elgan.com

The U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) recently published updated guidance for reducing cybersecurity risks in supply chains.

Titled “Software Supply Chain Security Guidance,” the update is NIST’s response to directives issued by an executive order by President Joe Biden, designed to improve cybersecurity in the United States. 

This NIST guidance is assumed to target federal agencies. However, NIST points out that it can apply to all kinds of organizations. It’s one of the most thorough references out there for cyber supply chain risk management. 

Don’t want to read a 326-page document? Here are the 10 key takeaways that can inform your efforts to secure your supply chain.

Call it “artificial emotional intelligence” — the kind of artificial intelligence (AI) that can now detect the emotional state of a human user.

Or can it?

More importantly, should it?

For the most part, and for now, the use of emotion AI tools may be misguided, but mostly harmless, as long as everyone involved truly consents. But as the technology gets better, and face-interpreting, body-language reading technology approaches mind-reading and lie detection, it could have serious implications for business, government, and society.

In general, all this is part of a new phase in the evolution of AI and our relationship to the technology. While we’re learning that it can solve myriad problems, we’re also finding out it can create new ones.

Meetings don't work.

Or, at least, the majority of staff meetings are time-wasting, productivity-killing, creativity-stifling products of wishful or delusional thinking.

Before the pandemic and its mass movement to remote and hybrid work, meetings were already problematic.

We've all seen how meetings fail.

Most meetings in the office result from a policy to hold regular — often weekly — staff "update" meetings. Or they're the result of procrastination. We can't make a decision right now, so let's schedule a meeting. Or some new initiative, problem, or idea inspires action, and scheduling a meeting feels like action.

Once the meeting begins, eyes glaze, and some meeting participants start mentally tuning out the conversation while pretending to pay attention. (Others don't even pretend; it's become increasingly normal or acceptable to stay glued to a laptop or phone screen during meetings.

Meetings are often dominated by attention-seekers, ladder climbers, extroverts, and long-winded speech-makers. In contrast, others mostly remain silent with little to no correlation between saying something and having something to say.

Meetings suppress creative thought. Most end in a fog of vagueness, without clear objectives, deadlines, and assignments.

And employees hate them.

Here's why meetings don't work anymore and what to do instead. 

[About this newsletter. My "Future of Work" email newsletter is published by Foundry. The newsletter is both ad-free and free of charge. BUT, because Foundry newsletters are aimed at technology and business professionals, you'll be asked some basic information as part of the subscription process. Please provide! I'd love for you to subscribe to my Future of Work newsletter. -Thank you! -Mike]

More than a year ago, a ransomware attack made the news across the nation. The Colonial Pipeline Company announced on May 7, 2021, that the DarkSide Ransomware-as-a-Service group, based in eastern Europe, had hit it. The FBI has since confirmed DarkSide, which has since shut down, as the threat actors. 

In the wake of the Russian attack on Ukraine, here's what’s changed about U.S. cyber policy.

Major ransomware attacks are scary, but against hospitals, they are even worse. One notable attack in August 2021 forced Ohio’s Memorial Health System emergency room to shut down (patients were diverted to other hospitals). In all hospital attacks, the health, safety, privacy and lives of patients face risk. But this incident also shows that whether targets are hospitals or any other kind of organization, the time and money spent preventing attacks is almost always worth it. 

But what do you do if protective measures fail? What can be done once an attack is already happening? 

One health care IT director set a fantastic example of what to do when an active ransomware attack was detected.

After decades of playing defense, the United States government went on the offense in the past few years against global state-sponsored cyber attackers. U.S. Cyber Command conducted “hunt forward” operations recently in 16 countries, including in Ukraine, as part of a policy set in 2018. 

This policy involves partnering with foreign countries on finding cyber threats against them. The idea is that, instead of the U.S. and its smaller allies each facing common adversaries alone, they do so together. The U.S. provides more resources and its allies provide access to its critical networks. What can cybersecurity teams working with other organizations learn from their tactics?

Before COVID-19, open-plan offices were on the rise. Facebook's new Menlo Park headquarters boasted the "largest open floor plan in the world," for example.

