October 30, 2012 5:35 PM
Posted by: David Scott
1 year plan
[Please see earlier parts of this series, below]
When we receive criticism, we generally have a sort of internal evaluator – we immediately know if the criticism is warranted, and thus constructive. Call it a gut feeling. Regardless, when receiving criticism you must always ask yourself: Is there merit in any, or all, of this?
Generally speaking, we know criticism is valid if we hear something from more than one person or department; if the originator of the criticism knows a great deal about the subject; and if the originator is known to apply reasonable standards of behavior. The criticism is motivated by a desire to help, and provides solid suggestions or directions for positive change.
When you receive constructive criticism, and the criticism is accurate, the best response is, of course, to agree. You should summarize the criticism so that the deliverer is satisfied that you heard him or her accurately. Ask questions as necessary – be certain that you understand the criticism. As necessary, ask the deliverer how they would improve things, or what improvements they need. Thank this person for bringing matters to your attention.
Handling and Responding:
When you are the recipient of constructive criticism, you should:
1) Understand the criticism.
2) Ensure the deliverer knows you understand.
3) Know exactly what needs to be done to improve your work or the situation – in other words, know what is necessary to meet expectations.
4) Arrive at a consensus for a course of action.
5) Thank the deliverer for their direction, suggestion, advice, etc…
6) Make the improvements, fix the problem, change behaviors, etc.
7) Participate in follow-up, or check back with the deliverer to confirm that everything is satisfactory.
In the case of process or behavior-driven criticism, we’ve all been a recipient at some point; whether we’re Business or IT, whether we’re senior or staff. Remember that everyone deserves to be managed, so in essence, everyone deserves to be criticized. We all need guidance from time-to-time. For the most part, we’re making good faith efforts within the scope of our knowledge, time, and other resources – but we can’t see and do everything at once. Whether you are on the delivering or receiving end of criticism, always remember that part of supervision is Super Vision. The critic has the luxury, generally, of flying above the trees and having time to look at an overall perspective. The deliverer too is generally the person who has the big picture details in advance of everyone else, and can best sense the necessary corrections to course. Comparatively, the recipient of criticism is generally the person down in the trees, handling things on a more granular basis, focusing on things that are directly in front of them. With this perspective in mind, there is no reason for the recipient to take umbrage at properly delivered criticism.
Keeping this perspective in mind helps the critic to make criticism more palatable for the recipient. Criticism becomes less of a “see-saw”; each party on opposite ends of an issue, one side up, and one necessarily down. Rather, criticism becomes a lever that both sides puts their hands on, in order to wield it in the same direction for better outcomes. Criticism becomes a mutually employed tool, exercised with equal effectiveness by both parties.
Criticism should be viewed from all angles as a “win-win-win” undertaking: a win to the critic; a win to those critiqued; and a win to the organization.
October 30, 2012 5:25 PM
Posted by: David Scott
1 year plan
[Please see earlier entries in this series, below, if you haven’t already]
Whether behavior is deliberately negative or simply wrong because of ignorance, we need to expose the behavior to the individual or team. This also acknowledges the critic’s awareness of the situation in the recipient mind. When instigating a change in behavior, we find ourselves in the position of talking to an individual, or team, about performance or conduct that can be interpreted as an overly personal criticism. Actually, this criticism is rather personal. In terms of the individual, you are criticizing the person’s behavior, and that is central to the person. Even a performance review of a team, in a team meeting, can cause members to view criticism on a personal rather than a business basis. It is important to make the delivery so that it is truly received, while at the same time maintaining its focus. In other words, you must make the point without rankling the recipient – otherwise you risk the recipient’s erection of a defensive barrier, which inhibits effective communication. How to best achieve this?
