Red Cross blog: Volunteer serves Red Cross at home and abroad through his high-tech skillset

Over the years, David Sewell has worked for many different Red Cross departments, including a shelter worker and a damage assessment worker. With this history, it is no surprise that he has done about 40 different deployments all across the country. He now has two positions with the Red Cross where he is both the Disaster Services Technology Chief and a member of the international Information Technology and Telecommunications disaster response roster. As part of these assignments, he manages between 40 and 60 volunteers across the western part of the U.S. and puts in roughly three hours per day on Red Cross activities.

You can read my profile of his activities for various Red Cross chapters here.

Yep, I got cancer

Last week I got my biopsy results back and yep, I got prostate cancer. I know — “the good cancer” or “the one cancer to get” or “very slow moving and curable cancer.” 

But it still is cancer. Or CANCER, which is how I and many of us think about it. It is larger than life itself. Here is a brief introduction to my journey.I was going to say that it all began last May, when I got my PSA results that “something was wrong.” Actually, that timeline isn’t completely true. I should go back further in time, when I wasn’t able to control my urine one night. I will spare you the details for now. I was so ashamed of myself. What is happening to me? Did I have too much to drink? Was I losing control over my bladder? Was I becoming an “old man?”

Well, yes to all above. But it turns out that my prostate is ginormous. I didn’t know that at the time, at least not until last May, when I got my PSA and got checked physically. I will spare you those details here. But that just meant more tests, starting with more PSAs.
These were high but not consistently higher and certainly not as high as I have seen elsewhere in conversations with friends and associates. That meant another blood test called 4K, which also confirmed that I had a higher-than-normal result. Next stop on the diagnostic train: a MRI. That happened in January. The scan didn’t find any cancerous lesions, which meant that if I had cancer it was going to be hard to find.That meant my next step was a biopsy. My doctor took ten samples, four came back with cancer. It turns out that have a little bit of it, I can wait a few months to figure out what I need to do, but I definitely need to do something. That officially began the “end of denial” period for me.

Denial is a great management tool: I see this all the time in the IT world where managers deny that they will be a hacking target, or that their aging Windows 7 infrastructure will be the digital equivalent of a welcome mat and punching bag. But when it comes to cancer, you have to make the move at some point from denial to action. Writing this blog officially marks my transition.

Why I am I telling you this? When I wrote a few years ago about my first hearing aid, I got a lot of feedback and encouragement about sharing my story. So it seems like here we go again, into the medical/industrial complex.
I have come to realize that my newly minted membership into Cancer Fight Club means that I have to operate with different rules than regular Fight Club. If you haven’t seen the movie you probably still know the first (and second) rule of Fight Club is not to tell anyone about the club’s existence. Well, Cancer Fight Club turns this (and some of the other rules) on their head: tell everyone you know you have cancer. Don’t keep it to yourself. So here we are.
I have already written a bunch of posts on a CaringBridge journal and you are welcome to send me a request for access, or to share your own cancer journey here (in public) or via a private email if you’d like. And thanks for your support.

FIR B2B podcast episode #134: Fred Bateman on the evolving role of PR in a fragmented media world

Fred Bateman has been around the tech world as long as Pual Gillin and I have: At the dawn of the PC era he worked for various PR firms and then founded the Bateman Group, which grew to 90 staffers doing tech-focused PR and content marketing. Fred recently announced that he will sell his majority ownership to his three co-owners, who have re-branded the company as Mission North. He plans to partner with nonprofits to teach disenfranchised groups of people the business, writing and communications skills required for a successful career in tech-focused PR.

Paul and I spoke with Fred about how far the PR profession has come sine the dawn of the Internet era, how PR and content marketing people need to work hand-in-hand and how branded news sites such as Adobe’s have created new avenues of influence for marketing organizations. Fred also reflects on the skills that distinguish the best PR pros he’s worked with from all the other and the complex role of influencers in today’s media landscape. You can listen to our 20-minute discussion here:

Becoming a digital vagabond? Here are ways to be secure

A friend of mine is nearing retirement and thinking about spending some extended time living and working abroad. He has a few years to plan how to manage this transition, and asked for my advice. Here are a few recommendations on gear, process, and managing his security. In the past year I have been to London, Prague and Israel, so I have some ideas. I also asked some long-time fellow vagabonds to help provide some guidance based on their own experiences.

