Does Working Virtually Make You Invisible?

Reader Question: I work within a large IT organization and the people in my department have been given the opportunity to work from home. If I do, does it reduce my opportunities for promotion and/or increase my chances of getting laid off?
My Answer: First, thanks for asking. It’s great to get questions from my IT world readers. In short, the answer to your question regarding the effect of telecommuting on promotions and layoffs is that it depends on the following:
Your company’s culture and norms regarding telecommutingThe percentage of people at your company that work remotelyHow visible you can be on a day-to-day basis to your boss and othersHow effectively you can perform your job remotely Now let’s discuss these items one at a time. Your company’s culture
Companies, like people, have specific values, strengths, weaknesses, prejudices, and, dare I say, personalities. That said, consider the following questions when deciding if you want to telecommute:Is the company technically equipped with conference room speakers, remote computer access, and tools needed to facilitate efficient work from outside the office?Does your company conceptually support telecommuting or does it simply tolerate it?Can you remotely participate in important department discussions?Is there an out-of-site-out-of-mind mentality for those working out of the office?Is your boss supportive of telecommuting or is he/she begrudgingly providing the option because it’s company policy?Are virtual teams at your company managed well or managed poorly? Percent of people working remotely
The reason I ask this question is that if a high percentage of people work from home and/or business groups are generally spread over multiple physical locations, then needed work-related processes are (or should be) in place to accommodate remote workers. If, however, you will be the only team member working remotely, you will most likely often be forgotten, not with any animosity, just due to people forgetting to call you. As previously said, you will be out-of-sight-out-of-mind. How visible can you be from home?
The reason for this question is that some jobs, by their nature, are more connected to the people you work with than others. For example, if you are a software tester and are continually communicating with programmers, users, and other testers by email, via formal bug reports, and by phone to discuss issues, you can be very internally visible. If, however, you write documentation or provide phone-based customer support, by the nature of your job, you will be less interactive with your boss and teammates. With this second scenario, it will be much harder for you to have high office visibility from home. How effective can you be remotely?
Certain job types are better than others regarding working remotely. For example, generally speaking, it is easier for a programmer to work from home than for a business analyst if the business analyst needs to interview users as part of the writing a functional specification for a new software application. There is one additional potential option for you. Instead of working from home all the time, consider splitting your time between telecommuting and working at the office. That is to say, work from home two or three days a week and the remainder of the time at the office. This could potentially give you the best of both worlds, some time working at home and some visibility at the office. In closing, telecommuting can work out wonderfully for both you and your company if, and only if, the company and your job are structured in a way that facilitates its success. Until next time, work hard, work smart, and continue to grow. Best wishes, Eric Bloom ABOUT THE AUTHOR Eric P. Bloom, a former CIO, is president of Manager Mechanics LLC, a company specializing in information technology (IT) leadership development and the governing organization for the Information Technology Management and Leadership Professional (ITMLP©) and Information Technology Management and Leadership Executive (ITMLE©) certifications. He is also a keynote speaker, nationally syndicated columnist, National Speakers Association member, and author of various books.