Again, it’s best to start with a positive. Highlight something that you like about the person’s character or recent behavior in handling a situation:
“John, I’ve received a lot of compliments on your support at the desktop. Accounting was especially happy with how smooth the upgrade to the payroll software went. Several people complimented you – your care and concern insured that they were able to work effectively in processing last week’s payroll. I do need to make you aware, however, that just recently several people have complained of a sort of arrogance on your part. Specifically, you’ve been telling quite a few people lately that you’re very busy, and that you’ll ‘get around to them when you get around to them.’ Have you said that to people, and is it possible you’ve been rude?” [Here, we would pause to confirm whether John felt that this was an accurate assessment of his behavior]. “John, there is no excuse for rudeness in the support arena – ever. Generally speaking, people will engage others based on how they’re treated. Working on a friendly basis, no matter how difficult the circumstances, is a heck of a lot better than the alternatives. So, being busy is ok. But failing to provide people a courteous estimation for when you can help them is not. Most will be reasonable if you can at least give them a general indication when you can get around to them. If you’re feeling pressure you can also ask the team for help, and you can solicit my help in balancing your load. You need to make an immediate adjustment to your attitude so that you don’t create the wrong impression amongst the users. I don’t want to see you damage your reputation, as people trust you and generally compliment you. I know the Accounting project went well because you kept everyone informed during delays, and since everyone felt informed they were very pleased with the way that went. You’ll find people much more cooperative when you keep them genuinely informed. We all either help or hurt the department as a whole through our attitudes, so let’s all give each other a break and put our best face out there. Thanks, John”
Let’s note here that we’re discussing constructive, justified criticism, so we’re stating as a given that John was actually rude, was a normally courteous employee with a history of positive work, and needed exposure to his behavior so that he could take corrective action. (Note: In cases where a productive employee suddenly loses efficiency, or starts to have behavior problems, we definitely want to find the source of the problem. It may even be something outside of the workplace. If someone doesn’t respond to constructive criticism, then we cross the threshold into formal counseling; here we’re focused on how a quality staff best delivers and handles criticism).
Expose Negative Outcomes: When criticizing behavior, it is essential to point out the actual negative outcomes, as well as the inevitable future ones, that are sown by negative behavior. Frequently, an individual is not aware that their behavior is negative, or can be perceived that way. In John’s busy state, he probably thinks he is helping himself by letting people know that he is harried and not immediately available (when in actuality he is hurting himself). Also, his communication, as empty as it is, will nonetheless set a flag in his mind; that is, a belief that he set some kind of expectation in the user’s mind. They know not to expect me any time soon.
What’s missing is his appreciation that his communication is coming off as uncivil and unhelpful – which erects a barrier to the transmission of actual information in either direction. In his case, no information is following anyway: “I’ll get around to you when I get around to you.” “Great,” the user thinks, “I know not to expect you soon – but when can I expect you?” No useful expectation is being set in the users’ minds.
So, the critic must first expose the present condition of behavior; show the liabilities of the behavior; next describe the corrective behavior; and then discuss the benefits yielded by the amended behavior.
For criticism of behavior or process, constructive criticism should do four essential things:
1) Expose and acknowledge any existing quality in behavior or a process.
2) Make sure to expose and address the real issue.
3) Express exactly what needs to be done to improve the situation – and
4) Provide follow-up.
Following Up: After delivering criticism, you need to do a very important thing: follow up. Even if you are made aware of the result of your critique from some other source, it is important to show the recipient of the criticism that it was a professional communication – and therefore, you as the critic need to provide a direct closure. You show that the criticism’s motivation was due to a vested care and concern for the issue – not just an opportunity to exert power over someone, or to “pick on” somebody. The follow-up can happen as an assignment; for a recipient to report to the critic upon completion of something. It can also be a “drop-in” session on the part of the deliverer.
An Example of Follow-Up: Debbie, thanks for working to correct those reports for Marketing we spoke about last week. Marketing is very happy now. They can proceed with their sales forecasting. The follow-up helps to certify that we’re communicating on a business-basis, not on any kind of personally motivated agenda. It helps the listener’s internal voice anchor the context as business: That was important; Marketing needs accurate information. I’m glad I was able to tell my supervisor that the marketing reports were corrected and that everything is ok. It is a further acknowledgement for the criticism’s importance, and shows that the critic had weighted that communication with importance.
When the recipient is able to provide a positive answer regarding his or her effort in making an improvement, and in supporting an issue, they get a positive feeling in that they:
1) Made an improvement.
2) Met the deliverer’s (in this case, the supervisor’s) expectations.
3) Met others (in this case, Marketing’s) expectations.
4) Were recognized for their effort.
