Barack Obama, Cowboy – BusinessInsider.com

Posted on May 8, 2011 by andrew| Leave a comment

from Business Insider by Spencer Critchley

Along comes Barack Obama. No military experience. Never even pretended to be a duck hunter. And yet he shows the kind of quiet strength that doesn’t need to prove itself, except in the act of doing what needs to be done.

As the successful mission against Osama Bin Laden makes clear, the media narrative of Obama as weak on national security just betrays an institutional preference for stories first, evidence later.

An exchange from CNN’s “Reliable Sources” today:

Howard Kurtz, host: Will this change the media perception of Barack Obama from what it had been, a kind of a overly cautious, consensus-seeking law professor?

Dana Milbank of the Washington Post: If his poll numbers hold up, the media follow the polls…

Kurtz: That is very depressing.

Milbank: It is very depressing, and very true.

The Bin Laden mission also shows that when a story is about strong leadership, the media seems to have forgotten what that looks like.

Americans’ most enduring symbol of strength is the cowboy, whose image still lies just below the surface of our political coverage. It was formed from a mix of novels, movies, TV and reality, all influencing each other. It evolved onto an ethos, “the cowboy way”, which was so powerfully resonant that, for much of the 20th Century, no one had to explain what it meant.

Apparently that’s no longer the case, because somehow the media have now got it exactly backwards. Fear-mongering, chest-thumping blowhards are accepted at face value as showing “toughness”. Meanwhile the strong, silent type, who gets the tough jobs done, is seen as somehow weak.

Admittedly, few reporters these days have the opportunity of checking their assumptions with actual cowboys. But they do have Google, and if you Google “the cowboy way”, you’ll find lots of ready references. Here are a few thoughts from a book called Cowboy Ethics, by (fittingly enough) ex-Wall Streeter Jim Owen:

Do what has to be done.
Be tough, but fair.
When you make a promise, keep it.
Talk less and say more.
Remind you of anyone?

The media’s confusion about strong leadership seems in no small part related to a more general confusion about manliness. It used to be that almost all leaders were men, and they were expected to have proven their physical courage, usually in wartime. Now we’re learning that strong leaders can come from all kinds of backgrounds, and we’re re-examining what leadership and courage are really made of.

And yet political coverage is still full of all this “tough guy” stuff, badly misapplied, often by men who sure don’t look like they’ve been in a fight lately. To anyone who’s ever met the real thing, the play-actors dressing up as cowboys in recent years have obviously been all hat and no horse. And yet they’ve gotten away with it, largely unchallenged by reporters who apparently didn’t notice a problem.

Meanwhile along comes Barack Obama. No military experience. Never even pretended to be a duck hunter. And yet he shows the kind of quiet strength that doesn’t need to prove itself, except in the act of doing what needs to be done. No gloating or boasting (think of that silent visit to Ground Zero). Just taking responsibility, while giving the credit to those who risked the most.

In other words, the cowboy way. Funny how truly modern that turned out to be.

→ Leave a comment

Posted in cases

Are there criminals hiding in the cloud? – BBC.co.uk

Posted on May 8, 2011 by andrew| Leave a comment

By Alex Hudson BBC Click

Following the exposure of the Sony PlayStation 3 security flaws – and with so much of our data stored online – are we making it too easy for criminals to get hold of our information?

When over 100 million people’s details were garnered illegally from Sony recently, users were up in arms about their prized information being leaked.
But, according to one study, over two thirds of companies are planning to store at least some of their data in “the cloud” – a term used to describe putting data online rather than on a hard-drive.

With more businesses using the cloud, this sort of leak could become a more regular occurrence.

“While the potential of cloud computing is rapidly being revealed, so too are its vulnerabilities,” Brendan O’Connor, the Australian minister for Home Affairs, told the International Association of Privacy Professionals.

THE SONY CRISIS

Graham Cluley, security consultant

“People need to be more careful with their passwords and make sure that they have different passwords for different online accounts.

“People should also consider lying about some of their details. I have given Facebook a phoney date of birth for instance.”

Sony crisis: The expert panel

And, he believes, criminals “can hide data in clouds” if they are clever about it.
“Rogue cloud service providers based in countries with lax cybercrime laws can provide confidential hosting and data storage services,” he said.

“[This] facilitates the storage and distribution of criminal data, avoiding detection by law enforcement agencies.”

An easy parallel to draw is with the way Swiss bank accounts were rumoured to operate in the past.

While bank customers were offered the utmost of discretion with their financial transactions, that same courtesy could now be offered to those wishing to de-encrypt sensitive data.

Stealing secrets

To safeguard information, details are regularly encrypted to a high level, meaning that – until very recently – supercomputers were required to get any details in a useable form.

But now the internet itself is offering criminals the chance to super-charge their processing power to make decryption quicker, cheaper and easier than ever before.
William Beer, director of Price Waterhouse Cooper’s security division, says “even if credit card details are encrypted, there is software that may be able to decrypt it given enough processing power” once it has been stolen from the cloud itself.

