Engineers: Here’s how to Securing your Mobile Device from Cyber-Attacks (guest post)

smartphone iconToday, a very important post from guest blogger Silvia Brook.  Silvias writes about home and cyber security for homesecurity.org. When she’s not writing, Silvia enjoys biking with her friends or cooking a new recipe from her compendium of cookbooks.

————————-

Believe it or not, cyber security is still a big issue in the tech industry. It seems as though every year a new electronic device is released by one of the major hardware developers, and yet every year consumers who buy those same devices fall prey to a host of viruses, glitches, and malware. A tablet released this year may get hit with just as many (if not more) viruses as they model that preceded it the year before.

Part of why that’s the case is because malicious applications are changing and evolving at the same rate as the new devices that they target. Developers on both sides of the equation are fighting to make the better application—those who design security apps and protection software will try to keep your information, while hackers will try just as hard to take it away.

A recent assessment of the Android OS’s newest virus protection software might explain this problem. The new smartphone OS—Android 4.2—has a built-in malware scanner for apps. A computer scientist at North Carolina State University decided to see how this new scanning software stacked up third-party virus protection apps in a test that pits them all against the latest malware targeting smartphones. The study found that the Android OS app scanner caught malware content only about 20% of the time. The third-party security apps fared much better, some of which caught malware nearly every time.

What are we supposed to do with this information? Google seems to have trouble designing a competent virus scanning application for its own line of smartphones, all of which seem at least vulnerable to potential viruses according to the above report. If that’s the case, then how can people expect to put sensitive information (emails, finances, photos, etc.) on their smartphones?

I think the most important takeaway is that cyber security should be taken seriously by people who use mobile devices on a regular basis. There really are malicious apps out there that could do some serious damage to smartphones and tablets.  Design professionals such as engineers and architects who rely on their electronics for mobile work  are best off defending themselves from such annoyances with third-party apps designed by professionals with a proven track record.

Below are two apps by such developers which have received nothing but glowing reviews from critics.

Avast!

Avast! is a comprehensive software that addresses many key cyber security concerns. For one thing, the software will help users track their smartphones or tablets should they ever get lost or stolen. Avast! will let users locate their misplaces phones via GPS and send SMS messages to it should they want to address whoever has it. Of course the software also protects mobile devices from malware apps and websites that could be packing a nasty virus by scanning every app before it’s loaded. Avast! also allows users to build a firewall for their mobile devices should they suspect that hackers want to tamper with their data. In other words, Avast! is the whole security package for the Android, and it’s free!

F-Secure Mobile Security

F-Secure is an acclaimed security software company, protecting both home computers and mobile devices all sorts of cyber security threats. F-Secure will ensure that mobile users can browse the web safely without fear of encountering malware; the service will also scan incoming apps and data for any potential viruses that could compromise the safety of the device. Like Avast!, F-Secure also has a feature that will help users track down their mobile device should it be misplaced or stolen (and users can erase their data remotely it they suspect that someone has access to their information). F-Secure has a subscription fee, and it’s only available for Android users.

Melissa here again.  What about you?  Do you have a favorite cyber security app?  Depending on how much you work in the Cloud, you should!  

Share your recommendations in the comment section, below.  Just remember, I’m a luddite, so talk in plain and simple terms!

Photo (c) Lora Williams

 

Paperwork, and more paperwork–Discovery in the construction lawsuit (Law & Order: Hard Hat files Part 4)

lots of paperworkAs I mentioned at the start of this series, one of the reasons that I like watching Law & Order is that things happen fast, and there is always a smoking gun paper  to be found by the lawyers over a night of eating cold Chinese food.  Yes, well- about that.  In the construction world -not so much.

Depending on the size of the project, there may be massive amounts of paperwork involved.  Think about every email, of every employee who touched the project, from initial proposal through final punch list.  Add in the change order logs, pay applications (with backup), submittals, shop drawings, project correspondence, drawings, specifications, diaries, meeting minutes, daily reports, site inspections, etc—and you can begin to visualize the problems that the magnitude of documentation creates.  Naturally, in the age of electronic data, digital cameras, and cloud computers, the issue of quantity is even more magnified.

Now, let’s discuss the discovery process in a construction lawsuit—that is, what the other side can ask for, what you must give, and how the process works.  Then I’ll detail a few recommended practices to put your firm in the best position possible if and when it has to deal with the information overload of a construction lawsuit.

What is “discovery” in the legal world?

Discovery is the all-encompassing term for means and methods to get information necessary to prosecute or defend a lawsuit.  The main written discovery consists of interrogatories and requests for production of documents.  Interrogatories are written questions that you (with the help of your lawyer) must answer about the project.  Requests for production, on the other hand, are requests made for documents that may, or may not, be relevant or admissible.  Inevitably, in one form or another, your entire project files need will likely need to be produced to the other side.

