Understanding how to become an effective digital change agent

As technologists, we tend to get caught up in the computer side of things when it comes to try to get stuff done in our organizations. So often we forget that the real drivers of change are the people behind the screens. In new research that my colleague Brian Solis has just published, he documents exactly how enterprise digital transformation happens, and talks directly to some of those “change agents” that he has known for decades as an analyst covering the IT scene. His Manifesto is available now for downloading and reading, I strongly suggest doing so. (Other than registering your email, it is free of charge.)

With most organizations, “these digital transformation efforts often take place in isolated pockets, sometimes with little coordination and collaboration across the enterprise,” he writes. Often it is a solitary individual who drives change and introduction of particular digital technologies and methods at a grassroots level — and often fails to go further across the enterprise. His manifesto puts together a solid ten-point plan (shown here) if you want to be more effective in bringing this about at your company. This includes embracing yourself as a catalyst, obtaining leadership support, creating a roadmap and democratizing idea creation. Some of these are obvious, some aren’t. 

He says that “digital transformation is more of a people problem than a business problem. Trust is the least measurable but most important factor to build.” Without this trust, your colleagues can sabotage or block your efforts. One of the biggest obstacles in building trust is in managing your own ego as a change agent. When you display too much ego, you make the change all about you, rather than the benefit to your company. The same is true when managing your colleagues’ egos too.

On the other side of this is managing your own doubts about what you are trying to do. “Although it may seem counterintuitive to manage detractors, change agents ought to listen closely to their feedback. It is better to let them voice their concerns than to let them detract in secret.” Indeed, listening is often overlooked when advocating change. The better listener you are, the more you’ll get done. 

Solis mentions that when a change agent has the full buy-in of the executive suite, real change becomes possible and turns from a suggestion to a corporate mandate.

“Digital Darwinism is increasingly becoming either a threat or an opportunity based on how organizations react to change,” he says in his report. Digital change agents can become the next generation of leaders and help to be instrumental in having their companies more effectively compete in this digital economy.




Read More
iBoss blog: What is HTTP Strict Transport Security

Earlier this summer, I wrote about how the world of SSL certificates is changing as they become easier to obtain and more frequently used. They are back in the news more recently with Google’s decision to add 45 top-level domains to a special online document called the HTTPS Strict Transport Security (HSTS) preload list.

Why this is important, how this protocol is supported via various browser versions (see above graphic) and what it means to you if you own and operate websites, is discussed in my latest iBoss blog post.

Read More
How to get better at creating Internet content

For the past several years, I have been a fan of the videos produced by Taylor Ramos and Tony Zhou, a Vancouver couple that are behind the Every Frame a Painting YouTube channel. And today I am very sad, because they announced that their day jobs of film editor and animator have gotten in the way of this passion project, and the video that they posted last year will be their last in the series.

Zhou and Ramos’ videos were very fast-paced and clever examples of how to make better movies, drawn from hundreds of feature films and TV episodes, some famous, some infamous, and some that I have never seen before. The videos were a foundational course in how to think visually and learn how to be better at doing it. “Instead of showing a clip and talking about the plot, we were showing the clip and talking about the clip.” They didn’t talk about story or characters, but how the movies were made the way they were.

For example, one video talks about how filmmakers use Vancouver as a stand-in for other cities, but never recognized. Another talks about chairs and how they are used in movies. And why you can’t remember any musical themes from the Marvel movies, but can certainly hum the Star Wars or Harry Potter themes. And how the Orson Wells F is for Fake movie was a seminal work for the duo. The videos were quirky, fun, and very instructive. Plus, they were very enjoyable, and made me want to watch some of the films that were used in the examples.

Now, I am a fledging Internet movie-maker, as you might know, although a very specialized one: I create a series of screencast videos about enterprise IT products. And even in this very small corner of the video universe, I learned something from the Painting videos.

Some of their videos have clips for more than 50 different films to make their points. For example, here are two clips from the Transformers movie and from West Side Story. See if you can tell what they are trying to say by watching them.