PM David Cameron says cyber-crime is a top priority for national security
“Encryption is often seen as a silver bullet. We need to be very careful because there are many different types of encryption. It can introduce an air of complacency into organisations and what we’re starting to see are criminals actually looking to the cloud.

“It can provide massive amounts of processing power and [this] can actually de-encrypt some of the data. The irony of it is that they are using stolen credit cards to buy that processing power from the cloud providers.”

And this type of activity has actually been tested by German security researcher Thomas Roth.

He used a “brute force” technique that could previously only be possible with super-computers to break into encrypted WiFi networks.

The technique allows 400,000 different passwords to the encryption to be tested per second, quite literally knocking at the door until it caves in. No specialist hacking techniques need to be used.

This was done using a cloud computing service costing just a few dollars per hour.

Even if you have supercomputers, if your encryption is strong enough, it would still take years to break those passwords

Mark Bowerman, Financial Fraud Action UK Roth used Amazon’s Elastic Cloud Computing (EC2) system, which allows users to rent increased computing power by the hour or for as long as is needed – thus the name elastic.
Amazon says it continually works to make sure the services aren’t used for illegal activity and takes all claims of misuse of services very seriously and investigates each one.

While Roth was not doing this for illicit means – and could be done with any cloud system – the idea could be used, in principle at least, for the purpose of de-encrypting credit card details.

He is already experimenting with speeds that could allow one million passwords a second to be tried.

Hacking ‘master key’
What many see as most scary about this idea is that because the criminals using the cloud are using false information, they are very difficult to trace.

That said, there are data standards in relation to private information kept by companies which are particularly strict when financial details are held.
“You’ve got to meet the data security standard – it is the absolute minimum requirement,” says Mark Bowerman, a spokesman for Financial Fraud Action UK.

Credit card information is heavily encrypted when held online
“Beyond that, there are reputational issues to consider. If you are hacked and data is stolen, then it will be a serious concern both reputationally and financially as well.”
So what can be done to protect information yourself?

“Unfortunately, people have the habit of reusing their passwords for multiple different services,” says Rik Ferguson, of digital security company Trend Micro.
“Many people will have to consider that these criminals have both their email address and their common password.

“Once you own someone’s email account, that’s really the master key to everything because you can go through the password reset process of [a number of services] and of course, they come back to that email account. It’s the key to your online life.”
But, says Bowerman, if both you and the companies you trust with your data are careful with it, serious breaches are still very unlikely.

“Even if you have supercomputers, the computing power of hundreds of thousands of computers linked together, if your encryption is strong enough, it would still take years and years to break those passwords,” he says.
“It boils down to how good your encryption is.”

→ Leave a comment

Posted in Assignments, cases, Cloud

Data security a job for corporations, consumers – SFgate.com

Posted on May 8, 2011 by andrew| Leave a comment

James Temple Saturday, May 7, 2011

Sony and Epsilon have done their level best to destroy the public’s already shaky confidence in corporate handling of consumer data.

In the last few weeks, Sony revealed that several orchestrated attacks on its services may have compromised the personal information for some 100 million user accounts, making it one of the largest known data breaches ever.

That closely followed the news that hackers snatched the names and e-mail addresses for millions of customers of major brands like Target, Best Buy and L.L. Bean, by cracking into the databases of online marketing company Epsilon.

The nature of these attacks bode particularly poorly for consumer confidence, because there’s nothing customers could have done to avoid being victimized, short of not signing up for the services of legitimate, well-known brands.

That underscores an unsettling and little spoken truth about online data: Companies can and certainly should get better at protecting personal information, but any firm that says it will completely safeguard such data is making a promise it can’t keep. Security is an arms race, and the good guys aren’t always in the lead.

“As a defender, you have to secure everything, and the attacker only needs to find one way in,” said Ulf Lindqvist, a program director of SRI International.

It’s all enough to make the average person want to yank out his or her Internet connection and toss that iPhone into the bay. But our fear of and response to online data breaches should only be proportional to the actual risks, and that entails taking a clear-eyed look at what those really are.

raud statistics

The relative novelty of large-scale online and smart-phone attacks means they’re the ones consumers are most likely to read about, but that doesn’t mean they’re the threats the average person is most likely to face. And when you’re worried about the wrong things, you make the wrong choices about how to protect yourself.

To put things into perspective, let’s consider some numbers.

A U.S. Government Accountability Office review of the 24 biggest data breaches reported in the media from January 2000 through June 2005 only turned up evidence of resulting fraud in four of those cases.

In fact, if you’re looking to become a victim of identity theft, a hacker digging up your online data appears to be one of the least effective routes.

The more direct way? Associate with jerks.

Most of the roughly 9 million annual victims of this crime don’t know how their information was accessed. Among those that do, the far biggest group, 16 percent, blamed a person they knew, according to the Federal Trade Commission’s latest survey, from 2006.

Hacking and a common type of online attack known as a phishing scheme occupy the smallest slices of the pie, at 1 percent each, well below a lost wallet.

Also worth remembering: The median value obtained by identity thieves was $500 and the majority of victims, 59 percent, incurred no out-of-pocket expenses. That’s because credit card companies are legally required to swallow these fraudulent charges.