Be aware: things that you may not consider part of your firm’s project files may still be demanded. 

  • Does anyone at your company keep an old-fashioned pocket calendar, filled with a mixture of both business items and personal information?  It can be demanded in the discovery process.
  • Does your company conduct internal post-mortem meetings to discuss ways to improve on future problems and what went wrong on this one?  Discoverable.
  • Does one of your employees have a personal relationship with an employee of the general contractor, such that they send good-natured barbs and sarcastic comments about the project or project personnel to one another?  Yep- you guessed it—discoverable.

Each and every document, paper, back of envelope note, or personal diary entry can be demanded.  Scary prospect, right?

What can you do to limit the embarrassment and lessen the pain?

To lessen the pain, be sure to adopt some best management project and personnel practices, including:

  • Consistent intake methods.  Every employee who brings in work should know to find, modify, and use the Firm’s contract and/or form proposals.  Educate both your employees and your clients on the importance of having good, written contracts and proposals, and procure them in a uniform and systematic way.  There should also be a follow up procedure in place, in case a signed contract or proposal is not obtained.  One suggestion I have made previously:  do not open a new client or matter number to bill against until the contract is in place.

 

  • Management of rogue employees.  Ideally, don’t let any employees only use their hard drive.  If you can’t achieve that level of cooperation, at least insist that documents be copied over to the Firm’s computer system on a regular basis, and at least weekly.

 

  • Decide on Firm-wide file management.  Everyone on your staff should be filing everything the same way, whether in paper records or in email folders.   As noted in my post on how to smartly handle project documents, all communications should be in one place, preferably in a chronological order.  Failing that, a master chronological file could be kept for future reference.  You also must decide whether and which emails need to be printed and/or saved, and institute a standard policy Firm-wide for those as well.

 

  • Create a Problem file(s).  If problems in certain areas arise, maintain a separate file and/or e-folder for all documents relating to that area.  Who knows, one of those may end up being the smoking gun that makes your case.

 

  • Use a separate Legal file, if necessary.  Related to the problem file, if you get any legal help or help from your insurance company, create a new “Legal” file for legal issues, communications, and the like.  Do NOT keep this file with the other project files.  Ideally, all legal files should be kept in a different location/drawer/desk/office to prevent inadvertent disclosure in a lawsuit.

 

And, the #1 Rule relating to document best practices?

 

  • Follow the Grandma/Newspaper rule.  That is, instruct your employees to be careful in what they say in any forum– website, newsgroup, email, etc.  Before sending off any questionable communications, each employee should ask himself:

How would my grandma feel if she read my message in the newspaper? 

If he feels comfortable that the message wouldn’t make Grandma hold her head in shame, then and only then should he press “send”.

 

While you don’t need to know all the details of how to answer discovery unless and until you’ve been sued, if you follow these document best practices, you will be far ahead of the curve should you have to defend yourself in court.

Questions, comments, observations?  Share in the comments below or shoot me an email. 

Next in our series:   Being deposed—not just for dictators! Depositions in the construction lawsuit

 Photo (c) Veronica Robbins via CC.

Is there a dead body in your future? The first sign of trouble on the construction project (Law & Order: Hard Hat files Part 1)

fake dead bodyNobody dies in a construction dispute.  At least most of the time!

However, just as the usual “thunk-thunk” chord in Law & Order warns the viewer that something is awry, there are warning signs that your construction project may be under similar dire straights.  You should recognize these signs for what they are—early-warning lawsuit detection devices.  Signs that a lawsuit may be in your future include:

  1. The  “everything has gone wrong” situation.  This one is fairly big and obvious, but it bears mentioning.  If the project is delayed, over budget, and there are signs that the owner is looking for someone to take the fall, watch out.
  2. Much more subtle, but equally troubling, is the start acting squirrely” syndrome.  If you have always had a good working relationship with the general contractor, but suddenly he is aloof, watch out.  If the owner is usually friendly and free with the flow of information, and he suddenly begins to clam up, be concerned.
  3. The let’s document everything” protocol.  Now, as a lawyer, I feel duty bound to tell you that I think documenting everything is best management practice.  However, I do know that most normal folk don’t usually behave this way 24/7.  So, if you are on a project where a contractor likes to write letters to the file almost as much as he does change order requests, be leery.  Could be he just listens well to his lawyer’s proactive advice to document everything.  Or, could be he is preparing a case from the get-go to claim design failures, construction administration delays, and the like.  How to tell the difference?  Often, you can only go with your gut.  But take note—is Mr. Letter Writer documenting everything, or just items that might be considered “blame-able” ?
  4. The I’m confused” RFI king.   Similar to #3 above, but more specific, the confused RFI king always seems to need clarification or further information about your design.  The requests for information flow so fast, you may have trouble responding timely.  This may be part of the plan.  Or, it may simply be a numbers game— either the contractor is asking RFIs to buy time on the project (often on a case with strong liquidated damages provisions), or he wants to later be able to point out the “excess number of RFIs” to prove “bad design.”