Your phone. At the heart of your communications is going to be your smartphone. My recommendation is to have at least one country-based SIM card when you travel, which is what I do when I am abroad. The issue is that some countries can recognize others’ cards, and some can’t. If you have a European cell plan, you can easily roam around the entire continent. For those of us from the States, we can use the GiffGaff SIM — it works really well there and it is very inexpensive. Another recommendation is to limit your use of voice minutes, and get the biggest data plan that you can afford for the period of time that you will be traveling. If you are going to be someplace for a month or longer, you should consider buying the SIM when you arrive, as you often can get the best deals at a local drugstore or supermarket.

The issue is whether to have an Android or an Apple one. I am biased towards Apple. Do you need to buy the latest and greatest iPhone model? No, and lately the American cellular carriers are offering all sorts of discounted (and sometimes free) phones if you agree to a two year contract on an older iPhone, such as the iPhone 8.  One issue with using different SIMs on an iPhone is that it can mess up iMessage and deregister your American phone number from your iCloud account. A way to avoid this is to start originating your iMessages from your iCloud account instead of from your phone number.

If you are an Android fan, I would stick with Samsung, because they have updated their phones’ security software. Avoid other Androids, because they are so easily compromised: all it takes is downloading a phony app, or clicking on a phished email. You might say that you will pay careful attention and not download anything, but it is just human nature.

What about getting a dual SIM card phone such as the iPhone XR or Samsung Galaxy S10? I don’t think this feature is worth it, especially as these tend to be the more pricey phones. They also don’t really have two physical SIM sockets, so you will have to make use of a virtual or eSIM, which adds another layer of complexity and compatibility. Many non-US carriers offer free inbound calling from US numbers anyway. 

Your American cell provider. Reading articles about SIM attacks such as this one on c|net, I think the best US carrier for secure international use is T-Mobile. It also has a very flexible travel plan. This doesn’t mean that it works everywhere, and you should map your planned route with its coverage area, otherwise you will run up a nasty roaming bill in those unsupported places.

You should definitely add a wireless PIN to your online cellular account. Depending on how long you will be out of the USA, you might be able to get by without having any American cellular account. Given that there are so many data-based voice apps (WhatsApp, Skype, Viber, Facetime), you probably can limit your actual voice calls anyway. For example, WhatsApp seems to be the app of choice that many AirBnB owners use to get in touch with you, and in Israel it is really the main communications tool among locals.  

Google Fi also has some interesting plans, especially for international travel, and has expanded their geographic coverage. If they offer service in the countries that you intend to be in, then give them consideration. They also might work better on Android models. One of my friends uses this and finds it very handy: “I can touch down in 170 countries and immediately have data access plus have coverage for when I’m in the States. I cannot stress enough how important it’s been to have data when I land somewhere for both safety and convenience. When I’m able to respond to messages at touchdown and get an Uber from the airport without needing to hope there’s Wifi it’s been a genuine lifesaver.” That reminds me when I was in London for a few days and just had Wifi coverage: I had to run back and forth between the terminal and the car park and almost missed my ride because the garage had no coverage. 

One other recommendation for navigation is the mobile app You can easily prepare digital maps and download them to your phone in situations where you don’t have decent data coverage. One downside is that the maps are in their native language.

Your American banking provider. If you take a look at the twofactorauth site, you can see that Capital One, HSBC and USAA all support phone authentication apps. There may be others — my friend pointed out that his local credit union also now supports the Google Authenticator app. Now I know that changing banking providers is painful, but if you are planning this in advance you might as well start now and choose one of them that supports one of the auth apps. Also, if you haven’t gotten a Yubikey or a Google Titan key, you might want to purchase one of these as well. 

