Protecting our Data; a quick guide to password management

So here it is. I think we can safely say that it hasn’t been a great few weeks for security or protecting people’s personal information. At the time of press both Vodafone and Talk Talk had been hit by security breaches and there are lots of anxious customers worried if their personal data has been compromised.

In the case of Vodafone, the data breach was external to Vodafone i.e. the data had been found elsewhere and the hackers were trying their luck on the Vodafone corporate site from some other breach to see how many customers has reused their passwords.

Screen Shot 2015-11-03 at 09.43.19

Password Management Best Practice

In a digital age, how do we keep our data safe? Here are our top tips for password management best practice (and no, we don’t recommend you try squirrel noises!).

VARIETY

– Do NOT use the same password for everything. I know, I know it’s a pain in the hoop having to remember multiple passwords but research shows that if your credentials are compromised, hackers will often try the same login details on Amazon, Ebay, Pay Pal etc. Nothing is bullet proof 100% of the time so let’s at least apply some damage limitation to the situation.

STRONG PASSWORDS

I had a real “ah here” moment a few months ago. I was given access to a corporate system for an organisation that will remain nameless. The system in question gave me access to the corporate e-mail & SharePoint systems as well as some key competitor & market trend analysis. What was the password? Wecome1. Come on people, we can do better than that!

A few simple hints and tips are:

  • Use long, complex passwords. Use multiple cases (i.e. capital & small letters), numbers & symbols / special characters.
  • Don’t use words that can be found in a dictionary. There are password cracking tools freely available on the internet which can crack passwords using what’s known as a “brute force” attack.
  • Don’t use your e-mail address, network id or personal information such as your National Insurance number or date of birth.
  • Don’t use common passwords such as “password” (and yes, people still do this) or “welcome”.
  • Don’t use sequential passwords such as 1 2 3 4 or QWERTY. No, just no!
  • Try using part of a saying to make a complex password easy to remember. One example we all know is Money Makes The World Go Round – so how do we make a secure password? Abbreviate, mix the cases up & substitute letters with characters and add in some numbers – suddenly you have a password that’s much harder to guess for example 20mMtw9R*15
  • You could also consider using a password manager. Password managers are software applications that securely store all your passwords so you only have to remember one password. The stored passwords are encrypted so you have to create one strong, master password that will give you access to the rest of your saved passwords. There are lots of password managers available online; Roboform, Dashlane and Password box are some examples the have been recommended by c|net, Infoworld, and PC Mag.

So there you have it. It’s a jungle out there so stay safe people! One last thought though, it’s not all doom and gloom. Check out Vodafone Ireland’s latest TV ad if you need cheering up if you’re an anxious Vodafone UK or Talk Talk customer. Guaranteed to make you smile, promise.

That’s all folks.

Image credit

Pink14 Preview: Advice for making space for ITSM

caqrving
“Carve out some time for service management and make it a priority”

Ahead of his presentation at the 18th Pink Elephant Conference and Exhibition (PINK14), David Mainville, CEO and co-founder at Navvia, gives his advice on ‘making space for service management’.

Conferences like PINK14 are an amazing opportunity to network with your peers, learn new techniques and to re-ignite our passion for service management.

But you know what?  As motivating as conferences can be, the most important question is “what do you do with the passion once you get home”?  That’s the topic of my presentation at PINK14 entitled “Making Space for ITSM”.

So what do I mean by “making space”?

Well, if I’ve learned anything during my 30+ years in service management, I’ve learned that it takes practice and commitment.  Service management needs to become a part of the daily routine, of both the practitioner and of the company.

In fact, anything worth doing in life takes practice – whether it is learning to play an instrument, mastering a sport or getting in-shape – practice makes perfect.  The problem is that for many organizations and practitioners, service management is seen as a project and not as a practice.

Documenting a new change management process because of a recent catastrophic failure, implementing a new service management tool, or tweaking a process because of a bad audit finding, is often confused with a service management practice.   It’s not that these things are bad unto themselves; it’s just that it’s a bit shortsighted.

We come back from our conference all fired up, but all our great intentions are quickly overshadowed by firefighting and the daily demands of the job.  This noise gets in the way of a true practice.

Making space for service management means putting aside the time to do it right, and doing it right means following 5 critical steps.

The steps

  1. Carve out some time for service management and make it a priority.  In other words, there is a human element to the art of service management that can’t be ignored.
  2.  Develop a service management plan along with some short-term goals.  Many ITSM failures stem from either a lack of a plan or an overly grandiose one.  Focus on short term goals with measureable success criteria.
  3.  Build an alliance of co-workers because you can’t do service management alone.  If ITSM tools are the embodiment of a process, then people are the soul.  If you haven’t captured their support, ITSM will never succeed.
  4.  Create a structured and repeatable approach for implementing processes and tools.  You can’t be all over the map; you need something that works consistently for your first process and well as your last.
  5. Establish the discipline and governance to ensure an on-going program.  Building a process and implementing a tool is the easy work.  Accountability and buy-in is much harder – ensure you have management support and governance for your long-term program.

It’s been my experience, both as a practitioner, and as someone who practices service management in his own company, that following these steps is the best way to make real and lasting improvements.

Thanks and I look forward to seeing you at Pink!


David Mainville
David Mainville

To learn more find David at PINK14:

David will also be reprising the presentation for a webinar later in March.

Image credit

The ITSM Diet

krispyI am undergoing a very personal transformational change right now. I am trying to learn how to eat in the real world and maintain a healthy weight. I had really let myself go.

