October is Cybersecurity Awareness Month, so Let’s Talk About Clicking Links.

Last week, this quick conversation happened in my house:
“Babe, did you send me a link on Messenger?”
“Yep, go ahead.”
“Cool, thanks.”

There was an ease to it, because we were in the same house, just a room away from each other, my husband working on his computer and me working on mine. He doesn’t send links often, so it was strange to receive one, and I checked before opening it. Then he said, loudly enough for our three kids doing school work to hear, “see what Mom did? Never open a link without checking. It’s not worth destroying your device or losing your data.”

You should know by now that links can contain code that will send you to a malicious web site, can open your computer to a virus, and can send you to a phishing site. There are enough articles on the web telling you how to identify if a link is not what it purports to be. If you are already part of the subset of people who doesn’t click on links, or checks them before clicking, or understands that sometimes a video is a link in disguise, this article is not really for you.

And when I say “sometimes a video is a link in disguise, this is a great example. Notice this image. At the top, notice that it reads “… forwarded a link.” If you were to actually send a video, Facebook Messenger would have read “… forwarded a video.” This “video,” by the way, was malware and was sent to me about 10 times by 10 different people. None of them knew they sent it. They just opened it, and it sent itself while collecting their data.

But there is a subset of users out there who are never going to examine a link, never going to go to a site to see where a shortened link points to, and never going to do anything beyond looking to see if a friend sent it and then open it.

And for those people, I want you to know, that with love, and concern, for your device protection and your identity protection and your data protection:


Don’t click on links, or videos that came in through your Messenger App, or through your text messenger, or through email. I know. I know we’re living through Covid and clicking on videos when it looks like your friend says you’re in the video is really appealing, but that video is malware. Don’t click.

But what about this one? Surely Snoopy and Woodstock mean me no harm!

Notice again that this is a forwarded link. Do we click on links? No we do not.

Can you be trusted to check with your friend every time to make sure that he or she really sent you the link?

How about if your bank sent you something in your email that says you MUST log in through the link they are sending you RIGHT NOW to fix a problem? NO. Don’t Click. Call the bank. Go to the web site through the bank’s URL. DO NOT CLICK.

Here’s a real example that was sent to us last week. Would you click?

FedEX doesn’t send messages like this. But even if you think they do send messages like this, Don’t Click. Is it worth it to your data? Can you see your package update in another way? Don’t Click. If you are expecting a package, you know how to find out where it is. Go to the FedEx web site with your package information.

There were a lot of things that I could have chosen to write about today, and I could have gotten much deeper into this subject. But the fact is, I have relatives and friends who are still clicking on malware links (and by links, I mean links and links that are disguised as videos or images), and I know it because then I receive the links/videos/images in Facebook Messenger or Facebook feed or my messaging app.

So if you’re reading this and you, too have a relative or friend who is putting their identity or data or equipment at risk, please point them to this article, and Tell Them that you’re doing it, so that they know it’s safe to click through.

And if you want to know more about keeping your data secure, contact me here or at info@lpgcyber.com and let’s have a conversation.

On school (non)-openings, women in the workplace, and change communications. (We can help!)

It’s been a hard week for school administrators. In Fairfax County alone, we went from giving families a choice of sending kids back to school 2 times per week or keeping them home for the year for 100% online learning, to no choice at all, with home-based learning for everyone. Nearby counties followed suit. Considering that Major League Baseball could not last one week without Covid-19 taking down the Marlins, it’s probably a good decision.

But people–and women especially–are panicking. On Facebook, within the first hours, my own feed was filled with women who remembered the final months of last school year saying “I am going to have to quit my job.” It is heartbreaking. And then it is enraging. I did not see a single man say something similar. I did, as one always does, see the occasional post that read “Schools aren’t babysitters. You need to stay home with your children.”

We have to do better. Business owners–you do not want to see your Intellectual Capital bleeding out while the women who work for you believe that they cannot stay with you. Your women employees have given you their work, their knowledge, and their time over the years and this is the time to step up and show them that you are there for them. The past four months have shown you that your employees are capable of working from home and getting the job done. It’s time to take it a step further.

