Monthly Archives: April 2017

Some Password Policy Best Practices to Keep Your Company Secure

The Verizon Data Breach Investigations Report for 2016 tells us 63 percent of small business hackers take advantage of weak passwords. What’s more, almost all (93 percent) took mere minutes to compromise systems. It all spells big trouble for America’s small business unless you focus on beefing up your passwords and adopting a policy. Follow these 20 password policy best practices to keep your company secure.

Password Policy Best Practices

Understand What Password Policy Is

First you need to walk before you run. Understanding what a password policy is the first step in being able to build a strong one. These are a set of rules covering how you design the combinations of words, numbers and/or symbols that grant access to an otherwise restricted online area. Passwords can protect your website, software programs and small business networks. They keep them safe from unauthorized entry from ex-employees, curious intruders and of course hackers.

Adopt the 8 + 4 Rule

This rule helps you to build passwords that are strong as steel. Use eight characters with one upper and one lower case, a special character like as asterisk and a number. The more random the better.

Keep Symbols/Numbers Separate

Here’s another hint for an effective password policy to foil hackers. Make sure the numbers and symbols are spread out through the password. Bunching them up makes the password easier to hack.

Don’t Make it Personal

Everyone involved in a small business needs to understand there’s a big difference between security and convenience when it comes to passwords. It needs to be clear using personal information like your first name and birth date  is a recipe for disaster. If a hacker ever gets his hands on company HR data, this information  will be the first set of combinations he tries.

Use Different Passwords for Different Accounts

Even if there are several computers in the same department, it’s a bad a idea to cut a corner by using the same password for each. Use a different one for every device.

Avoid Dictionary Words

It might sound safe to go to the dictionary for a password, but hackers actually have programs that search through tens of thousands of these words.  Dictionary attack programs have been around for years.

Keep the Character Limit Down

The average person can only remember 10 characters or less. Long passwords run the risk of being written down so they can be remembered.

Adopt Passphrases

Abbreviations are usually immune to dictionary attacks. So TSWCOT for The Sun will Come Out Tomorrow is a good choice for a secure password. Remember to add symbols and numbers.

Don’t Change Them Too Often

A good strong password will last for a year or more. Don’t encourage employees to change them any more frequently than that. Otherwise you can wind up with a password1, password 2 situation. Hackers look for these patterns.

Don’t Write Anything Down

Granted, committing all of all your passwords to memory might get tricky. However, everyone under your small business roof needs to understand not to write anything down. A discarded Post-It can be all a would be hacker needs.

Discourage Sharing

No one should share passwords over any electronic media. If you cant find a way of sharing a password without using cyberspace, make sure everyone knows to change it right away afterwards.

Add Other Barriers

When you’re putting together a password policy, make sure to look at the bigger picture. Well designed passwords put a good lock on the online front door of your company. More robust authentication like a fingerprint scanner make your small business safe like Fort Knox.

Encourage Weirdness

In the passwords and not your employees, that is. Still, they should understand the best passwords avoid pop culture and sports terms and anything that’s common. Random groupings of the 8+4 rule works but so do unique phrases.

Adopt Stronger Policies for Sensitive Accounts

Administrators need to have more robust rules for setting passwords. The more data they have in their electronic baskets, the stronger the policy needs to be.

Enforce the Policy

It’s important your password policy has disciplinary teeth. Be clear about what  happens for infractions all the way up to dismissal.

Set a Lockout

We’ve all legitimately forgotten a password and need a few tries to get back in. However you should set a number that will lock the user out after a few unsuccessful attempts.  Four failed logins works.

Stay Away from Acronyms

Don’t use these as a shortcut to identifying your department or who you are. It might be temping for an accountant to use CPA. However, that opens a cybersecurity door wide enough for a hacker to walk right through.

Never Use Remember Password

Search engines and email programs mean well when they ask you this, but in the end it’s just another risk your small business doesn’t need to take.

Never Tell Anyone Your Password

A good policy will stress that no one should ever tell anyone else their password. The systems administrator needs to play gatekeeper here. If someone wants to know a password, they need to go to them.

Keep the Process Private

Finally, stress to everyone involved they need to hide the process from prying eyes. No one should be watching when you type in your password.

Give Better Presentations

You have an upcoming presentation and you want it to be amazing. Because, while you’ve always done a good job, you’re looking to level up.

But as you start to research how you can make your next talk the best yet, you’re overwhelmed by the amount of advice out there.

Good news: I’ve waded through it all to share the research that tells you how to engage your listeners, convince them of your message, and improve your use of slides.

These five tips are proven to work:

1. Tell a Story

There’s a reason storytelling is the buzzword du jour: It works!

When you tell a story, something magic happens to your audience members. Activity lights up in their brains as if they were experiencing the story for themselves.

Need more proof? In a study led by Wharton professor Deborah Small, researchers found that people were much more likely to contribute after hearing the story of a single victim they could picture and connect to, rather than one full of high-level statistics. So, if you want your presentation to inspire action, storytelling is the most powerful tool you can use in your presentation.

The Talk to Watch

Researcher Uri Hasson explains the neuroscience of storytelling.

2. Use Visual Aids

According to Albert Mehrabian, Professor of Psychology at UCLA, 55% of the information we take in is visual, whereas only 38% is vocal. Translation: Your audience wants to see something!

Don’t limit yourself to PowerPoint slides—a visual aid can be anything you show your audience to support your message. For example, Shark Tank contestants don’t show their product on a slideshow, they’ll bring it with them and do a live demo. Slides are great, but for an important presentation where you need to make an impact, think about what other visual aids you could use to get your audience engaged.