Added up, it means the likely consumer financial impact from these latest high-profile attacks is “probably none,” said Bruce Schneier, a security expert and author.

Which isn’t to say there’s no impact at all. If hackers sell or use any snatched credit card and bank account numbers, then consumers are facing some tedious work.

It typically takes months to straighten this out with law enforcement, credit companies and rating agencies, said Jay Foley, executive director of the Identity Theft Resource Center. It might not be a strain on the wallet – but it’s certainly a pain in the general vicinity.

Foley also, by the way, suspects that online identity theft represents a bigger portion of the problem than is reflected in the FTC stats.

But whether the personal information is in our trash, wallets or smart phones, the critical thing is to take pre-emptive action to protect it, he and others said. In other words, we shouldn’t throw up our hands and submit to the mercy of some shadowy crooks. Because the threats we’re most likely to face are thwarted by some simple steps.

rotect phone, data

For instance, it’s a good idea to add security software to your smart phones – and it’s basically foolhardy not to password-protect the device. Far more likely than a remote hacking, is the possibility of the phone falling out of your pocket.

One in three people in the United States have lost or had their mobile phones stolen, by some estimates. These devices are troves of personal information, with e-mails, banking apps, calendars, notes and more. Yet today less than half of owners bother to set up passwords.

Other commonsense steps: Take your Social Security card, and anything else with the number, out of your wallet. Install passwords and security software on all your devices. Keep your operating systems and applications up to date. Don’t click on e-mails or links from people you don’t know. And in both the real world and online, think twice before giving out sensitive personal information.

But none of this should let businesses off the hook either.

As Lindqvist’s bumper sticker reads, “security is not easy.” But he believes that businesses on the whole can do far better. Too often, companies are much more focused on rapidly rolling out new features than on adequately locking down security, he said.

The short-term negative publicity surrounding major breaches does little to improve corporate behavior, Schneier said. The only things that can really compel change are new laws – or if consumers hit companies where it hurts by refusing to patronize those that fail to safeguard their information.

orporate policies

But it’s not just about building stronger safes or higher fences. In this information economy, Corporate America’s default policy is to gather as much data as possible and cling to it.

That turns them into bright red bull’s-eyes for hackers, for much the same reasons that thieves target banks: It’s where the information is.

Consumers should put up more of a fight before handing theirs over, and companies need to think harder about what data they actually need for their business or technology to work, said Kevin Mahaffey, chief technology officer at Lookout Mobile Security.

“Companies are starting to recognize that it’s akin to nuclear waste,” he said. “If you gather too much, it can be a huge liability.”

E-mail James Temple at jtemple@sfchronicle.com.

http://sfgate.com/cgi-bin/article.cgi?f=/c/a/2011/05/07/BUHP1JCGMP.DTL

→ Leave a comment

Posted in Assignments, cases

Play by Play: Sony’s Struggles on Breach – WSJ.com

Posted on May 8, 2011 by andrew| Leave a comment

By IAN SHERR And NICK WINGFIELD

<< h/t to Gsimmons for flagging this article >>

On a Tuesday afternoon last month, engineers working for Sony Corp. were baffled when several servers running the company’s PlayStation Network suddenly turned themselves off and then back on.

Sony CEO Howard Stringer apologized to customers for a massive data breach of the company’s online game networks, in the first public comments from Sony’s top executive on the outage. Plus: is another hack attack imminent? We discuss with Dan Gallagher and Arik Hesseldahl

Analysts See Billion-Dollar Repair Bill
Sony CEO Apologizes for Data Breach
Letter from Sony CEO on Data Breach
Sony: Hacker Left Taunting Message

At the time, the unexpected rebooting seemed like an odd malfunction. The next day, however, the engineers found the first evidence that an intruder had penetrated Sony’s systems, prompting the Japanese company to take what it calls “the almost unprecedented step” of shutting down the popular online gaming network.

Sony Chief Executive Howard Stringer issued a public apology this week for what the company later disclosed was a data breach that compromised more than 100 million user accounts on three public networks, and a delay in informing users of the theft. Sony says the loss included users’ names, birthdates and passwords. It also hasn’t ruled out the loss of credit card numbers associated with the Sony PlayStation network.

Some analysts believe the incident, which has drawn the attention of authorities around the world, will cost the company more than $1 billion for measures that include new security and a $1 million insurance policy for any victims of identity theft. The company hasn’t provided its own estimate of the cost. It also hasn’t resumed operating the network, but has said it is in final testing and is expected to do so within days.

“Taken as a whole, the number of customers affected, the PR impact and now the legislative inquiries,” this ranks “at the top” of data breaches to date, said Cynthia Larose, an attorney specializing in privacy matters with Mintz Levin in Boston.

PlayStation Network, which is accessed by owners of Sony game consoles, uses 130 server systems, 50 software programs and has 77 million user accounts, according to a letter that Kazuo Hirai, president and group chief executive of Sony Computer Entertainment Inc., sent Wednesday to a U.S. congressional committee. That letter, and a similar account included in a letter Friday to Sen. Richard Blumenthal (D., Conn.) provide the most detailed accounts of the incident.