Proper follow-up acknowledges that responding to criticism with positivity and improvement is necessary and worth it in this organization.
Never issue criticism without a follow up. Lack of follow up can undermine authority and respect – respect for the deliverer and respect for the process. The recipient can be left to think that the matter wasn’t truly of consequence in the deliverer’s eyes, or that the matter isn’t an overall priority (which it is, if it merits criticism). Lack of follow up will generally weaken future communications of this nature. It will contribute to a lack of focus and gravity the next time constructive criticism is delivered. Follow-up also provides an important opportunity to praise the recipient’s efforts (assuming expectations have been met).
Next: Receiving, handling and responding to constructive criticism
October 30, 2012 4:44 PM
Posted by: David Scott
1 year plan
Please see Parts I and II of this series, below, if you haven’t already.
Constructive Criticism: Most people understand the concept of constructive criticism. It comes our way in a formal sense during a performance review, for example. It also comes to us in an ad hoc way from supervisors, peers, etc., in the form of direction, suggestions, and advice. This criticism should mean that the deliverer is coming from a strong position of experience, knowledge and fact. Constructive criticism (or valid; justified criticism) is meant to help.
– Motivation: People who provide constructive criticism are helpful, and motivated by a sincere desire to expose an issue in order to better its standing. People who take the time to provide this kind of criticism do so under one of two broad conditions: they either provide criticism in a forum specifically designed for the delivery of it (such as a performance rating, formal counseling session, etc.) or within a general circumstance, such as a status meeting, drop-by visit, hallway conversation, etc. All constructive criticism is important, but realize that formal critiques are more than mere motivators – they are requirements. It is within these required sessions that we find the true motivators for criticism – they are specific critiques that have the same basic reasons to generate relevant criticism (and praise) as any other general criticism that comes our way: exposure of issues and actions for betterment.
Whether constructive criticism comes in a required forum, or is delivered outside of any strict format, formula or timetable, it is handled with this in common: It needs to be acted upon. This realization allows us to make our discussion of criticism more efficient, since, whether formal or informal, we can now talk about a criticism’s motivators from the perspective of an actual driving event or situation. We can examine what causes the critic to specify and focus on a thing in particular. At the same time, we also have to look at the possibility that the critic is motivated by the receipt of his or her own criticism from somewhere.
Understand that regardless of specific situational motivators, all constructive criticism shares a common general motivator: the desire to help – or – helpfulness.
– Delivery: When criticism is genuinely constructive the deliverer is usually polite, and at least civil. Because the critic has the relevant experience, knowledge and facts for a given situation, those circumstances yield confidence. The critic is a calm and calming deliverer. The criticism’s content is clear, and there’s an articulated benefit expressed as an improvement to be had. If criticism is delivered optimally, there is an invitation for open discussion. Ideas can be exchanged, positions explained, and it is here that hidden issues or evolving circumstances can be exposed and examined. The deliverer should have enough knowledge and experience to know that criticism is generally a ticklish business. Sounding too critical can tune the listener out, or worse, cause the listener to become angry or defensive.
When discussing the delivery of constructive criticism, there are two sub types that we should examine in order to effect optimal delivery. One is targeted at process, or activities, external to inherent behavior. We will simply call this Process-driven Criticism. The other is targeted at inherent behavior, and things such as issues of character, and lapses in judgment. We will simply call this Behavior-driven Criticism. Let’s define each of these for this discussion:
1) Process-driven Criticism: Process-driven criticism focuses on activities that can be made better. The critic is generally focused on something narrow and discreet, though not always, and enjoys a confidence that, once an issue is exposed, the right people are on hand to make improvements. The criticism is meant to redirect or focus attention and energies. Usually, the recipients of the criticism are not the direct target. They are not deficient in performance – or, if they are, it is not the result of a character issue. They are hard-working, sincere, and qualified. They merely need guidance or input in order to make the required improvement. Criticism in these circumstances can be viewed as a “tune-up,” or “regular maintenance” of workplace issues – things external to the core character or behavior of the people.
