Why Data Breaches Don’t Hurt Stock Prices (Harvard Business Review)

If you are a CEO, CFO, corporate board member or investor, the article Why Data Breaches Don’t Hurt Stock Prices published on Harvard Business Review by Elena Kvochko and Rajiv Pant may be of interest to you.

STEVEN MOORE

Cyber Resilience Towards the Quantification of Cyber Security Threats

The World Economic Forum and its partners have developed and shared a way for organizations to calculate the impact of cyber security threats. The framework, called cyber value-at-risk comes at a time when cyberattacks are increasing in velocity and intensity, and when 90% of companies worldwide recognize they are insufficiently prepared to protect themselves against them.

Cyber Resilience workshop at the World Economic Forum meeting in Tianjin, China. September 2014.

Download the full report here: Partnering for Cyber Resilience Towards the Quantification of Cyber Threats

Cyber Resilience workshop at the World Economic Forum meeting in Tianjin, China. September 2014.

I feel honored to have been one of the participants in the development of this. The project is led by Elena Kvochko and team of the World Economic Forum in collaboration with Deliotte and other Forum partners.

Cyber Resilience workshop at the World Economic Forum meeting in Tianjin, China. September 2014.

The World Economic Forum announced this today at the annual meeting in Davos.

(Source: WEF Press Release: New Framework to Help Companies Calculate Risk of Cyberattacks)

9 Reasons Why News Media Web Sites Should Consider Moving to HTTPS in 2015

If you work in news media and are interested in technology, you may enjoy my article listing 9 Reasons Why News Media Web Sites Should Consider Moving to HTTPS in 2015. I co-authored it with Eitan Konigsburg and Elena Kvochko, two colleagues with expertise, deep knowledge and passion for cyber security, privacy and technology.

It is published on the Times Open Blog maintained by the Software Engineering Team at The New York Times.

My personal Web site, rajiv.com is served exclusively on HTTPS thanks to CloudFlare.

Why investors should care about cyber security breaches

If you are interested in business, technology, and cyber security, you may enjoy my article about why investors should care about cyber security breaches. I co-authored it with Elena Kvochko, a leader in the field of cyber resilience.

3-5-7 Meeting Format for Weekly Staff Meetings

If you are the manager of a team of people at your job, here is a format we suggest for running your staff meetings. We call it the 3-5-7 format because of its convention of giving 3 to 5 minutes per person to answer 7 questions. This system assumes that you have fewer than ten direct reports so that you can complete such a staff meeting in under one hour.

The purpose of a staff meeting need not be to get status reports. If you have excellent collaboration tools at work where statuses, issues and risks are already documented, that’s preferable. Some companies like Automattic (WordPress) make great use of internal blogs for communication. However, face-to-face meetings are continue to be useful because our brains have evolved being wired for being most effective in face-to-face conversations for several things.

An in-person (or via video conference) discussion structured around these questions is likely to be effective in finding solutions, building a more collaborative team and keeping everyone on the same page.

Here are the seven questions we suggest you request each attendee to come prepared to answer.

  1. What did we (you and the team reporting in to you) do over the past week?
  2. What did you learn over the past week?
  3. What do we (you and the team reporting in to you) plan to do over the next week?
  4. What issues are we (you and the team reporting in to you) facing now or are likely to face in the future?
  5. What do you suggest are our countermeasures to address those issues?
  6. What do you need help with from the rest of us in this meeting?
  7. Is there anything non-work-related that you’d like to share?

Each person may answer the seven questions the order of their choice and may also combine the answers to multiple questions. The only requirement is that all seven areas be answered in a focused, efficient, and effective narrative lasting between three to five minutes.

Some of this advice is based on management experiences shared by Don Kiefer in an operations management class he teaches at MIT’s Sloan School of Business.

Posted Signs for Productive Meetings

You can post these slides as signs in your meeting rooms and offices or include them at the start of your presentations. You can also open the original Google Slides document to print or leave comments.

Suggested Template For Requesting a Meeting

Every time someone calls a meeting, they should consider using this simple template.

[ meeting-invitation-template begins ]

The desired outcome of this meeting is:

  • e.g. Come to agreement on solution for issue X
  • e.g. Make a decision about Y.
  • e.g. Share announcements about topic Z.
  • e.g. Continue to grow a good working relationship with each other by socializing in person.

Note: Explain what this meeting is meant to accomplish, instead of providing a description of the meeting. Focus on the desired result of the meeting. A meeting should accomplish one or more of three things:

  1. Solve problem(s)
  2. Make decision(s)
  3. Share knowledgeand agree to act on it and/or make it a practice
    • Knowledge, as in: data –leads-to–> information –leads-to–> knowledge –leads-to–> practice

You should come to this meeting because:

  • e.g. You are likely to have input into potential solutions for issue X
  • e.g. You are one of the folks who has a viewpoint on what decision to make regarding Y.
  • e.g. It would benefit you from hearing the announcements in this meeting.
  • e.g. This is your opportunity to ask questions about topic Z.