But Zhou and Ramos are still teaching, even in their swansong Medium post that describes why they aren’t going to do any more of their videos for their channel. They make these important points that have a larger context to help improve all of your Internet-created content:

  1. Understand the content creator’s triangle. Faster, cheaper, or better – you can only pick two out of the three (see the diagram here). Don’t try to think you can cover all three bases.
  2. To have a successful YouTube channel (or a blog or anything else online), you need to have a solid style guide. They ran into problems with their style choices down the road, but initially it gained them a solid audience (some of their videos have more than a 1M views).
  3. Let ideas for your posts marinate for a while. Your brain will forget the weak ideas, and you’ll still recall the promising ones.
  4. Do your research offline. Go to the library and read books. Yeah, there is that Google search thing. But if you want to break out of the online regurgitation cycle, and find some original ideas, then go to the library. (The irony of having two visual people tell others to read books wasn’t lost on me.)
  5. Make sure your essays are addressing the right question. Test your ideas constantly, and don’t be afraid to toss them and start again. It is helpful to have a partner that you can use as a sounding board or a foil.
  6. Be organized. The couple used a series of index cards to outline their essays and organize their points. This way, they got to the strongest and most cogent arguments. If index cards seem so last century, find something else that will work. To produce my video screencasts, I have a series of tools that I use in a tight sequence every time.
  7. Maintain a solid boundary between you and your audience. That doesn’t mean you should ignore your audience, au contraire, you should know their hopes and fears and what they are getting out of your work. But don’t let them control what you do.

Goodbye Every Frame videos. I wish the couple well on their next project, and hope you enjoy the video channel as much as I have.

Read More
FIR B2B podcast #85: How Digital Channels Are Transforming B2B Sales

Our guest for this week’s episode is Ray Grady, the President of CloudCraze. In a recent report, CloudCraze uncovers the value B2B organizations are seeing from digital channels and their future expectations for online sales. Forrester expects eCommerce to reach $889 billion and represent 11% of total B2B sales in the U.S. by the end of 2017. Without a doubt, a digital revolution has taken place in B2B, leading to explosive growth for those who have invested in eCommerce. 

We ask Grady about his survey, which covered 400 representatives of consumer packaged goods, manufacturing and software companies. It found some interesting and perhaps non-obvious results:

  • More than half of B2B businesses (56%) give self-service access to all of their customers.
  • For the first time in B2B history, nearly half of B2B businesses sell their full product line online.
  • Sixty percent of B2B decision-makers indicate that the growth of digital has caused their sales team to grow along with it.
  • European businesses are generally more advanced than U.S.-based businesses when it comes to the maturity of their digital commerce sites. They have more of a global mindset, a greater willingness to embrace agile systems and present their site in many different languages. EU buyers are also more comfortable buying B2B products and services online.

You can listen to the 21 min. podcast here.

Read More
IBM blog: The History of Connected Car Research in Israel

Israel is becoming a major center for connected car research. Fueled by government-backed military research, test labs established by automakers and numerous connected car startups, the country has attracted top talent from around the world and provided innovative technologies in automotive cybersecurity.

In my post for IBM’s SecurityIntelligence blog, I talk about the rise of this research after meeting some of the principals at a conference in Israel earlier this month.

Read More
iBoss blog: How to cope with malicious PowerShell exploits

Microsoft thought they were boosting the power of Windows scripting tools by adding PowerShell functionality. Back about ten years ago, they improved earlier scripting engines that weren’t really part and parcel to the Windows OS. Well, as is usual with computing innovations, as we move forward with technology we also make it easier for attackers too. And as PowerShell has grown and become open source and even cross-platform (Linux versions became available last year), it has also grown and become an important vector for malware authors too. It now comes bundled with Windows 7, 10 and the latest Windows Server OS versions.

I wrote about some of the PowerShell-based exploits for a recent post on the iBoss blog here.

To get started learning about PowerShell, download this comprehensive guide published by Symantec last year. The authors review typical attack profiles, highlight key PowerShell-enabled malware and suggest a few scripts for defenders. One important technique is to enable system event logging, which can be used to review and then expose a malicious script’s actions.

Read More
Book review: Good Reception by Antero Garcia

The use of technology in schools is analyzed from the actual front lines of a ninth grade classroom in South Central LA in this new book. The teacher, Antero Garcia, has learned some valuable lessons on his own about how technology can’t fix broken schools and how teachers use new media such as smartphones and tablets as an ancillary activity and not part of mainstream classroom methods. Garcia finds that the transformative moments for his students happened in spite of his pedagogical activities, and that the iPods he supplied as part of the research project described in this book often hindered rather than helped their learning. This book will be interesting to educators and parents who are trying to understand the appropriate role of technology with students and schools.

Read More
Becoming a better master of my email domain

This post adds my own personal experiences to improving the email authentication protocols of my own domain. I wrote about these issues in general for iBoss earlier this year and described the three protocols (SPF, DKIM and DMARC) and how they interact with each other. These protocols have been around for a while, and implementing them isn’t easy and hasn’t been very popular, outside of perhaps Google-administered email domains.

A recent survey from Barracuda shows how the majority of folks haven’t yet set up anything in their environments, as you can see by this graphic below. Another survey from Agari (who sells DMARC managed services, so they have something of a self-interest) says 82 percent of federal government domains lack DMARC protection. To try to fix this, the feds are getting more serious about DMARC, requiring it across all agency networks soon. 

