7 security tips for your computer and the web

Keeping yourself and your business safe and secure is essential, right? So why is it so many people use obvious, sometimes dangerously simply passwords? Here’s a few ideas on how to keep yourself and your business website safe.

But first, a story. Well, before the story, let’s have some background:

“According to a new analysis, one out of five web users still decides to leave the digital equivalent of a key under the doormat: they choose a simple, easily guessed password like ‘abc123’, ‘iloveyou’ or even ‘password’ to protect their data.”

When I first read about some of the terrible passwords people are still using, I really wasn’t surprised.

Shh .. can you keep a secret?

In one notable, recent example, I was asked by a former client to “fix” a web application I was developing so there was only the one username and password for everyone. At the time of being asked, I’d only set one account up, but someone had decided to share this account and soon after, people were signing in with the same account details.

The problem is, due to the security options I’d put in place, each person that signed in signed out the one previous. This was because the system couldn’t deal with two people signing in with the same account details. The client was dismayed.

“Why can’t we all sign in with the same details?”

They asked.

“Because the system doesn’t allow more than one person to have the same username and password.”

I replied.

“Can’t they just type their name in after they’ve signed in?”

They enquired.

“That’s the whole point of having a username; so the system knows who each user is.”

I replied calmly, trying not to sound patronizing or condescending. But the question, I suppose, is: why did they refuse to have a unique account for each member of staff?

Being a very large business that bestrides continents, they have thousands of staff all over the world, so issuing usernames and passwords for each member of staff would be a considerable undertaking, one their own IT people refused to manage, even though it was firmly within their remit. And, ultimately, no one could be bothered with having a new account to remember, on top of the ones they already have.

In the end, I came up with another solution, one that didn’t rely on usernames and passwords, one that was arguably as secure, but came with unique problems all of its own.

7 ways to keep your computer safe and stay secure on the web

Consider what you stand to lose if someone snags the password for your computer. For most people nowadays, they stand to lose just about everything.

So what can you do to stay safe and secure on the web? Here’s a collection of ideas for saving and storing all of those usernames and passwords to all of those websites and web applications you sign up to, as well as staying secure while using a computer:

  1. Avoid obvious passwords — OK, this is obvious by now, but do not use regular names (your own, for example), words (“duck”, “apple”, “tea”, “foot”, “dog” etc), notable dates (your own birthday, or national events) or sequential letters and / or numbers (“qwerty”, “123456” or “abc123”) for passwords.
  2. Password protect your computer — Most computers (such as Microsoft Windows, Apple Mac OS X, Linux etc) have user accounts. Don’t use the default account, because that’s often the master administrator account. Instead, leave that alone and create a new one, just for you. Then, set it up so you have to sign in every time your computer restarts.
  3. Be careful in public — If you’re sharing a computer, or using one in an internet cafe, do not allow the web browser to save your details. If someone else uses that computer and visits the same website, they could, potentially, sign in as you.
  4. Do you own a Mac? Then go into your Applications folder, then the Utilities folder and find the Keychain Access application. By default, many applications store your details there. You can use Keychain Access to add Secure Notes and new Password Items, to store your details securely and safely. Also, you can use Keychain Access to retrieve account details, should you forget them.
  5. Managing passwords on Microsoft Windows isn’t quite as straight forward; there isn’t an equivalent to Keychain Access. But there are tools built in that do help keep you safe — here’s how you manage stored usernames and passwords on Windows XP and Windows Vista.
  6. Don’t share your accounts with other people — Sometimes, you’re rushed for time and someone needs to get into application X right away! Sign in for them, let them do their thing and then make sure they sign out afterwards.
  7. Passwords on paper won’t do — Scribbling passwords down on scraps of paper, stuffed into draws isn’t optimal. You’re either going to lose them, or worse, someone will find them.
  8. Complex is good — When choosing a password, remembering it isn’t the most important thing, not with the plethora of options for securely saving them to your computer. So choose one that’s more than ten digits, a mix of numbers and letters, both upper and lower case. Some software will even let you use punctuation marks and accents, like [email protected]$%^&*()¡€#¢∞§ which is even better, because then you have password that contains more combinations than there are grains of sand on every beach on earth.