DoD 5G Strategy Enables JADC2 Connectivity

The Pentagon is working closely with industry and interagency partners on the development of it’s DoD 5G strategy that will provide lightning fast ubiquitous connectivity. JADC2 (Joint All-Domain Command and Control), enabled by 5G connectivity, will allow the military to exchange and synchronize information across systems, services and platforms seamlessly across all domains including air, sea, land, space and cyber. The development of a joint warfighting concept and doctrine that will drive the Defense Department’s transition to all-domain operations.
>”>
Where Is 5G Used in the Military?
The Pentagon’s top official remarked that the development of 5G technology will be key to the Defense Department’s vision for JADC2. The term 5G refers to the oncoming fifth generation of wireless networks and technologies that will yield a major improvement in data speed, volume and latency over today’s fourth-generation networks, known as 4G. 5G networks are expected to be up to 20 times as fast. This technology can enhance something as simple as virtual reality training or as ambitious as the connectivity of systems for JADC2.
5G in the Air Force
Much like with the hypersonic missile, the Air Force is one of the first spearheading 5G technology and JADC2 military modernization through its Advanced Battle Management System effort, which is charged with creating an “internet of things” for the military. The Air Force is leading the way with a number of different 5G experiments that will assess spectrum sharing, improve aircraft mission readiness and enable air, space and cyberspace lethality. Several Air Force bases are conducting 5G prototyping, experimentation and testing efforts. Over the summer the Pentagon announced a second tranche of military installations that will host the testing including Tinker Air Force Base inOklahoma. The first tranche of bases included Hill Air Force Base inUtah, and Nellis Air Force Base inNevada.
Tinker Air Force Base would focus on bi-directional spectrum sharing between DoD and commercial communications, which is of great interest to the military as well as the private sector. As 5G technology is rolled out, the Pentagon plans to pursue what it calls dynamic spectrum sharing between the military and industry, especially as it relates to the mid-band part of the electromagnetic spectrum that the Defense Department uses for radars and other systems. Portions of the mid-band are considered more advantageous for 5G because the frequency enables more bandwidth and greater range. Over the past few months, the DoD spectrum strategy team has been hard at work developing a mid-band sharing solution that facilitates 5G development in the private sector while also allowing the Pentagon to use that spectrum to meet national DoD cybersecurity policy and requirements.
DOD 5G Experimentation
Pentagon has selected seven new military installations to conduct 5G testing and experimentation in several areas including augmented reality, wireless connectivity, and spectrum sharing, officials announced 3 June 2020. Naval Base Norfolk, Virginia, tests will focus on ship-wide and pier connectivity; at Joint Base Pearl Harbor-Hickam in Hawaii, tests will focus on aircraft mission readiness; at Joint Base San Antonio, Texas, testing will probe augmented reality and training.
The National Training Center at Fort Irwin and Camp Pendleton in California and Fort Hood, Texas will test wireless connectivity. Requests for proposals are expected to come this summer with plans to stand up the new test sites this fall for 5G. The experiments, now across 12 sites, are on a three to four year timeline but capabilities that could theoretically be handed off could emerge around the two-year mark.
Command and Control
Looking across all domains, what’s pervasive throughout all of them is basically that control and dominance of the electromagnetic spectrum is really required. Satellites are just space junk without control of the spectrum. If you don’t have command and control and communications, and proper comms with them, becoming useless. Contested environments also posed challenges for a spectrum based operations and was a major issue during the Iraq and Afghanistan Wars where an effort to jam signals to prevent improvised explosive device casualties also halted the U.S. military’s communications.
Unable to communicate across the services and talk across industry. The solution was putting in the field these jammers that stopped the bombs from detonating, but they also prevented us from communicating because they were all working within the same frequency. The issue was operating within the same portion of the spectrum without interfering with each other. It is imperative to figure out in the not-too-distant future because there just isn’t that much of the spectrum available, and the more and more people that jump in on it, the more congested it is, and the more difficult it is to work within it. We will all end up interfering with each other.
>”>
Military 5G Spectrum Sharing
5G is a move towards ubiquitous connectivity especially as DoD’s need for wireless access increases. It’s reliant on spectrum raises one major question: How do we share the airwaves with 5G and 6G and 7G and what’s coming.The DoD is reviewing plans to build its own 5G network wanting to explore different ways to share spectrum frequencies reserved for military and civilian use with commercial entities, including owning and operating a 5G network.
DOD 5g RFIs
The DoD is looking to industry for ideas on how it can implement dynamic spectrum sharing that it would support 5G development and deployment for military and commercial users within the same frequency bands. DoD’s partnership with industry is imperative in this extremely technical and competitive field and put out a statement announcing the RFI. What we learn in this effort has potential to benefit the entire nation and keep the U.S. as the global leader of 5G technology for many years to come. The RFI comes as the Defense Department expands 5G testing and follows a recent spectrum sharing deal to fuel higher capacity 5G networks that affect shipboard and ground- based radar, some weapons guidance, and safety systems.
Why is 5G a national security issue?
There have been national security concerns and operational concerns around 5G and spectrum use, particularly how commercial use of adjacent frequencies could interfere with DoD GPS systems. While DoD is looking to drive development and adoption of 5G for military purposes, it has fiercely defended its own spectrum holdings from what it sees as encroachment from commercial providers.
Top defense officials along with the Senate Armed Services Committee, National Telecommunications Information Administration, and the Commerce Department, condemned andcalledfor theFederal Communications Commission to reverseits decision to let wireless provider, Ligado Networks, use a low-power terrestrial nationwide 5G network in the L-Band — which is adjacent to bands used by the Global Positioning System. 5G raises many of the same concerns with security as the JEDI cloud.
DoD IOT & 5G
The Defense Department has an EMS strategy that was put in place in 2013. But a lot has changed in seven years, between the explosion of the internet of things and efforts by telecoms to amass spectrum for 5G services. In recent years, DoD has been working with civilian side telecommunications regulators and Congress to develop ways to relocate spectrum activities from commercially desirable swathes of spectrum or share spectrum with other users while taking into account baseline military needs such as satellite communications, air traffic control and other capabilities such as electronic warfare operations.
5G & Internet of Things Training Available
There are already a few military training courses available to educate soldiers and government contractors how to manage Internet of Things devices and security.
Certified Internet of Things (IoT) Security PractitionerThis program will validate that the candidate has the knowledge, skills, and abilities to secure network environments for IoT devices, analyze vulnerabilities and determine reasonable controls against threats, and effectively monitor IoT devices and respond to incidents.
Certified Internet of Things (IoT) PractitionerIn this course, you will learn general strategies for planning, designing, developing, implementing, and maintaining an IoT system through various case studies and by assembling and configuring an IoT device to work in a sensor network. You will create an IoT device based on an ESP8266 microcontroller, implementing various common IoT features, such as analog and digital sensors, a web-based interface, MQTT messaging, and data encryption.
Introduction to Cisco 5G SolutionsThis course introduces the participants to evolution of 5th generation cellular networks, discuss the various trends driving the need for 5G, business impact of 5G networks and Cisco’s 5G solution for the service providers to deploy and rollout new services to customers and enable them to improve operational efficiency. The course will cover Cisco 5G Powerx consisting Unified Enablement Platform, Seamless X-Access convergence, 3-Stage realization program. The Cisco ultra services platform, Cisco 5G policy Suite (CPS) solutions, Cisco SONFlex, NCS500 service access routers, Cisco Security for 5G networks and Cisco SP network automation are discussed in detail.