2) Behavior-driven criticism: Behavior-driven criticism is meant to improve an attitude, to eliminate a bad habit, and to bring an individual, team or department back into standards of conduct. Usually it is directly targeted to a person or people. While there can be something narrow and discreet motivating this criticism, it’s important to understand that the behavior usually poses a general peril to anything it comes into contact with. In other words, the behavior has broad potential for negative outcomes. In these cases, the issue is such things as rudeness, anger, tardiness, sloppiness, dishonesty – things that reside, or are generated, within people.
Of course, better behavior yields better process, and better process can help morale and thus influence behavior. They are reinforcing. Frequently they are blended, and each is meant to contribute to better outcomes. But, there are important differences, and we need to understand the two for optimum delivery of criticism. Let’s take a look at delivery of these two:
Delivery of Process-driven criticism: Process-driven criticism is a little easier to deliver than behavior-driven criticism – it tends to be less personal. It is only indirectly linked to behavior or performance. For example, someone can be making the best faith efforts, and doing very sincere and good work overall, but there may be one or a few things that they are doing, simply put, wrong. Or, perhaps they’re just doing something “the hard way,” and therefore they’re not being as efficient as they can be. A person, a team, or a department may simply need the guidance that anyone is entitled to in the course of regular management.
When criticism happens between departments, or between disciplines such as Business and IT, there are special sensitivities and vulnerabilities. These apply even between organizations, such as yours and a vendor, or between agencies that have new working relationships. It is especially important to provide critical feedback effectively so as not to injure relationships. Yet in all of these circumstances, friction between parties, or a potential for friction, should not dissuade us from candor, nor from taking appropriate action. It is important to realize that progress requires traction, and traction requires friction. Friction in this case can be thought of as a facilitator of progress – you can risk someone’s irritation or initial grumbling, but the objective is to get the issue out in the open, to address it, and to better it. In any case, criticism must be dispatched correctly, and received correctly – therefore, both parties must keep their eyes on the prize: They should be focused on the desired outcome.
When Business criticizes IT, it is important for Business to keep in mind that they hold the real power: IT is there for Business, so there should be no reason to be heavy-handed. At the same time, Business requires a certain level of performance from IT; the objective of the criticism, therefore, is to expose IT to a business consequence. There also has to be exposure to the positive business expectations resulting from overcoming or avoiding the consequence.
In addition to showing a benefit to clearing a negative, it is very powerful to show additional benefits. Often we think of criticism as purely addressing something negative, therefore it is too often employed to “clear negatives” without going further. Clearing a negative returns you to a zero point. Rise further on the scale into a positive zone. Seek further positives from the criticism – they always exist for discovery. By seeking further positives from criticism, we pull criticism itself UP into a positive tone and posture. Indeed, when providing any kind of criticism, it’s helpful to start with a positive facet of the issue, which is a common “trick” – there should always be something positive to find and highlight. But further, bracket the criticism’s main point on the back end with additional positives to be had. As an example:
“Bill, the test module of the Exhibit Hall Space Manager was made available right on time – thank you. My staff has given me some positive feedback on it, and the changes we asked for are a real help. Great work. But, there were quite a few changes in the module’s screens that we didn’t ask for, or expect. The staff felt put upon because they had to stumble through the module. They had to re-familiarize themselves with the flow and process of it before they could get to the evaluation of our business-inspired changes. A lot of the data entry aspects, and the way the screens related to each other, didn’t reflect our training, nor the way the prior version of the module was laid out. Can we prevent these unanticipated changes in the future, or, if the vendor or IT has to make changes that aren’t at our request for reasons we’re not aware of, can we get a heads-up? Some quick familiarization for unanticipated changes will help our staff maintain a better attitude about it. In addition, it will help us get our required feedback to IT that much faster. It might even help us understand some of your logic behind the unanticipated changes, and we might be able to weigh in with suggestions on that too – we’re willing to pitch in any way we can.”
So here we have a problem with staff feeling put upon. They expected positive traction whereby they would receive a familiar test module back, against which their requested changes would readily show. Instead, they got their changes along with other changes to the fundamental product – they found their changes “swimming” in a sea of larger, unanticipated changes. It should be clear in this circumstance that it was a rather rude realization that the product had changed to the degree that the staff no longer felt familiar with it. Their criticism is justified by the reasons for it. It is highly constructive. The critic starts on a bona-fide positive, then specifies a problem, makes a suggestion to remedy the specific problem, and goes beyond in describing a couple other potential benefits to be had by the proposed remedy.