Got a security tip to share? Let us know how you stay safe…


How to protect and profit from your ideas

The greatest prize I possess isn’t my computer, nor is it my programming skills, or even my experience — it’s my ideas. My ideas are what have kept me in business all this time. How you work those ideas from imagination to reality decides whether you profit from them, or watch on as others walk away with them.

Your ideas are your most valuable assets, even if you don’t realize it. But even a great idea is nothing if not acted upon. Sometimes, it’s necessary to share an idea, to make it real, but there are hazards to sharing ideas; you’re effectively giving them away.

“Thinking is the hardest work there is, which is probably the reason so few engage in it.”Henry Ford

Crucially, it’s all about how you share an idea. And the best way to share an idea is to sell it to someone. No, I don’t mean to put a price tag on it and then hand the idea over once they’ve paid you, although that’s not a million miles from what happens in the end.

When I say sell, I mean to pitch an idea, as in to a client. A client will come to me with a problem, or a set of problems, and I’ll have a think about how I could fix those problems as quickly, efficiently and cost effectively as possible.

As was the case with the To Book hotel booking application I developed for Premier UK, when I came up with a very efficient way of processing bookings that kept the user on one page, minimizing the number of actions (and by extension, the number of clicks) they had to make.

The client calculated that using this one feature often shaved off between 30 and 60 seconds per booking, which is a massive time saving when you’re dealing with hundreds and sometimes thousands of bookings.

Would you like to know more about web applications, or perhaps you’d like to know what a web application is? Read on to find out more.

Protecting your ideas from theft — the big tease

Clearly, this is a very valuable idea, but it’s an idea that only really worked within the context of the web application itself, although I’m sure someone could easily replicate the idea elsewhere.

The thing is, once you come up with all of your clever and innovative solutions, the trick lies in how you pitch those ideas as features of something much bigger.

You want to say just enough to tease them with the benefits and the potential for cost savings, efficiency etc, but not give them too much information that they could go elsewhere with your ideas, leaving you out of pocket.

Using project management to profit from your ideas

For a business like mine, the up-front innovative thinking is a legitimate cost centre; one that requires your valuable time. But it’s hard to put a cost to those ideas up front, so you’re best bet is to recover the time from within the execution of the project itself, over time.

But the challenges are still present, even once the project is underway — what’s to stop a client committing to work, you spending a month implementing your ideas, and then having them walk away without paying a penny? This is why you must break the project down into key stages and charge based on the completion of those stages.

By doing this, you’re financially insulating yourself and at the same guarding your ideas. Typically, I’ll withhold the major ideas until later in the project, but this does depend on the client.

Would you like to know more about projects and payment planning? Read on to find out more.

Balancing your ideas — protection against exposure

Ultimately, it’s a balancing act. On the one hand, there’s your ideas and your natural urge to protect them, and on the other hand, before a client is prepared to make a decision, they need to know what that idea entails.

A good relationship with a client is always going to be the more ideal start to any project, but even that is no guarantee. So do you consider some kind of contract? Many businesses think this kind of formal arrangement will scare a client, but I’ve found many appreciate the effort and understand the potential protection a contract offers.

Those that dislike contracts might not be the best client to get involved with; are they really all that trust-worthy if they squirm at the prospect of putting their name to a mutually protective contractual agreement?

NDA (Non Disclosure Agreement)

You could also consider a NDA, or Non Disclosure Agreement, which could work within a pre-existing contractual agreement, and be applicable to a specific project only.

A NDA is essentially a brief that often contains commercially sensitive and very specific technical details. The purpose of the Non Disclosure Agreement is, as it’s name suggests, to ensure you do not disclose anything outlined within the agreement to which you’ve put your signature to.