Cybersecurity Skills Gap: What Your Company Can Do

What is the cybersecurity skills gap and what can your company do about it? Certain ramifications of the COVID-19 pandemic will be seared in our minds forever—supply chain disruptions, workforce shortages, and a major shift to virtual work and education. One major effect of the pandemic, though lesser-known, is being felt by I.T. departments in thousands of businesses across the globe.
The threat of increasingly sophisticated cybercriminals is more imminent now than ever as the body of smart devices in the Internet of Things grows and as government agencies, healthcare giants, and academic institutions move to digital, work from home infrastructure, increasing their vulnerability to cyberattacks that could leave the private information of their employees, clients, and stakeholders exposed.
To add to the concern, there’s a major skills gap in cybersecurity and it’s only expected to grow. Experts predict 3.5 million job openings in cybersecurity by 2025. This cybersecurity skills gap is what prompted Microsoft to launch an international skilling campaign to help the world’s businesses fight off ever-advanced cyberattacks. With increasing technical demands and a shortage of qualified workers, it’s clear that the one thing organizations should do to stay ahead of cybersecurity threats is invest in high-quality training and certification programs.
What can your company do about the cybersecurity skills gap?
Whether you’re looking to upgrade your existing I.T. department or attract the best talent to your organization, New Horizons offers extensive training programs that prepare your business to defend against cybercriminals.
Cisco: Network
Individuals who get formal training on Cisco technologies demonstrate higher productivity, make fewer errors and possess more of the skills valued by employers and customers than those who receive only on-the-job training. If you have invested in Cisco technologies, then Cisco training and certification:
Provides the right skills to ease into deploymentHelps youuse your Cisco products to their highest potentialAllows you to get the most out of your IT investmentLowers downtime as skilled technicians handle issues when they ariseIncreases customer satisfaction as problems are solved quicklyCompTIA: Infrastructure Foundation
Certified professionals make your organization stronger. They’re your best bet to beat the widening skills gap and they’re a great tool to build a foundation of expertise to drive business results. Our CompTIA training and certifications ensure the skills needed in multi-vendor IT environments. CompTIA certifications are recognized underDoD Directive 8570.1 M and the State Department Skills Incentive Program.
New research shows that IT professionals with CompTIA A+ or CompTIA Security+ perform at a higher level than those who are not certified. Learn more inCompTIA’s eBook: The Impact of Certifications on Performance.
EC-Council: Security
Ethical hacking describes hacking performed by an individual or group of individuals, usually hired by companies or governments, to help identify potential threats on a computer or network. An ethical hacker attempts to bypass system security and search for any weak points that could be exploited by malicious hackers.
Ethical Hacking, often applied in a method called Penetration Testing, is an act of forceful access into systems or networks to discover threats which may be exploited by malicious actors resulting in the loss of data, financial loss, or other major damages.Ethical hacking refers to the process of locating these weaknesses and vulnerabilities by duplicating the intent and actions of those they are seeking to counter. Watch this webinar onEC-Council Vulnerability Assessment and Penetration Testing (VAPT) Trends. New Horizons is proud to offer two very valuable course that empower cybersecurity professionals to use hacking for good, EC-Council Certified Network Defender (CND) and EC-Council Certified Ethical Hacker (CEH).
Microsoft: Security and Cloud
Defend against cyberthreats by arming your I.T. team with official Microsoft Security training. Microsoft offers the tools and resources to appropriately protect, authenticate, and authorize Azure AD, Windows Server, and Microsoft 365.
Train up your team’s security skills to ensure complete protection for your devices, identities, apps, and clouds through authorized Microsoft Security courses. New Horizon’s authorized Microsoft Security training explains all approaches via solutions appropriate for your security, compliance, and identity needs.
We also offer helpful role-specific training & certification tracks:
Microsoft Security, Compliance and Identity FundamentalsMicrosoft Security Operations Analyst AssociateMicrosoft Identity and Access Administrator AssociateMicrosoft 365 Security Administrator AssociateMicrosoft Azure Security Engineer AssociateThere is a lot at stake as the cybersecurity skills gap continues to grow. Not only are companies increasingly vulnerable to cyber attacks but the cybersecurity industry itself is suffering from a lack of innovation and diversity due to the talent shortage. This lack of innovation and diversity of viewpoints means that “the good guys” are falling ever further behind as cybercriminals only continue to evolve. Now is the time to upgrade your company’s I.T. team and to invest in your organization’s defense against cybercrime.
Get access to our free guide on creating Your Most Comprehensive Cybersecurity Plan >>>

Cybercrime Case Study: Verizon Lessons Learned

Special “privileged” abuse.