Sony’s troubles began in January, after it sued a 21-year-old software wiz named George Hotz for posting software that let gamers reconfigure the company’s popular PlayStation 3 console. The suit enraged a loose community of vigilante technologists that calls itself “Anonymous,” which in early April made an oblique threat against the company. Sony’s PlayStation Network began suffering intermittent outages, which the company later linked to a denial-of-service attack—a common maneuver that attempts to overwhelm a target’s servers with a flood of data traffic. A week later, Sony said it settled with Mr. Hotz, but the denial-of-service attacks continued.

Sony said in the letters that its difficulties in discovering the intrusion that occurred later that month may have been exacerbated by its security teams working very hard to defend against the denial-of-service attacks. It acknowledged, however, that it may never know whether people who participated in the denial-of-service attack were conspirators in the data breach.

Though Anonymous has denied being involved in the data breach, senior Sony executives believe a person or people affiliated with the group are responsible for the data theft, according to someone familiar with their thinking.

On April 19, according to the letters, engineers noticed servers rebooting themselves when they weren’t scheduled to do so. They began combing through logs generated by the machines to find the problem. The network team concluded that “unplanned and unusual activity was taking place on the network,” and took four servers offline, working into the evening investigating the machines. The next day, the company mobilized a larger team to study the four machines, an effort that later led to evidence six more machines were possibly compromised, according to the letters. That afternoon, the network team discovered evidence of an intrusion and that data of some kind had been transferred off the PlayStation Network servers without authorization.

Unable to determine what type of data had been transferred, the team opted to shut the network down. Sony posted a three-sentence notice April 20 on its PlayStation website that said nothing about the data breach. That afternoon, the company retained a security consulting firm and began a two-day process of copying the contents of the servers so they could be analyzed. It later retained a second and ultimately a third outside firm, beefing up manpower as part of the painstaking analysis. The Federal Bureau of Investigation was notified of the intrusion on April 22, with a meeting set up to provide details five days later.

“We’re aware certain functions of the PlayStation Network are down,” wrote Patrick Seybold, a Sony spokesman. “We will report back here as soon as we can.”

By the evening of April 23, according to the letters, the company and its consultants were able to confirm that intruders had used “very sophisticated and aggressive techniques” to obtain unauthorized access to its servers. The intruders hid their presence from system administrators, obtained privileges to access restricted parts of Sony’s systems and deleted log files to hide their activity, Sony says. It took until April 25 to confirm the scope of the data believed to have been taken from its systems, Sony wrote in the letters. The next day, Sony told its customers their personal data had been stolen, urging users to change passwords and check their credit card accounts for fraudulent behavior. It later offered free time on the system and identity theft monitoring services as compensation in the U.S.

The company says it didn’t learn until May 1 of another likely theft at Sony Online Entertainment—another network serving games for PC users—involving nearly 25 million user accounts. That second discovery was made only after the Sony unit rechecked its machines—which earlier showed no evidence of the theft—using information developed by security experts working for Sony, according to the letter sent to Mr. Blumenthal.

“I wish we could have gotten the answers we needed sooner, but forensic analysis is a complex, time-consuming process,” Mr. Stringer said in his statement Thursday.

Sony has provided few specifics about the attackers’ techniques, citing worries that the information could be used to penetrate other similar systems. During a press conference last weekend, however, Sony senior vice president Shinji Hasejima indicated that the intruders exploited a vulnerability in a program called an application server—a flaw not known to Sony—to breach the company’s firewall defensive mechanisms.

The attack “came in as a normal transaction, which could not be detected by the firewall and went out as an ordinary transaction,” Mr. Hasejima said. “It was a very skillful approach.”

Though they deleted most traces of their activity, according to the Sony letter, the attackers did leave a file called Anonymous that included the digital posse’s tagline, “We are Legion.”

In a press release on May 4, Anonymous reiterated that it had not orchestrated the data theft. “Whoever broke into Sony’s servers to steal the credit card info and left a document blaming Anonymous clearly wanted Anonymous to be blamed for the most significant digital theft in history,” the group said. “No one who is actually associated with our movement would do something that would prompt a massive law enforcement response.”

Read more: http://online.wsj.com/article_email/SB10001424052748704810504576307322759299038-lMyQjAxMTAxMDAwNjEwNDYyWj.html#ixzz1LjNFxpZx

→ Leave a comment

Posted in Assignments, cases, Group

UPDATE 4-Sony says 25 mln more users at risk in second data hack – Reuters

Posted on May 3, 2011 by andrew| Leave a comment

http://www.reuters.com/article/2011/05/03/sony-idUSN0224988320110503

* Sony says personal information hacked on PC games system

* Says personal information of 24.6 mln users stolen

* Says debit card records for 10,700 users in Europe taken

* Facebook games also suspended

* Japan mkts shut, shares down 4 pct since revealing breach

(Recasts, adds TOKYO dateline, Sony comment from Tokyo)

By Isabel Reynolds and Liana B. Baker

TOKYO/NEW YORK, May 3 (Reuters) – Sony’s Internet security crisis deepened on Monday with the company revealing hackers had stolen data of another 25 million users of its PC games system in a second massive breach for the consumer electronics giant.