My company can help. We have experience in change management and change communication, in instructional design and online communications. We can work with you to find a solution for your women workers, be it a change in schedule, a change in work products, or something new. We can help you communicate these changes now, when they will show that you are thinking ahead. And we can help you design new training products if necessary to get everyone set for September.

Don’t leave this as an afterthought; this is the time to let the women in your company know that you value them, their intellect, and their presence in your company. Contact us today to talk about it and find out more about how we can help.

A problem of clarity and scientists versus journalists, or, why the world needs scientific journalists

We have a problem today.

The World Health Organization (WHO) announced that asymptomatic people very rarely transmit the coronavirus, and mask-haters rejoiced. Less than a day later, they seemed to retract their announcement, or change it, or … well what is it that happened?

It appears that Maria Van Kerkhove of the WHO did announce that those who have the coronavirus and who are asymptomatic are not likely to shed the virus. That is true. But she used a scientific term–asymptomatic–that reporters have been using with a different meaning in English-speaking news outlets. That is, reporters use it to mean “when the person has the virus but is not yet showing symptoms” and Van Kerkhove used it to mean “when the person has the virus and is not showing symptoms and will never go on to show symptoms.”

The scientific term for “when the person has the virus and is not yet showing symptoms and is going to start showing symptoms any moment or day now” is presymptomatic, and oh yes, those people absolutely can shed the virus through casual contact. Got it?

Do you see what happened?

The problem is multi-fold. First, we have various news outlets with an agenda. Some were simply waiting for anyone to say or imply that it is safe to go out when you feel well, without a mask, without safety precautions. The “I need a haircut” people from the early American protests read these news outlets.

Next, we have socially distant news conferences, which are not conducive to clarifying misleading terms. If it had been the opposite–if she had said the word “presymptomatic–” someone could possibly have asked for a clarification. But because she used a term that we are all used to hearing or reading about, there appeard to be no need for clarification. Scientists, too, need to be aware of what they are saying, because their words carry a lot of power right now.

But having a cadre of journalists who are now being thrown into scientific and medical writing is a really large part of the problem. What if the writers who had been reporting on Covid-19 this whole time had been actual scientific writers? What if they had come from the American Medical Writers Association or its counterpart in other countries? They are writers who might have questioned the apparent discrepancy between what we knew and what they were saying, and perhaps unpacked the definition of the term “asymptomatic” and even, perhaps, asked the question.

We need to do better at bringing the news to the public, and that means not only having spokespeople being clear in their announcements but also having people who will understand the science and medicine reporting on it. Or we will have more confusion and reason for conspiracy theorists to spin their wheels and distribute more drivel.

Be clear with your words and ask the right questions, because any error feeds the fuel for anti-science. And we don’t want that.

What have you done to adapt?

Late last week, a friend of mine posted to Facebook asking if there were any hair stylists out there who would be willing to coach her, for payment, through cutting her son’s hair. The responses from hair stylists ranged from “so you’ll take our livlihoods away forever” to “please stop–we have lost everything.”

I don’t want to pick on hair stylists exclusively here, but this was an excellent model to take. We are living through a global pandemic. Everyone is going to have to adapt. This is literally where learning about how species adapt to their surroundings is supposed to help us. A potential client gave hairstylists a way of earning money during this time. Those she knew rejected the idea. Someone with an entrepreneurial spirit will eventually take her up on the offer and earn money. Someone will have money for the mortgage or rent; someone will not.

Prior to our quarantine in Virginia, I spent months working on promoting a live, interactive, in-person cybersecurity class. Am I shutting down? Of course not; I’ve just shifted my focus to other types of instructional design and technical writing (and if you want to see the cybersecurity class, all but one piece of it can be done live, online, and still interactive).

I see business owners everywhere, EVERY DAY, shifting and adapting to make their businesses work, and if your work was not a business, that does not mean you are out of luck! SHIFT. ADAPT. I know there are people in your life who can help you find something, even if it was not what you intended to do.