So I wanted to be able to lead by example and actually put these tools in place on my own servers. That was easier said than done.

I first contacted Valimail in August. They have a managed email authentication service and agreed to work with me to get me set up. Valimail knows what they are doing in this space. As an example, a few weeks ago one researcher posted how he could deliberately break some DKIM records if he created some oddball email messages. Turns out Valimail has this covered and posted a counter reply. They claimed that the researcher didn’t really understand how it was used in practice.

And that is the issue: these protocols are very, very hard to implement in practice. Getting my domains setup wasn’t easy: part of that was my fault, and partly because this is a knotty area that has a lot of specific knobs to turn and places where a misplaced comma can wreck your configuration. So I am glad that I had them in my corner.

Let’s talk about what was my fault first. I have two different Internet providers for my domains. First is GoDaddy, which registers my domains. I have always felt it is a good idea to separate my content from my registrar, which is where my second provider, EMWD.com, comes into play. They host my blogs and mailing lists. The problem is that the three email protocols touch on aspects of both what the registrar has to do and what the content hosting provider has to do, and so I found myself going back and forth between the two companies and their various web-based control panels to add DNS entries and make other adjustments as I needed. For your particular circumstances, that may not be necessary. Or it could be more complicated, depending on how many individual domains (and sub-domains) you own and how you have set up your email servers.

When you first sign on with Valimail, they run a report that shows how messed up your email system is. Now right here I want to stop and explain what I mean. Your email system is probably working just fine, and your messages are flowing back and forth without any real issues. Except one: they aren’t using the full power of the various authentication protocols that have been developed over the years. If you don’t care about spam and phishing, then stop right here. But if you do care — and you should — then that means you need to get email authentication done correctly. That is the journey that I have been on since this summer.

OK, back to my story. So I got a report from Valimail that looked like this.  It shows that I made several mistakes in configuring my mail server because it uses a different domain (webinformant.tv) from the domain that I use for sending individual emails (strom.com). Duh! It was embarrassing, after all these years claiming to be this email “expert” (I did write a book on corporate email use once upon a time) and yet I still missed this very obvious mistake. But that is why you hire outside consultants to help you learn about this stuff.

That wasn’t my only problem. Second, I was using WordPress as my blogging software. Now, what does this have to do with email, you might ask? My problem was I didn’t immediately make the connection either. Some of my emails weren’t being authenticated properly, and it was only after further investigation did I realize that the comments that were being collected by my blog were the culprits. WordPress uses email to notify me about these comments. Luckily, there is a plug-in for fixing this that was available. Of course, it still took some effort to get it working properly.

This is why you want someone like Valimail to be working with you, because the chances of making any errors are huge, and your email infrastructure can be a bigger project that you realize, even for a small organization such as my own operation.

I have one other technology piece in my mix. One of the reasons why I chose EMWD is because they offer cheap but really good hosting of Mailman, which is a Unix-era email server that I have been using for more than a decade for my weekly Web Informant newsletters. It isn’t as fancy as Mailchimp or some of the other more modern mailers, but I also am familiar enough with its oddities that I feel comfortable using it. So any DKIM/DMARC/SPF installation also had to make some changes to its parameters too. Luckily, The folks at Valimail knew which ones to tweak.

So it took several months of elapsed time to work with Valimail to get things correctly setup. And that is probably a good thing because uncovering all the various applications that make use of email in oddball ways will take some time, particularly if you are a decent-sized company. Most of the elapsed time for my situation was because I was busy on other matters, and also because it took me several tries to understand the scope of what I had to do. Also, because Valimail’s typical customer is a larger enterprise, they weren’t very familiar with the cPanel interface that EMWD (like a lot of smaller ISPs) employs, or working with WordPress, so they had a learning curve too.

The team that helped me was very patient, which was great because I did need a lot of hand-holding (in the form of JoinMe meetings and screen sharing sessions) to walk me through the various processes. But what this demonstrated to me is how ingrained using email for various tasks can be, even for a company of one employee.

So the moral of the story: even if you know what you doing, this is one area that requires very specialized knowledge. But if you want to make an effort to reduce spam and phishing, you should implement all three of these protocols. And you might end up fixing some other email issues across your enterprise along the way too.

