data from visitors or employees

Wrap Up

I hope this article helped you understand a few basic steps that will help you make your business more secure and less attractive to computer thieves. Most of these you can do on your own, but please seek assistance from a security or IT pro if you need help.

This is a start, there are many more things you can do, but it’s easier to do if you do a piece at a time. Get started today and do a little to get better every week.

Feel free to leave a comment, email me, or contact me on Twitter if you have any questions.

The ability to work with others is critical to getting things accomplished. There aren’t many things you can do completely on your own. But working with others can be difficult, especially for those of us who are used to working with machines that do exactly what we tell them. So how do you work with others?

One way to improve your relationship with others is to transition from viewing the world in either or terms and start thinking both and.  Imagine how much more we can accomplish if we truly work together rather than acting out of perceived self interest. Learn to apply this technique and give yourself a competitive advantage. Get your organization to think this way, and you’ll be tops in your field.

Let me share a personal example. Recently, I was asked for help from a coworker. My first reaction was to see the request as a big inconvenience to me and my people; requiring us to rearrange our physical workspace and planned work for one day.  I could have responded in an us vs. them way, but that is very short term thinking. It doesn’t do anyone any good. It causes frustration, anger, resentment, and shows no concern for my coworker’s needs.

Instead, I looked at the bigger picture – the benefit to the company. I looked for a solution that met both her needs and my needs, and I found one that will work. The outcome is completely different than if I stayed with the either or mindset.

I realize this isn’t the natural way of thinking for most people. That’s why we see so much conflict and why we waste so much potential. The good news is this is a skill that can be learned. You can train yourself to think differently and act differently. I think you’ll find it a lot more fun and rewarding to work with others rather than competing with them.

See the links below for more information on how to change your thinking.

Related Links

• How to Free Your Mind to Envision the Power of Both – Scarcity vs Abundance
• Scarcity vs. Abundance in Tech – good chart
• Scarcity vs. Abundance Thinking – great examples and good chart

This article will continue the SMB/SOHO business owner or IT manager’s introduction to computer security. The entire series can be found here. Subscribe to the RSS feed if you find this valuable.

Usual disclaimer: I am not a lawyer and am not qualified to provide legal advice. Please talk to your lawyer for legal advice.

Why, with all the other things you have to worry about, would you concern yourself with computer security? The fact is you probably wouldn’t if you did not have a compelling reason. You might have to comply with PCI-DSS, or with HIPAA HITECH, or maybe you would like to do business with the government and you need to comply with FISMA. Or you maybe you recently learned that you are required to comply with one of the many state laws governing computer security.

Want to know the biggest reason you should care about computer security? It will help you stay in business.

Businesses that pay attention to computer security know where their data is, who has access to it, and they monitor access. They encrypt sensitive data, store it offsite, and they test that everything is working as planned. These businesses have a reasonable expectation that their data is safe and that they can recover from a disaster. In other words, they have lowered the probability that a computer security incident or disaster will put them out of business.

Avoiding Losses Through Disaster Planning

Computer security can help you survive a disaster like a flood, fire, or burglary. According to the SBA, 25% of small businesses don’t reopen after a disaster. How long can you afford to have your business closed due to data loss?

Remember the first article where I asked you to find out where your critical business data (customer information, financial information, contracts, device configuration, etc.) is stored? What did you find? Is it located in the office on one machine? Is it backed up, encrypted and stored offsite? Do you know if you can restore the data if necessary? Have you tried to restore it?

Avoiding Losses Through Compliance

You can avoid data and privacy breaches and avoid the fines and penalties that accompany them. You can lose important business data and not know it. Who has access to your data? Do you share passwords or leave the computer logged on? How many former employees, partners, spouses or significant others know that password? Do you or your employees email customer information home? Do you put it on a laptop or USB drive?

Any one of these common practices can lead to data loss, fines, penalties, and legal fees. What’s your budget for that? I’m guessing that most of you would go out of business if you had to pay these costs.

What is Computer Security Going to Cost

The answer depends on many factors. What are you required to do by law or industry mandate? What systems do you have in place? How many devices? Where is your data? How many people need access to your data and do they need to access it from outside the office?