Note: Give the attendees at least one good reason to attend. Sometimes attendees have no idea why they are invited to this meeting. Don’t be seen as a waster of others’ time.

The guidelines for participating in this meeting are:

  • e.g. Please come prepared having read the document about ChaosMonkey.
  • e.g. Laptops & mobile communication devices are considered contraband during this meeting. If it is critical for you to have a computer during this meeting, bring a desktop computer :-)

Note: Set the expectations of the participations.

[ meeting-invitation-template ends ]

Further Reading & Thoughts:

Templates for Replying to Meeting Requests & Polite Ways to Decline Meetings

By default, we should only attend meetings where we are active participants, not passive attendees with not much to contribute to the desired outcome of the meeting. There are some exceptions to this like training sessions, educational presentations or others where the purpose for attendees is to learn something.

When I receive a meeting request, I often reply with the following text.

May I please request the following information in advance of this meeting? It will enable me to prepare, participate and be productive in the meeting.

  1. What do you recommend I should prepare in advance of this meeting?
  2. What decisions do we need to make at this meeting?
  3. What problems do we need to solve at this meeting?

Thank you in advance,

Time Management Tip: When you receive an invite for a meeting at work where you believe you may not add much value, reply to the invite with a polite message like:

Thank you for inviting me to this meeting. It seems from the subject, agenda, and attendees list that I’m not a required participant for this meeting. If I’m mistaken and my presence is required in this meeting, please accept my apologies and let me know that I should attend.

This is preferable to ignoring the meeting invite or declining without comment that may come across as rude.

To save time, you can save the above templates as text snippets to be inserted via a keyboard shortcut/macro or in a place from where you can quickly and easily copy and paste.

Discussion about declining meetings: https://plus.google.com/107443707510532643538/posts/inUkYy1Ufg7

When to have and when not to schedule meetings

Companies should, by default, avoid scheduling meetings that start before 10am or end after 5pm. If an employee comes to the office at 8am on some days, it is often to use the two hours of the morning before meetings to catch up and/or get a head start on the day. Meetings that start before 10am are often harmful overall since they put the attendees in reactive catch up mode for the rest of the day. Similarly, meetings that go on beyond 5pm (or worse, start after 5pm) take away valuable time from employees that they use to absorb information and events of the day, catch up with replying to email and get ready for the next work day.

i.e. Companies should consider any time outside the 10am to 5pm window to be not available for meetings and definitely not any weekly recurring meetings.

Preferably, employees who are ‘makers’ should have one 4-hour continuous block of time each day when they are free from meetings. (‘Makers’ differentiated from ‘Managers’)

50/25 Meeting Format

If you manage a team, value your team members time and want to improve productivity at your workplace with a simple change, consider implementing the 50/25 Meeting Recommendation that some companies are embracing. You can communicate something like the following to your team:

Dear Colleagues,

We deeply value your time, your productivity and your comfort at the workplace. As a part of our initiative to make your workday more productive, less hectic and better manageable, we recommend a 50/25 meeting format. It is simple concept: As much as possible, let us take all our meetings that are 1-hour long and shorten them to 50 minutes. For our meetings that are half-hour long, let us limit them to 25 minutes.

You will find that a 50 minute meeting will accomplish no less than a 60 minute meeting did and a 25 minute meeting will be as productive as a 30 minute one was. In fact, by having clear 50 minute and 25 minute deadlines, our meetings are likely to be better focused, on topic and more attentive. (For example: Since you will have time after the meeting to check email, there is likely to be less temptation to check emails during the meeting itself.)

The extra 10 and 5 minutes will give you valuable time back that could be used for many useful activities: Getting in the frame of mind for the next meeting or task; checking your messages to see if there is something urgent that needs your attention; or simply taking a bio break.

Please note that this not a mandate, but a recommendation. We realize that you may not be able to do this for every meeting. What we ask is that you consider doing this for meetings that you organize or can influence. As a result, we will make our great work culture even better, less stressful and even fun.

Further Reading & Thoughts:

  • NYTimes article about Larry Page, Google’s founder and new CEO instituting the same 50/25 meeting recommendation at Google:
  • http://www.nytimes.com/2011/11/10/technology/googles-chief-works-to-trim-a-bloated-ship.html?pagewanted=all
  • If a meeting accomplishes all its goals in even less than the 50 or 25 minutes, please, by all means end the meeting even sooner.
  • We suggest that you do book the full hour or half hour in the calendar even as you implement the above so that others don’t schedule over the “10 minutes left over” in your calendar.

Thank you for considering this,

[Signature]

A discussion about this 50/25 Meeting Format: https://plus.google.com/107443707510532643538/posts/AtYgnmbhtqc