Remember this too – even if your additional, attempted “positives” can’t be utilized, you’ve still provided a positive in that your attitude comes through loud and clear: We’re here to help. We’re all pulling in the same direction.
Next: Delivery of Behavior-driven criticism
October 30, 2012 11:27 AM
Posted by: David Scott
1 year plan
In Part I, we noted that there is danger in criticism if it is not properly mounted and delivered. If we’re not careful, we can build resentments – we damage relationships between people, departments, and even allied organizations. We create avoidance to people and issues, we slow progress, we hamper business. Repair is costly. So, we have to take special care with criticism and its disposition in all circumstances. When we do, we find that proper criticism and proper reaction to it helps to expose important issues and aids in the resolution of problems. Criticism must always satisfy a very important question with an unqualified “Yes for an answer: “Does this move business forward?” Therefore, criticism must have a positive motivator, helpfulness in spirit, and a benefit to be had in the form of suggestion and outcome. Valid criticism has value – business value.
Once we know this, we realize that we need to manage criticism under a dizzying variety of circumstances. It must be managed at all levels of the organization; criticism between individuals, as well as between and within departments. Criticism must be managed between organizations that have relationships: it is dispensed between discreet organizations involved in shared missions and outcomes – vendors, solutions partners, regulatory agencies, “sister” organizations, chains, and so on. Here there is a special risk: poorly managed criticism can severely damage effective cooperation between allied organizations, particularly when it is motivated by protectionism and jealousy.
On a local level – your specific environment – there is a critical need in keeping individuals on balance. Those technical people directly supporting business on a daily basis are in a particular zone: They face business staff that needs to accomplish business, often under pressure, and these support people can face a larger proportion of criticism than the average staff. The supported business people, in direct contact with their support half, are also in a target environment.
The good news is that criticism, large and small, is essentially handled the same way. If we’re able to take a dispassionate, objective, look at the full range of criticism – from whiny, empty, counterproductive carping – through criticism wielded as a weapon – and on to the valid critiques, suggestions, sound advice, and requirements – then we’ll be much more adept at recognizing and handling criticism. We can vet criticism in defusing negativity and leveraging the positive to yield better outcomes.
As we consider the receiving end of criticism, we see that too many of us assume that our efforts should be immune from criticism. In that unbalanced posture, we cannot fail to resent criticism – no matter how on target, and no matter how expertly delivered. Reasons vary, but perhaps it’s because we feel we’re doing an excellent job: we’re putting in extra hours (without being asked!), we’re “carrying” our department (“they’d be in big trouble without me”), or maybe criticism just catches us on a bad day. Often, we feel that we’re doing the best we can in murky circumstances (another reason to get the Weave under control). Therefore, when criticism is directed at some of us, we respond in a negative fashion – with negative outcomes. Responding to criticism with anger, sarcasm or defensiveness is counterproductive. At the same time, it’s counterproductive for leaders to allow others to engage in invalid criticisms. If we don’t take care, this can become a self-reinforcing cycle; for the individual, and even for the organization. Criticism and its disposition, as much as anything else, influences the organization’s culture.
Maintaining a Balance in the Face of Criticism: We need to keep a balance in our reaction to all criticism because there is value even in much criticism that is poorly delivered. There can be merit in critiques that are rude, or even delivered in “attack” mode. Too, we can recognize criticism at the bottom end of the scale, and dispose of empty criticism through appropriate channels before it spreads and infects other opinions and attitudes to the detriment of the organization. It helps to build an immunity to the negative sort of criticism that, unfortunately, permeates certain endeavors. With experience, knowledge, and well-placed faith in the organization comes a patience that, however unjustified and harmful some criticism may seem, it can be handled and disposed of in a forum sanctioned by the organization. When people see an organizational maturity regarding criticism, they have faith that unjustified criticism will be “outed” and shown to be that which it is. This creates a better balance in all things as we strive to serve the better business interests.
We also need to take a look at the sponsors of different sorts of criticism and learn how best to handle those people. It is always helpful, and in most circumstances downright necessary, to consider the source. Here it is especially important to maintain a balance, as many critics are powerful people.
