Computer hacks were the topic of tech news on the day after Senator Obama's historic election. On Wednesday, Newsweek reported that the Obama and McCain campaigns were the subject of computer hacks during the campaign.  The Obama campaign reported a possible email phishing attack this past summer.  They were ultimately told by federal authorities that both the Obama and McCain campaign computers had been compromised. Reports are circulating that the attacks came from a "foreign entity" and lifted significant amounts of data from both campaigns.

Also on Wednesday, malware creators took advantage of the tremendous interest in the election and began sending emails with "Obama" somewhere in the subject line.  The most common subject lines promised video of a speech, additional election coverage, or new interviews.  One security company alone reported that it had filtered more than 10 million emails in less than 6 hours on Wednesday morning.  Apparently, hundreds of thousands of people sought to open them and were instead infecting their computers with malware.

These two events highlight the importance of email security.  This is the first major election heavily conducted, financed, covered, and influenced on the web.  It reflects the transition to technology for ever-increasing numbers of the population.  And, it reflects our ready acceptance of the transition.

Too many people assume that their spam filter, anti-virus software, etc will protect them.  Yet, any technology professional will tell you that firewalls and software alone are not enough to protect a computer from data theft or destruction.   They'll also tell you that emails are the easiest means of attacking computers because people still act before they think. A huge percentage of hacks rely on "social engineering" - convincing a person to do something that works to the hacker's benefit.  

Education is still a significant tool in the computer security arsenal.  Users must learn to stop and ask themselves whether the email is likely to be what it seems.  First the easy questions: How likely is it that some stranger will really send you millions of dollars?  Is your US bank really going to send you any request from an email address that doesn't contain the company name?  And, if your friend really did lose a wallet on a spur-of-the-moment vacation how likely is it that she'd email you for a credit card number instead of calling her husband, the consulate, or American Express for help?

Is it possible to go the next step and teach users a little technology?  They should always check to see if the attachment they're about to open like a present on Christmas morning ends with ".exe" (a file that will execute some program).  If it does, they should beware and seek tech support.  Or can we teach them to look at the "properties"  of the link they're about to click, see the web address ("URL") and recognize that the source is the wrong country?  A quick look at the domain registry will make it pretty obvious that something that purports to come from around the corner has a two letter code that means it's really coming from a country around the the world.

With so much hacking going on, the problem is no longer just a technical one. More laws are creating responsibility to take reasonable care to protect other people's information and liability for failing to do so. It is important to remember that with these changes, the standard of care is expected to improve, and what was reasonable yesterday may be unreasonable today.

What do software development and the Titanic have in common? They both hit icebergs! It sounds like a bad joke, but there's an important kernel of truth here.

The software development process, unfortunately, has a predictable pattern. You, as the business leader, meet with software developers and reach agreement on "system requirements." The programmers toil and arrive with the new software and both sides are immediately unhappy. Developers think you change your mind. You think developers don't listen.

What really happens is what I call "the iceberg" phenomenon. Both sides believe they have a meeting of the minds and don't realize that their agreement rests upon a tremendous number of assumptions. You and the developers each understand the words, phrases, and concepts of any requirements document in the context of your own experience and environment. Like an iceberg, the words that are used are the 10% that both sides can see; under the surface lies the 90% that defines their differences and creates the many risks that increase time and cost.

For example, programmers don't know if a particular design will have legal implications or will cause problems for someone in the supply chain. Business professionals are facing time pressures that keep them from providing the tiny details of date formats (12/31/2007 vs 31/12/2007) or country codes which may be critical to the business. On the other hand, I once discovered business professionals phrasing a requirement in a way that was about to cause ten weeks of programming, when the right question reduced the issue to a ten minute text change. That's an iceberg!

So, what's the "sonar" for this problem? Here are four alternatives:

1) Find a translator. If you can, find someone who has worked in both worlds and can serve as the "translator" for both sides.

2) Make everyone a translator. Assign someone to create a "lexicon" - a glossary of terms that are unknown to one side or the other. To avoid definitions filled with new inscrutable terms, ask contributors to check with a twelve year-old to see if the explanation is intelligible.

3) Create ambassadors. When possible,insist that a designer or programmer spend time at the side of the person(s) who will use the system. It's amazing how much the developers can learn through watching the workflow, overhearing an occasional conversation, or a chat at the coffee machine. If they are inalterably offsite, consider collaboration tools, giving people the ability to see and hear as much of the user's current business process as possible.

4) Require an "open" development environment. Remember that the vendor's work is not a surprise Christmas present. Consider the unorthodox approach of keeping the vendor's progress accessible at all times. Rather than waiting for benchmarks, assign someone to regularly view the developer's work. Developers using best practices will have wire diagrams, screen mock-ups, and functioning modules that will allow for course correction long before the code is finished.

I know that everyone is facing business pressure to be somewhere else, doing something else -- usually something that seems more directly relevant to the bottom line. But, I guarantee that time spent with developers while they work will save vastly greater amounts of time and money later.

Business owners and managers often see Information Technology as a bottomless expense and sometimes wonder aloud what IT professionals are really doing for them. The job descriptions are an alphabet soup of acronyms and sometimes those unknown abbreviations leak into increasingly incomprehensible presentations. Slavish chasing of flavor-of-the-year certifications, software, and trademarked processes overwhelms consideration of the fundamentals.

Why, then, does IT matter? What value does it bring to every business? A computer can calculate or process things faster than a human and can store vastly greater quantities of information. For most businesses, those traits were maximized a long time ago when manual labor and paper file cabinets were replaced. Today, IT's greatest vaue is its contributions to senior management decision making.

Every manager is faced with the same fundamental questions:

1) How do we propose to generate revenue?

2) How should I allocate resources to accomplish that?

3) How well did we meet the revenue goal? Why?

From the business' existing stores of data, IT can provide information to assist in answering these questions. In addition, when needed, IT professionals should know the best sources of data about the performance of the competition, the demographics of the potential customer base, and be first to offer meaningful enhancements to analytic techniques.

Executives should ask the relevance to the business of any IT activity.  Data is "cleansed", "harmonized", and "integrated" not because it makes data processing more efficient but because it provides more accurate answers to business questions which ask "how many?" "who?" "what are they doing?" Software applications and visualization tools should not be replaced simply because enhanced technology is available, but only when these tools change the prism on available information and can provide more relevant insight to a manager or line of business. Even system security should not be enhanced to protect IT, but rather to protect competitive advantage and support client retention. The best IT professionals can and should always address their work from the perspective of the value it provides to the business and the bottom line.