 Now that you’ve caught the whiff of trouble brewing, how do you stop it before the dead body smell takes up residence in your car?  Observe, document, and respond in kind.

If you are dealing with an RFI king, respond timely, and note when the RFI is asking for information that is readily available on the plans.  You might even consider keeping your own running log of questionable RFIs, so you can readily show your lawyer, and a future jury, that although there may have appeared to be a large number of RFIs on the project, the fact was that most of them (X percentage) were questions about something that the contractor should have already known if he had reviewed the plans.

If you have a “document everything” guy on your hands,  respond in kind.  You should be doing this anyhow, of course, but if you have someone that is especially prone to documenting everything, you need to be extra vigilant that he is not stating anything that is untruthful, that the documentation is complete, and that any time you get a document that doesn’t completely tell “the truth, the whole truth”, that you supplement it with your own documentation accordingly.

If you have a squirrely acting client, you might consider just politely confronting him to ask if anything is going on.  It could be something that has nothing to do with the project –  internal politics, personnel crises, etc.  In which case, you will find that out.  If there is something more sinister afoot, you can probably determine that as well.  The key here is to ask whoever you are (or had been) close to, and to ask them off the record, in person.  You can learn a whole lot through non-verbal body language.  If you find out, directly or indirectly, that there may be a claim afoot, then you can proceed accordingly.

If the project has gone to hell in a handbasket, there is not a whole lot you can do, other than to keep ensuring that you and your team are meeting all contract requirements.  Part of this should include documentation for the eventual lawsuit, if it comes to that.  You might also contact your lawyer or insurance company for assistance behind the scenes—something called “loss prevention”.  Remember, reporting the dead body is the first step to clearing the air.  It’s the cover up that usually gets folks in trouble.

Now it’s your turn.  Drop me a note or comment below to share your own techniques for recognizing possible lawsuits.  Next week in the series: the mechanics of being sued.  Stay tuned!

Photo (which is not of a *real* dead body) (c) garlandcannon via cc. 

 

Project Management – learn it, use it, avoid a lawsuit (Free Webinar– THIS Tuesday!)

listeningWant to learn more about how to use project management as a risk avoidance tool?  Sure you do! 

Join the Hall & Company folks for this month’s free webinar entitled, “Effective Project Management Practices as a Key Risk Management Strategy.”

The webinar will discuss:

1. The essential elements of a solid Project Management Plan and why “Planning a project will not guarantee success, but failure to plan will guarantee failure.”
2. Why your project’s scope, schedule and budget are considered a “three-legged stool” and how to manage the big risks associated with project changes.  
3. Why effective communications are absolutely essential to project success, why poor communications have been described as the biggest contributor to project problems and what every project manager needs to know about communicating with their clients.
4. Ensuring quality in every aspect of project delivery as a fundamental risk management strategy.  The quality of the project and project deliverables will be remembered much longer than the project’s schedule, budget or project manager!  
5. Why project risks need to be identified, understood and managed so they don’t become business risks for your firm.

When?  THIS Tuesday, February 21, 2012 at 1pm EST

Register Here

This presentation has been approved for AIA Continuing Education credit (1LU).

Happy listening!

Photo: (c) Mike Quinn via Creative Commons license.

Sometimes, ya just gotta tell them the donkey is alive! (Tue Tip)

Recently, I saw a very amusing sign while visiting the farm animal section of the Museum of Life and Science in Durham on an extremely, blisteringly hot summer day.  The sign said:

donkey signIn case you can’t see the sign clearly, it reads: 

Sometimes our donkey likes to lay [sic] flat out in the sun. 

Don’t be alarmed. . . HE IS STILL ALIVE! (-:

I was very amused that the museum needed a sign proclaiming the non-deathness of its donkey.  However, the sign also struck me as a good tip for all of us involved in the construction business.  Sometimes, you just have to state the obvious.  You may think that it is glaringly obvious that, for example, an extended construction duration will increase the scope of your contract administration fees accordingly.  You might be wrong.  Sometimes it is not obvious, or at least, not something the owner will admit is obvious.  Don’t rely on common sense– go ahead and spell out everything you can in your contract with the Owner.

In the same way the donkey sign keeps the museum patrons from sounding the alarm, a detailed and thorough contract can keep you from having to answer and/or argue about scope of work issues later on.

Sometimes ya just gotta tell everyone in advance that the donkey is alive!

——————————–

Photo in this post: Creative Commons License