“The greater the power, the more dangerous the abuse.” —Edmund Burke
Detection and validation
The RISK Team was called in to investigate an insider threat-related data breach.An organization was in the middle of a buyout and was utilizing retention contractsto prevent employee attrition. Based on an anonymous tip from an employee,suspicion was raised that a middle manager, hereafter referred to as “John,” hadaccess to, and was abusing, the CEO’s email account.
Response and investigation
Late one evening after the employees had left the building, we arrived to meet withthe Director of IT. He had no knowledge—nor the apparent “need to know”—ofthe incident, but was there to provide us with access to the systems and data. Weworked throughout the night to perform forensic acquisitions of the CEO’s system,the suspect’s system, web-based email logs, and sundry other evidence sources.At just past midnight, we finally received the access we needed and were ready todig-deeper, as our IT contact took off for home in search of some zzzs.
We needed to quickly establish if there was any truth to the claim that the middle manager was reading the CEO’s email. Was it possible that the CEO’s email archive was being shared across the network? Did the suspect have access rights to the CEO’s mailbox through Microsoft Exchange? Was the suspect accessing the CEO’s email through Microsoft Outlook Web Access (OWA)? The answer to all these questions was ultimately “no.” While there are many ways to view someone’s email, our cursory review of the system images and associated logs yielded
nothing.As the next day drew on, the lack of a “smoking gun,” not to mention sleep, leftour brains fried. After hitting the vending machine, we refocused and changed ourapproach. We swung back to the basics, started brainstorming, and sharpenedOccam’s razor by asking ourselves the simplest questions: How does email comeinto an organization? It usually comes from the internet through some spam filterbefore hitting the mail server. Did this organization have an onsite spam filter? Yes,a quick glance at a crude network diagram showed a standard spam filter setup.The appliance itself wasn’t a standardized system that we could acquireforensically. With credentials provided by our IT contact, we logged in and noticedthat the filter was set up to log all incoming emails including the CEO’s. This wasa bit odd, but not necessarily unusual. A speedy check for the access logs to thisappliance revealed that they had been recently deleted. We felt like we were ontosomething.
At this point, we needed to know who had access to the spam filter. Apparently,a few IT administrators had access, and none of them was John. In casualconversations with the IT director, we inquired about personal relationshipsbetween John and the short list of other employees. Bingo! It just so happened thatone of the IT administrators, hereafter referred to as “Kevin,” was very good friendswith John.
Armed with this nugget of knowledge, we took an image of Kevin’s system. LikeJohn’s, Kevin’s system had zero in terms of web-browsing history. Thanks to ourinsight gained from the spam filter, we knew exactly which text “strings” to look for.A keyword search of the unallocated clusters (currently unused space potentiallycontaining artifacts of previous activity) on both systems revealed strings associated with logging into the spam filer and looking at the CEO’s incoming email through good ole Kevin’s administrator account. It turns out that Kevin had given John his credentials to log into the appliance and read incoming email for potentially any employee. In addition, John’s system showed signs of having used Kevin’s credentials to browse sensitive file shares and conduct other unauthorized actions.

“Ask the data”
A peek into the incident data that feeds into the DBIR shows that unlike this example, the majority (63%) of data breaches over the previous three years involving “insider and privilege misuse” were financially motivated. End-users with access to Personally Identifiable Information (PII) and bank employees with access to banking information are more prevalent than system administrators using privileged access. A pessimist would argue that this is because misuse leading to identity theft or fraudulenttransactions is only identified as a result of the post-compromise fraud.