The open-plan office obsession, which probably peaked around ten years ago, was based on what I've called "collaboration bias" — the under-examined assumption that ad-hoc social encounters are more valuable for business, creativity, and productivity than un-interrupted "deep work."

But a series of recent surveys shed new light on the misguided disaster that is the open-plan office and the importance of private offices, regardless of where they are.

While employees hated open-plan offices before, disdain for open-plan offices is greater now than before the pandemic, according to a survey by Framery, which makes sound-proof booths for offices. Some 41% say their ability to concentrate in an open-floor plan office significantly worsened after the pandemic.

But let me be very clear: Open-plan offices are a threat to your company's ability to succeed. 

[About this newsletter. My "Future of Work" email newsletter is published by Foundry. The newsletter is both ad-free and free of charge. BUT, because Foundry newsletters are aimed at technology and business professionals, you'll be asked some basic information as part of the subscription process. Please provide! I'd love for you to subscribe to my Future of Work newsletter. -Thank you! -Mike]

The privately held Colonial Pipeline company, which provides nearly half of the fuel used by the East Coast — gasoline, heating oil, jet fuel and fuel for the military totaling around 100 million gallons a day — was hit by a double-extortion ransomware attack by a DarkSide group in May of 2021. 

In reaction, the company shut down pipeline operations and IT systems. Next, they brought in FireEye’s Mandiant to conduct cyber forensics. 

The event triggered panic in national security circles. After years of talk about whether a state-sponsored cyberattack could shut down major infrastructure or utilities on a massive scale, it seemed like that fear finally came true. In fact, the company was motivated by money and chose to shut down.

Still, the Colonial Pipeline attack mobilized the federal government into action. And that action is what’s still causing lingering problems.

The FBI warned last week that people are interviewing for tech jobs using stolen identities — and even deepfake videos.

Specifically, the FBI Internet Crime Complaint Center (IC3) on June 28 reported an increase in complaints about the use of stolen personal information — and even real-time deepfake video technology during Zoom interviews — by some tech job candidates to misrepresent their job experience or lie about who is actually applying for the job.

The FBI said that the rise in fake applicants is happening mainly in software development, database, and other software-related job openings.

Here's what you need to know about deepfake remote job interviews.

[About this newsletter. My "Future of Work" email newsletter is published by Foundry. The newsletter is both ad-free and free of charge. BUT, because Foundry newsletters are aimed at technology and business professionals, you'll be asked some basic information as part of the subscription process. Please provide! I'd love for you to subscribe to my Future of Work newsletter. -Thank you! -Mike]

This brainy bunch bloviates about Silicon Valley's response to the overturning of Roe v Wade, GitHub Copilot, Elon Musk, the Bitcoin crash, Instagram, Facebook, Meta's constant theft, TikTok (is it actually a force for good?), the Splinternet, Steve Jobs, the many Metaverses, 

Watch now, get all the details and links and subscribe!

In a market economy, some human spaces are provided as services that compete with other services to attract customers. This is true of hotels, gyms, and shopping malls.

But it hasn't been true of workplaces.

In the past, the workplace was provided by a monopoly provider — the company you worked for. As a result, offices hadn't been particularly appealing or creative, with industry exceptions like tech, where the nature of employment can be fluid.

Once an employer was chosen, individual employees didn't have a choice like customers. Instead, workplace quality was just another factor lumped in with many other factors for how appealing an employer might be.

You might accept a substandard workplace if other factors like higher salary and better growth opportunities were available.

But in the future of work, that's going to change. It's already changing.

Get ready for the rise of the "destination workplace."

[About this newsletter. My "Future of Work" email newsletter is published by Foundry. The newsletter is both ad-free and free of charge. BUT, because Foundry newsletters are aimed at technology and business professionals, you'll be asked some basic information as part of the subscription process. Please provide! I'd love for you to subscribe to my Future of Work newsletter. -Thank you! -Mike]

"I can't believe it's been 15 years since iPhone came out. I still remember the launch like it was yesterday. The first version was totally lame, but people were calling it the "Jesus phone," waiting in line for days to buy it and talking about it like it was this amazing thing. (Remember -- this was way before the holographic display version came out.)"

(Read the rest or read it on Reddit.)