While supporting the local credit union has some appeal, you want a bank that has a larger footprint, and is able to make deposits and withdrawals from overseas ATMs with minimum fees. If you are going to be sticking around in one place for several months, you might want to open up a local account, and then consult the twofactorauth website to see if there is a bank that offers additional authentication support. 

Speaking of other accounts, I have been experimenting with the mobile app Revolut. It makes it easy and inexpensive to move money around the world. You can use the app to find low-fee ATMs and hold funds in multiple currencies.

What other accounts do you have that handle money transactions? Amazon, for example, is an obvious one. But you might have set up accounts for bitcoins that you have forgotten about, or other online merchants that you do business with. You should use this time to flag them and if they don’t have an authentication app option, delete them. I had set up a email account back in the early days, and had about 100 contacts on this account. When Yahoo got breached, that account was compromised. I had forgotten about this account and its contents. It didn’t help matters that Yahoo made it difficult to completely delete it too. 

Harden all of your passwords. If you don’t use a password manager, now is the time to get on board with one of them and start changing your passwords to something more complex, and of course unique. Watch yourself and take note when you create a new online account and let the password manager take over – rather than typing in one of your old standbys. I use Lastpass, but there are others that are just as good. Should you be concerned about storing your entire password collection in the cloud? Yes, but the better password managers also use authentication apps to secure your master password, so make sure you use this option. BTW, you should not store your passwords in any of your browsers. This is because if you cross an international border, you might have to unlock your phone at the checkpoint. This also means that you should sign out of all your email and other sensitive accounts when you reach a customs barrier, especially when entering and leaving the USA.

What online accounts use your present cell phone number as part of your identity? This is a lot harder to figure out, even with your password manager. Facebook and Twitter are the biggest issues here. I don’t think you can easily change your cell attached to your account, but if you can you should set up Google Voice as a phone number for use just in authentications. It will forward both voice and texts to your “regular” cellular number too. One issue: you can’t use both Google Voice and Google Fi on the same account. 

Laptop physical security. I got a “disposable” – meaning cheap – laptop so I don’t have to worry about it being stolen when I travel. But when you are living somewhere else, you might have to rethink this. How can you travel with your data without worrying that something will happen to your laptop if it is all on your computer? I have heard that thieves in Silicon Valley are going around with Bluetooth scanners looking for laptops in cars. It is only a matter of time before this catches on elsewhere. This means you might want to consider either a laptop with a removable hard drive, or else keep everything in the cloud with a Chromebook.  

How about a VPN? I use ProtonVPN, made by the same folks that do ProtonMail. The basic free version is fine. One issue, though: when transiting some airports and staying at some hotels, you have to turn it off in order to connect to the venue’s WiFi hotspot web portals. The nice thing about this VPN is that you can use it on both your phone and laptop. The paid versions have fancier features, such as being able to pick an originating network.

Thanks to Paul, Bryan and Joel for their help with this article. Feel free to share your own digital nomadic experiences in the comments here. And good luck with your travels!

RSA Blog: The Tried and True Past Cybersecurity Practices Still Relevant Today

Too often we focus on the new and latest infosec darling. But many times, the tried and true is still relevant.

I was thinking about this when a friend recently sent me a copy of , which was published in 2003. Schneier has been around the infosec community for decades: he has written more than a dozen books and has his own blog that publishes interesting links to security-related events, strategies and failures..

His 2003 book contains a surprisingly cogent and relevant series of suggestions that still resonate today. I spent some time re-reading it, and want to share with you what we can learn from the past and how many infosec tropes are still valid after more than 15 years.

You can read my column for RSA’s blog here.

Steer clear of Plaid for your small business accounting

If you are looking for a small business accounting software service, don’t consider WaveApps, Sage or the site All of them use the banking connector and have a major shortcoming. Let me explain my journey.

