The Brandeis GPS blog

Insights on online learning, tips for finding balance, and news and updates from Brandeis GPS

Tag: Twitter

One mistake presenters should never make and 8 strategies to avoid it

by: Lisa Nielsen

Whether workshops, panels, keynotes, or classes there is one mistake presenters should never make. It is a mistake I learned to never ever do from a wise lady early in my career. I’ve heeded this advice and seen the negative ramifications of those who do not. Ramifications such as a frustrated, unsatisfied, and anxious audience as well as less than favorable reviews and feedback. Additionally, when presenters, don’t heed this advice, the chances of their audience incorporating what they’ve learned into their work, decreases.

Fortunately, if you remember this one piece of advice, your future presentations will be brighter and your audience will leave more satisfied.

The advice is…

Always make sure your audience feel “they have everything they need to be successful.”

Presenters fail when they say things like:

  • “We have a lot to get through today.”
  • “I am speaking quickly so we have time to cover everything.”
  • “We’re already behind schedule.”
  • “In the interest of time…”

Or do thinks like:

  • Require participants to take down everything you say, because you haven’t provided it to them. They’re focused on the low level task of copying, instead of the higher level thinking of making meaning.
  • Not provide a detailed, timed agenda that could be turn-keyed.
  • Not tell up front and remind participants in the middle and end what goals are and that they are making strides in accomplishing the goals of the session.
  1. Build in extra time at the beginning
    Start out by putting your audience at ease. Create a collegial atmosphere as folks arrive. Perhaps a simple do/now ice breaker where you ask participants to talk to the people around them and find out what they hoped to get out of the day. This gets minds flowing and allows for a relaxed start with a networked room.
  2. Plan for latecomers  
    Latecomers can throw off and delay a presentation. When you address the audience ask them to be the ones to fill in a latecomer should they sit next to them and let them know what to share.
  3. Provide ALL materials
    Speaking of what to share, keep it simple. Create a link where participants can access EVERYTHING you’ve shared. This way they don’t worry about missing anything and you don’t have to worry if they didn’t get something down.
  4. Ensure Materials Can Be Re-purposed Don’t share materials in PDF. Don’t give access without copy ability. Provide materials to participants so that it is easy for them to make their own, customize, and bring back to their work. This is a wonderful gift for teachers (time!) and students (great new learning materials).
  5. Smart Name Tags
    You know that link I mentioned above? Don’t worry about saying it over and over or having to keep putting it back on the projector. Provide name tags or cards with all the information participants will need i.e. a link to the presentation, Twitter hashtag, how to connect to the internet, etc. This way, the answer to every question is “It’s on your name tag.”
  6. Sum up the learning
    At the end of your time share all the new things participants will be able to do as a result of your time together. This way you’re focusing on what they have learned. The audience is assured that they got what they came for out of your time together.
  7. Take backs
    Ask participants to share (verbally or via Twitter, text, post it) in 140 characters or less one thing they’ll take back to their work. This reinforces their learning.
  8. Use reassuring statements
    Let the audience you know you are right on track with statements like:
    • “After our time together you’ll know exactly how to…”
    • “We are right on time.”
  9. Have two plans
    Have one plan if the class moves slowly. Have an additional plan if they move quickly. If they do, let them know that they were so on point they get bonus learning. If they move slowly, they’ll still know exactly what you told them they would learn.

So what do you think? Have you experienced presenters who try to rush through information? Have any of these strategies worked for you? Are these strategies you would try when you present?

 LisaNielsonPic
 Footerindesign

So What Is the Risk of Mobile Malware?

By: Derek Brink

Originally from: https://blogs.rsa.com/risk-mobile-malware/

Obvious, or oblivious? Short-term predictions eventually tend to make us look like one or the other—as Art Coviello astutely noted in making his own predictions for the security industry in 2014—depending on how they actually turn out. (Long-term predictions, however, which require an entirely different level of thinking, are evaluated against a different scale. For example, check out the many uncannily accurate predictions Isaac Asimov made for the 2014 World’s Fair, from his reflections on the just-concluded 1964 World’s Fair.)

Art’s short-term prediction about mobile malware:

Chapa NO MALWARE2014 is the tipping point year of mobile malware: As businesses provide greater mobile access to critical business applications and sensitive data, and consumers increasingly adopt mobile banking, it is easy to see that mobile malware will rapidly grow in sophistication and ubiquity in 2014. We’ve already seen a strong uptick in both over the past few months and expect that this is just the beginning of a huge wave. We will see some high-profile mobile breaches before companies and consumers realize the risk and take appropriate steps to mitigate it. Interestingly, the Economist recently featured an article suggesting such fears were overblown. It is probably a good idea to be ready just the same.