I am not saying that it is not OK to be sad, or to feel a little hopeless. But hopelessness will only take you so far. I have connections for you; let me help you and we will put those connections into action. You never know what you’ll get out of it.

Some work-from-home suggestions

Well it looks like more of us are going to be working from home, for the near and potetially farther future. As someone who has been a mostly remote worker for the last ten years, I have some thoughts and some suggestions that may make life a little easier for everyone. I hope this will help. And if it doesn’t help, I hope you will get a chuckle or two.

  1. The Zoom world is not really integral to the usual work-from-home culture, but it seems it’s here to stay. We are now in some unprecedented times. May I suggest, if you are having a meeting during the pandemic, to agree to your level of dress, and to agree to something FAR below “business attire.” There is NOTHING more depressing than getting dressed in business attire just to sit in front of a screen and feel uncomfortable for people who cannot see anything but your face and shoulders. I, personally, have been regularly letting people know that I will be appearing in my Pandemic Best, which is a clean t-shirt with a cardigan or hoodie over it, and hair in a ponytail. I make no promises about pants.
    • On the subject of pants, for the purposes of quarantine, pajama pants are pants. Leggings are pants. Shorts are pants. Whatever makes you not want to run outside into the wide world is pants.
    • You were supposed to laugh about the pants.
  2. Unless you are single and live in a place with no kids and no family, your work life is no longer 9 to 5, and even if it wasn’t before it definitely isn’t now. You think you’re going to get everything done. You won’t. Your laundry will call to you. Your kitchen will call to you. Snacking will become a new pasttime. This is normal. This is why people who work from home send email at 11 pm. We get our work done but we work strange hours. But you can let it get out of hand and end up working far more than your usual number of hours, so try to track what you’re doing. You might think you need to make up a full hour for that time you spent mesmerized by your son’s trip through Skyrim, but you were really only mesmerized for 15 minutes. Speaking of which…
  3. Welcome to the Pandemic. If you have a kid or a spouse, you are going to get distracted. The best you can do is remember that they are trying to get stuff done, too. In the case of your spouse, he or she would not have bothered you if they didn’t need to. In the case of your kids, remember that they are going to need SO MUCH THERAPY after this is over and the more time you can give them now, the less time and cost it will be for you later.
    • That last bit was also a joke but only a little. I’m picking out therapists already.
  4. Agree to have power hours. I am doing this with my coworking space. We have twice weekly online power hours where we get online, share what we are going to do, and then go heads down for an hour. We are doing this with the kids and each other at home now, too, and it’s giving everyone really good heads-down time to get work done and leave each other alone. At first I thought that it would be good to end this time with a lunch break or coffee but in truth everyone wants to just keep working when it’s done. I highly recommend it.
  5. Make phone calls off of the computer. For goodness sakes we don’t have to see each other all the time. Make a real phone call, talk through a project, and then hang up and get it done. You’ll really be ok if you don’t see each other’s faces every time you talk.

That’s my advice for Working at Home during the Pandemic. Stay safe out there. In there. And if you need help writing somenthing, re-writing something, editing something, or teaching something, don’t forget to call on me for help.

Stay healthy.

Is your cybersecurity posture ready for the quarantine?

Just about a year ago, I was working for another company–one that had managed to both stay open and pay its employees during the government shutdown of 2018. During that time, we saw many government contractors that had it much worse and that went out of business or had to lay off staff in order to stay afloat. Before I left that company, I wrote an article for their blog about keeping ahead of your cybersecurity posture in the event of a financial hardship. It was aimed mostly at government contractors as a warning against another shutdown.

Who would have thought that our companies would be going fully or mostly remote? Who would have thought that we could be facing employees at home or sick in the hospital? Though most employees are still around at this point, I thought I’d revisit that article here with some takeaways from the government shutdown that can be applied to the 2020 quarantine.