When I first began my freelancing business in 1992 (can it be?), I used the best accounting program at that time: QuickBooks for DOS. It was simple, it was easy to setup, and it did the job. I stayed with QB when I went to Windows and then to Mac, upgrading every few years, either when my accountant told me that they couldn’t use my aging software or when Intuit told me that I had to upgrade.

I use my accounting software for three things:

  • To keep track of my expenses and payments, entering information once or twice a month to stay on top of things.
  • To produce invoices and to accept credit card payments from my clients
  • To produce reports once a year for my accountant to produce my business tax filings

That isn’t a lot of requirements to be sure. Naturally, over time some of them have changed: when I first began my accountant directly read my QB file. Now she just wants a few year-end statements, which almost every accounting tool can produce. Also, enabling credit card payments isn’t a big deal that it once was: there are so many other solutions that don’t have to originate from the accounting software tool itself (such as Square, for example).

One thing that hasn’t changed is my goal: having to spend as little time as possible using the software, because this means that I have more time to spend actually writing and doing the work that I get paid to do.

But installing software on my desktop is so last century. Eventually, Intuit stopped making physical software and every QB version is now in the cloud. Their solutions start at $25/month, discounted for the first few months. Actually, that isn’t completely accurate: they also have a “self-employed” version for $15/month, but it has so few features that you can’t really use it effectively – such as producing those yearend reports that I need for my accountant.

Several years ago, I found Waveapps. It was free, it had just enough features to make it useful for me (see above) and did I mention it was free? I started using it and was generally happy. One of the nice features was how it connected to my corporate checking account at Bank of America and imported all my transactions, which made it easier to prepare my books and track my payments.

A few weeks ago, Wave decided to “upgrade” its banking connector to Plaid. And that broke my BofA connection. The problem is that I have setup my banking login to use an SMS text multi-factor authentication (MFA). I wish BofA offered something better, but that is what they have — they call it “extra security” — and so I use it. Plaid doesn’t support my bank account’s “extra security” MFA setting.

This begins The 2020 Accounting Software Evaluation Project. It deserves the capital letters because it meant that I had to start looking around, reading software reviews, signing up for the software service providers, and checking them out. I very quickly found that Sage and (I do hate their domain name) also use Plaid as a banking connector, so I wasn’t getting very far by switching to them. Meanwhile, here we are into February and I still haven’t decided on what to do with my accounting software.

I took time to email the PR person at Plaid, who initially told me that the BofA MFA issue was a bug and they were working on a fix. That was a lie, or perhaps a misunderstanding. Eventually, this is what I got from them: “Plaid supports the standard MFA for Bank of America and most of the other 11,000 institutions on the Plaid network, but we do not currently support BofA’s perpetual MFA setting.” This is also not true. BofA only offers a single MFA method: sending SMS texts to your phone. I wish they offered a smartphone authenticator app, but they don’t.

So my dilemma is this: should I eschew security for convenience? I can turn off the MFA and get my accounting data imported, and then will have to turn it back on. I could try to switch accounting providers to something else  — I haven’t tried all of the small business providers, but I have a feeling that Plaid has them as customers too. I could find another bank that has better security and perhaps works with Plaid, but that would mean changing a lot of my bill paying data too.

No good choices, to be sure. I guess I will just stick with Wave for the time being, but I am not happy about it. Secure users shouldn’t use

FIR B2B podcast #133: How to Construct a Compelling Case Study

This week we discuss case studies — both ones Paul Gillin and I have written and others we like. The best case studies are really about the storytelling, having a solid narrative arc with a beginning, a resolution and a moral. They bring to life a hero – or in some cases an anti-hero – and describe the drama that led up to a crisis point and how the situation was resolved. The best ones are simple, don’t burden the reader with needless details and have a news hook that makes them compelling during the time surrounding their online posting.