The Economist article Art references (which is based on an earlier blog) asserts that “surprisingly little malware has found its way into handsets. . . smartphones have turned out to be much tougher to infect than laptops and desktop PCs.” (Ironically, the Economist also publishes vendor-sponsored content such as How Mobile Risks Are Pushing Companies Towards Better Security. I suppose that’s one way to beat the obvious or oblivious game: Place a bet on both sides.)

RSA’s Online Fraud Resource Center provides some terrific fact-based insights on the matter, including Behind the Scenes of a Fake Token Mobile App Operation.

But the legitimate question remains: What is the risk of malware on mobile? Let’s focus here on enterprise risks, and set aside the consumer risks that Art also raised as a topic for another blog.

Keep in mind the proper definition of “risk”—one of the root causes of miscommunication internet-security1among security professionals today, as I have noted in a previous blog—which is “the likelihood that a vulnerability will be exploited, and the corresponding business impact.” If we’re not talking about probabilities and magnitudes, we’re not talking about risk.

Regarding the probability of malware infecting mobile devices:

  • The Economist‘s article builds on findings from an academic paper published by researchers from Georgia Tech, along with a recent PhD student who is now the Chief Scientist at spin-off security vendor Damballa. Their core hypothesis is that the activities of such malware—including propagation and update of malicious code, command and control communications with infected devices, and transmission of stolen data—will be discernible in network traffic.
  • From three months of analysis, they found that about 3,500 mobile devices (out of a population of 380 million) were infected—roughly 0.001%, or 1 in 100,000.
  • Compare this to the computers cleaned per mille (CCM) metric regularly reported by Microsoft: For every 1,000 computers scanned by the Microsoft Malicious Software Removal Tool, CCM is the number of computers that needed to be cleaned after they were scanned. For 1H2012, the infection rates per 1,000 computers with no endpoint protection was between 11.6 and 13.6 per month.

All of this nets out to say that currently, mobile endpoints are three orders of magnitude less likely to be infected by malware than traditional endpoints.

But doesn’t this conflict with other published research about mobile malware? For example, I’ve previously blogged about an analysis of 13,500 free applications for Android devices, published in October 2012 by university researchers in Germany:

  • Of 100 apps selected for manual audit and analysis, 41 were vulnerable to man-in-the-middle (MITM) attacks due to various forms of SSL misuse.
  • Of these 41 apps, the researchers captured credentials for American Express, Diners Club, PayPal, bank accounts, Facebook, Twitter, Google, Yahoo, Microsoft Live ID, Box, WordPress, remote control servers, arbitrary email accounts, and IBM Sametime, among others.
  • Among the apps with confirmed vulnerabilities against MITM attacks, the cumulative installed base is up to 185 million users.

In another blog, I’ve noted that mobile applications have a more complex attack surface mobile-appthan traditional web applications—in addition to server-side code, they also deal with client-side code and (multiple) network channels. The impact of these threats is often multiplied, as in the common case of support for functions that were previously server-only (e.g., offline access). This makes security for mobile apps even more difficult for developers to address—mobile technology is not as well known, development teams are not as well educated, and testing teams are harder to keep current.

Meanwhile, malware on mobile is indeed becoming more prevalent: Currently over 350,000 instances from 300 malware families. It is also becoming more sophisticated—e.g., by obfuscating code to evade static and dynamic analysis, establishing device administration privileges to install additional code, and spreading code using Bluetooth, according to the IBM X-Force 2013 Mid-Year Trend and Risk Report.

But threats, vulnerabilities, and exploits are not risks. What would be obvious to predict is this: The likelihood of exploits based on mobile malware will increase dramatically in 2014—point Art.

The other half of the risk equation is the business impact of mobile exploits. From the enterprise perspective, we would have to estimate the cost of exploits such as compromise of sensitive corporate datasurveillance of key employees, and impersonation of key corporate identities—e.g., as part of attacks aimed at social networks or cloud platforms, where the mobile exploits are the means to a much bigger and more lucrative end. It seems quite reasonable to predict that we’ll see some high-profile, high-impact breaches along these lines in 2014—again, point Art.

Obvious or oblivious, you can put me down squarely with Art’s prediction for this one, with the exception that I would say the risk of mobile malware is much more concentrated and targeted than the all users/all devices scenario he seems to suggest.

About the Author:

BA8D94F2924E634831C8CA3D8E7179C7477BBC1Derek E. Brink, CISSP is a Vice President and Research Fellow covering topics in IT Security and IT GRC for Aberdeen Group, a Harte-Hanks Company. He is also a adjunct faculty with Brandeis University, Graduate Professional Studies teaching courses in our Information Security Program. For more blog posts by Derek, please see http://blogs.aberdeen.com/category/it-security/  and http://aberdeen.com/_aberdeen/it-security/ITSA/practice.aspx

Footerindesign

Protected by Akismet
Blog with WordPress

Welcome Guest | Login (Brandeis Members Only)