Most of our fellow web heads use Internet Explorer to browse the net. However, more and more are using Firefox, the free open source platform. In fact, there have been almost 200 million downloads to date. In Germany, 45% of web users use Firefox.

IBM has embraced open source with both arms. Red Hat is a billion-dollar company that focuses solely on open source integration and implementation (namely the Linus operating system). With $300M in annual revenue and a profit margin of nearly 27%, Red Hat has proven the financial viability of riding the open source train.

One company watching the open source content management and intranet sector closely is Optaros. An Optaros survey released last Christmas highlights the potential value of using Open Source.

The study was conducted in August and September 2005 with responses from 512 U.S. companies, government agencies and other organizations. The study found that the clear majority of organizations (87%) were using open source systems, software often available for free and built by communities of software developers. The most frequently-used open source software was the Linux operating system, the Apache web server, and web browsers, used at some level by more than 70% of the companies represented by the survey participants. About half the respondents were using open source database management systems and application servers in a single business function.

Sampled companies ranged in size from small organizations with revenue under $50 million to large organizations with revenues over $1 billion. The move to open source software is in part explained by the cost savings that companies are generating. Organizations with annual revenue of more than $1 billion saved an average $3.3 million in 2004 from their open source software. Medium-sized companies (with revenues between $50 million and $1 billion) saved an average $1.1 million, and companies less than $50 million saved about $500,000. Several survey respondents reported substantial savings: a technology company cut costs by $20 million, and four companies (three of them telecommunications firms) each saved $10 million last year.

Gaining in popularity are open source business applications software such as portals and content management systems. Some 42% of the survey participants had open source portals and content management systems that supported a single function. Some 16% used open source customer relationship management systems, a percentage that will double in the next three years.

Open source content management is becoming hot. Seth Gottlieb is the Content Management and Collaboration Lead at Optaros and he’s watching the enterprise and intranet space closely.

Some of the open source solutions that Seth watches include:

• Brocalage
• OpenCMS
• Magnolia
• CPS
• Alfresco
• Joomla
• Typo3

However, Plone is Seth’s favorite. “I particularly like the (Plone) founder’s approach of “less is more, ” says Gottlieb, speaking this week to the team at Prescient Digital Media. “Plone has a very user-friendly interface as well as a plug-in architecture for adding on other applications.”

The one detraction to Plone, Gottlieb notes, is using Plone as an architecture for building new applications. A problem he likens to Lotus Notes application development.

A couple of other findings from the Optaros study:

• The study found that once organizations start using open source software, their usage typically increases.
• Most companies were confronted by four primary barriers to achieving even greater benefits:

·         Uncertainties about open source software that often relegate the software to the IT function

·         Lack of understanding of licensing and legal issues around open source software

·         Software cost allocation policies that discourage business functions from reducing the cost of commercial software

·         The difficulty of identifying, evaluating, purchasing and maintaining open source software

Are you using open source? Why not?

RELATED READING:

The growing popularity of open source intranets

Open source solutions for Lotus intranets

Open source intranets

Sex, Lies, and CMS Vendors

© 2006 Toby Ward - Prescient Digital Media

There’s more of your money to take; and the crooks are using more technology to take it.

e-Bay and PayPal phishing e-mails are becoming more and more prevalent. And now the dirty little crooks are no longer relying on e-mail to get you to cough up your dough. Some criminals have learned that we’re becoming more cautious about these e-mails – so they’re setting up fake call centers so that you phone-in and give your personal information after you receive the e-mail.

Phishing schemes often start with misleading spam urging people to visit a fraud website designed to mimic the real business website (such as e-Bay or PayPal). Once unsuspecting people go to the site they’re asked to give personal information – or are loaded up with spyware such as those that track and log your keystrokes.  

According to Symantec's latest Internet Security Threat Report, there were 7.92 million phishing attempts per day during the second half of 2005, compared with the 5.7 million attempts per day it reported for the first half of 2005. And the attacks are becoming sneakier and more sinister.

Criminals Increasingly Blend IT Threats is an interesting read from eWeek: “As businesses and home users have become increasingly savvy about traditional threats delivered via e-mail attachments, criminals are finding new ways to lure end users to consume their attacks, according to the report. Researchers specifically cited a growth in the number of threats that use spam e-mail messages or IMs to distribute links to Web sites where malware or spyware is secretly downloaded to end users' computers.”