My own story about the Avast CISO Jaya Baloo, who faced a security breach on her first day on the job, was instructive at showing the conflicts over how to respond to a breach and how to rally her staff to fix the problem, but it also provided insight into her personality and her leadership strengths. Paul’s story about the rise of Domino’s Pizza from whipping post to Wall Street darling starts out by describing customers who described Domino’s’ product as tasting like cardboard. It’s an unusual way to start a story but a nice narrative for a turnaround. The chain took control over its digital technologies and saw a 50-fold increase in its stock price as a result.

Sometimes stories – like Paul’s piece on J.C. Penney’s attempted turnaround – don’t bear the test of time. While Penney’s tried to restart its brand with members of a team that led the successful digital transformation at Home Depot, the story shows that sometimes hope is not the best marketing strategy.

And sometimes stories have anti-heroes at their core, as this piece that Kaspersky ran last year about the increase in the number of cities that have suffered ransomware attacks. It drew our attention as a reminder of how devastating these attacks have been, and why they continue to be attractive to hackers, using storytelling as a hook.

Finally, case studies can have a visual element, as this piece on rebranding cranberries for the millennial generation did. The folks behind marketing this seasonal fruit used the fascination that millennials have with taking pictures of their food to put together a nice social media campaign last Thanksgiving that moved what many consider a boring traditional dish into the spotlight.

Listen to our 12 min. podcast here.

Celebrating data privacy day should be everyday

Are you familiar with the term dark patterns? You probably are if you do any online shopping. The term has been in use in the UX world for a decade and refers to a design choice that makes a user decide on something that they might not have otherwise chosen, such as adding a product to a shopping cart that wasn’t selected, running a deal countdown clock, or warning that a product you are thinking about buying is running low in inventory. These are also called nudging, where the website designer places the preferred answer in larger font or bigger icons such as the image below.

Last fall a group of academic researchers found more than 1,800 instances of dark pattern usage on 1,254 websites, which likely represents a low estimate. Many of these websites had pretty deceptive practices.

Dark patterns are just the latest salvo in the attempt to keep our privacy private. An article posted over the weekend in the New York Times documents the decline of this notion. “We have imagined that we can choose our degree of privacy with an individual calculation in which a bit of personal information is traded for valued services — a reasonable quid pro quo,” writes the author, Shoshana Zuboff. “We thought that we search Google, but now we understand that Google searches us. We assumed that we use social media to connect, but we learned that connection is how social media uses us.” Our digital privacy is now very much a publicly traded service. Zuboff’s study of this erosion of privacy is just in time to honor this year’s Data Privacy Day. She mentions a series of examples, such as Delta Airlines’ use of facial recognition software at several airports to shave seconds off of passenger boarding times, with almost everyone opting in without nary a complaint.

The other news item in time for DPD is the UK’s Information Commissioner’s Office (ICO) recent publication of a series of design guidelines called Age Appropriate Design Code to help children’s privacy and online safety. Let’s discuss what they are trying to do, what some of the issues are with enforcing their guidelines, and what this all has to do with dark patterns.

The ICO rules haven’t yet been adopted by Parliament – that is several months away if all goes well, and longer if it turns into another Brexit debacle. And that is the crux of the problem: “Companies are notoriously bad at self-regulating these things. Guidance is great, but if it’s not mandatory, it doesn’t mean much’” says my go-to UX expert, Danielle Cooley. And Techcrunch likens this to the ICO saying, “Are you feeling lucky data punk? How comprehensive the touted ‘child protections’ will end up being remains to be seen.”

Cooley gives the ICO props for moving things along – which is more than we can say for any US-based organization. “It is a step in the right direction and a good starting point for other government entities, much like GDPR was for motivating California to pass their own privacy legislation. However, there is really no way to enforce much of this and there are multiple ways around it too.” She gives the example of American alcohol manufacturers that prohibit people under 21 from entering their websites. Can they really stop a minor from clicking through the age screen? Not really. “At least, the ICO addresses dark patterns and nudging.” One point Cooley makes is proving the opposite of dark patterns is a lot harder to do, and few analysts have done any research.