The splinternet idea is simple: instead of the single, global, open internet that early network pioneers intended, we actually now have multiple unconnected internets.

It’s a good idea to assume that the splinternet is here to stay, and the splintering will continue.

The biggest problem is that there are a couple billion people — at least — who do not have access to anything resembling the global internet. And that’s a violation of their rights (specifically Article 19 of the Universal Declaration of Human Rights).

One other problem is that when knowledge is blocked, interaction is blocked and business is blocked. It makes the world a smaller place for everybody.

Filter bubbles, walled gardens, authoritarian censorship and other factors that push people into internet cul-de-sacs place undesirable limits on the flow of information, to the detriment of all.

From now on, we should let go of the one-global-internet pipe dream. It was never going to happen. The metaverse won’t save us. And neither will Web3.

The digital nomad literature — blogs, websites, social accounts — often paints a picture of the digital nomad lifestyle that's totally misleading. It's not all laptops and sunsets.

When the average professional imagines the digital nomad lifestyle, no doubt inane stock photography comes to mind — some 22-year-old in a hammock, or sitting on the sand or perched on a mountaintop awkwardly balancing a laptop.

The pictures are pretty. But to any real digital nomad with a serious career, the photos fall flat. (Expert tip: the beach is a bad place to work.)

What's wrong with these pictures is that leisure time and work time are combined into a single image, whereas in real life, these have to be separate, or you ruin both.

The words are worse than the pictures — digital nomad posts, articles, and even books tend to be shallow and misleading.

If you're seriously considering changing to digital nomad living, you need an accurate picture of what you're getting into. 

So here are the six basic lifestyle facts that blogs don't tell you.

[About this newsletter. My "Future of Work" email newsletter is published by Foundry. The newsletter is both ad-free and free of charge. BUT, because Foundry newsletters are aimed at technology and business professionals, you'll be asked some basic information as part of the subscription process. Please provide! I'd love for you to subscribe to my Future of Work newsletter. -Thank you! -Mike]

Environment affects modes of work. And that's why the recent shift to remote work is so consequential.

Until the COVID-19 pandemic arrived in 2020, nearly all the conversations about office design centered around collaboration.

This was especially true in the tech industry. Companies (ranging from scrappy startups to industry giants like Apple, Google, and Facebook) innovated with casual meeting spaces, extensive break areas, and open office plans.

Collaboration was king. And then COVID-19 happened.

All that effort to foster and encourage water cooler moments — spontaneous meetings that could spark creativity, collaboration, and new ideas — was swept away by the pandemic, the necessity for remote work, and the subsequent resistance by employees to return to offices.

It's a disaster, according to some managers and executives.

But I disagree. I think the remote work revolution will save them from their own faulty thinking.

[About this newsletter. My "Future of Work" email newsletter is published by Foundry. The newsletter is both ad-free and free of charge. BUT, because Foundry newsletters are aimed at technology and business professionals, you'll be asked some basic information as part of the subscription process. Please provide! I'd love for you to subscribe to my Future of Work newsletter. -Thank you! -Mike]

People associate Airbnb with vacation travel. But Airbnb was founded as a service for business travelers.

The company began in 2007. Then called AirBed & Breakfast, its founders' business model was simple: Buy three air mattresses, and build a website at airbedandbreakfast.com. Then, invite attendees of the city's 2008 Industrial Design Conference who couldn't find a hotel room to crash at their house.

They quickly realized there was demand in the world for this idea.

So they cobbled together investments, ditched the air mattresses, and shortened the name to Airbnb (I'm, of course, oversimplifying here).

Specifically, the original business model was to create accommodation supply out of nothing in a world with overwhelming demand created by business professionals.

And now the company has just done it again.

[About this newsletter. My "Future of Work" email newsletter is published by Foundry. The newsletter is both ad-free and free of charge. BUT, because Foundry newsletters are aimed at technology and business professionals, you'll be asked some basic information as part of the subscription process. Please provide! I'd love for you to subscribe to my Future of Work newsletter. -Thank you! -Mike]

First impressions, gut reactions, and unexamined assumptions about the future of work become embedded in conventional wisdom. Even when they turn out to be false, people still believe them.