Sony’s latest revelation comes just a day after Sony No. 2 Kazuo Hirai announced measures had been put in place to avert another cyberattack like that which hit its PlayStation Network, hoping to repair its tarnished image and reassure customers who might be pondering a shift to Microsoft’s Xbox.

The attack that Sony disclosed on Monday took place a day before a massive break-in of a separate video game network that led to the theft of 77 million users accounts. Sony revealed the initial attack last week.

The Japanese electronics company said it discovered the break-in of its Sony Online Entertainment PC games network on May 2. The breach also led to the theft of 10,700 direct debit records from customers in Austria, Germany, the Netherlands and Spain and 12,700 non-U.S. credit or debit card numbers, it said.

The PlayStation network lets video game console owners download games and play against friends. The Sony Online Entertainment network, the victim of the latest break-in, hosts games played over the Internet on PCs.

Sony said late on Monday that the names, addresses, emails, birth dates phone numbers and other information from 24.6 million PC games customers was stolen from its servers as well as an “outdated database” from 2007.

A spokesman for the online games unit based in San Diego said the service was taken down at 1:30 am Pacific time on Monday.

Sony spokeswoman Sue Tanaka, asked about the risk other data could be at risk, listed the precautions that the company has taken such as firewalls,

“They are hackers. We don’t know where they’re going to attack next,” Tokyo-based Tanaka said.

The PlayStation Network incident has sparked legal action and investigations by authorities in North America and Europe, home to almost 90 percent of the users of the network, which enables gamers to download software and compete with other members.

On Monday, Sony declined to testify in person in front of a U.S. congressional hearing, but agreed to respond to questions on how consumer private data is protected by businesses in a letter on Tuesday, said a spokesman for Rep. Mary Bono Mack, a Republican Congresswoman from California, who is leading the hearing.

SONY FACEBOOK GAMES DOWN

The incident that Sony disclosed on Monday also forced it to suspend its Sony Online Entertainment games on Facebook.

Sony posted a message on Facebook saying it had to take down the games during the night.

A Sony spokesman said the Facebook games make money from microtransactions and the sale of virtual goods like costumes and weapons.

It was not immediately clear if the data theft included data from players of Sony games including “PoxNora,” “Dungeon Overlord,” “Wildlife Refuge” on Facebook.

Facebook could not immediately be reached for comment.

Sony Online Entertainment is a division of Sony Corp , the global electronics company that operates online games such as “EverQuest” and is separate from the PlayStation video game console division.

The servers for both the Online Entertainment unit and the PlayStation Network are based in San Deigo but are completely separate, said Sony’s Tanaka.

Sony denied on its official PlayStation blog on Monday that hackers had tried to sell it a list of millions of credit card numbers.

The news comes less than a week after Sony alerted customers that a hacker broke into Sony’s PlayStation video game network and stole names, addresses, passwords and possibly credit card numbers of its 77 million customers.

Sony alerted customers a week after discovering the break-in.

Sony executives apologized on Sunday and said it would gradually restart the PlayStation Network with increased security and would offer some free content to users. [ID:nL3E7G101C] (Additional reporting by Edwin Chan in Los Angeles and Alexei Oreskovic in San Francisco; Editing by Andre Grenon, Richard Chang and Lincoln Feast)

→ Leave a comment

Posted in Assignments, cases, On the Final, PR, Social Media

How to Build Confidence – HBR.org

Posted on May 2, 2011 by andrew| Leave a comment

How to Build Confidence – by Amy Gallo in the Harvard Business Review, April 29, 2011
Very few people succeed in business without a degree of confidence. Yet everyone, from young people in their first real jobs to seasoned leaders in the upper ranks of organizations, have moments — or days, months, or even years — when they are unsure of their ability to tackle challenges. No one is immune to these bouts of insecurity at work, but they don’t have to hold you back.

What the Experts Say
“Confidence equals security equals positive emotion equals better performance,” says Tony Schwartz, the president and CEO of The Energy Project and the author of
Be Excellent at Anything: The Four Keys to Transforming the Way We Work and Live. And yet he concedes that “insecurity plagues consciously or subconsciously every human being I’ve met.” Overcoming this self-doubt starts with honestly assessing your abilities (and your shortcomings) and then getting comfortable enough to capitalize on (and correct) them, adds Deborah H. Gruenfeld, the Moghadam Family Professor of Leadership and Organizational Behavior and Co-Director of the Executive Program for Women Leaders at Stanford Graduate School of Business. Here’s how to do that and get into the virtuous cycle that Schwartz describes.