The ICO has specific examples of nudging, which “could encourage children to provide more personal data than they would otherwise volunteer.” There is a total of 15 different categories of guidelines, ranging from transparency, dealing with default setting and data sharing, and parental controls. The rules are for all children under the age of 18, which is a wider scope than existing UK and US data protection laws that generally stop at age 13. It is extensive and mostly well thought out and applies to a wide collection of online services, including gaming, social media platforms and streaming services as well as ecommerce sites.

Another plus for the ICO rules is how it adopts a risk-based approach to ensure that the rules are effectively applied. However, while that sounds good in theory, it might prove difficult in practice. For example, let’s say you want to verify the age of a website visitor. Do you have one version of your site for really young kids, while another for teens? Exactly how can you implement this? I don’t know either.

Naturally, the tech industry is not happy with this effort, saying they were too onerous, vague and broad. Like GDPR, they apply to every online business, regardless of whether they are based in the UK or elsewhere. The industry reps do have something of a point. What is interesting about the ICO rules is how it places the best interest of children above the bottom lines of the tech vendors and site operators. That is going to be hard to pull off, even if the rules are passed into law and the threat of fines (four percent of total annual worldwide revenue) are levied.

The UK tech policy expert Heather Burns wrote an extensive critique of the ICO draft rules last summer (while there have been some changes with the final draft, most of her issues remain relevant), calling it “one of the worst proposals on internet legislation I’ve ever seen.” The draft proposed a catch-22 situation: to find out if kids are accessing a service, administrators would be required to collect personally identifiable data about all users and site usage, precisely the sort of thing that the ICO, as a privacy regulator, should be dissuading companies from doing. Another issue is that the ICO rules, which were written to target U.S. social media giants, could be onerous for UK domestic startups and SMEs, at a time when many are considering their post-Brexit options. “If the goal of the draft code is to trigger an exodus of tech businesses and investment, it will succeed,” she writes. Additionally, no economic impact assessment of the proposals, as is required for UK legislation, was conducted.

Her section-by-section analysis is well worth studying. For example, she wrote that the draft proposal associated “the use of location data with abduction, physical and mental abuse, sexual abuse and trafficking. This hysteria could lead to young adults being infantilised under rules prepared for toddlers; rules which could, for example, ban them from being able to use a car share app to get home because it uses geolocation data.”

Only time will tell whether the ICO rules are helpful or hurting things. And in the meantime, think about how you can do something today that will help your overall data privacy for the rest of the year. Ideally, you should celebrate your data privacy 24/7.Instead, we seem to note its diminishment, year after year.

Do you really need to learn calculus?

I was talking to a friend of mine who teaches middle school math this week. It brought back all sorts of memories about my career in math, how I picked my classes over my primary and secondary schooling, and what I would tell my teen-aged self with the benefit of hindsight if such self would actually listen to an adult back then.

I come from a family of math geeks: my sibs and my parents were all good at math, and all of the kids were on the “math team” that met after school to solve problems and compete for prizes. Looking through my old report cards, rarely did I get a grade less than an A in any of my classes. When it came time for college though, I started out as a physics major, quickly changing to math when I got frustrated with all the prerequisites, and eventually graduating with a roll-my-own major that combined independent study classes in science, art and math.

What many parents don’t realize until their kids have been through middle school is that there is in most districts a separation of kids into two math tracks. One is the basic math curriculum which involves teaching algebra, trig, geometry and some statistics by the time you finish high school. The other is a more advanced series of classes that ends with students taking calculus in their senior year in high school. If you are good at math, you end up with the latter program of study.

Why does anyone need to study calculus? There really isn’t any good reason. It is more custom than necessity. In my case, getting calculus “out of the way early,” (as I look at it now) allowed me to get AP credit and graduate early from college. It also enabled me to take more advanced math classes too. I asked Arnold Seiken, one of my former college math professors, why anyone should take the class. He was mostly bemused by the question: “Calculus was always part of the requirements for graduation – students assume that it is part of the burden of life and just grin and bear it. I assume you took my courses because you liked the jokes. I can’t think of any other reason.” He was right: he was always a crack-up, in class and now in retirement. Interestingly, he told me that he got into math by accident in high school because he couldn’t do the science labs, much like I decided. “Math was a fallback for me, I was always breaking stuff in the labs.” He was an excellent teacher, BTW.