This probably isn’t a do-it-yourself project unless you are in the computer security business. That means you’ll need to find someone to help you. There are many, many businesses that are happy to help you, and not all of them are reputable or qualified. Learn enough to ask good questions, and get referrals. Some security industry groups that can help you are (ISC)2, ISACA, ISSA, and SANS.

I hope that this introduction has helped you become more informed. I plan to continue with specific topics like hiring, security awareness, security policies, anti-virus, malware and other topics of interest to the SMB/SOHO business owner. In the meantime, please review this introduction to computer security and check out the links in each article.

Related Links

• Hacker’s New Target: Small Firms with Lax Security
• SBA Disaster Planning
• SANS Information Security Policy Templates
• How Not to Suck at Information Security
• SANS Top 20 Security Controls

Here’s the first and perhaps most important thing you need to know about leadership: IT ISN’T ABOUT YOU!

If you want to lead people, they have to want to follow. Think for a moment about those bosses you enjoyed working for with. See what I did there? The best bosses are those who work with you, not those that want to be your boss in the bossy sense of the word.

Your Reactions Reveal Your Intentions

Think you can fool people into thinking that you really care about them when you don’t? You’re wrong. Your words and actions reveal your true intentions. Let’s look at an example. Let’s say you are having trouble with one of your folks. They seem unhappy and unmotivated. When you talk to them, you find that they think you don’t care about their career opportunities, and that you favor other people over them.

Your reaction might be to get angry and deny that you favor others. You might argue with this employee and tell them how wrong they are. But the person doesn’t believe what you are saying and they walk out even more unhappy and unmotivated. Why?

You didn’t listen to them. You didn’t attempt to see the situation from their point of view. You didn’t admit to yourself that maybe you don’t communicate very well and that you are afraid to have difficult conversations.

You try to pacify people rather than be honest with them. You are more concerned with your ego and feelings than you are about other people’s. See, you really don’t have them or their career goals in mind.

How to Make it About Them

In this case, you should have listened to the person. You should have apologized for failing to communicate with them. Yes, I said apologize. You are responsible for ensuring your team knows what is going on and what is expected of them, not the other way around.

You should calmly explain your reasons for your decisions. Heck, maybe the person lacks the skills needed for that 2-week boot camp, or maybe you can’t afford it, or maybe they do a lousy job and you don’t want to send them to an expensive training class. Whatever it is, be honest with them.

Demonstrate you care:

• Work with them on a training plan to help them get where they want to go. Do you even know their career goals?
• Follow through with them through regular sessions where you discuss their performance, their attitude and their technical abilities.
• Celebrate their successes.

Learn to look at things from the perspective of your people (see the links below) and you’ll learn a lot about yourself, or keep thinking it’s all about you and you’ll be the only one on your team.

Related Links

• Feedback is a Gift – One We Sometimes Want to Return
• The Power of Asking Why
• Stop the Weeds of Discontent Before They Ruin Your Workplace

In the first article of this series, I wanted to get you thinking about the basics of information security for your small-to-medium sized business. I asked you to learn which legal and industry security requirements your business is subject to, and I wanted you to think about where your business data is and who has access to it. If you’re like most owners or IT managers for a small business, you probably don’t feel very confident about your answers. Let’s help you get there.

Information Security Requirements by Law

As a business owner, you are required by law or statue to do a lot of things. For example, you are required to have a business license, pay taxes, pay workman’s comprehension insurance premiums, and any number of other legal and regulatory requirements depending on which business you are in and where you conduct your business. You can think of information security requirements in much the same way.

You can choose to ignore these regulatory requirements, just like you can choose not to pay your taxes, but you should at least be aware of the rules and the consequences for not following them.

State Computer Security and Privacy Laws

Disclaimer: I am not a lawyer and am not qualified to dispense legal advice. Please see your lawyer for legal advice.

You are probably aware of the well known government and industry compliance requirements such as PCI-DSS, HIPAA HITECH, SOX, but are you aware that many states now have computer security and privacy laws?