No exercise, eating too much, eating the wrong things and not caring. The results: 360 lbs.; the inability to walk at least 50 feet without wheezing; acid reflux; and an impressive expanding waistline. I felt horrible. My body simply hurt all the time.

After much self-loathing, I made the decision to change. Now, I control my calories, carbs, fat and protein levels and I get 60 to 90 minutes of exercise in a minimum of 5 days per week. I made my health issues a “big rock” in my life (see Stephen Covey’s “Put your big rocks in first”).

The results: I currently weigh 320 lbs., I’ve lost 4 inches on my waist, and I feel a heck of a lot better.

The funny thing in all of this, people keep asking me what “diet” I’m using. Okay, here it is –  I eat less, make better food choices, and exercise as much as I can. Disappointed with my answer? I find that many folks are looking for me to give them some “magical” advice like “oh, I lost the weight by following the Krispy Kreme diet”. There are no silver bullets. You have to eat right and exercise.

So, what’s the point in relation to ITSM?

The point is this; you must build and follow a plan for an ITSM initiative to work. There are no simple solutions or silver bullets to make adoption easy. Be prepared to work hard, suffer some failures, learn from those failures and iterate, just like you do with a diet.

In order to be successful in ITSM adoption (or in your diet) I recommend following the key “exercise and eating” tips and advice listed below.

Don’t fall for hype

“Just follow our simple x step plan every day, and we’ll guarantee you will lose weight”

I’ve seen ITSM blog posts and consulting statements that indicate the same thing “…just follow our advice and you’ll be doing x process in no time” or “buy our product and we guarantee you will be ITIL compliant”. If it sounds too good to be true, it probably is. Any offering of a “quick fix” probably will not work. Think about the long term and what you want the program to achieve. Learn good habits.

Always evaluate

I don’t do “diets” but there are items within the multitude of diet plans out there that do make sense for for certain individuals. ITSM is no different.

If something works, adopt it. If it doesn’t, forget it. For example, Problem management as detailed in ITIL® doesn’t fit well with how my organization works. We therefore adopted LEAN 8-step method as the primary way to execute our problem management but use the information in ITIL® to ensure our process is as robust as needed.

Build a plan that works for you and helps you achieve your goals

There are many ITSM frameworks out there and no rules that say you have to use a specific one. My advice is that you read, learn, and research.

You may need to use ITIL®, LEAN, COBIT®, USMBOK®, and/or combinations of the aforementioned to build your plan. Don’t do something just because someone else says you should do it. Know what you are trying to achieve and select the appropriate framework to work toward it.

For example, my company uses many different frameworks along with ISO/IEC 20000, with ISO/IEC 20000 as an indicator of “world class” IT operations. Despite this, we have attempted on four different occasions to start the adoption process for Configuration Management. What we found is teams did not understand what to do with CIs or how to move them through a change process. We therefore took a step back and spent more time looking at our Change process, and are now starting to have tabletop discussions on moving a CI through a change.

In doing this exercise, we found our teams had different execution of change, different ideas on what a CI is, and different ideas on how to move a CI through a change cycle. These discussions gave us the opportunity to drop back and review all the frameworks for a “good fit” to help accelerate what we do.

If the plan is not working, change it

When exercising, eventually your body can become use to a specific exercise and become efficient in the activity. At that point, you can continue doing the same thing, but the results will not improve. An ITSM plan is the same. If your plan is not getting the results you desire, mix it up and try a different approach. Focus on a specific aspect and find the change that helps you get the results you need.

During the adoption of incident management at my company, we had team members onboard who had been doing incident work for many years and yet our design process kept missing key steps we needed to fulfill ISO/IEC 20000 requirements. Clearly we needed a different approach and so we went back to the beginning and built a checklist of items that the design team needed to complete prior to submitting deliverables. This helped us to identify the missing steps and fix the design process.

Measure

When it comes to exercising and being healthy, my FitBit gives me all types of data to help me determine if my behaviors match my plan. Data helps us measure where we are against our goals, which is important in any ITSM initiative.

What you measure is up to you, you cannot allow others to dictate what data you need to collect. Identify your goals, and collect and analyze data that helps you reach those goals.

At my company, we ask our service owners to identify “pain points”, the place where their team or their customers indicate something in the process doesn’t deliver the promised goods and/or causes them problems. We have found that focusing on a few key measures and “pain points” leads the service owner and their teams to think more holistically about the service and why they are doing what they do. This organically leads to continuous improvement, brainstorming and discussion about user experience.

Keep the goal in mind

It is easy to get discouraged when you go a couple of weeks without losing any weight, and the same is true in ITSM. Don’t lose sight of what you have done and where you are now.

Sometimes it may seem easier to follow the same path as you always have and get the same (bad) results to achieve quick “outcomes”, but how does this help overall? Remember, incremental improvements over time lead to reaching goals.

Relax

One of the toughest issues I have with weight loss is overthinking the situation – I can become my own worst enemy. The same is true with your ITSM plan. Work the plan you built, and if something doesn’t work so what? Try something new! Be mindful of your situation and don’t be afraid to change. It will all work out in the end so just remember to breath and relax.

And a bonus tip!

Be as transparent as possible in any ITSM initiative or project, routinely discussing your success, failure, trails, and tribulations. This will help you to stay grounded and on top of where you really are in your process/project. Use your measurements to remind yourself and others of the progress you have made and make sure you understand the deliverables and timeframes.

Final Though

ITSM adoption, just like maintaining a healthy lifestyle, can be tough. It takes planning and execution, measurement and analyzing data, and it also takes support. Remember, don’t fall for the hype; always evaluate; build a plan that works for your situation and change it as required; measure your progress; relax; and always keep your end goal in mind.

Image credit