Remediation and recovery
We promptly reported our findings to the CEO, who then informed the legal andhuman resource (HR) departments. Soon thereafter, the decision was made tointerview the two employees before moving forward. During the interviews, bothemployees denied any association with the spam filter, the CEO’s email and thesensitive file shares. But the facts uncovered by our investigation left no doubt ofthe facts. After having worked a few insider cases, you begin to learn that mostpeople, no matter how hard they try, or how comfortable they feel, aren’t verygood liars.
Upon completion of the interviews, the two employees in question receivedpersonal escorts out of the building. Needless to say, after this incident, the firmrevisited its spam filter policy by reconfiguring it to log only flagged messages.
“Bob, the force-multiplier”
One of the most memorable insider cases we have ever seen involved aUS-based company asking for our help in understanding some anomalousactivity that it was witnessing in its Virtual Private Network (VPN) logs.This organization had been slowly moving toward a more telecommutingorientedworkforce, and had therefore started to allow developers to workfrom home on certain days. In order to accomplish this, it had set up afairly standard VPN concentrator approximately two years prior to thisevent.
The IT security department decided that it should start actively monitoringlogs being generated at the VPN concentrator. It began scrutinizing dailyVPN connections into its environment, and before long found an open andactive VPN connection from Asia! When one considers that this companyfell into the designation of US critical infrastructure, it’s hard to overstatethe possible implications of such an occurrence.The company had implemented two-factor authentication for theseVPN connections. The second factor was a rotating token key fob. Thedeveloper whose credentials were being used was sitting at his desk in theoffice. Plainly stated, the VPN logs showed him logged in from China, yetthe employee was right there, sitting at his desk, staring into his monitor.The company initially suspected some kind of unknown malware that wasable to route traffic from a trusted internal connection to China and thenback. What other explanation could there be?As it turns out, Bob had simply outsourced his own job to a foreignconsulting firm. Bob spent less than one fifth of his six-figure salary payinga foreign firm to do his job for him. Authentication was no problem. Hephysically FedEx’d his token to Asia so that the third party contractorcould login under his credentials during the workday. It appeared that Bobwas working an average 9 to 5 workday. Investigators checked his webbrowsinghistory, and that told the whole story. A typical “work day” for Bob looked like this:
9:00 AM—Arrive and surf Reddit for a couple of hours. Watch cat videos. 11:30 AM—Take lunch. 1:00 PM—eBay time. 2:00ish PM—Facebook updates and LinkedIn. 4:30 PM—End of day update email to management. 5:00 PM—Go home.
Evidence even suggested he had the same scam going across multiplecompanies in the area. All told, it looked like he earned several hundredthousand dollars a year, and only had to pay the foreign consulting firmabout $50K annually. The best part? Investigators had the opportunity toread through his performance reviews while working alongside HR. For thepast several years in a row, he received excellent remarks. His code wasclean, well written, and submitted in a timely fashion. Quarter after quarter,his performance review noted him as the best developer in the building.Nice work, Bob!

Cyber Security and the New Normal

With recent events, many organizations have quickly switched from onsite offices to a fully remote workforce and with inability to control the spread of this virus at this point some businesses are looking at working remote as a long-term solutionand potentially the new normal. While remote work was growing in popularity before it became a necessity, there are still many people across industries like government, finance and education who have never had to work like this before. For these types of industries, the move to a remote working model came quickly rather than being able to transition gradually. They’re now required to navigate an entirely different way of getting their jobs done while helping their kids with homeschooling and many other chores while working from home. If more organizations are seeing that their employees can be just as productive from their homes, it could accelerate a recent push to expand decentralized workforce. Any company that has seen effective remote work during the pandemic will consider expanding it to cut office costs and expanding their workforce beyond their city wall.
” align=”middle”>
With that in mind, the security framework many organizations established at the beginning of the year have radically transformed to support this new remote work framework. Organizations have been looking to have security embedded in their policy and procedures, in order to minimize their exposure to risk as much as possible.
Cyber crime is an everyday reality. Attackers have launched a wave of phishing, ransomware and social engineering campaigns taking advantage of the confusion and distraction. Some cyber attack attempts are superficially work-related like a phony email from IT asking the user to click on a link to reset their password while some make emotional appeals looking for support of a “decent cause” or use government stimulus or other financial incentives as the hook.
According to a Check Point Software & Dimensional Research survey, 71% of IT and security professionals globally report an increase in security threats since the beginning of the pandemic. Just over half (55%) cited phishing attempts as the leading threat, followed by malicious websites claiming to offer information or advice about COVID-19 (32%) and increases in malware and ransomware (28% and 19% respectively).
According to Brent Arnold, partner and cyber security specialist at Gowling WLG, there has been an emergence of thousands of domains with COVID-19 related names and themes even some presented as government websites that are being used in attacks.
Due to nature of my job I have regular conversations with IT managers and C-levels of different organizations and it’s clear that staying ahead of known and emerging threats in this new landscape has added even more levels of complexity to an already complicated job. CIOs and CISOs at organizations everywhere are looking for the best way to handle these challenges while keeping employees safe and productive. We also have to keep in mind that the new environment has put some cyber security decision-making in the hands of remote employees.
Therefore, we must have an action plan in place in order to help remote employees make the right decisions. Some items to consider for this action plan are:
1.Train employees to recognize social engineering
2.Protect against online fraud
3.Protect against phishing
4.Don’t fall for fake antivirus offers
5.Protect against malware
6.Develop a layered approach to guard against malicious software
Social engineering is used by many criminals, both online and off, to trick innocent people into giving away their personal information and/or installing malicious software onto their computers, devices or networks. Social engineering is successful because the cyber criminals are doing their best to make their work look and sound genuine and legitimate, which makes it easier to deceive users. Information collected from social networks or posted on websites can be enough to create a convincing scam to trick your employees. Teaching people the risks involved in sharing personal or business details on the Internet and training them to recognize red flags while using online services can help you partner with your staff to avoid both personal and organizational losses.
Online fraud takes on many forms that can affect everyone, including small businesses and their employees. It is helpful to maintain consistent and predictable online messaging when communicating with your customers to prevent others from impersonating your company. Be sure to never request personal information or account details through email, social networking or other online messages. Let your customers know you will never request this kind of information through such channels and instruct them to contact you directly should they have any concerns.
Phishing is a form of social engineering used by online criminals to trick people into thinking they are dealing with a trusted entity. Small businesses face this threat from two directions: phishers may be impersonating them to take advantage of unsuspecting clients, and phishers may be trying to steal their employees’ online credentials.
Again, Employee awareness and training is your best defense against your users being tricked into handing over their usernames and passwords to cyber criminals. Also, Businesses should ensure that their online communications never ask their clients to submit sensitive information via email. Make a clear statement in your communications reinforcing that you will never ask for personal information via email so that if someone targets your clients, they may realize the request is a scam.
Effective protection against viruses, Trojans and other malicious software requires a layered approach to your defenses. Antivirus software is a must but should not be a company’s only line of defense. Instead, deploy a combination of many techniques to keep your environment safe.
In Summary a combination of spam filters, antivirus protection, proactive malware protection, firewalls, strong security and password policies, encryption of data at rest or in motion, access control and authentication policies, retention policy andemployee trainingcan significantly lower the risk of a data breach.
” align=”middle”>