For leaders, criticism can bring a particular kind of pressure. Too much pressure for anyone can lead to an imbalance: the stumble of mistakes that otherwise wouldn’t be made. Pressure can yield bad judgments. Managers – Business and Technical alike – should watch for undue sensitivity to criticism; in themselves and in helping others. Ultimately, everyone needs to inculcate a healthy perspective to criticism – this includes the deliverer and recipient. Balanced people are aware of the appropriate, positive, responses to criticism – again, valid and otherwise. This healthy perspective toward criticism, and the appropriate method in delivery, receipt, and disposition, will defuse sensitivities and lead to progress. None of this is to say that we should ignore egregious instances of pure belittlement. Leaders need a balanced, objective, ability to weigh criticism, assign the relevant worth, and dispatch or handle it on that assigned basis.
Cloaked Criticism: As mentioned above, there can be validity in criticism that is poorly delivered. This leads us to acknowledge a category of criticism that is generally not addressed in other discussions. It is a category that is especially important to IT and Business, as we cannot afford to miss important requirements and details (regardless of source). Simply: It is either constructive or destructive criticism that has the appearance of the other.
For example, you may receive “constructive” criticism that has you doing busy-work at the expense of emerging priorities. The critic may have a good heart, but in this case the criticism will destruct our efficiency. Too there is criticism that has the appearance of destructive criticism, but which nonetheless contains merit. In pressure environments, criticism that is often legitimate (therefore valid), gets perceived as unjustified criticism: it is criticism that comes to us in anger, or as an attack, due to the deliverer’s own pressures – and therefore it is poorly expressed. Regardless, the issues may be legitimate. If something is in dire need of attention, we can’t afford to miss it just because we don’t care for the critic or his/her delivery.
Therefore, in all cases we need to recognize that criticism isn’t always packaged correctly – like anything else, the delivery of criticism won’t be perfect – it won’t be branded, test marketed, and wrapped with a bow.
As some “constructive” criticism can yield poor outcomes, and because some “destructive” criticism can have value in part or all of it, we’ll discuss how to recognize cloaked criticism. We can then handle it according to what it truly represents; we pan for the legitimate portions of critical information, and neutralize whatever remains.
Next up - An order of discussion:
¨ Constructive Criticism
- Following Up
¨ Destructive Criticism
- Guarding against Delivery of Unjustified Criticism (or that perception)
¨ Cloaked Criticism: In Between Constructive and Destructive Criticism
October 23, 2012 11:29 AM
Posted by: David Scott
the business-technology weave
Why The Criticizing of Excellence? Because that phrase snaps all criticism into an important perspective: Once it’s understood that criticism is going to come, regardless of circumstances, we can recognize that fact, accept it, and effectively deal with it. For most of us, dealing with criticism is not the best part of our day – whether dispensing or receiving it. Poorly managed criticism, and critics, can impair business. If not carefully managed, criticism can set up a sort of negative ping-pong exchange of recriminations, attendant “scoresheets,” and possible “get even” scenarios. Preventing this sort of atmosphere is far easier than repairing an environment that has been allowed to drift. You don’t want personalities clashing. We must not allow problems between powerful people to be woven into your organization’s fabric, nor must we allow other impairing critics to exist.
Many an organization suffers through the “silo-ing” of departments and the resultant impairment of communication and efficient business. Working through a minefield of political liabilities is what mucks up many good faith endeavors. But that’s largely because most people haven’t learned what criticism really is meant to be, and how it is to be used (both in its delivery and in its receipt). When we understand the nature of criticism, we learn to value criticism. In learning how to value and use criticism, we need to recognize constructive (or justified, valid) criticism – and destructive (or unjustified, invalid) criticism – and we need to act on criticism to effect the appropriate outcomes.