Preparation
Your piano teacher was right: practice does make perfect. “The best way to build confidence in a given area is to invest energy in it and work hard at it,” says Schwartz. Many people give up when they think they’re not good at a particular job or task, assuming the exertion is fruitless. But Schwartz argues that deliberate practice will almost always trump natural aptitude. If you are unsure about your ability to do something — speak in front of large audience, negotiate with a tough customer — start by trying out the skills in a safe setting. “Practice can be very useful, and is highly recommended because in addition to building confidence, it also tends to improve quality. Actually deliver the big presentation more than once before the due date. Do a dry run before opening a new store,” says Gruenfeld. Even people who are confident in their abilities can become more so with better preparation.

Get out of your own way
Confident people aren’t only willing to practice, they’re also willing to acknowledge that they don’t — and can’t — know everything. “It’s better to know when you need help, than not,” says Gruenfeld. “A certain degree of confidence — specifically, confidence in your ability to learn — is required to be willing to admit that you need guidance or support.”

On the flip side, don’t let modesty hold you back. People often get too wrapped up in what others will think to focus on what they have to offer, says Katie Orenstein, founder and director of The OpEd Project, a non-profit that empowers women to influence public policy by submitting opinion pieces to newspapers. “When you realize your value to others, confidence is no longer about self-promotion,” she explains. “In fact, confidence is no longer the right word. It’s about purpose.” Instead of agonizing about what others might think of you or your work, concentrate on the unique perspective you bring.

Get feedback when you need it
While you don’t want to completely rely on others’ opinions to boost your ego, validation can also be very effective in building confidence. Gruenfeld suggests asking someone who cares about your development as well as the quality of your performance to tell you what she thinks. Be sure to pick people whose feedback will be entirely truthful; Gruenfeld notes that when performance appraisals are only positive, we stop trusting them. And then use any genuinely positive commentary you get as a talisman.

Also remember that some people need more support than others, so don’t be shy about asking for it. “The White House Project finds, for example, that many women need to be told they should run for office before deciding to do so. Men do not show this pattern of needing others’ validation or encouragement,” says Gruenfeld. It’s okay if you need praise.

Take risks
Playing to your strengths is a smart tactic but not if it means you hesitate to take on new challenges. Many people don’t know what they are capable of until they are truly tested “Try things you don’t think you can do. Failure can be very useful for building confidence,” says Gruenfeld. Of course, this is often easier said than done. “It feels bad to not be good at something. There’s a leap of faith with getting better at anything,” says Schwartz. But don’t assume you should feel good all the time. In fact, stressing yourself is the only way to grow. Enlisting help from others can make this easier. Gruenfeld recommends asking supervisors to let you experiment with new initiatives or skills when the stakes are relatively low and then to support you as you tackle those challenges.

Principles to Remember

Do:

Be honest with yourself about what you know and what you still need to learn
Practice doing the things you are unsure about
Embrace new opportunities to prove you can do difficult things

Don’t:

Focus excessively on whether you or not you have the ability – think instead about the value you provide
Hesitate to ask for external validation if you need it
Worry about what others think — focus on yourself, not a theoretical and judgmental audience

Case Study #1: Get the knowledge and get out of your own way
In 2010, Mark Angelo, was asked by the CEO of Hospital for Special Surgery in New York to create and implement a program to improve quality and efficiency. Mark was relatively new to the organization. He had worked as a business fellow for the previous year but had recently taken on the role of director of operations and service lines. Even though he had background in operations strategy from his days as a management consultant, he was not familiar with the Lean/Six Sigma principles he’d need to use for this project and didn’t feel equipped to build the program from scratch. He was particularly concerned he wouldn’t be able to gain the necessary support from the hospital’s physicians and nurses. What would they think of a young administrator with no hospital experience telling them how to improve quality and increase efficiency?

For five months, Mark struggled to get the project on track and his confidence suffered. He knew that his apprehension was in part due to his lack of knowledge of Six Sigma. He read a number of books and articles on the subject, talked to consulting firms that specialized in it, and spoke with hospitals that had been successful in developing and implementing similar programs. This helped but he realized he still didn’t know if he would be able to get the necessary people on board. “I was anxious and stressed because I had no idea how I was going to transform the organization. I knew I couldn’t do it on my own. It was going to take a collective effort that included our management team and all of our staff,” he said.

He talked with the CEO who had supported him since the beginning. He also looked to his family for emotional support. Through these conversations he realized that his anxiety stemmed from a desire to be liked by his colleagues and therefore to avoid conflict. “After many discussions with my CEO and observing how he handled these situations, I learned that it is better to strive to be well-respected than well-liked,” he said.

This was a turning point for Mark. Instead of worrying so much about what others thought of him, he focused on doing what was best for the patient and the institution. In December, he presented the vision for the program to the entire medical staff. While he was nervous about how it would be received, he knew this was a critical moment. “I was able to get up in front of one our toughest constituencies and present the vision that we had been developing over the past few months,” he says. His presentation was met with applause. “In the end, my confidence grew by leaps and bounds and we were able to design a program that has since taken off with great success across the hospital. I was able to overcome my mental blocks and knowledge deficits to build a program that will truly help transform how we approach performance improvement and patient care,” he says.