Conflict Management, Problem Solving, and Decision Making

Project-Management.com’s Top 3 Software RecommendationsLet Monday.com work for you.Start Free TrialWork smarter with Wrike.Try for FreeIncrease productivity with Smartsheet.Try Smartsheet for FreeConflict management, problem solving and decision making are topics that are generally considered to be distinct, but are actually interconnected such that they are used together to come up with the most feasible solution.
Certain problem solving steps are required to achieve the best possible solution to a problem based on sufficient information. These are some of the steps:
Examining the problem
The way you outline the problem will determine the solutions.
Identifying the main causes of the problem
Identify the techniques that you should use and the outcomes.
You can create alternative options using processes such as brainstorming, discussion between groups, and other discrete processes
Choose the simplest solution that addresses the root cause
Implementing the method you choose
Monitoring and reviewing execution
This process has a flaw. It assumes that there is an ideal outcome, that all information is available, and that everyone involved is rational. This is a very unusual situation.
Another flaw is the emotional involvement of decision-makers. Conflict management’s core purpose is to reduce people’s emotional reactions and encourage them to think rationally. There are three options:
Forcing/Directing: A method by which a superior with autonomy has the right to make the decision
Smoothing/Accommodating – Negotiating the matter and trying to settle down the dispute
Compromising/Reconciling – A give and take approach where each side surrenders something in order to come to a solution. The number of options that can be generated is limited by the extent of the dispute.
Problem-solving/Collaborating – Refers to collective decision making to come up with a solution that is conventional
Avoiding/Withdrawing/Accepting – A method which may not settle the dispute but allows time to calm the emotions
Depending on the nature of the conflict, any of these methods can be used to manage conflict. However, the primary goal is to reduce the level of the dispute. However, it is important to address the root causes of the conflict in the end.
Access to sufficient and accurate data is essential for making the right decision. Some decisions are more complex than others, and it is difficult to find data.
There are many problems that you could face, from simple problems to more serious ones.
Wicked Problems are problems that constantly change and challenge the participant’s emotions and complexity. These types of problems are best solved using an iterative approach. Each step is simplified by this approach.
You must choose the least harmful solution in Dilemmas. There is no one right solution, but it is better to choose a solution than not to make a decision.
Conundrums are complex questions that have hypothetical or speculative answers.
In certain situations, puzzles and mysteries require superlative judgement. This approach is limited by time constraints. However, you can still apply processes to some extent.
It takes hard work to solve problems. The best results can be achieved by executing problem solving processes carefully and correctly.
To arrive at the best conclusion possible, it is important to understand and balance the following points:
Characteristics of the problem at hand
Conflict and emotion among stakeholders
Different types of features
Make the best decision possible based on your best judgment under the circumstances
The core of all of this is making the best decision and then reviewing it continuously.