Why address criticism here? Let’s establish a little background: In a field as challenging, dynamic, and high profile as IT, there is much that presents a ripe target for criticism. At the same time, the pressures faced by Business (the business stakeholders), and their demand for quality support and services, generally means that Business has a fully stocked quiver of critical arrows. Yet, healthy criticism is necessary to the Business-Technology Weave. Critical evaluation and communication will be ongoing. This, paired with the challenge in creating, interpreting, and implementing a Business-driven IT strategy, makes it extremely important that we understand criticism and how to wield it. If you’re not making effective use of criticism, then you not only lose out on the positive lever to be had in progressive business, but you allow the deployment of a negative, depressive lever. Particularly in circumstances where we suffer divides, and have not yet achieved a proper Business-Technology Weave, there is that tendency to mount criticism from a less than fully informed perspective. When we combine that with a natural tendency to bristle at criticism, and mix in the resultant impairments, we find that we have a “perfect storm” formula for significantly diminished returns.
We’ll continue this as a series, and we’ll examine both criticism’s potential dividing force, as well as its proper wield and yield: That is, how to mount appropriate criticism, for contribution to solid business-IT gains.
October 14, 2012 1:29 PM
Posted by: David Scott
1 year plan
Business leaders with whom I speak are nervous about security. The recent report that the White House was breached by Chinese hackers doesn’t help their nerves. After all, the breach was characterized as a break into one of our most sensitive networks. The network is used by the White House Military Office for nuclear commands – this according to defense officials.
Many business folks think: “If they can hack the White House, for Gosh sake, they can break us too.”
Not necessarily (and I’ll resist the temptation to evaluate government “efficiency”). You see, this break was characterized as a “spear phishing attack.” Spear phishing relies less on sophisticated technical hacking, than on the simple fooling of e-mail-recipients into divulging confidential information, to include login credentials.
Officials characterize these types of attacks as “not infrequent” – thus you would think that staffers and officials would exercise extreme caution before divulging sensitive information. And yet, we know that human error and misjudgments are the larger part of breaches and loss. But what of you – and allied business?
Reinforce caution with all employees for use of electronic enablements: In-house systems; communications systems such as e-mail; social networks; info disseminated on blogs; live chat windows, and so forth. Ensure that all solutions partners – Vendors, visitors, solutions partners, associates, etc., understand your security posture and policy.
Keep training efforts regularized and up-to-date.
If the White House is listening: Please fix this fast. A former intelligence official who is familiar with the breached office says, “This is the most sensitive office in the U.S. government. A compromise there would cause grave strategic damage to the United States.”
Now Playing: Grateful Dead, Terrapin Station – vinyl, Nautilus SuperDisc. Carver C1; Carver M-500t; Thorens TD-125, Shure v15v xMR.
October 8, 2012 1:34 PM
Posted by: David Scott
1 year plan
A business system recently came to my attention that had a number of ambiguous paths and choices – it was difficult to know what to click in order to proceed. The system is a core, mission-critical, business system at a “big box” retailer.
As to the ambiguities, consider this: When ordering a major product for a customer (in terms of size and cost), a model number is entered – after calling up an existing customer record or creating a new one. Once the product is added as a line to the order, the user is confronted with two buttons: “Order Product” at center-bottom of screen, and “Continue” at bottom-right. Hmmm…
Now, after undergoing a modicum of training, and with some acclimation to the system, a user knows to click “Continue” in order to complete the order; and knows to click “Order Product” to add another line item (another specific product) to the order. However, for new employees, the system can be cumbersome and arcane. Here, it would be an easy enough job for any business analyst to view the system through the user’s eyes: The “Order Product” button can just as easily be marked as “Add Another Item” or “Add Another Product.” Once all products are added, it is quite intuitive to click the “Continue” button to move the order along to completion. Much easier on the users, and a better match of easy-to-understand screens in match to training.
Another area of the system has a template for fill-in of very complex products. One example: Carpeting. Here, specifications (and fields) include Type (loop, pattern, texture, twist), Color, Brand, Fiber, and other qualifiers. However, a system anomaly exists here. the more comprehensively you fill the template, the more likely you are to receive a system error! In fact, it’s best to fill one field, and to proceed through a more cumbersome (and under usual circumstances, more inefficient) path to ultimate resolution of ordering carpet.
I see breakages and ambiguities like this all the time in the course of my consultations. I hear complaints from business people quite frequently. Here, IT needs to build applications and associated designs while imagining the business-class user’s negotiation of the system – to a business end. It’s really not that difficult.