One of the keys to identifying a phisher is looking at the URL requesting you to update your information. If for example, rather then clicking through to the PayPal URL www.paypal.com, a phisher would have you go to a dummy site with a similar URL (e.g. paypal.palpay.com). Now, one crook even used a URL hosted on PayPal's legitimate site that had been altered by cyber-criminals using a “so-called cross-site scripting attack.” Little bastards!

Here are some tips from MailFrontier (TopTenTipsforFindingaPhish) to avoid being scammed:

1. Know thyself: Know the online companies you deal with. When a suspect email arrives, remember: it could be fraud, it's definitely spam, and it is definitely not for you. Delete it.
2. Subject matters: Consider the subject line of an email carefully. Citibank will never send you an email headed “_Citiibank_account_update ACT-N0W”. These messages may get through spam filters because they appear to come from a reputable source, but that doesn’t mean it’s really from Citibank.
3. Learn the language: Understand how the companies you deal with want to interact with you. For example, banks usually want you to access your account through their website–not an email link. “Phishing” emails stand out because they don’t follow the rules.
4. Browsing around: Practice safe browsing. Open a new browser window each time you log on to a web site that displays personal information. When you are done at that site, log out and close that browser window.
5. Spelling counts: Be sure to read emails that say they are from companies you know. Sometimes a real email will have a spelling or grammatical error, but anything more than one error is suspicious.
6. Mousing around: Scroll over the links in emails you receive and check them. In some email systems, you can scroll over the different links in an email and see the actual contents of the link. If the email says PayPal, but the link content says “ www.paipall.com”, be careful. And note: URLs can be disguised—so don’t take a suspect link at face value.
7. All form, no function: Never enter your personal or credit information into a form in an email. If you feel the email is legitimate, call the company or visit their web site and log in to provide the requested information.
8. It’s personal: Expect good customer service. Unless your name is “eBay User” or “johndoe99”, most “phishing” emails are not personalized. If you receive a “Dear Customer” email, it may be time to move on.
9. Make a statement: Read your statements – every one, every month to ensure your charges and debits are correct. Often information obtained through phishing is not used right away. Stay vigilant and report any suspicious activity immediately.
10. Stay current: Use and maintain your email protection software for spam blocking, fraud blocking, and anti-virus. If you have any questions, there are many fine web sites which can provide the latest information on the latest virus, “phishing” attack, or on-line scam.

RELATED READING:

Assessing your security risk

Best practices: securing your intranet

Securing your intranet from the inside

Top 10 security lapses

Email and intranet are biggest wireless threats

Like a child, an intranet is a lot of work – and if done properly, the rewards are enormous.

Also, like a child, the intranet however can try your patience like no other business system. Successful intranets require more than just hard work – they require a lot of nurturing, patience, and understanding. This is what I would call smart parenting or smart governance.

Patience is key however because the rewards often take years to bear true fruit. Successful intranets like some profiled here on Intranet Blog take many, many years. The intranet is a complex, and often very emotional, business system. It is not just a website or another communications tool. It’s a representative ecosystem of the entire business.

Your employees, however, are not children. Treat employees like children, and you better dam well expect questionable behavior.

A client organization of many thousands of employees came to me with a problem – one of the businesses was forcing employees to accept an online compliance agreement for using their computer – every day. Let me repeat: forcing employees every day to accept an online compliance agreement for using their computer for work. Wow. I’d love to meet the guy who came up with this idea. Now, I don’t mean to sound sexist, but I’m convinced that only a guy could come up with this – and likely someone with a military or football background.

I dare anyone to prove to me how this benefits anyone – especially the company. Please convince me that as we stand on the precipice of the greatest labor shortage in the history of modern business how such a forced daily compliance routine will engender employee satisfaction and employee retention. Come on, convince me. I’m looking for a good argument.

Just about every company has an employee conduct policy that new employees are expected to sign. But let me ask you, does your organization have a daily employee compliance procedure for…

• Making a phone call
• Using the bathroom
• Eating in the cafeteria

Yeah, exactly. So why the hell would apply such a tyrannical rule to using a computer? Treat an employee like a child and the predictable will ensue:

• Decreased productivity
• Decreased employee satisfaction
• Decreased employee retention
• Decreased customer satisfaction
• Decreased earnings

Employees as adults

Of all the dozens of intranets I have worked with – and hundreds I’ve seen and used – almost all companies have corporate polices on Internet and intranet usage. However, I have yet to come across a company that has ever forced any employee to agree to any form of compliance or agreement on a daily basis. Sometimes, very rarely, compliance is a one-time agreement online where the user selects ‘yes’ or ‘no’. More common is a set of policies attached to the employee conduct agreement that is either agreed to by the employee upon hire or on a semi-annual basis.

