Tag Archives: skype

Your Social Posts: Hackers Love Them

Social media is embedded in our lives—Facebook alone had 1.79 billion daily users as of September 2016—which means cyber criminals are not far behind.

As companies increasingly rely on this digital channel for marketing, recruiting, customer service and other business functions, social media also has become a highly effective vehicle for cyber attacks. Outside of the corporate network perimeter and an organization’s control, it throws traditional security approaches out the window.

A growing category of digital risk monitoring vendors, identified by Forrester Research Inc. in a recent quarterly Wave report, are catering to this problem. According to the report, digital channels—social, mobile, web and dark web—“are now ground zero for cyber, brand and even physical attacks.”

The ways in which cyber criminals weaponize these channels are limited only by their imagination. Hackers can create fake corporate accounts for harvesting customer credentials, impersonate company executives, damage the brand’s reputation and post legitimate-looking links that contain malware.

See also: Hacking the Human: Social Engineering  

According to Cisco’s 2016 annual security report, Facebook, for example, was the top mechanism last year for delivering malware, through social engineering, in order to gain access to organizational networks.

“(Social media) is a business technology platform, and because it’s been adopted at all levels of business … organizations have to figure out how to protect it,” says Evan Blair, co-founder and chief business officer at ZeroFOX, a digital-risk monitoring (DRM) vendor launched in 2013.

“And it’s a gold mine for intelligence on individuals,” he adds.

Social media—the ideal weapon

The sheer volume of traffic on social networks is a magnet not only for businesses but also for the criminal element.

According to the Pew Research Center, 79% of internet users are on Facebook, the most popular social network. About a third of internet users are on Instagram, and a quarter are on Twitter.

Better click-through rates and lower advertising costs, among other things, are compelling companies to throw more money at social media advertising (Hootsuite estimates social media budgets have nearly doubled, from $16 billion in 2014 to $31 billion in 2016).

But it’s not just the growing numbers of users and increased brand presence that creates an attractive playground for bad actors. It’s easy to create accounts and instantly attract followers—which means it’s easier than email for reaching a massive number of people with a phishing attack.

Adding to the problem is that social media can be highly automated because it was built on an open API (application programming interface) that allows developers access to proprietary applications.“It’s a frictionless environment that allows you to communicate immediately,” says Devin Redmond, general manager and vice president of digital risk and compliance solutions for Proofpoint, another DRM vendor.

Blair says: “Social media was built with automation in mind. You can create an account that interacts completely autonomously.”

Even though email remains the medium of choice, according to various security companies, email phishing is on the decline. Social media phishing, on the other hand, is growing.

Why organizations are at risk

Eric Olson, vice president of intelligence operations at LookingGlass, says what makes digital risk a high priority is that it’s a business risk that touches multiple facets of an organization. It not just about cybersecurity—it also involves compliance, human resources and legal, among others.

He says it’s important for security practitioners to focus on the how — e.g. phishing — rather than the channel it came from.

“You have to be able to keep eyes in all the dark corners,” Olson says.

A new technique Proofpoint identified in 2016 is angler phishing. Bad actors create a fake social media account on, say, Twitter, using stolen branding. They watch for customer service requests addressed to the legitimate account for a bank or a service like PayPal. They then tweet a reply with a link to a lookalike fake website where the customer is asked to enter login credentials.

Despite this growing threat, however, many security practitioners are not aligned with social media, Redmond says.

“The pace of adoption of social by enterprises and the pace of the risks that are evolving around that are growing much faster than people are addressing those risks,” he says.

An emerging space

The offerings of the vendors in this space vary. For example, ZeroFOX focuses largely on social media. Proofpoint covers social, mobile, web and email. LookingGlass integrates machine readable/open source feeds, analyst services, threat intelligence tools and appliances.

Whatever approach they take, more security companies are likely to join in because the market is still growing.

But even savvy companies are struggling to secure these channels. The hacking of Microsoft’s Skype for Business Twitter account in 2014 is proof—the Syrian Electronic Army wasted no time tweeting negative messages after taking over the account. They got some 8,000 retweets.

See also: Social Media And The Insurance Implications  

“Social media is the best attack platform for a nation-state actor and sophisticated cyber criminals, not just because it’s the easiest one to leverage for compromise, but it’s also completely anonymous,” Blair says.