  • Who is monitoring your audit logs or keeping your audit logs from overflowing and losing data? Remember to check your audit logs daily, even if it means teaching someone new to do it. If you’re still onsite, set up your system to use consolidated audit logging with a dashboard that is easy for a less technical person to use.
  • Are you keeping up with patches that are released during work shortages for both servers and powered-off computers? Even non-technical people who use computers know that their computers download and install critical patches each week. But when their computers are sitting in laptop bags or powered off on their desks, those computers are not receiving patches, and hackers know it. The skeleton crews working in IT may also allow server patches to go uninstalled in favor of more public-facing work. This poses a hacking risk once computers and servers are turned back on with known vulnerabilities still in place. To avoid these risks, automatically push updates to laptop and desktop computers. Ensure that your quarantined staff are turning on their laptops on the update day and leaving them on until they are patched. If there are powered-off desktops, designate a person who is in the office to update those computers if possible. For the servers, designate one IT employee to check for server patches one day per week and to oversee installing them.
  • Are you keeping up with electronic certificates? They can expire, making it easier for a hacker to spoof your web site. When do your web site’s certificates expire? Who responsible for knowing? Is the one person who knows the answer at home or worse, sick, when certificate renewal comes around? A certificate that has just expired has still expired, and with a web site showing expired certificates, a hacker can very easily spoof your web site. Know who is responsible for certificates and designate a back-up person. Add the date of expiration to both employees’ calendars so that someone knows it is happening.
  • Are you suceptable to “Social Engineering?” Your now-remote employees may reveal something on social media regarding what company they work for and that the company is on a skeleton crew. Even people who are usually vigilant about not mentioning their company’s name on social media may become less so when reporting to friends about their lives at home during this unprecedented time in their lives. Hackers aren’t taking the month off, and they will take advantage of any information they can glean from the web. Simply finding your company’s name, what area of the country you live in, and information about how few people are working could be the impetus for bad actors to turn to your company as an undefended target. It is a good policy in general to ask employees to keep their company name off of social media like Facebook and Twitter, so if you don’t have a policy in place for it, you might want to consider creating one now.

We are going to get through this! Social Distancing is in place for a good reason, but in some places it’s happening more quickly than some companies have time to consider putting policies and practices into place. Take action right now. Contact me if you need a referral to a good resource to help if you’re too small to do it yourself.

Be good to each other, and stay healthy.

An earlier version of this post was written by Lynne Glowacki and edited by Travis Johnson and was posted to the blog at HumanTouch in February 2019.

Four reasons that documentation should not be an afterthought

In starting LP&G Cyber Communications, I set out to get people to think about documentation for their IT projects from the beginning, instead of waiting until their projects are nearly done. But why? Don’t projects change? Why document what happens at the beginning of a project when documents might not be due until the end?

Reason 1: Memory is faulty, and you’ll forget why you made decisions. Let’s say you’re working in an Agile shop, and you are doing a pretty good job of tracking your work in Jira. What aren’t you tracking? What isn’t being recorded or documented? Did someone write down the flow chart that you sketched on a whiteboard? Or the discussions that happened after your scrum? When you get six sprints down the line, will you be able to remember why certain decisions were made, or when they were made? A technical writer can help you define which items to record and then keep them recorded for you, so that you have your information ready to show or review in the future.

Reason 2: When you are developing a suite of Life Cycle Documentation, having your writer involved from the beginning produces better documents with less input needed from the team. Your technical writer does not want to be handed a mostly completed document to “techwrite.” When we are involved from the beginning, we learn to understand the project, and we can do most of the writing ourselves, leaving only the most highly technical aspects to engineers, programmers, and other developers. When we are included from the beginning, by the time we get to the end of the life cycle, we can usually write the end-user documentation with very little input from the team, and we will already know who the audience is for any training.

Reason 3: If you are creating a system that changes every few weeks, a technical writer will help keep up with the end-user documentation. These days, applications do have updates every few weeks, and having someone who is keeping up with the changes to the end-user documentation puts you into a much better light with your customers. I was once brought in on a project that had a full year of bi-weekly updates with no changes to the end-user documentation, so the documents needed a complete overhaul. Imagine how frustrated those users must have been prior to the document update!

Your documentation might be required without you knowing it.