Additionally, in an overwhelming majority of large established companies, employees are bound by a policy or disclaimer that is published on the intranet home page and/or available within the footer of all intranet pages.

Fidelity Investments Canada has a link at the bottom of all pages to “Important Legal Information” which links to their page outlining the employee’s obligations regarding acceptable use, confidentiality and distribution. The same link and policy is promoted on all pages of the Fidelity Investments global intranet portal, Fidelity Central.

One of the big banks (a client) has an online code of conduct test that employees have to take every two years. It incorporates an "Information Technology Use" section included. Employees have this in their personnel file to prove knowledge of and agreement to the code of conduct. These policies detail the company’s right to monitor emails/internet usage, downloading inappropriate info, etc.

HSBC has a one paragraph disclaimer at the bottom of the intranet home page. There are also links to established policies on “acceptable use” which all employees must sign-off on.

Wachovia has a link at the bottom of most of their main intranet site pages called “Usage Policy”.

Capital One has a link entitled “Disclaimer”; Bank of Ireland has a link called “Group Intranet Guidelines.”

What if employees surf porn?

Let them surf porn, and eat cake. I expect that some employees will do naughty things – online and offline – regardless of company policies and compliance. Personally, I’d rather empower employees to make the right decisions – just like we do with their day-to-day jobs. I’d also like to give employees access to whatever they like.

If employees surf porn during the day, then I’ll make a decision on their employment based on that behavior. I’d prefer to find out based on their behavior rather than rule over them with a big stick. This is also a natural retention tool – it separates the wheat from chafe.

RELATED READING:

Happy Independence Day! And for those Canucks that have a long-weekend hangover, Happy Canada Day!

One of the great things about growing a company is hiring a talented staff that also has areas of expertise and keeps an eye on trends, etc. I still keep up on the trends, but now I have a bigger cache to draw on with the staff in the office as well.

One trend in particular gets a lot of attention, and yet so many companies have little understanding of it: search engine optimization.

For example, many readers of this column would know the value of proper page titles. However, so many organizations fail miserably in creating an effective page title so that their pages are ranked accordingly on the major search engines (namely Google). Just a quick search of some big name organizations that don’t have effective page titles include Hyundai, the Government of West Virginia, and National Car Rental to name a few. (Did you know that Hertz wouldn’t let me on their site because I didn’t have ‘cookies’ turned on? They won’t let me on the site. Can you imagine turning away business because your customer has their cookies turned off? Extraordinary!!!).

So we should all know by know that search engine optimization is the process and activities of ‘optimizing’ your web pages so that they’re effectively indexed and therefore retrieved and ranked as high as possible by not only your own search engine, but also the big search engines. The same goes for intranets.

Did you know… “62% of users click on first page search results with an accumulative 90% clicking on results from the first three pages of returns. And 87% of results clicked on were from the organic (non paid) portion of the search results – which are totally dependent on their ranking by ensuring they follow the optimization techniques.”

Prescient Digital Media Business Consultant Catherine Elder gives us a complete refresher with a look at the latest trends for search engine optimization in Get discovered – understanding search engine optimization.

ON A PERSONAL NOTE: A welcome aboard to our new client CANA Group! A congratulations to our consultant Claude Malaison who will be leading the project. I enjoyed the long weekend – and worked very little for a change! After logging almost 50,000 kms in the past 7-8 weeks I was just a little tired. We celebrated my Dad’s birthday (happy b’day!) with a day at the beach, took my daughter swimming in the ocean, and did a lot of gardening. Watching with great interest my five month-old daughter grow and evolve. I think she’s a bright one.

I did manage to watch only some of the soccer including the very last bit of the – Germany match. What a game – thrilling stuff! I must admit I’m one of the chronic under-believers in Italy but I’m a believer now! I’ve been watching with interest all the free agent hockey signings in the NHL. Wow. How interesting the ‘game’ has become… particularly with the big defensemen musical chairs. We’re gonna miss Ed Jovanoski here in Vancouver – and big Bert too… but am looking forward to seeing Roberto Luongo and Willie Mitchell in action!

Toby Ward - Prescient Digital Media