Redmond expects mobile to be another rising digital frontier, as more bad actors use fraudulent apps to do things like harvesting credentials.

“If you look at it through the lens of bad actors, they’ve figured out all these are effective vehicles,” he says. They don’t have to break in any more — they just have to pretend they’re someone else.

He adds, “They can do that more rapidly, at a greater scale, with less chance of detection.”

This post was written by Rodika Tollefson and first appeared on ThirdCertainty.

Dark Web and Other Scary Cyber Trends

We have all heard the continued drum beat regarding hacking. Anthem, Sony, Target, Home Depot, Experian and various government and military branches have all been hacked and have received their fair share of negative press. In each case, people were harmed, leaders were fired, brands were damaged and no one was really surprised.

I am not a singularly focused cybersecurity expert, but I have been up to my neck in tech for 30 years and have a knack for seeing emerging patterns and macro trends and stitching those together to synthesize consequences and outcomes. In the case of the Dark Web, none of that is good news; The emerging patterns should worry us all. As English historian (1608-1661) Thomas Fuller wrote, “Security is the mother of danger and the grandmother of destruction.”

See also: Best Practices in Cyber Security

Below is my list of the “Top 10 Scary Macro Cyberthreat Trends” –and this is still early days for them.

1. The Dark Web Pareto 

Over the last decade, the hacker population has gone from 80% aficionados/hacktivists/deep-end-of-the-pool techies and 20% professional criminals to 80% professional criminals and 20% “other.” To be clear, by “professional criminal” I mean organized criminals who are there for the money, not just to someone who broke the law.

2. “Lego-ization” of the Dark Web

Over the last few years, technology in the Dark Web has been changed from intricate, end-to-end hacks to a place where one merely assembles “legos” that are commercially available (albeit inside an anonymized criminal environment.) People don’t just buy tool kits with instructions but also the ability to buy “lego-ized” services like illicit call center agent time for more complex criminal activities such as getting access to someone’s bank account. Parts of the Dark Web look like IKEA without the assembly difficulty or the inevitable leftover parts.

3. The Dark Web embraces the capital-lite approach

Of course, the Dark Web has embraced the cloud-computing model for the reasons we see in the enterprise world. What this means to the criminal hacker or, more likely, hacker organization, is that they can now go asset-free and rent the assets they need when they need them.

For example, there are services for running a few hundred million password permutations in less than an hour for a few hundred dollars. Hackers no longer need to infect a massive amount of computers to fire up a denial-of-service hack; they can simply rent time on a botnet, a massive amount of “hijacked” computers up for sale in the Dark Web. Most companies still do not have a botwall to deflect bots.

Gameover ZeuS is a massive example of a botnet with one variant able to generate 10,000 domains a day with more than three million zombie computers — just in the U.S. Botnets are sometimes referred to as “zombie armies” (surely there’s a TV series in there somewhere.) The Bredolab botnet may have had as many as 30 million zombie computers.

See also: Demystifying “The Dark Web”

4. Clandestine versus brazen 

The bragging rights for revealing a hacking “accomplishment” was once a hallmark of this space. Over the past decade or so, that factor has greatly diminished. The criminal enterprise would like nothing more than to go unnoticed. The recent massive Experian hack only came to light after the Secret Service let Experian know some of its stuff had been found for sale in the Dark Web. Focusing on avoiding detection by adopting smarter methods, targets, distribution models and revenue capture is better business and is in line with a longer, sustainable view of profit. None of the criminal organizations have boards of directors that pressure them to hit the quarterly sales and operating income figures. A hack is not a moment in time; if a hacker can go undetected, he or she can milk the hack for years. This is worrisome.

5. The total available market has grown and is target-rich 

The target space for crime connected to an IP node has grown tremendously, and so has the value of the content. The massive increase in mobile IP addresses, the online transactions we do and IP-related things like stored value cards or mileage points makes a rich target for crime. It is 100x bigger than what it was just 10 to 15 years ago.

The target space’s growth is accelerating. After banking regulations on the minimum size of banks were relaxed in 1900, 2,000 banks were added in two years along with growth in the relatively new credit union sector. This increase in “target space” spawned bank robbers. The target space for Dark Web crime loves the increase in the target area and doesn’t mind that the “banks” are smaller. The number of people using the Web and the average amount of time spent on the Web continues to increase. I think with the advent of things like the Internet of Things, 5G, Li-Fi and a quantum leap in cloud computing capacity per unit cost, this increase will accelerate.