Reason 4: Your documentation might be required without you knowing it. Are you under contract with a government entity? Do you think you’re working under an Agile methodology? Have you actually read your contract? I have been brought in to document two years worth of Agile work with Enterprise Lifecycle (ELC) Documentation, because the government contract explicitly stated that the ELC documents were required, and the government Program Manager requested them two years into the project. Just because your PM has approved a specific development methodology doesn’t mean that the PM fully understands what that means in terms of documentation, and you need to be ready for anything.

Does all of this mean you need a full-time writer on your projects? Absolutely not. But building in your documentation from the beginning saves you time and money in the long run, while keeping your projects well-documented in case of turnover, continuity of operations, or other unforeseen circumstance as well.

On being precise

My son sat at his computer earlier this week: “I have to memorize this thing for Civics.”

“Is it the Preamble to the Constitution?”

“Yes… How did you know?”

“Because I had to memorize the Preamble to the Constitution when I was your age. I think everyone does. Or did. I’m not sure. Let’s say it.”

So we did, and he tried to memorize the words. “We the People of the United States, in Order to form a more perfect Union, establish Justice, insure domestic Tranquility, provide for the common defence, promote the general Welfare, and secure the Blessings of Liberty to ourselves and our Posterity, do ordain and establish this Constitution for the United States of America.” And he was really surprised that I knew it without looking at it, and again I said, “This is something you’re supposed to know, by heart, for the rest of your life.”

Later at dinner he started saying the words but he left some out. He added some. Suddenly they were providing common defense and promoting general welfare, and I said “NO. You must be precise. When you leave out words, you are changing the meaning.” Because promoting general welfare and promoting the general welfare are two different things. Establishing the Justice and Establishing Justice are two different things.

We live in a world where your language and your writing must be precise, because one change in a word, or one addition or subtraction of an article can change your meaning, and there are entirely too many people out there who would use your words against you. When writing anything–from an opinion piece to the news to a technical document–being imprecise can give the wrong impression, impart the wrong message, or give the wrong directions to your reader. Many will not notice. Some will be confused. But for some, your ability to impart information correctly and as intended can make all the difference.

On planning, journaling, and getting stuff done

It seems everyone has a method of planning their business these days. In my life I have had more planners than I’ve had professional years, and most of them are completely empty beyond March.

They are complicated. They are overwhelming.

Someone whom I trust and who is a really successful entrepreneur recommended a set of planning pages, and as soon as I saw what they included I knew that I would never use them. They have the Cheesecake Factory effect on me: absolutely too much information. This is why I always end up with the same meal. Scampi with Pasta and Oreo Cheesecake for dessert is fine.

This is why when my friend Izolda came out with her planning and journaling book, I was somewhat skeptical. But she actually tested it with a focus group, and based it on the method that she has used to get her stuff done. And boy does this woman get stuff done. So I bought a copy.

So far, I am impressed and definitely not overwhelmed with boxes and requests for information. It starts with a page for your professional and personal vision to meet over the following three months, with a place to imagine your reward for finishing. Each day has a place for gratitude, wins, state of mind, and check-in. Most importantly to me, each day limits you to three projects and three action items per project to complete and check off.

Why is this important to me? Because left unchecked, my brain will try to work on fifteen projects and unlimited action items per project. Or, given the business version of the Cheesecake Factory menu, I will completely freeze and work on the one thing I know I enjoy doing and forget about all of the things that really need attention. Keeping me to a total of nine action items will, I hope, keep me focused and allow me to work on just the things that I need to do that day to make my projects happen.

It’s almost a take on the One Thing from Gary Keller. When you can focus, you can discover the One Thing that you need to do to keep your business moving forward.

As for Izolda’s book, Get Your Stuff Done! has a check-in at the end of each week as well, for key realizations and accomplishments. Journaling is a big part of every day. You’d think that as a writer I wouldn’t have trouble journaling, but as they say, “It takes much brain to make the words go.” I could be better about personal reflection.

If you’d like to buy a copy of the book, follow my link (Amazon Affiliate link): Get Your Stuff Done! by Izolda Trakhtenberg