For example, Nevada requires that personal information be protected and it defines how it should be protected. Any organization that collects “nonpublic personal information” is subject to the law. This means if your business is in Florida and you store personal information of people who live in Nevada, it is my understanding that you are subject to this law.

At least 38 states have laws that relate to computer security, privacy and data breaches, and new laws are passed every year. For example, Texas just passed a new health privacy law that is tougher than HIPAA. Keeping up with these changes is tough for those of us in the information security business, and probably impossible for the SMB owner.

Data breaches in violation of these laws can result in heavy fines and restitution costs. Many SMBs would be wiped out by such penalties.

What is Computer Security Compliance Going to Cost

The last thing you want to do is overspend on your computer security program, but how do you know how much is enough and how much is too much? I use the computer security requirements to define how much I need to spend. For example, why would I spend money on data encryption if I’m not required to encrypt my data? Another example might be that I change a business process rather than spend money on security. I don’t have to secure data that I don’t collect. I also can’t lose and be fined for data that I don’t collect – think about that.

Hiring a security partner who can help you understand and stay current with your regulatory compliance requirements is probably your best option. If you want to do this yourself, the UCF has products that can help you keep up to date on new laws and regulations.

Please leave a comment or contact me on Twitter if you have anything to add or if you have a question.

All related posts will be in the SMB/SOHO Computer Security category on this site. If you like it, subscribe to my blog and come back for future articles.

This is my first  post dedicated to the SMB/SOHO owner and IT staff trying to understand, implement, and manage computer security. All related posts will be in the SMB/SOHO Computer Security category on this site. If you like it, subscribe to my blog and come back for future articles.

Computer security probably isn’t the most important thing on the mind of most small business owners, and I honestly can’t say that it should be. Most of you accept so much risk simply by being in business. You’ve leveraged many if not all of your financial assets, your cash flow may be erratic, and you’re operating in the worst economic environment in 70 years.

What’s computer security compared to that? It’s one more thing that can sink you and put you out of business. At least it’s something that you have some control over, unlike some other things in you business. So why not put a little effort into reducing your overall risk?

Computer Security Doesn’t Have to Be Complicated or Expensive

Block out 15 minutes, grab a beverage of your choice, sit down and think about the following:

• What are the regulatory and compliance requirements with which you are you required to comply? If you don’t know, then you’ll need some help to find out. UCF has a great tool to help, but if you’re not comfortable with that, consider talking to a computer security expert or managed service provider for help. I believe this is money well spent because this step helps determine what you must do to avoid fines, penalties, legal fees, jail time, or going out of business.
• Where is your important business and financial data stored? Is it on your laptop? How about on Dropbox? Is it on USB thumb drives? Is it backed up onsite or with a vendor like IronMountain? Do you or your employees email it home or elsewhere? Do you know where your data is?
• Is your data encrypted? Portable devices are easily misplaced, lost or stolen. If they are encrypted using a good password, then getting data from them is more difficult for the bad guys. You can encrypt these devices for little to no cost, so there is no reason to risk losing your data and suffering the consequences that come with that.
• Who has access to your data? Did you change passwords when your employees or partners left? How about your IT staff – do they have administrative rights? That gives them rights to see all of your data. Managing this is free. It takes time, and means you need to have processes for on-boarding and exiting, but those save time anyway.
• Do you allow remote access to your computer devices and data? How do you secure this access? Do you use a VPN connection or just (at least) a password? Who is allowed access? You should protect your remote access with a VPN and should limit who has access by managing user accounts. This is the minimum you should do, otherwise anyone in the world can attempt to access your devices and data. Again, I believe money spent here is worth every cent, and it doesn’t have to cost much. This SSL VPN from NETGEAR is less than $400.

What’s Next

This was an ice breaker to get you thinking about your required computer security steps, where your sensitive company data is stored, and who has access to it. You probably don’t know the answers to all of these questions, but that was the point of the exercise. You are not alone. Most businesses don’t know the answers to all of these questions, which is why day after day, there are stories of companies being hacked, and sensitive personal or financial data are stolen.

In future articles, we’ll talk more about specific steps you can take to improve your computer security. In the meantime, leave a comment, or chat with me on Twitter.