IPR (Intellectual Property Rights) contract

Let’s imagine you need to use a third party to help out, perhaps providing programming services. Also, the client has come to you with a NDA, which you are obliged to sign. There’s a chance that during the course of the project you and your third party:

  • could be providing intrinsically new methods / ways of accomplishing certain activities;
  • as well as using code used elsewhere, from within previous projects of your own;
  • and perhaps using commercial code for specific functions.

In these situations, you need to draw up an outline of who owns what aspects and which parties are entitled to do what with the various parts of the project, and perhaps for how long. If the client is willing to fully compensate you for your efforts, then fine.

However, if there are portions of code in there that belong to you or someone else, then some licensing arrangement may be required.

So the purpose of an Intellectual Property Rights contract is basically to protect the rights of your work, otherwise referred to as IP, or Intellectual Property.

Final thoughts

All of the above are personal / professional experiences of my own, drawn from over ten years of being in business. And as is the case with anything that involves contracts and signatures, it’s best to speak with a qualified legal adviser first, to ensure you’re using the right language, and that your agreements are enforceable, should either party break them.

Above all, don’t be put off by the pit falls and legal machinations. Just keep your mind open and those ideas flowing. You can always deal with the legalities later on.


Making the most of Google Wave

Google Wave is a new web-based collaborative application that allows groups of people to work on the same document, known as “waves”. It’s free, it’s simple to use and can really open up your business communications in ways you hadn’t imagined.

Google Wave, the collaborative, web-enabled word processor

Back in November last year, I wrote an article for Marketing Donut about Google Wave, outlining various ways to improve business communication:

“We’ve all played email tennis, either with friends, family or business colleagues. That’s fine, if you have the time. If you’re working on a proposal document and you’re using Word, you can bounce revisions around forever and a day. That’s also fine, if you’ve got the time. Problem is, time is a premium asset these days and if you want to get the most out of your time, you need to save as much of it as possible. And what time you do use, you do so as efficiently as possible — that’s where Google’s new collaborative communication tool comes in.”

But I thought I’d offer another perspective; outlining how I Octane uses Google Wave to collaborate with Emily Cagle, my communications partner.

I saw the potential in Wave very early on and could see that it would be ideal for Emily (who handles my PR) and myself to use, and here’s how we use it:

  1. I write articles for my blog as well as business publications; I “ping” Emily when I’m into the first draft stage;
  2. then she goes through the wave and makes sure the theme and style are aligned with the house style of the publication in question;
  3. I revise, if required (expanding upon / trimming etc);
  4. finally, she checks for typos, grammar etc, sends the article to the publication and then we go live.

3 example scenarios for using Google Wave

In addition to using Wave for writing articles, you could use it use it for:

  • team brainstorming sessions, sharing visuals, photos etc;
  • project management, where you could conference call via Skype and divvy up task to team members;
  • internal communications, for listing key client / customers telephone numbers, email addresses etc, that everyone can update.

There are some things we’d like to see in Wave (such as more list type options, better undo support, for example), but we’re getting a lot of milage out of it already. So any new features would most likely just make things even better for us.

Google Wave is invite-only, and I have several to give away. If you’d like an invite, please leave a comment below, using your preferred email address (added into the email field, which only I will see) and I’ll send you an invite!


Smallman’s 3 laws of energy conservation

Working hard? That’s great! Good for you. However, working smart is better. The trick is knowing when to work hard and when to work smart. Get it wrong, and you’re just wasting time, and end up doing neither.

Automated versus Manual processing

A few weeks ago, a client of mine asked me if I could automate the processing of a list of data. I asked her to send me the list. In total, there were just over 30 items. My advice was to just process the whole thing manually. She wasn’t pleased, but worked her way through the list.