Case Study #2: Know the value you bring
Julie Zhuo knew she had things to say but she wasn’t sure how to get heard. As a product design manager at Facebook, she had developed valuable expertise in the products she worked on. Yet, she lacked the confidence to share her ideas. She was used to being one of very few women in the room. That had been the case when she was studying computer science at Stanford and it was still true now that she was at Facebook. She knew this meant she needed to make a concerted effort to speak up. But being the minority voice wasn’t the only reason she felt unsure of herself. She says that she also suffered from “imposter syndrome,” feeling as if she hadn’t earned a right to her ideas; she had somehow ended up where she was accidently, not through hard work.

Julie was intrigued when someone in HR told her about a workshop offered at Stanford by the Op-Ed Project. After attending and getting positive feedback about her ideas, Julie tried something she had never thought to do before: write an op-ed.

Last November, she published a piece in the New York Times about the danger of anonymity in online discussions. “It was a matter of someone saying you can do it,” she explains. “It had never occurred to me that I could be published. But it actually wasn’t hard at all.” The reaction she got in the workshop and afterward back at Facebook boosted her confidence. “Since then, she’s gotten a lot of support from colleagues, which has emboldened her to speak her mind. “Of course it’s still a work in progress, but now I’m a much more confident speaker and writer,” she says.

More on: Managing yourself, Personal effectiveness

→ Leave a comment

Posted in Presentation

Business Communication is Not Just Talking Loud – www.BusinessInsider.com

Posted on May 1, 2011 by andrew| Leave a comment

http://www.businessinsider.com/business-communication-is-not-just-talking-loud-2011-4

Effective communication is an absolute requirement for successfully starting a business, but it doesn’t come naturally to many entrepreneurs. Communication is considered a social skill, and inventors and engineers, for example, aren’t known to be social butterflies.

Founders have to communicate their ideas and products to investors, business partners, and the rest of the team. Then, hopefully, come customers, distribution channels, and going public or merging with an attractive buy-out candidate. Communication is not just talking, but also writing, body language, and “actions speak louder than words.”

John Spence, in his book “Awesomely Simple” says that the single biggest problem he has to deal with in client companies worldwide is the lack of open, honest, robust, and courageous communication. He narrows down the problem to the following aspects of communication, and I agree:

    Honesty. This element is without question the most important in building strong communication in a startup. The implementation is simple – just tell the truth all the time, every time. It’s a lot easier than trying to remember what you said the last time, and people notice quickly. Build a culture of truth, and others will follow your lead.
    Empathy. It is one thing to be honest; it is another thing to be brutally honest. Tell the truth in a frank and direct, yet respectful and empathetic, way. Shoot straight with people, but don’t shoot them between the eyes. Body language and sincerity are important here.
    Courage. You need the courage to put even the most difficult and challenging subjects on the table and lead the discussion. Don’t wait until tomorrow, hoping the problem will go away. Courageous means that team members have the nerve and confidence to question authority, rather than dutifully fall in line behind a bad direction.
    Safety. If you want people to tell the truth, you have to make it safe for them. Here is where your actions speak louder than your words, and louder than any written policies. If you obliterate someone for telling you the truth, you will never hear the truth again. If you are caught in a lie once, you will never be believed again.
    Intellectual rigor. Although people should be safe, ideas should not be. In an intellectually rigorous culture, theories are tested, and people welcome, even encourage, critical examination of ideas and information, regardless of the source. The goal is for only the strongest ideas to survive.
    Transparency. The hallmark of great leaders and organizations is that they share as much information with all of their stakeholders as often as they possibly can, in multiple contexts. Yet many leaders will tell me that they are continually amazed to hear the common complaint “why didn’t anybody tell me this was happening”.

Spence says that the best way to improve your organizational communication levels is to improve your own interpersonal communication skills. Luckily, these are skills that can be taught and learned. It takes practice and hard work, but with time, it is possible to greatly improve.

The key skills for superior interpersonal communications are effective use of body language, focused listening, expert questioning, using multiple sensory modes, providing both logical and emotional arguments, and listening for ambiguous or emotionally loaded words. But these are subjects for another day.

If you are one of those entrepreneurs who struggles with every email you write, take heed of the importance of the basic principles above, and take inspiration from the fact that you can and will improve your skills, if you are willing to work at it. But make no mistake about it, being an entrepreneur who does not communicate is not an option. Start today, and do it every day.

Marty Zwilling

→ Leave a comment

Posted in IR, On the Final

Facebook, China PR And Defining “Too Much Free Speech”? – DigiCha.com

Posted on April 29, 2011 by andrew| Leave a comment

April 20 2011 by in Baidu, Censorship, Facebook, Internet, Regulation, SNS

Facebook needs a comprehensive PR strategy to manage (some might say damage control) how users and governments around the world will view an entry into China. The company does not appear to have one, as evidenced by comments to the Wall Street Journal in Facebook Seeking Friends in Beltway:

Meanwhile, Facebook is talking with potential Chinese partners about entering the huge China market, where the government has been cracking down on dissidents. That crackdown has come in response to the uprisings shaking authoritarian Middle Eastern regimes, movements that have used U.S.-based social-media sites like Facebook and Twitter as organizing tools.