The Talk to Watch

Engineer Raffaello D’Andrea shows his audience drones in action to bring to life his passion for engineering, mathematics, and technology.

3. Use Images Instead of Text

If you’re using slides in your presentation, don’t fall into the trap of writing out your speaking notes and then projecting them onto a screen. Even bullet points are a turn off to an audience because they need to switch their concentrationbetween what you’re saying and what you’ve written.

Case in point: Cognitive psychologist, Chris Atherton, tested students’ recall of a presentation. One group received the presentation with slides that were text heavy, the other with slides that had very few words. The students who saw the slides with fewer words could recall more than twice as much than those who’d seen it with the text heavy-slides.

Science shows that slides covered in text hinder—rather than help—your audience’s ability to take in what you’re saying. So, next time you present, ditch the bullet points and look for simple images to support your message.

The Talk to Watch

Brené Brown is a master of storytelling, but she also uses simple visual aids to reinforce her message.

4. Make Your Presentation Interactive

Interacting with your audience when you present makes them sit up and take notice of what you’re saying. The simplest way is to ask them a question. Even a rhetorical question will make a distracted colleague look up from their iPhone and reengage in your material.

Bonus: There are lots of tools and apps available that you can use to run polls and filter audience questions.

The Talk to Watch

Amy Cuddy opens her talk by asking the audience to do an “audit of their body” and think about their posture. Watch as audience members noticeably shift in their seats!

5. Use Some Humor

If someone makes you laugh you’re more likely to be attracted to them. True, you don’t want your audience to fall in love with you, but winning them over makes them more likely to listen.

Not everyone feels comfortable using humor when they’re presenting, but even a light-hearted comment at the beginning can help break the ice and make you and your audience feel more relaxed. (Just remember these three rules for using humor at work.)

The Talk to Watch

Pulling a presentation together takes time and effort. And so, you want that hard work to pay off in the form of people remembering and caring about what you said.

Next time you’re pulling one together, don’t just do what you’ve always done. See if you can incorporate one (or more!) of these tips and make your own that much more effective.

Make a Recruiter Fight for You

At Johnson & Johnson, our team reviews 1,000,000 resumes a year and at this point, I’ve lost count of how many times a recruiter has stopped by my office to tell me about the “perfect candidate.” It’s often just after a phone call: There was a spark, positive energy, and they walked away feeling inspired. More importantly, they couldn’t wait to tell their hiring manager (in this case, me) about the person.

Sounds like a good position to be in, doesn’t it? Having someone on the inside who’ll fight for you?

Now, some applicants go wrong by thinking this means that a recruiter will take over their job search and do all of the heavy lifting for them. That’s not the case!

What I’m saying is that hiring processes are competitive, time intensive, and emotional for everyone involved—including the recruiter. They could easily be working with 100 different candidates across various positions, while simultaneously managing demanding leaders who want the jobs filled—fast. And so, when they meet an applicant who impresses the heck out of them, and who makes their job easier, they’ll advocate for that person.

I asked our recruiters here at Johnson & Johnson for some advice on how to build that all-important relationship. Here are their top four tips:

1. Be Prepared

You and the recruiter need to be on the same page in terms of your skills and past experiences (relevant and less relevant), any gaps in your employment history, and your short and long-term career ambitions. They need a clear picture of you as a candidate in order to refer you for the right role.

So, proactively send them an updated resume if there have been any changes since the last time you spoke (here’s how to pull one together in just 30 minutes). Then, have your work portfolio and references prepared and ready to go as soon as they ask for them. Respecting their time—and lack thereof—will help you stand out.

2. Be Honest

Misrepresenting yourself in any way is a big no-no. Honesty builds trust, whereas dishonesty—even exaggerating or just failing to mention something—can make them afraid to refer you.

Just think how badly it will reflect on you (and the recruiter!) if you hold something back or tell a ‘white lie’ that late comes to light. And be under no illusion, these things always do.

So, if you feel you’re slightly underqualified, impress them with your transferable skills and the honest way in which you present them.

3. Be Passionate

Recruiters are looking for qualified candidates who are serious about switching to the company they represent. I recently shared my thoughts on how important it is to have professional purpose (if you missed it, here’s more on why it’s so critical), but to put it briefly: It’s a bigger reason why a certain role would be meaningful to you.

If you’re discussing an opportunity with a company whose values align with your own, this is the time to highlight how much you care.

Even if you haven’t found your professional purpose yet, there should (hopefully!) be a reason you’ve set your sights on this company or role. Maybe you’ve always admired their approach to diversity in the workplace, the impact they have on local communities (or the world), or their willingness to embrace new technology. Whatever your reason, demonstrate that affinity, so the recruiter knows why you’re committed to securing a role at their company.

4. Be Gracious

As the process progresses, it may be that the role isn’t quite right for you.

If you feel iffy, don’t be afraid to ask about other opportunities. The recruiter will respect you for being prepared to admit that you’re not the best person for the job. If you can, recommend contacts of your own that might be better suited. Recruiters remember candidates who are helpful.

Now, it could be that it’s a no on the company’s end. If you’re rejected, remember, a “no” now doesn’t mean a “no” for all future opportunities. Too often, I see candidates so upset about a rejection that they burn bridges. Why sabotage your future chances? Be gracious about the short-term rejection and play the long game.

For example, I heard about the job I’m currently in because I built a relationship with an executive recruiter over a two-year period. We met for lunch every quarter and I emailed him occasionally to keep him updated about my career. It worked both ways, too. Sometimes he’d call me and ask for a referral for a search he was working on at the time. Even if I didn’t know anyone, I always got back to him. And in the end, it paid off (for us both!).