I’m a PHP developer, which means I can write all kinds of things for the web — everything from a simple scripts that automate response forms for websites, right up to full-blown web applications, that process vast amounts of commercially sensitive data.

So, depending on the circumstances, I can write small scripts to batch process things like lists. My client knows that I’m a programmer, which is why she asked about some automatic way of processing her list. But the thing is, I had to invoke Smallman’s first law of energy conservation:

“1st law — If you’re dealing with a single array (or column) of data that’s less than 100 items, do it manually. Beyond that (more than 100 items, or a list of multiple arrays), automate it, so long as it’s possible to do so in a fraction of the time it would take to process the list of data in its entirety manually.”

But my laws don’t just apply to processing data, they also apply to images / photographs, for example. Adobe Photoshop has some excellent batch processing tools.

Let’s say I have 10 images that need resizing, given my experience, I could probably do them manually in the time it would take to set up a batch process in Photoshop. But let’s say I have 10 high resolution images that need re-sizing, their colour profiles changing from RGB to CMYK, and then saving as JPEGs. At that point, it’s more than likely I’d save some time automating the whole thing — especially if there’s a chance of me repeating the process at some later date.

This is where I’d have a conversation with the client, asking them if there’s a chance I’d be repeating this process at some point.

Write once, process many times

Even though you’re solving a problem (not just for yourself but you’re client), it’s not the best way of spending your time. So even though you’ve automated a process, the client is still coming back to you with Microsoft Excel files or emails full of photographs, asking you to process them all.

Here’s where I take my automated process and turn the whole thing into a small web application, where the client can do the processing themselves:

“2nd law — If there’s any chance that an automated process will be repeated, give the power to the client (write an application or script) and let them process their own data.”

Of course, this might not apply to digital imagine processing, although there are ways of doing this, but the cost become prohibitive.

By handing the power to your client, you’re adding value to your service. At the same time, your time is freed up to do more meaningful things. By all means, charge the client for the effort you made handing the power to them, but make sure you explain the cost savings they’ll be making over time.

Let’s say the client needs to change the data in a table on a web page. Initially, I’ll do this manually. As time passes, the table gets bigger, with more columns. At some point, it’s just not practical for me to do this manually any more. This is where I write a script that allows the client to upload a .csv file and upload the table themselves.

A problem shared is a problem out-sourced

Have you ever been asked to do something that’s either right at the edge of your skill set, or just plain out of reach? Of course, it’s tempting to swat up and try doing it yourself. And good on you! However, in the meantime, there’s a deadline to meet, on top of which, are you actually making any money doing this?

“3rd law — If in performing an activity that’s not a core service you’re likely to lose money and / or exceed a deadline, out-source the work, or delegate to someone with the requisite skills.”

If this is something totally new to you, and it’s got an appreciable learning curve, there’s a better than average chance you’re not making a profit. Also, there’s no guarantee the quality will be sufficiently high enough to meet the exacting standards of your client. Worse still, you might not get the work done in time.

Of course, choosing to out-source or delegating the work to a colleague is no silver bullet, so it’s all about selecting the right person to execute the work for you. In the end, it’s better to get the work done right and on time than not at all.

If you think there’s a good chance of there being more of the same work in the future, there’s a good argument for learning on your own time and getting good enough to take the work on. But that’s your choice.

Working smart and not hard

I see so many people squander huge amounts of time, it’s unreal. They might feel they’ve done a good days work, but working hard is not nearly as rewarding as working smart, so long as you do it right.

If you’ve got your own tips for working smart, feel free to share them here…


So you want a website, right?

This might come as something of a shock, given that I’m a web designer and developer, but the first few questions I ask a prospective new client are designed to determine whether they actually need a website at all. I know, weird, eh?

Anyway, the thing is, there’s a surprising number of businesses out there who feel pressured into particular marketing activities, just because that’s what their competitors are doing. If I must sound like your dad, chiding you for doing the self same thing as one of your daft friends: would you walk off a cliff if they did?