6. Small many versus big few 

Over the past decade, the trend in conjunction with the above items moved toward smaller “heists” but a lot more of them. Someone in Venezuela took $2 a month off my credit card for 18 months before it stopped. How many people would miss a dollar or two off a stored value card/account that has an auto-refill function like my Skype account does?

What sort of statistical controls would you put on your revenue flows (as a business) to even recognize that leakage? Of course, there are still big hacks going on, but a lot of those are just the front end of a B2B transaction that then sells off that big pool of hacked data to buyers in the criminal bazaar. Small, often and dispersed is harder to catch and more clandestine by nature.

7. Automation of the Dark Web

Timing is everything. As the Dark Web evolved into a scale-based, organized criminal environment, it leveraged modern automation from provisioning to tool sets to communications and even to billing.

Blackshades creepware is a great example of automation extending into the consumer product end. Available for $50, it has a point-and-click interface and has internalized all of the complexity and has automated hacking even for actors with very low-level tech skills. It allows the bad actor to browse files, steal data/passwords and use the camera (often relating to extortion). Blackshades infected more than 500,000 computers in more than 100 nations. A lot of the people who bought this did not have the skills to do any hacking without this kind of automation.

8. Tech getting better, faster, cheaper while talent improves

Late last year, TalkTalk, an ISP quad-play provider in the U.K., got hacked and held for ransom by four teenagers. The company estimates $90 million of cost tied to this hack, and no one really knows what the cost of the brand damage has been. There’s also a third of the company’s market cap gone, and it lost 95,000 customers. In all fairness, TalkTalk’s security was poor. The point here is that the technology in the Dark Web is getting faster, better and cheaper. At the same time, the average talent level is rising, which may not be the case in the non-criminal tech world.

There are three factors at play:

  1. Communities of collaboration and learning are becoming commonplace. Blackshades is a great example of a malicious tool with a super-low point of entry (price and tech skills) backed up by great online help and a community site.
  2. The likes of the Metropolitan Police Cyber Unit (London), the FBI, Interpol, etc. are all very effective and are continually improving organizations that stop crime and lock up cyber criminals. In some ways, this is a culling of the herd that also serves to create a positive Darwinian push on the average talent in the Dark Web.
  3. The giant upside financial opportunity to using tech skills for nefarious purposes creates a big gravitational pull that is only enhanced by recent economic and national turmoil, especially in places like Eastern Europe, Russia and Ukraine. In addition to that, state-sponsored or affiliated hackers with military-like rigor in their training can often make money moonlighting in the criminal world.

The combination of forces raising the talent level and the continued improvement of technology make for a bad combo. The Dark Web is also embracing open sourcing. Peer-to-peer bitcoin-based plays may become the next dark commerce platform.

9. The Dark Web itself

The Dark Web has evolved over the past decade or so from a foggy, barely penetrable space to a labyrinth of loosely connected actors and now to a massive, modernized bazaar thriving with commercial activity with a huge neon sign on the front door saying “Open for Business.” It is not just a bazaar, it is a huge B2B marketplace where the best criminals can resell their wares whole or in “lego-ized” pieces. Some of these criminals even offer testimonials and performance guarantees!

The Dark Web has moved from what economists call “perfect competition” to a more imperfect model trending toward oligopoly. In simpler terms, it is not a sea of malevolent individuals but, rather, the domain of organized businesses that happen to be largely illegal. These are organizations of scale that must be run like a business. This new structure will evolve, adapt and grow so much faster than the prior structure because these organizations have mission-focus and cash-flow pressures. Of course, the market forces common in a bazaar will winnow out low-value and defective products quickly, simply because word travels fast and customers vote with their wallets. 

10. The truly ugly “What’s next?” section

Like many thriving businesses, there is a tendency to move into adjacencies and nearby markets. This has already happened.

There is a lot of money in fiddling with clickstreams and online advertising flows. Bots account for about 50% of the traffic on the Internet; of those, about 60% are bad bots.

There is money to be made in transportation. One can buy fake waybills on the Dark Web to ship a crate to, say, Kiev at a fraction of the price FedEx or UPS would charge, even though the package will travel through FedEx or UPS.

Here are four emerging and even more worrisome areas that could be leveraged (in a bad way) by sophisticated, tech-savvy commercial criminal enterprises that are alive and thriving today in the Dark Web.

  • Internet of Things – It is just the beginning for the IoT. If you click here, you can read a paper on what may drive the amazing growth and where the potential is. The available talent who know how to secure devices, sensors and tags from hacks and stop those hacks from jumping five hops up a network are few and far between, and they don’t normally work in the consumer and industrial spaces that make stuff and that have decided to make an IP-enabled model. Few boards in the Fortune 500 can have an intelligent conversation about cybersecurity at any level of detail that matters. In short, over the next few years, IoT may be a giant hunting ground. For instance, what if a hacker goes through the air conditioning control system to point-of-sale devices and steals credit card info? That is a target with a big bull’s eye on it. (That is what happened to Target.)
  • Robotics – This is a little further out, and the criminal cash flow is a little harder to predict, but IP-connected robots is a space that will grow exponentially over the next decade and be at key points in manufacturing, military and medical process flows. What is the ransom for holding a bottling plant hostage? The Samsung SGR -1 (no, not a new phone) is a thermal imaging, video-sensing robot with a highly accurate laser targeting gun that can kill someone from 3,000 yards out. The Oerlikon GDF005 is a less-sophisticated antiaircraft “gunbot” that is, in part, designed to be turned on and left to shoot down drones. These things are both hackable. 
  • Biochem – What if some of the above Dark Web trends extend into this area, renting assets and expertise, point-and-click front-end designs? The bad news is that this seems to have started. 
  • The over-the-horizon worries – Nanotech, Li-Fi, AI, synthetic biology, brain computer interface (BCI) and genomics are all areas that, at some point in their evolution, will draw a critical mass of criminal Dark Web interest. The advances in these areas are at an astounding pace. They are parts of the near future, not the distant future. If you have not looked at CRISPR, google it. Things like CRISPR, coupled with progressively better economics, are going to supercharge this space. Li-Fi, coupled with 5G and the IoT (including accelerated growth in soft sensors), will create a large target space. The Open BCI maker community is growing quickly and holds enormous promise. Take a look at the Open BCI online shop and see what you could put together for $2,000 or  $10,000. The Ultracortex Mark IV is mind-blowing (not literally) and only $299.

All of this is going to get worse before it gets better. This is clearly not a fair fight. This is a target-rich environment that is growing faster than almost anyone anticipated. The bad actors are progressively getting better organized, smarter and better built for “success.” Interpol, the FBI and other law enforcement agencies do great work, but a lot of it is after-the-fact.

Enterprises need new approaches to network-centric compartmentalized security. New thinking about upstream behavioral preventative design is needed for robustly secure IoT plays.

National organizations in law enforcement and intelligence need to think through fighting a borderless, adaptive, well-funded, loosely coupled, highly motivated force like those under the Dark Web umbrella. Those national organizations probably need to play as much offense as defense. Multiple siloed police and intelligence units that are bounded geographically, organizationally, financially and culturally probably will start out with a disadvantage.

This article was originally published on SandHill.com. The story can be found here.

It’s Time to Embrace Telemedicine

At hospitals and clinics across New Jersey, thousands of new doctors could soon be on call — literally.

In Trenton, lawmakers are considering two bills that would enable doctors and patients to skip the office visit and conduct appointments using video-conferencing tools like Skype.

They’re right to embrace this kind of technology. The increasing use of “telemedicine” promises to improve patients’ access to doctors and slash healthcare costs.

Virtual medicine makes it a lot easier — and cheaper — to see the doctor. By first consulting with a patient by video, doctors and nurses can determine whether a costly in-person trip to the emergency room or to the doctor’s office is necessary — or whether two aspirin and plenty of rest will do.

See Also: 5 Questions on Telemedicine Coverage

For patients who end up in the hospital, telemedicine can facilitate faster and cheaper convalescence.

Consider a patient recovering from heart surgery. His doctor may want to continuously monitor his blood pressure and pulse. Telemedicine can accomplish that remotely and automatically. That saves the patient the trip and the doctor the time measuring those vital signs.

Telemedicine can also save money. Take a program called Health Buddy, which asks patients daily, tailored questions about their health through a handheld device at home. After reviewing the answers, doctors know when and how to offer care. A study published in Health Affairs found that Health Buddy reduced Medicare spending by as much as 13% per patient.

Other programs offer patients hospital-level care inside their own homes. Doctors and nurses visit one to two times a day while other providers monitor vital signs remotely. Participating patients often require fewer tests and less time under observation, so these “hospital at home” programs can cut costs by 19% compared with conventional inpatient care.

Telemedicine can also alleviate the mental stress of being sick. Someone diagnosed with heart disease, for instance, may understandably worry about his prognosis. That can take a toll on his physical health and jeopardize his chances of recovery.

Healthcare providers can ease these concerns with remote counseling. One such telecounseling program helped cardiovascular disease patients deal with anxiety and depression through video sessions. Over six months, the program reduced hospital admissions by 38% compared with a control group, according to a report published by the American Journal of Managed Care.

Telemedicine can improve healthcare providers’ ability to communicate with one another, too. By connecting doctors with health workers in emergency rooms, for example, telemedicine can prevent 850,000 unnecessary transfers between ERs each year. The savings? More than $530 million.

There’s even evidence that telemedicine can offer care that’s superior to inpatient care. Take Teladoc, a videoconferencing technology that allows patients to consult with a doctor around the clock. According to one study, those who used Teladoc were less likely to need to see the doctor again for the same illness than patients who actually went to the doctor’s office.

Finally, telemedicine may also decrease wait times. American Well, for example, offers a mobile app that allows patients to send out a request for a doctor — much like one does for an Uber — and the first to respond does the consultation via videoconferencing. Over the last three years, the average wait time has been three minutes.

See Also: Questions to Ask on Telemedicine Risk

New Jersey’s lawmakers seem to be paying attention to all this research, particularly Sens. Joe Vitale, D-Middlesex, and Shirley Turner, D-Mercer, and Assembly representatives Pamela Lampitt, D-Burlington-Camden, and Daniel Benson, D-Mercer-Middlesex. One of Lampitt’s bills (A-2668) would establish parity for insurance coverage of telemedicine with conventional in-patient care. A bill sponsored by Vitale (S-291) would allow patients to seek telemedicine services from out-of-state doctors. This latter measure would also permit New Jersey’s Medicaid program to reimburse for telemedicine.

Thus far, the Garden State has been slow to adopt telemedicine. Insurers in many other states already cover it. The American Telemedicine Association recently gave New Jersey six Fs on crucial telemedicine issues, including allowing for the reimbursement of remote patient monitoring and videoconferencing.

State leaders now have the chance to raise those grades. Telemedicine controls costs and improves patients’ health. It’s time for New Jersey to take advantage.

Risk Management for Human Capital

A contractor’s most important resource, and one of its leading costs, is its employees. By investing in employee, supervisory and leadership development programs, those in construction and facilities management (CFMs) can expect positive ROI and other measurable outcomes in both risk management and human capital. This strategy combines organizational development practices to leverage human capital risk management and protect a company’s bottom line.

What Is Human Capital Risk Management?

Defined as leveraging human resource assets to achieve an organization’s strategic and operational goals, human capital risk management implies the following realities for CFMs to consider:

  • Human capital is a tangible asset
  • Human capital yields tangible and intangible results
  • Human capital can generate a positive or negative rate of return
  • Human capital risk management can create a sustainable competitive advantage

Benefits & Consequences

There are numerous benefits of leveraging human capital risk management strategies. Likewise, there are serious consequences for failing to effectively manage human capital risk management strategies.

The categories of human capital costs include salaries, health and retirement benefits, workers’ comp and other required insurance costs (e.g., state and federal unemployment taxes). Other possible human capital costs stem from losses attributable to consequences from unsuccessful human capital risk management practices, including: fraud and internal theft; absenteeism; substance abuse; and costs of incidents, accidents and injuries that include workers’ comp losses and resulting third-party liabilities. These costs can be affected by the type of contractor, where the contractor (or project) is located, whether the contractor is union or merit shop and other variables.

benef

The Shift from HR to Talent Management

Two talent pipeline concerns are prevalent in the industry: the looming mass exodus of Baby Boomers from the construction workforce, and concerns about how to engage Millennials long enough to develop their skills and prepare them for future leadership roles.

develop

Today, senior business leaders are looking to the HR function to provide innovative solutions to attract, retain and grow their talent. The evolution of HR to a talent management model focuses on processes leading to organizational development. As a result, the modern HR department is responsible for seven fundamental functions:

1)    Compliance – Ensure regulatory and legal compliance

2)    Recruitment – Find a work force

3)    Employee Relations – Manage a work force

4)    Retention – Maintain a work force

5)    Engagement – Build an engaged work force

6)    Talent Development – Create a high-performing work force

7)    Strategic Leadership – Plan for a future work force

Investing in human capital makes good business sense, especially considering the costs to recruit, onboard and train a new employee. Not only is employment advertising and recruiting costly, but there are also other adverse impacts to the business. Work previously being done by the exiting employee still needs to be completed, so it falls to teammates and the supervisor.

A new employee typically does not reach full productivity until at least four to six months into her new role. In total, the lost productivity costs to turn over one employee is at least six months.

The Link Between Employee Engagement & Business Performance

Engaged employees want both themselves and the company to succeed. However, companies often only focus on employee satisfaction, which can lead to complacency and a sense of entitlement. Employee engagement is frequently defined as the discretionary effort put forth by employees – going above and beyond to make a difference in their work. Discretionary effort is the extra effort employees want to give because of the emotional commitment they have to their organization.

Unlocking employee potential to drive high performance results in business success. However, according to research by the Employee Engagement Group, 70% of all employees from all industries are disengaged. Employees with lower engagement are four times more likely to leave their jobs than highly engaged employees. And disengaged managers are three times more likely to have disengaged employees.

Research shows employees become more engaged when business leaders are trusted, care about their employees and demonstrate competence. By working to engage their employees, contractors can improve their productivity, innovation and customer service. They can reduce incident rates and decrease voluntary attrition.

One of the earliest links between employee satisfaction and business performance appeared in First, Break All the Rules: What the World’s Greatest Managers Do Differently, which includes a cross-industry study that demonstrated a clear link among four business performance outcomes: productivity, profitability, employee retention and customer satisfaction.

12 q

The organizations that ranked in the top quartile of that exercise reported these performance outcomes associated with increased employee engagement:

  • 50% more likely to have lower turnover
  • 56% more likely to have higher-than-average customer loyalty
  • 38% more likely to have above-average productivity
  • 27% more likely to report higher profitability

Recognizing and acting on the correlation between engaged employees and business performance will directly affect the bottom line. Some strategies employers can implement to increase employee engagement include:

  • Focus on purpose and values vs. policies and procedures, which has led companies to outperform their competitors by six times.
  • Encourage empowerment and innovation, then reinforce and reward the right behaviors.
  • Unleash the flow of information and ensure individuals have a clear understanding of how their particular job contributes to the company’s strategy and mission.
  • Understand and demonstrate that work/life balance is important.

Developing Sustainable Leadership & Human Capital Strategies

Many organizations are hyperfocused on implementing training programs and processes. However, training should not be the only activity. Effective human capital management demands forward thinking and strategic planning about how contractors can engage their human resources to make a difference in driving the business forward into the future.

A spectrum of sustainable employee, supervisory and human capital and leadership development strategies includes orienting/onboarding, performance reviews and developmental plans, coaching/mentoring, job rotation and cross-training, 360-degree feedback surveys, defining career paths, work/life balance and competency assessment.

Research & Connect With Peers

Developing a sustainable human capital development program can seem overwhelming, but that does not need to be the case. Reach out and connect with peers and subject matter experts to identify and share best practices and challenges. There are many resources available that can be tailored or adapted to meet your business needs.

Define & Align Sustainable Long-Term Human Capital Strategies

It is essential to not only align human capital strategies with core business strategies but to also continually review them to ensure long-term sustainability and to address areas for development and improvement. Connecting these areas of focus will ensure a consistent vision is communicated and executed throughout the organization.

To gain a better understanding of your company’s human capital strategic thinking and planning, conduct a needs assessment or gap analysis. Based on the results, a human capital action plan can be developed to help guide your company’s future human capital leadership and investment.

Integrate Human Capital Strategies With Organizational Culture

All human capital strategies should closely align with a company’s intended organizational culture. The strategies may require a shift in culture, but not so much that it creates implementation barriers. Having a formal rollout and communication plan developed in advance will help prepare employees for the coming change.

A variety of communication approaches helps to reach all intended stakeholders and should include what, why and expected outcomes. To ensure all employees “hear” the message, communicate strategies that outline a clear plan and are easy to follow through creative visual and auditory media. Examples include interactive meetings to communicate coming changes, postcards with graphics that present the message, e-mails that are fun and positive, conference calls so people can participate regardless of location, as well as podcasts, webinars, Skype, etc.

Implement Talent Review & Succession Planning

To create a culture of learning and development, contractors should include all employees in their talent development practices rather than focus only on preconceived “high potentials.” Through an effective talent review process, managers can determine the potential future and developmental needs of all employees.

Effective talent review discussions will unveil high-potential employees, which will help populate employee development
and succession plans. True high potentials should be given stretch goals to be accomplished throughout the year to aid in assessing and developing their readiness for future roles.

Everyone Is a Leader

At the end of the day, it is not realistic to expect companies to provide the same training to all employees. However, it is important to remember that everyone is a leader in what they do. Setting these expectations better prepares employees for future leadership roles and helps to build accountability across the company.

Importantly, not all leadership competencies and behaviors will apply to every position. However, by consistently applying higher performance expectations across the organization, employees who were not previously considered high-potentials might begin to excel and even surpass previously identified potential levels. You never know when a new rock star employee will emerge!

Case Study: Lakeside Industries’ Annual Leadership Conference

Lakeside Industries, Issaquah, WA, is a third-generation family-owned business operating for more than 60 years. A producer of hot mix asphalt and paving contractor with 20 locations in Washington, Oregon and Idaho, Lakeside Industries has a total of 625 employees and is signatory to various locals of three labor unions: Laborers, Operating Engineers and Teamsters.

The vision of the company’s third-generation President Michael Lee is to “attain exceptional performance in everything we do.” In this case, “exceptional” has been further defined as aspiring to attain “world-class” performance. He says:

“Several years ago, we realized the need to invest in its leaders. We know that effective leaders translate to improved quality, employee engagement, better communication, fewer incidents, higher production, etc. Each of our 12 divisions operates as an individual entity with its own crews, shops, plants, and fleets. Geography and diversity produce challenges related to training.

“We started with two groups. Managers and PMs were in one group, and superintendents were in the other. Each group met once a year locally to share ideas, procedures and challenges.

“We also used this time to conduct leadership training. Sometimes instruction was internal, and sometimes we brought in external experts. While this was a great start, we knew we needed more consistency communicating company objectives, ethics and expectations. Many of our foremen never had any formal leadership training.

“So, for the past few years, we’ve had one annual meeting that includes every employee in a leadership position. Managers, PMs, superintendents, foremen and anyone who supervises another employee is invited; about 175 people attend annually. To remove distractions, we hold the three-day meeting in Denver, CO.

“Each year we decide which company goals are our top priorities. We bring in a speaker to communicate those goals and to motivate and train our leaders.

“A very popular component is the breakout sessions. All PMs and superintendents meet in groups, as do paving foremen, project superintendents, traffic control supervisors and so on. There are usually 10-12 breakout groups that are conducted by a facilitator in a roundtable format to address issues specific to their positions. We have also conducted breakout sessions by division. It’s an opportunity for division leaders to communicate outside of their daily busy environments and set goals for the coming year. We ensure training is interactive and effective. There is also time for relationship building with recreational activities.

“An important component of this concept is follow-up. It’s essential to repeat and reinforce what was learned when we return home to our busy routines. HR and risk management/safety work with division managers to integrate learned concepts into daily operations. Key learning points are communicated to all of our employees.

“Our vision is for the entire company – from divisional and departmental managers to field staff – to understand and implement our goals and expectations. We want all employees on the same ship, sailing in the same direction, and we work on this all year.

“We started with the goal of training effective leaders, but we’ve unexpectedly achieved so much more. There is improved communication among peer groups including:

  • we have innovation, new lines of communication, collaboration and lasting relationships;
  • our leaders are now united and understand the company’s vision; and
  • our leaders make better decisions and communicate more effectively, resulting in more engaged employees, improved quality, and what we call safe production.

“The bottom line: This leadership conference is absolutely worth the investment.”

Conclusion

As the construction labor market tightens because of demographic, societal and industry shifts, finding and keeping skilled workers will become increasingly challenging. Progressive workforce development strategies can differentiate contractors as employers of choice.

constr

CFMs who think strategically recognize that employee, supervisory and leadership development programs, processes and practices can provide a competitive advantage. Investments in human capital yield tangible and intangible gains that improve productivity, quality, risk, safety and financial performance. This should neither be unexpected nor surprising: after all, people are our greatest asset.

This article was co-written by Tana Blair and Tammy Vibbert. Tana Blair is responsible for organizational and leadership development at Lakeside Industries in Issaquah, WA. S he can be reached attana.blair@lakesideindustries.com. Tammy Vibbert is the director of human resources at Lakeside Industries in Issaquah, WA. She can be reached at tammy.vibbert@lakesideindustries.com.

Copyright © 2015 by the Construction Financial Management Association. All rights reserved. This article first appeared in CFMA Building Profits. Reprinted with permission. 

Era of Computational Abundance Is Here

As a user of computing resources for almost 50 years, I have seen changes that were unimaginable in prospect and are still dramatic in retrospect. Nevertheless, throughout my career I have always felt I could rely on one iron-clad proposition, namely, “Computers are never fast enough.” It seemed clear to me that the human imagination would always run well ahead of the ability of computers to keep pace. In effect, we were operating in a world of computational scarcity, and always would be.

At some level, I feel sure this Law of Computational Scarcity will continue to apply. Nevertheless, within my limited focus on the domain of information systems for economics, finance, accounting and risk management, I have become convinced that I must surrender the conviction of a lifetime. In this domain, I believe we are entering an Era of Computational Abundance.

A recent straw in the wind was Google’s announcement that it is abandoning the use of Captchas – distorted text that is used online to distinguish humans from web robots. It seems the robots can decipher even the most difficult Captchas 99.8% of the time.

While growth in the Internet of Things – devices that are connected to the web, such as driverless cars – will likely be constrained by limited computing capacity, the resources produced to make this a reality at all will swamp traditional computing domains such as financial risk management. A relevant recent example of this phenomenon is the revolution in international voice communications. Fifteen years ago, international phone calls were notably expensive; today, they are practically free on Skype, Apple FaceTime, Vonage and other alternatives. How did this happen? In effect, we built a huge global communication capacity geared to support the new market of streaming video. In this context, voice became almost a rounding error. It could be a virtual giveaway relative to the massive expansion in global communication capacity.

As global computing capacity expands exponentially, driven by things talking to each other rather than to people, traditional business computing will start to take on a role similar to voice communications over the past 15 years. It will be swimming in an ocean of computational abundance. This raises important technological and sociological difficulties.

Virtually all existing business computing systems have been built around an architecture rooted in the mentality of computational scarcity. Minimizing storage requirements and CPU cycles has always been a key goal for system architects and developers. This has a serious downside. A crucial technique for achieving computational parsimony is to embed information in formal structures – the schemas that underlie relational database designs are pervasive examples of this. Such schemas economize on storage and CPU requirements but, because of multiple, inconsistent schemas, effectively mask important metadata needed to consolidate the underlying information across databases.

An architecture based on computational abundance will look very different and can only be implemented incrementally. During the transition, these two architectures will have to operate in tandem. One way this can work is to build enterprise data stores on the basis of the new realities. This would employ traditional extract, transform and load tools to access data from source systems but store the results in transparent, self-describing documents rather than in a complex and inflexible relational data warehouse.

At least as big a problem will be the sociological one. Hardly any IT professional under 50 years of age has stored data in any fashion other than in relational databases. This deeply ingrained bias will be hard to overcome. In the 1960s, it was accepted wisdom that, “No one is ever fired for buying IBM.” Today, it is accepted wisdom that, “No one is ever fired for buying Oracle database licences.” The effectiveness of relational databases within narrow applications for which they are designed reinforces this bias.

Top management needs to impress the importance of enterprise- wide data transparency on its IT staff. Those that do not will risk being dangerously slow in reaping the benefits of computational abundance.