Read More
FIR B2B Podcast: Seth Greene on making effective podcasts

This week my podcasting partner Paul Gillin and I talk to Seth Greene about how to market small (and large) businesses using some time-tested direct response marketing methods that begin with creating podcasts. Seth is the author of Market Domination for Podcasting, as well as several other books. He offers so much great advice in this interview that you’ll want to have your notebook handy. Among his tips and observations about podcasting:

  • Global smartphone proliferation and Apple CarPlay have been big factors in the recent rapid growth of podcasts. It’s time for businesses to take notice.
  • It’s not about big markets – A few hundred regular listeners can give your business a great boost if they’re the right people.
  • Optimal length is 20-30 minutes, which is the length of the average workout or commute.
  • You can do a lot of your own promotion. Use Facebook, LinkedIn, Twitter. Send email to your clients. Ask your guests to promote to their lists.
  • Interview formats work well for a couple of reasons. One is that it’s hard to keep a narrative going all by yourself for a half hour. Another is that guests will often promote to their friends and associates. If you have a co-host, it’s even easier to keep the discussion moving. In Seth’s case, a partnership with TV celebrity Kevin Harrington has been a huge boost to listenership.
  • The biggest mistake B2B marketers make with podcasts is being boring. You’ve got to bring personality to your show.
  • Don’t turn down any opportunity for media promotion of your program. You never know who’s reading/listening.

Greene’s Market Domination firm has been one of the fastest growing direct response marketing firms in the country. He is the only person in history that Dan Kennedy has nominated for marketer of the year three years in a row and he’s been featured on numerous TV shows and quoted frequently in national business magazines.

Check out his SharkPreneur podcast, co-hosted with Shark Tank’s Kevin Harrington, and follow Seth on Twitter.

Read More
Why you should be afraid of phishing attacks

I have known Dave Piscitello for several decades; he and I served together with a collection of some of the original inventors of the Internet and he has worked at ICANN for many years. So it is interesting that he and I are both looking at spam these days with a careful eye.

He recently posted a column saying “It sounds trivial but spam is one of the most important threats to manage these days.” He calls spam the security threat you easily forget, and I would agree with him. Why? Because spam brings all sorts of pain with it, mostly in the form of phishing attacks and other network compromises. Think of it as the gateway drug for criminals to infect your company with malware. A report last December from PhishMe found that 91% of cyberattacks start with a phish. The FBI says these scams have resulted in $5.3 billion in financial losses since October 2013.

We tend to forget about spam these days because Google and Microsoft have done a decent job hiding spam from immediate view of our inboxes. And while that is generally a good thing, all it takes is a single email that you mistakenly click on and you have brought an attack inside your organization. It is easy to see why we make these mistakes: the phishers spend a lot of time trying to fool us, by using the same fonts and page layout designs to mimic the real sites (such as your bank), so that you will login to their page and provide your password to them.

Phishing has gotten more sophisticated, just like other malware attacks. There are now whaling attacks that look like messages coming from the CFO or HR managers, trying to convince you to move money. Or spear phishing where a criminal is targeting someone or some specific corporation to trick the recipient into acting on the message. Attackers try to harvest a user’s credentials and use them for further exploits, attach phony SSL certificates to their domains to make them seem more legitimate, use smishing-based social engineering methods to compromise your cell phone, and create phony domains that are typographically similar to a real business. And there are automated phishing construction kits that can be used by anyone with a minimal knowledge to create a brand new exploit. All of these methods show that phishing is certainly on the rise, and becoming more of an issue for everyone.

Yes, organizations can try to prevent phishing attacks through a series of defenses, including filtering their email, training their users to spot bogus messages, using more updated browsers that have better detection mechanisms and other tools. But these aren’t as effective as they could be if users had more information about each message that they read while they are going through their inboxes.

There is a new product that does exactly that, called Inky Phish Fence. They asked me to evaluate it and write about it. I think it is worth your time. It displays warning messages as you scroll through your emails, as shown here.

There are both free and paid versions of Phish Fence. The free versions work with Outlook.com, Hotmail and Gmail accounts and have add-ins available both from the Google Chrome Store and the Microsoft Appsource Store. These versions require the user to launch the add-in proactively to analyze each message, by clicking on the Inky icon above the active message area. Once they do, Phish Fence instantly analyzes the email and displays the results in a pane within the message. The majority of the analysis happens directly in Outlook or Gmail so Inky’s servers don’t need to see the raw email, which preserves the user’s privacy.

The paid versions analyze every incoming mail automatically via a server process. Inky Phish Fence can be configured to quarantine malicious mail and put warnings directly in the bodies of suspicious mail. This means users don’t have to take any action to get the warnings. In this configuration, Outlook users can get some additional info by using the add-in, but all the essential information is just indicated inline with each email message.

I produced a short video screencast that shows the differences in the two versions and how Phish Fence works. And you can download a white paper that I wrote for Inky about the history and dangers of phishing and where their solution fits in. Check out Phish Fence and see if helps you become more vigilant about your emails.

Read More
1 2 3 197