6 Tips for Successfully Handling Conflict

Conflict in the workplace is part of the territory. You can expect disagreements in any environment where different personalities are required work together. Petty disagreements shouldn’t be allowed to fester. Among other things, disagreements can be caused by rival personalities, power struggles and role conflict.
The Cost of Workplace Conflict
Leadership and conflict go hand-in-hand. As a manager, it is your responsibility to ensure that disagreements are resolved early on before they escalate into a crisis. To be a leader, you must understand all aspects of a conflict to resolve it. It is crucial to understand how conflict can affect your business.
Here are some of the consequences of workplace disputes that remain unresolved:
A toxic workplace environment: There is nothing more frustrating than managing employees who are unable to communicate with one another. This environment is full of gossip and sabotage. Your business’ reputation could be damaged by workers who get into a fight during flare-ups.
Low productivity: An employee who is in the middle of a conflict won’t perform well. They imagine that everyone is watching them as they walk into the office. This affects their morale. Worse, workplace conflicts can lead to blame shifting, finger-pointing, and all that affects productivity.
Financial cost: Workplace disputes can be costly. CPP published a 2008 study. Inc., who publishes the Thomas-Kilmann conflict mode instrument, shows that employees spend nearly 3 hours a week solving conflicts. This amounts to $359 billion in earned hours. It is a waste of time to resolve conflicts and other issues.
Other consequences of workplace conflict include violence, attrition and lawsuits, as well as health problems. You must play a leadership role in conflict resolution. Professionally resolved conflict can even be a blessing to your office.
Tips for Conflict Management
Although conflict management may not be the most enjoyable job, it is necessary to create a trusting environment. Here are some tips to help make this happen.
1. Recognize that workplace disagreements are inevitable
This principle will help you manage conflict well. When a team isn’t working together, you don’t need to go crazy. Instead, try to get out of the way and see how this can be a blessing in disguise. The best offices don’t always have conflict. They are those where disagreements can be resolved constructively.
2. Find a solution to conflict early
It can be tempting for managers to put off conflict resolution. It’s easier to imagine a harmonious work environment than to confront your staff about a problem. This is the biggest problem for managers because it can bring down a company. Your project will be ruined if your team members are trying to undermine each other. If you see a conflict between your staff members, it is important to take action immediately.
3. Enhance Communication
Communication is the key to any workplace conflict. If workers shout at each other, logic is lost and things quickly spiral out of control. Talk to your employees and encourage communication between them. Then, have them meet up. The goal is to find a compromise where everyone feels the other side, but everyone returns to work feeling better. To encourage ideas sharing, your office should be open to all employees.
4. Keep your professionalism
You should not let personal conflicts get in the way of your professional relationship. You can m

Six Techniques for Effectively Handling Conflict: Conflict Management

How did you feel when you saw your parents fighting and you were forced to be the middle? This is something that most of us have experienced. These experiences could be the cause of our discomfort with disagreements.
Conflicts are not something that anyone likes. However, conflicts are an inevitable part of how we communicate with others. You will undoubtedly witness conflicts when you deal with strong people with their own opinions. You’ll also be part of some of these conflicts. You will need to manage and moderate disagreements if you are a project manager.
Conflicts can be productive in the workplace. If there are differences of opinion, and the team members try their best to find common ground with each other, it can lead to great solutions. However, if the conflicts become toxic and unending, they can negatively impact the productivity of the entire group. The project manager is crucial in any case.
Six tips to help you deal with disagreements effectively are provided by us.
1. Accept the fact that conflicts are inevitable
You want your team members to be as creative and innovative as possible. You want them to share ideas and opinions. You should support creativity and accept conflict as normal. Some conflicts can be constructive. If the conflicts are related to work and there are good arguments being raised, don’t suppress them. Let everyone have their opinions, but keep it civil.
Encourage constructive discussions and ask workers to back up their claims with facts or arguments. This attitude will help you realize that conflict is not the best office. You want a place that encourages constructive discussion. If conflict escalates beyond constructive discussion, you will need to find a solution.
2. Do not procrastinate in resolving personal conflicts
Personal conflicts are the worst. They are not constructive. It is impossible to expect everyone to be a good friend in the office. You will notice some people being impatient with others. They form cliques. They share a table at the coffee shop, and they take all their breaks together. That’s okay. If you notice that people in your office are getting into personal conflicts, you should talk to them.
How can you spot this type of conflict? It’s easy to spot it when things get personal. Although team members may start to talk about the work, you’ll soon hear them say things like “You are stupid.” Don’t be so naive. This is what you do every time. ”
What talk should I give? Professionalism. Teach them this! Tell them that if they want the project to succeed, they will need to solve their personal conflicts. Collaboration is essential for everyone’s benefit.
3. Be open to compromise, no matter what you think
Everyone will expect your opinion as project manager. Do not feel obliged to choose sides. Do not feel compelled to agree with the opinions of people you like. Think! Be respectful!
Next, try to mediate the conflict and find a solution. Find a way to bring all sides together and find a common ground. It’s difficult to do in practice and sometimes impossible. If there isn’t a solution that everyone likes, then they will have to accept it as part of the project.
4. Encourage communication
Leaders have a responsibility to promote healthy communication within their team. Conflicts are always caused by a lack of communication. Participate in the discussions and guide them in a constructive direction. Encourage them to communicate if they have a conflict of opinion.
The idea is to help everyone come up with a solution so that no one feels like they are the winner. They will share their ideas with others and be open to hearing other opinions. You can