“Maybe we will block content in some countries, but not others,” Adam Conner, a Facebook lobbyist, told the Journal. “We are occasionally held in uncomfortable positions because now we’re allowing too much, maybe, free speech in countries that haven’t experienced it before,” he said.

“Right now we’re studying and learning about China but have made no decisions about if, or how, we will approach it,” said Debbie Frost, Facebook’s director of international communications.

Facebook’s plans may not sit well with congressional leaders already incensed with the company for sidestepping congressional inquiries on its China plans. Last spring, Sen. Dick Durbin, the Illinois Democrat who heads the Senate Judiciary Committee’s panel on human rights, rebuked Facebook for refusing to appear at a Capitol Hill hearing on “global Internet freedom.”…

Steering clear of association with human-rights issues could help Facebook woo officials in China, where the government is sensitive to the Internet’s potential for fomenting dissent. But it would also attract criticism. “Blocking content in some countries—but not others—would deeply damage Facebook’s brand and raise troubling questions about its commitment to human rights and Internet freedom,” said Sen. Tom Coburn of Oklahoma, the top-ranking Republican on the Senate’s human- rights panel.

Regardless of how the company spins a China deal if it happens, Facebook can expect a political storm in Congress and potentially a user backlash. Given the maturity and competitiveness of the Chinese SNS market and the current political environment, is it really in shareholders interests for Facebook to damage the firm’s reputation and brand for also-ran status in China?

It is telling that Facebook employees think in some countries Facebook may allow too much free speech. If Adam Conner or other Facebook employees read this, could you please let us know to which countries you are referring?

[UPDATE: The Guardian has more on this story, including quotes from me, here.]

Related posts:
China’s Internet: The Invisible Birdcage
Detailed AllThingsD Report Claims Facebook Partnering With Baidu To Enter China
The Rise of China’s Cybercrats
Sinica Podcast: Does China Have A Second Internet Bubble?
Sinica Podcast: Beijing’s Ambivalent Relationship with the Internet and Zhang Wuben’s Mung Beans
Tags: Baidu, Cen

→ Leave a comment

Posted in cases, China, PR, Social Media, Social networking

Apple’s Location Tracking Is An Outrage — Where’s The Apology? – BusinessInsider.com

Posted on April 25, 2011 by andrew| Leave a comment

Your iPhone has been secretly tracking and storing everywhere you go.
http://www.businessinsider.com/apples-location-tracking-apology-2011-4

Read that again.

Your iPhone has been secretly tracking and storing everywhere you go.

That’s right. Apple built this feature into your iPhone without telling you. By doing so, Apple made it possible for anyone who gets ahold of your iPhone or Mac (or any other device synced with either) to figure out exactly where you were when–including police, the government, anyone who sues you, private investigators, and anyone who steals your iPhone.

That is outrageous.

If any other company had done this, America’s privacy zealots would be demanding the CEO’s resignation. There would be threats. There would be lawsuits. There would, at the very least, be incessant demands for the company to acknowledge the behavior, explain it, and apologize for it.

And yet, because the company is Apple, there have been none of those things.

Instead, Apple fans like have suggested that the secret feature is a “bug.” And there have been mainstream media stories suggesting that it must be some kind of “mistake.”]

And there has been no acknowledgment or apology from the company. (On the contrary, Steve Jobs just went on the offensive, ignoring the storage issue and blasting Google).

Privacy expert Marc Rotenberg, the Executive Director of the Electronic Privacy Information Center in Washington DC, says Apple’s silence on this issue is startling. He suspects the company is debating whether and how to fix the problem, rather than just acknowledging and apologizing for it. (To date, Apple hasn’t even acknowledged it.)

In the accompanying video, Rotenberg also explains exactly what Apple’s location-tracking does, why it’s a concern, and how it is different from what Google and other companies do.

See Also: IT’S OFFICIAL: Apple Has Brainwashed The Entire Country

<a href=”http://www.businessinsider.com/apples-location-tracking-apology-2011-4#ixzz1KaAKa9Wz”>Read more: http://www.businessinsider.com/apples-location-t tracking-apology-2011-4#ixzz1KaAKa9Wz</a>

Your iPhone has been secretly tracking and storing everywhere you go.  <a href=”http://www.businessinsider.com/apples-location-tracking-apology-2011-4″>http://www.businessinsider.com/apples-location-tracking-apology-2011-4</a>

→ Leave a comment

Posted in cases, IR, PR

New assignment — fun, easy & due Monday

Posted on March 30, 2011 by andrew| Leave a comment

Go to NYTimes.com, CNN.com, MarketWatch.com, BusinessInsider.com, Businessweek, WSJ, and any other reputable business news source that uses standard American English. (No Economist, No FT, No Fox, No USAToday).

Dip/Gov people can also use People’s Daily (in Eng).

Come up with 3 -5 adjectives for:

  • Go Up/ Rise
  • Go Down / Fall
  • Fast
  • Slow
  • Very

That’s it.  No writing assignment this week.  But please do the reading.  We’ll be starting the presentation book soon.

→ Leave a comment

Posted in Assignments, On the Final, Writing