To business folks: When participating as a stakeholder, and partnering with an IT counterpart, listen to what you’re saying through their ears, and be aware of what may be ambiguous to them. Smash ambiguity – be specific in how systems are to work, how systems are to look.
To IT folks: Design and exercise beta versions from business’ perspective, and watch for ambiguous and broken paths and procedures.
It’s easy to do with a little practice – and well worth it.
Now Playing: John Lee Hooker, Endless Boogie, original (commercial) open-reel tape, 3 ¾ IPS.
October 6, 2012 11:36 AM
Posted by: David Scott
, internet use
[Note: Please see Part I, Part II and Part III of the Internet Law series if you haven’t already]
A social network user suffered a federal criminal prosecution in 2008 for violating the site’s terms of service. However, this prosecution was grounded in the assumption that a private company’s terms and conditions enjoyed a standing within, and were incorporated to, the federal criminal code (the assumption was made absent any formal ascertaining of that standing for terms/conditions of service/use, by any proper oversight authority – a relevant court).
The court, in this case where the prosecution was attempted, held that this interpretation could not withstand Constitutional challenge, and entered a judgment of acquittal. Further, the highest federal legal authority (short of the Supreme Court), the U.S. Justice Department, now holds that these sorts of prosecutions will not be attempted.
Commercial sites collect and analyze data about their customers for purpose of marketing, service, and sales. Mere visitors also may have data collected regarding them. Recognize that the sites must disclose types of data, and the purpose for its collection and associated use. On the federal level, the Federal Trade Commission (FTC) will pursue violators of consumer privacy rights, or ones that mislead consumers by stating uses of data and associated protections that are not true reflections of use and security. At the state level, attorneys general make these enforcements of consumer protection laws.
What of children? They are consumers of web services too – just by virtue of “surfing” the web. The Children’s Online Privacy Protection Act (COPPA) provides an extra measure of protection for them. When a website is “directed to children,” or whose operator knows that the site is collecting information from children, it must not do so without parental consent. There is no formal definition of “directed to children” by rule or statute; the enforcer of COPPA, the FTC, has been seen to interpret this as meaning “directed primarily to children.”
Now Playing: Brubeck, Time Out.
October 3, 2012 3:03 PM
Posted by: David Scott
[Note: Please see Part I and Part II of the Internet Law series if you haven’t already]
It may surprise some readers that the Federalist Papers were written anonymously; published and signed as “PUBLIUS.” James Madison, John Jay, and Alexander Hamilton (maybe others) utilized this pseudonym in the production of 85 essays supporting ratification of the U.S. Constitution.
More recently, the State of Ohio and its legislature attempted to ban anonymous political literature. The law was struck down by the U.S. Supreme Court, which stated: “The right to remain anonymous may be abused when it shields fraudulent conduct. But… in general, our society accords greater weight to the value of free speech than to the dangers of its misuse.”
That’s an important recognition and right. But recognize this too: There is no right to express one’s views anonymously online.
At the same time, a certain de facto anonymity can exist and is quite common. Many forums, blogs, news articles, etc., allow login and submission for anonymous posting. One can also submit pseudonymously through simple account/free-mail creation. Yet, a practical means of identification does still exist. For example, an entity can contact a forum’s host, checking the IP address of a user; the ISP can then be contacted, and various logs can at least narrow the search considerably. This can be employed upon discovery of violation of intellectual property rights, defamatory comments, criminal activity, and so on.
Fortunately, there are State and Federal laws that help to discourage invasions of privacy online. The Electronic Communications Privacy Act (ECPA) prohibits access to any computer absent proper authorization. The Computer Fraud and Abuse Act (CFAA) makes it illegal to access any “protected computer without authorization, or exceeding authorized access.” Then there is the CAN-SPAM Act. This law requires all unsolicited commercial e-mail to provide an ability to opt-out.
Fortunately, most states now have data breach notification laws. Companies that harbor the private information of individuals must notify them in the event of any breach of privacy.
We’ll continue in the coming days…
Now Playing: Josh White sings Ballads – Blues; original 1957 pressing of this LP on Elektra. Carver C-1; Carver M-500t; Thorens TD-125 w/ Shure v15v xMR. Peerless in Jensen cabs.