Conducting successful gate meetings

Projects do not always come to their end perfectly executed and delivering all of the benefits described in the Business Case at the advertised price. They should be measured every step of the way to ensure that they are following a plan. Our PMP Exam preparation training and project management training equip us with a variety tools to measure progress against budget, schedule, requirements, quality goals, and budget. The Gate Meeting is the most important tool for proving your project’s success. These meetings are also known as Phase Exit Reviews (by our PMP Exam preparation course), or Business Decision Points.
These are the points where all project stakeholders will decide if your project is meeting expectations, no matter what your organization calls them. This article will provide you with useful tips and tricks to make sure your meetings are successful.
Why do I need gate meetings?
Apart from the reasons listed above, there are two key reasons to schedule gate meetings at key milestones in your project.
Not only do you need to make sure your project is on schedule, but you also need to show your success to project stakeholders and get them to acknowledge that you are committed to the project. This is what gate meetings can do.
The purpose of gate meetings is to validate the Business Case. Your Business Case will change as the project’s scope and budget change over its life cycle. You may have to adjust your Business Case due to changes in the market. Your project’s executive sponsors will validate your updated Business Case at the Gate Meeting. Your PMP Exam preparation training stresses the importance of a current Business Case and validation at these meetings.
When do I need to hold a gate meeting?
Gate Meetings should take place at key milestones in the project’s life cycle. There is no set number of Gate meetings that a project should hold or when they should be held. Each project should have at most two Gate Meetings. One between the Planning Phase, the Build Phase, and one before the project closeout. The first meeting is crucial because it can save the organization a lot of project costs if the Business Case doesn’t justify the expense or the project doesn’t align with its strategic goals. This is the meeting at which the customer will officially accept the products of this project. This meeting should be the catalyst for final payments and formal sign-offs.
Gate Meetings should be held at times when the project can benefit. If you manage a software development project, a Gate Meeting may be necessary between the requirements gathering and the beginning of software development. It could also be beneficial to hold a meeting between the completion and start of QA testing. You will need to hold a Gate Meeting for each iteration of RUP (Rational Unified Process). These are just a few of the places you can hold your Gate Meetings. You will need to create a set of Gate Meetings that are specific to your project.
One final tip: When you look at your Work Breakdown Structure, (WBS), the points at which these meetings should take place should be obvious. If they don’t, this could indicate that you haven’t broken down the project work correctly. The PMP Exam preparation training will teach you the correct process to break down the work. You shouldn’t be afraid of holding too many Gate Meetings. Gate Meeting “burnout” can be avoided by being selective in choosing the invitees for these meetings. We’ll discuss some tips and tricks.

Compliance Management System

A Compliance Management System (CMS), reduces or eliminates risk from lawsuits, sanctions, noncompliance to government regulations, unfair lending practices, and other forms of litigation. Businesses need a good CMS to be successful in today’s marketplace. However, businesses did not always see compliance with applicable laws as a benefit.
Compliance regulation is a result of public outcry against unethical business practices. Upton Sinclair’s 1906 book, The Jungle, exposed the dangers of the meat packing industry. The Food and Drug Administration (now the Bureau of Chemistry) was then charged with enforcing and preserving the Pure Food and Drugs Act in order to reduce public dissatisfaction and protect consumers.
This was not the only controversy that led to legal changes. After investigations revealed that more than 400 U.S. businesses had made questionable payments to foreign governments, the Foreign Corrupt Practices Act (FPA) was created in 1977. After outrage over the purchase of toilet seats by the Navy for $600, the government established guidelines for ethical conduct for contractors. These and many other examples were the catalyst for many of the robust CMS programs that are used today in many businesses.
What is a Compliance Management System?
A CMS is a repository that stores processes, procedures, policies, and other information that ensures that a business is operating in compliance with government regulations. A CMS program integrates relevant documentation, controls and tools into a business to comply with legal requirements. This ensures that consumers and employees are protected.
A good compliance management system should have four components that eliminate or minimize infractions.
4 Components of a Compliance Management System PoliciesSet by management and followed by employeesProcessesDocumented and comply with established regulationsTrainingImplemented during the hiring process and refreshed as standards changeMonitoringRecursively checking for compliance in business transactionsImplementing a CMS
In today’s social media-conscious world, CMS programs are essential to a business’ success. Compliance management can lead to fines of millions of dollars and a boycott of a business on social media. This can have irreparable consequences for a company’s brand and market share. A company’s CMS must not only be compliant but also implemented and supported at all levels of the organization, including the board of directors and the executives. Leadership must have a clear mission statement regarding compliance that is communicated to employees as well as third-party providers.
Senior management personnel play a crucial role in ensuring that adequate manpower is available and that financial resources are allocated to compliance and ethics initiatives. Senior management is also responsible for ensuring that all employees are familiar with the CMS and that the best practices are implemented. This level of management strives to continuously improve upon best practices and procedures. The goal for management is to be in compliance with all business products and transactions.
A good CMS program includes a compliance officer, who reports directly to its board. The compliance officer ensures that the business meets all legal and regulatory requirements. They also inspect the internal business processes and practices. The officer strives for compliance.
Read more: DACI Top Decison-Making Framework
Are All Businesses Require a CMS?
Businesses without a compliance management system are at risk of multiple problems. In order to achieve compliance, a business must have the appropriate CMS policies and procedures in place. There are many ways to be noncompliant depending on what services or products a business offers. Lucidchart lis