When you are a college math major, there are basically two different career paths you hear about: to teach or to become an actuary. I wasn’t all that excited about teaching (although I did dabble with teaching both a high school computer class and a graduate business class later on in life), and when I took the first exam of many to become an actuary, I got the lowest possible passing score. That first exam is calculus, and my justification for the miserable score was because I hadn’t had any calculus for several years by the time I took the exam. But it didn’t bode well for a career in that field.

But having plenty of math classes – including one on linear algebra taught by Seiken — also enabled me to have a solid foundation for graduate school study of applied math topics that were part of my degree in Operations Research. That took me to DC and to do math modeling for supporting government policy analysis, and eventually on to general business technology.

My master’s degree was issued in the late 1970s. Back then we didn’t have personal computers, we didn’t have spreadsheets, we didn’t have data modeling contests like Kaggle. What we did have was a mainframe on campus that you had to program yourself if you wanted to do mathematical models. Today you can use Excel to solve linear programs and other optimization problems, set up Chi Square analyses, run simulations and other things that were unthinkable back when I was in school – not that I would know how to do these things now if you forced me to watch a bunch of videos to relearn them.

Seiken reminded me of a part-time job that I had in college, repairing these ancient geometric string models that were used in the 1800s to teach engineering students how to draw conic sections. I didn’t need calculus to restring the models, although it helped to understand the underlying geometry to figure the string placement. It did get me started on my path towards problem-solving though.

And I think that is what I would tell my teenage self. Whether or not I took this or that math class, what I was good at is solving technical problems. Having a math background made it easier for me to pick a more technical career path. Had I not moved into the calculus track, I probably would still have been interested in math of some kind, but probably wouldn’t have been as challenged to take the advanced classes I was doing as a junior and senior in college. So yes, calculus per se isn’t really relevant to debugging a network protocol stack, or figuring out the root cause of a piece of malware, but it does train you to learn how to pick apart these problems and find your way to an answer. Now, your kids may have a different path towards developing their own problem-solving skills, but math was my ticket and I am glad I took the path that I did.

FIR B2B podcast #132: Worst PR Nightmares of 2019

This week we take a moment to reflect on the past year’s major PR blunders. Thanks to the folks at Crain’s Chicago Business, we have five doozies to relive with you. They run the gamut from Hallmark’s lesbian bridal spot to Sallie Mae’s Hawaiian junket to the various missteps of Boeing’s now ex-CEO.  All have a few things in common:

  • The companies were culturally tone-deaf, whether to gender, racial, or other sensitive topics. Being woke isn’t just a fixed state of mind but a commitment to keep up with the cultural norms and mores and memes in this diverse world.
  • They failed to talk. The first hours after a crisis are critical and require a response — even if it is “We are working on a response and will get back to you.” Crickets will just inflame passions and create the impression that the business fails to understand its mistakes. “An organization is more likely to survive a crisis with its reputation intact if it immediately speaks for itself rather than allowing others to speculate about its motives and behavior,” Crain’s wrote.
  • They reinforced stereotypes. The Peloton ad would have worked if it had showed the woman gifting her husband, not the other way around. Why not run these ideas by impartial third parties who can identify the land mines? Hire a couple of journalists to poke holes at your message.
  • The companies waffled in response. Hallmark first pulled then reinstated its bridal TV spot. The ad was bold and progressive. Why not stand your ground instead of yielding to criticism that you know is coming?
  • Don’t be Facebook. We have beaten up repeatedly on the social network over the past year (#117 on alternatives  and #102 on how to fix some of their most egregious flaws).  Crain’s gives Facebook a dishonorable mention for stating that it won’t vet political campaigns ads.

You can listen to our podcast here: