Tag Archives: yahoo

Why To-Do Lists Don’t Work

Do you really think Richard Branson and Bill Gates write a long to-do list with prioritized items as A1, A2, B1, B2, C1 and on and on?

In my research into time management and productivity best practices, I’ve interviewed more than 200 billionaires, Olympians, straight-A students and entrepreneurs. I always ask them to give me their best time management and productivity advice. And none of them has ever mentioned a to-do list.

There are three big problems with to-do lists:

First, a to-do list doesn’t account for time. When we have a long list of tasks, we tend to tackle those that can be completed quickly, leaving the longer items left undone. Research from the company iDoneThis indicates that 41% of all to-do list items are never completed!

Second, a to-do list doesn’t distinguish between urgent and important. Once again, our impulse is to fight the urgent and ignore the important. (Are you overdue for your next colonoscopy or mammogram?)

Third, to-do lists contribute to stress. In what’s known in psychology as the Zeigarnik effect, unfinished tasks contribute to intrusive, uncontrolled thoughts. It’s no wonder we feel so overwhelmed in the day but fight insomnia at night.

In all my research, there is one consistent theme that keeps coming up:

Ultra-productive people don’t work from a to-do list, but they do live and work from their calendar.

Shannon Miller won seven Olympic medals as a member of the 1992 and 1996 U.S. Olympic gymnastics team, and today she is a busy entrepreneur and author of It’s Not About Perfect. In a recent interview, she told me:

“During training, I balanced family time, chores, schoolwork, Olympic training, appearances and other obligations by outlining a very specific schedule. I was forced to prioritize…To this day, I keep a schedule that is almost minute-by-minute.”

Dave Kerpen is the cofounder of two successful start-ups and a New York Times-best-selling author. When I asked him to reveal his secrets for getting things done, he replied:

“If it’s not in my calendar, it won’t get done. But if it is in my calendar, it will get done. I schedule out every 15 minutes of every day to conduct meetings, review materials, write and do any activities I need to get done. And while I take meetings with just about anyone who wants to meet with me, I reserve just one hour a week for these ‘office hours.'”

Chris Ducker successfully juggles multiple roles as an entrepreneur, best-selling author and host of the New Business Podcast. What did he tell me his secret was?

“I simply put everything on my schedule. That’s it. Everything I do on a day-to-day basis gets put on my schedule. Thirty minutes of social media–on the schedule. Forty-five minutes of email management–on the schedule. Catching up with my virtual team–on the schedule…Bottom line, if it doesn’t get scheduled, it doesn’t get done.”

There are several key concepts to managing your life using your calendar instead of a to-do list:

First, make the default event duration in your calendar only 15 minutes. If you use Google Calendar or the calendar in Outlook, it’s likely that when you add an event to your calendar it is automatically scheduled for 30 or even 60 minutes. Ultra-productive people only spend as much time as is necessary for each task. Yahoo CEO Marissa Mayer is notorious for conducting meetings with colleagues in as little as five minutes. When your default setting is 15 minutes, you’ll automatically discover that you can fit more tasks into each day.

Second, time-block the most important things in your life, first. Don’t let your calendar fill up randomly by accepting every request that comes your way. You should first get clear on your life and career priorities and pre-schedule sacred time-blocks for these items. That might include two hours each morning to work on the strategic plan your boss asked you for. But your calendar should also include time blocks for things like exercise, date night or other items that align with your core life values.

Third, schedule everything. Instead of checking email every few minutes, schedule three times a day to process it. Instead of writing “Call back my sister” on your to-do list, go ahead and put it on your calendar or even better establish a recurring time block each afternoon to “return phone calls.”

That which is scheduled actually gets done.

How much less stress would you feel, and more productive would you be, if you could rip up your to-do list and work from your calendar instead?

3 Game Changers — and How to Survive

The follow-the-leader principle works on a trail that has proven to be relatively safe from perils and predators. However, when new frontiers are breached, a new kind of leadership is required for survival.

Insurers have generally been able to just follow the leader for ages, but now a new frontier has been breached. The insurance industry is vulnerable to three game changers that consumers are eager to embrace.

Drawing on remarks I made recently at a keynote for the National Association of Mutual Insurance Companies Annual Conference, here are the game changers:

The first big disrupter is data collection. Insurance is built on the principle of using accurate data and statistics to build underwriting financial models that serve to predict behavior and events from an actuarial or probability standpoint. London’s Edward Lloyd figured this out when he opened his coffee shop in 1688, and people started selling insurance to merchants and ship owners. His motto was fidentia, Latin for confidence. We now refer to “confidence factors” when estimating future losses.

Insurers have been notorious for using forms to collect data. But, today, a person is subjected to more new information in one day than a person in the Middle Ages saw in his entire life. If modern competitors to the insurance industry can obtain more accurate data in a faster and more in-depth manner, they may beat insurers at their own game.

With cloud computing and its infinite data storage/retrieval capability, trillions of bits of information relating to insureds are available. Data sources track things like profile patterns, such as personal Internet searches or satellite surveillance data. Relevant data can be mined and analyzed to build a risk model for every insurable consumer or business peril from property and vehicle insurance to earthquake and weather insurance.

The five biggest data collectors on the planet are Google, Apple, Facebook, Yahoo and Amazon. These high-tech companies have the ability, financial resources and potential desire to foray into the insurance industry. Keep in mind that in 2014 the world’s top 10 insurers received $1.2 trillion in revenue, yet surveys have shown that people around the world have grown to use and trust the products and services provided by the five biggest data collectors.

Accessibility and familiarity are allowing profitable new brands to replace old brands. Consumers also prefer and use third-party validation and independent comparisons found on websites.

What does this spell for the insurance industry? Sadly, consumers have grown more uncomfortable with reliance on and interaction with agent relationships. John Maynard Keynes once said: “The difficulty lies not so much in developing new ideas, as in escaping from old ones.”

The second emerging threat to insurance is botsourcing — the replacement of human jobs by robotics. The robots haven’t just hatched in agriculture or auto assembly plants — they’re expanding in a variety of skills, moving up the corporate ladder, showing awesome productivity and retention rates and increasingly shoving aside their human counterparts.

Google won a patent recently to start building worker robots with personalities. Move over, Siri.

Author and entrepreneur Martin Ford, in his book Rise of the Robots, argues that artificial intelligence (AI) and robotics will soon overhaul our economy. Increasingly, machines will be able to take care of themselves, and fewer jobs will be necessary.

Reassessment of the way we employ our workforce is essential to cope with this new industrial revolution. The lucrative insurance realm of personal and product liability insurance lines and workers’ comp is being tempered as human risk factors — especially in high-risk areas — give way to robotics. The saying goes: “Management is doing things right, but leadership is doing the right things.”

How will the insurance industry react to the accelerating technology of bot-sourcing?

The third emerging threat to the insurance industry that has received enormous attention this past year autonomous vehicles. More than a half-dozen carmakers, as well as Google and Uber, predict that self-driving vehicles will be commonplace on our roads between 2017 and 2020. Tesla Motors CEO and general future-tech proponent Elon Musk has predicted that human drivers could someday be outlawed. Humans cannot outperform an autonomous vehicle, which can assess and react to more than 7,000 driving threats per second. There are no incidents of driver impairment, reckless driving, DUIs, road rage, driver texting, speeding or inattention.

With a plethora of electronic distractions, increased safety can only be achieved when human drivers are removed from the equation. Automakers have employed an incremental approach to safety in their current models. These new technologies are clever and helpful but do not remove the risks. There’s a phenomenon called the Peltzman Effect, based on research from an economist at the University of Chicago who studied auto accidents. He found that, when you introduce more safety features like seatbelts into cars, the number of fatalities and injuries doesn’t drop. The reason is that people compensate for it. When you have a safety net in place, people will naturally take more risks. Today, 35,000 vehicle occupants die in the U.S. because of auto accidents. Autonomous vehicles are expected to cut auto-related deaths and injuries by 80% or more.

One of the biggest revenue sources to insurers is vehicle insurance. As autonomous vehicles take over our roads and highways, you need to address all the numerous unanswered questions relating to the risk playing field. Who will own the vehicles? How can you assess the potential liability of software failure or cyberattacks? Will insurers still have a role? Where will legal liabilities fall? Who will lead the call to sort these issues out?

Clearly, the lucrative auto insurance market will change drastically. Insurance and reinsurance company leadership will be an essential ingredient to address this disruptive technology.

As I told the conference: Count on Insurance Thought Leadership to play a significant role in addressing these and other disruptive technologies facing the insurance industry. A Chinese proverb says: “Not the cry, but the flight of a wild duck, leads the flock to fly and follow.”

Claims Lessons From the Feds (Truly)

The federal government is likely not the first place you would look for innovative inspiration and lessons on implementation. The old stereotypes of stacks of paper gathering dust in corners, outdated technology and endless processes still exist to some degree, but the government is making huge strides in the digital space, and insurers can take note.

Recently, I read an article from Yahoo Politics about some new features on FEMA’s (the Federal Emergency Management Agency) mobile application. The app has been around for nearly three years, but in the last few months FEMA has rolled out social media features and geo-spacial weather alerts that allow the app to be customized to users’ own experience before, during and after a disaster.

Claims organizations can learn these lessons and offer some of these features to customers. For example, following a disaster, the FEMA app now has a “Disaster Reporter” tab where survivors can upload pictures from their phone and also view other photos or damage or loss of property. If applicable, companies could offer the same services for its customers following a major disaster; it could build a sense of community and also offer insurers valuable information shared directly from the disaster source.

Not only would insurance companies benefit from having this capability for their own use, but now they can also leverage information being gathered and publicly accessible directly from FEMA. Claims organizations can also verify data being uploaded from a disaster zone to filed claims. This capability is part of a systemic change in claims where data can be gathered and analyzed from both internal and external sources. In addition, because FEMA is taking a step to modernize its messaging through mobile applications, the agency is making the country more prepared and more resilient, which equates to less risk of loss of property after a disaster.

The government will only continue to modernize its public services. While they don’t move at the same rate as private enterprise, what we are starting to see is unique sets of public data gathered by the government that can be repurposed in insurance. The privacy and verification of taking data from the government remains to be seen. But for now, the playing field looks promising to capitalize on these opportunities.

Cloud Apps Routinely Expose Sensitive Data

An alarming number of cloud-based apps used by enterprise employees don’t encrypt data at rest or require two-factor authentication.

And an astounding number of employees are still uploading highly sensitive data to the cloud and sharing files on unsecured platforms, according to the Cloud Adoption Risk Report Q4 2014 from cloud security vendor Skyhigh Networks.

Security & Privacy News Roundup: Stay abreast of key developments on cybersecurity and online privacy topics

The recent breach of 80 million records at health insurer Anthem was an example of how cloud services that don’t encrypt data leave personal records exposed to savvy cybercriminals.

The Q4 report was based on usage data from 15 million employees at 350 companies worldwide. It found that the average company used 897 cloud services in the fourth quarter of 2014, up from 626 the year before.

Data at Risk

While the number of cloud providers that have invested in key security features more than doubled last year, still only 11% encrypt “data at rest” — inactive files stored in data bases. Only 17% have multifactor authentication.

“In light of the recent breaches, that’s alarming,” says Kamal Shah, Skyhigh’s vice president of products and marketing.

“The Anthem breach is a great example of how, if you’re not careful, cloud services can be used to exfiltrate data out of the organization,” he says.

More than a third of users uploaded at least one file with sensitive information to a file-sharing cloud service, Skyhigh found. Some of that information included customer Social Security numbers (SSN), date of birth, credit card or bank account numbers and personal health records.

Skyhigh also found that 22% of files uploaded to cloud-based file sharing apps had sensitive or confidential information. At the same time, 11% of documents were shared outside the enterprise, and 18% through third-party email services like Gmail, Yahoo and Hotmail, which don’t encrypt data at rest.

File-Sharing Exposure

The growing trend in file sharing is driven by the limitations of email, Shah says. Besides having size constraints as files get larger, email is a static environment.

“File-sharing is much more active — a living, breathing space,” he says.

Less surprising in the study was the number of compromised identities — especially given the record number of breaches and vulnerabilities in 2014. Skyhigh found that 92% of companies have compromised credentials, with 12% of users affected, on average, at each company.

“A lot of people use the same passwords for their work life as they do for their personal life, and when they’re compromised, those credentials can be used to steal corporate data,” Shah says.

The trends driving the rapid cloud adoption are driven by legitimate business needs, Shah notes. Which means the old way of doing business — by simply restricting app usage — no longer works for IT managers.

“Shadow IT is not bad because employees are using these cloud services for the right reasons,” he says. “The old way of blocking services is no longer effective.”

What that means for IT administrators is the need to educate their employees about the risks of apps that are not enterprise-ready, he says. (Skyhigh’s definition of enterprise-ready includes cloud services that rank one to three on a scale to 10 based on attributes like encryption, two-factor authentication, legal condition of service and so on.)

Despite all the breaches, the use of cloud adoption will continue to accelerate rapidly, Shah says.

“For enterprises, there’s urgency to take action before it’s too late,” he says. “If you don’t act now, the problem will get bigger and bigger.”

This article was written for ThirdCertainty by Rodika Tollefson.

New Perspectives on Cyber Security

The world continues to buzz about cyber security (or, perhaps we should say, insecurity). Now we have the Chinese government apparently admitting that it has a cyberwarfare capability: not just one unit, but three. Other nations, including the U.S., Japan and some European nations, are talking about their ineffective defenses and the need to develop an offensive capability.

What can the targets, not only any public or private company, but each of us as an individual target (yes, our personal devices are constantly under attack), do about this?

The first step is to get our collective heads out of the sand and understand that we are all, collectively and individually, at risk. The level of successful attacks is enormous (a billion records with personal information were hacked in 2014, according to IBM, as reported here). According to a survey discussed in Fortune, 71% of companies admit they were hacked last year, and the majority expect to be hacked this year. However, nearly a quarter, according to Fortune, have not only kept their heads in the sand but do so with unbelievable confidence; they think a successful cyber attack is “not likely” in the next 12 months. The trouble is that very often successful attacks are not detected! It took a long time before JPMorgan Chase found out it had been hacked, and even longer before it knew the extent of the damage.

Organizations need to be ready to respond effectively and fast!

The JPMorgan Chase article reports that, “The people with knowledge of the investigation said it would take months for the bank to swap out its programs and applications and renegotiate licensing deals with its technology suppliers, possibly giving the hackers time to mine the bank’s systems for unpatched, or undiscovered, vulnerabilities that would allow them re-entry into JPMorgan’s systems.”

All is for naught if successful intrusions are not detected and responses are not initiated on a timely basis. In the Target case, reports say that the security monitoring service detected suspicious activity, but the company did not respond. According to ComputerWeekly.com, many companies make the mistake of “over-focusing on prevention and not paying enough attention to detection and response. Organizations need to accept that breaches are inevitable and develop and test response plans, differentiating between different types of attacks to highlight the important ones.”

Another insightful article discusses the critical need for pre-planned response capabilities. IT cannot do it all itself; business executives need to not only be involved but actively work to ensure their operations can survive a successful intrusion.

What else should we do?

We have to stop using passwords like “password,” the name of a pet or our birthday. Password managers are excellent tools (see this article on the top-rated products) and merit serious consideration. I have one. (BTW, I don’t plan to replace it with the latest idea from Yahoo of one-time text messages. However, I do like the fingerprint authentication on my iPhone.)

A risk-based approach to cyber security is the right path, in my view. But that does mean that organizations have to continuously monitor new and emerging risks, or new observations about existing risks. An example is a new article on insecure mobile apps — both from in-house developers and from external sources.

Organizations need to allocate resources to cyber and information security commensurate with the risks, and individuals have to take the time to update the software on their personal devices. Internal audit departments should make sure they have the talent to make a difference, providing objective evaluations and practical suggestions for improvement.

Companies and individuals, both, need to make sure they apply all the security patches released by software vendors. They address the vulnerabilities most often targeted, and, when there is a breach, very often it’s because the patches have not been applied.

As individuals, we should have a credit-monitoring service (I do), set up alerts for suspicious activity on bank accounts and use all the anti-virus and spam protection that is reasonable to apply.

Finally, as individuals and as organizations, we need to make sure we and our people are alert to hackers’ attempts through malware, social engineering and so on. It is distressing that so many successful intrusions start with somebody clicking where they should not be clicking.