Here are the three biggest myths about the future of work.

[About this newsletter. My "Future of Work" email newsletter is published by Foundry. The newsletter is both ad-free and free of charge. BUT, because Foundry newsletters are aimed at technology and business professionals, you'll be asked some basic information as part of the subscription process. Please provide! I'd love for you to subscribe to my Future of Work newsletter. -Thank you! -Mike]

The COVID-19 pandemic crushed the business travel industry, hammering trade shows, hotels, airlines, and other services. As video meetings went mainstream, the industry’s loss was Zoom’s gain.

But now, restrictions are being lifted. As a result, business travel is coming back.

Travel management company TripActions says business travel bookings for the first quarter of this year exceeded all bookings for the entire previous year.

Unsurprisingly, the “return” of business travel, in fact, is less of a return and more of a new world of trends.

For example, TripActions says more than one-third of business travelers are now booking longer “bleisure” trips, combining business with leisure. Some business travel will be workcations. Other trips will be remote workers visiting the office.

Despite the changes, some companies are still sending employees and executives on good old-fashioned business trips.

A recent Global Business Travel Association (GBTA) poll found that three-quarters of respondents’ companies (74%) now allow international travel, up 48% in February.

The only difference is the price.

This was a two day event, and we met some awesome winemakers. (And awesome cheese makers!)

Last summer, law enforcement officials contacted both Apple and Meta, demanding customer data in “emergency data requests.” The companies complied. Unfortunately, the “officials” turned out to be hackers affiliated with a cyber-gang called “Recursion Team.”

Roughly three years ago, the CEO of a UK-based energy company got a call from the CEO of the company’s German parent company instructing him to wire a quarter of a million dollars to a Hungarian “supplier.” He complied. Sadly, the German “CEO” was in fact a cybercriminal using deepfake audio technology to spoof the other man’s voice.

One set of criminals was able to steal data, the other, money. And the reason was trust. The victims’ source of information about who they were talking to was the callers themselves.

Here's how a zero trust mindset could have easily thwarted these attacks. 

Last summer, law enforcement officials contacted both Apple and Meta, demanding customer data in “emergency data requests.” The companies complied. Unfortunately, the “officials” turned out to be hackers affiliated with a cyber-gang called “Recursion Team.”

Roughly three years ago, the CEO of a UK-based energy company got a call from the CEO of the company’s German parent company instructing him to wire a quarter of a million dollars to a Hungarian “supplier.” He complied. Sadly, the German “CEO” was in fact a cybercriminal using deepfake audio technology to spoof the other man’s voice.

One set of criminals was able to steal data, the other, money. And the reason was trust. The victims’ source of information about who they were talking to was the callers themselves.

Here's why remote work makes zero trust a must for deterring social engineering attacks. 

Super-commuting was (and is) mainly a burden and a problem — a failure of public policy. (Super-commuting is when your commute takes 90 minutes or more each way.)

According to the US Census Bureau, even before the COVID-19 pandemic and the ensuing remote- and hybrid-work surge, super-commuting was very much on the rise. Between 2010 and 2019, the number of super-commuters in the United States increased by 45%, according to an analysis by Apartment List. In 2019, some 4.6 million Americans commuted for more than 90 minutes each way.

Pre-COVID, the rise in super-commuting was driven by rising housing costs and road congestion. Nearly a third (roughly 1.4 million people) were found near only three over-priced housing markets: New York City, Los Angeles, and San Francisco. And nearly half live within 30 miles of the office; those longer commutes resulted from slower traffic, not further distances.

Many super-commuters, especially in and around New York City, live only 10 miles from their place of work. But it takes so long to get to the office because of slow rush-hour traffic, long waits to switch between buses or subway trains, and other problems that have nothing to do with living far from work.

So what is the effect of post-COVID work arrangements on the super-commuting trend? The answer will surprise you. 

[About this newsletter. My "Future of Work" email newsletter is published by Foundry. The newsletter is both ad-free and free of charge. BUT, because Foundry newsletters are aimed at technology and business professionals, you'll be asked some basic information as part of the subscription process. Please provide! I'd love for you to subscribe to my Future of Work newsletter. -Thank you! -Mike]