In today’s digital world, keeping your online accounts secure is essential to safeguarding your personal information and digital identity. With over 1 Billion records exposed in various breaches, doing everything you can to keep your information as private as possible is critical.

Let’s try to avoid getting hacked!

However, there are common pitfalls that put individuals at risk: using the same password for multiple accounts and using weak passwords.

Let’s explore the dangers of these pitfalls:

(1) Using a Single Password for All Accounts:

Heightened Risk of Account Compromise: Reusing the same password across multiple accounts increases the chances of a security breach. If one account is compromised, hackers can access all other accounts using the same password, leading to potential identity theft or financial loss.

Vulnerability to Credential Stuffing: Cybercriminals exploit password reuse through credential stuffing attacks. Once they obtain login credentials from one breached account, they attempt to use the same credentials on other websites, exploiting the practice of password reuse.

Limited Protection Against Data Breaches: Data breaches are common, and passwords leaked from one breach can be used to access other accounts if the same password is reused. Using unique passwords for each account is crucial to minimizing the impact of data breaches.

(2) Using Weak Passwords:

Prone to Guessing: Weak passwords, like “password123” or common dictionary words, are easily guessed by attackers using automated tools. These passwords offer minimal protection against brute-force attacks. Try doing a search for the last year’s top worst 200 passwords. Sadly, this list is nearly identical from year to year! If you have a password that is similar to any of these, you really do not have a password at all.

Some examples of commonly used weak (non-) passwords that have been problematic for years due to their lack of complexity and susceptibility to being guessed or cracked easily:

• 123456
• password
• qwerty
• abc123
• iloveyou
• admin
• welcome
• letmein
• 123456789
• football
• Password1

Susceptible to Dictionary Attacks: Attackers can use dictionaries of commonly used passwords or words found in literature, movies, or online forums to guess weak passwords. With readily available information online, it’s relatively simple for attackers to crack weak passwords.

Easy Targets for Phishing: Weak passwords often contain easily memorable phrases or personal information, making users more susceptible to phishing attacks. Attackers can exploit this information to trick individuals into divulging their login credentials.

To mitigate these risks, it’s crucial to practice good password hygiene and use a reliable password manager.

Below are two highly recommended password managers from reviews online.

1Password: 1Password is praised for its simplicity and robust encryption. It provides secure password storage, item organization, and integrates well with various platforms and browsers. Additional features include secure password sharing and a travel mode for enhanced protection.

Bitwarden: Emphasizing privacy and open-source software, Bitwarden offers end-to-end encryption and supports two-factor authentication. It’s highly customizable, allowing users to self-host their password vaults for maximum control over their data. Bitwarden also offers a free version which may be more than enough for most users.

The general consensus is to create a unique strong password (as long as a site allows) that you cannot remember (an indication of its strength) for every site you visit or for account you have.

By prioritizing password security and leveraging reputable password manager solutions like LastPass, 1Password, or Bitwarden, you can enhance your online security and protect your digital identity more effectively.

Things not discussed in this posting

After having written the posting above, Passwords may be (finally) on their way out! There have been so many strategies over the years to help people have and use safer passwords for basic password security.

Unfortunately, when the average user might have well over 100 sites or log-ins for which they need to manage passwords, without a Password Manager password reuse and weak passwords are common problems. Technologies like Passkeys may eventually replace passwords entirely.

Tom’s Guide Article on Passkeys

Today, there are sites that, even if you use a very strong password, they still force you to change the password on their site every so many months. Using current technology, using a strong password could take a hacker, using brute force methods, more years to crack then there are stars in the universe. (See our other posting on this calculation. )

Additionally, there are sites that still limit you to, say, 20 password characters or further restrict what characters you can enter. All these restrictions are ridiculous and point to no standards or oversight.

The bottom line, unfortunately, is we have no idea how a site handles our password. Is it hashed? Is it stored in clear text?

Using 2FA was also not discussed here as there are several 2FA types deserving their own posting. Each of these 2FA types has their own advantages and (security) disadvantages. In general, however, 2FA is a good idea for any site you can use it with, but be sure you understand the limitations and possible security implications (SMS 2FA vs hardware key, for example).

Stay tuned for further postings on these topics!

Introduction

Many people still seem to think that sending an email is secure—that only they and the person receiving the email can read it. However, nothing could be further from the truth. Without you doing something on purpose, sending email (and any attachments) has the same security as sending a postcard in the US mail. Almost anyone with server access could read it.

From its humble beginnings, Email (sadly, like many current technical products still to this day), now in use for over 50 years, was never developed with security in mind. Email’s main goal was to allow people to send messages, where before email such communication was next to impossible. Although Email is ubiquitous today, what gets sent via email is much different, and often much more personal, than in the past.

Email’s missing security should concern you, since most people who ask you to email some document have no idea that possibly sensitive information you’re sending could bounce around the Internet unprotected from prying eyes. That email could be stored on multiple servers en route, read by any administrator, etc., before finally making it to the destination (think: doctor, lawyer, bank, and other non-technical people who may innocently ask you to email something extremely private). Unless you do something on purpose to safeguard your email, or you know you’re using an encrypted email service, your email is sent in plain text that’s easy to read. 


So, what to do?

Use a Third-Party Email Service to Encrypt Your Emails

One solution would be to use a service like ProtonMail, which encrypts emails and keeps emails encrypted on ProtonMail’s email servers. If both the email recipient and email sender have ProtonMail accounts, your emails are are always encrypted. The shortcoming with this approach is that, however trusted ProtonMail may be, they have the “keys” to your emails. So, in theory, however unlikely, they could read your email. Although it’s still much better to have encryption from a third-party like ProtonMail over none at all, letting another company control the keys to your email has the same inherent risk with any third-party email company you pick.

Set Up Your Own Encryption

A more secure solution is to set up your own encrypted emails. Most popular email clients like Thunderbird, PostBox, MacMail, and even Outlook (on the PC only, currently) support PGP either directly (Thunderbird) or using a plug-in. Plug-ins are either free (Thunderbird, PostBox) or inexpensive (MacMail and Outlook). Check with your current email client to see how (and if) it supports PGP.

PGP (“Pretty Good Privacy”) is an email encryption method in which you generate a public key and a private key for each email account you want to secure (Note: you can use PGP outside of email, too). You never need to share a password. You then share your public key, as described below, so that others can send you encrypted emails.

To set up encrypted emails, you start by creating a “keyring”. For each email account you have, you create a “key pair”. A key pair has a public key and a private key. The keyring is a software construct (a file on your computer) in which you store your public and private keys (you NEVER share your private key with anyone) and public keys you have imported for other people. The key manager software creates public and private keys for each email address. If your email program supports PGP, it should automatically work with a key manager. Then, once you’ve created the keys in the key manager, you can use them to send encrypted emails.
Normally, all you need to do is enter the email address in the “TO” line of an email and click “encrypt” (or similar, depending on the email program) and the email program will find the public key (in your keyring) of the person you are emailing and encrypt the email automatically when you send it.
Since many emails don’t need to be encrypted, encrypting an email is always optional. You decide which emails to encrypt and which not to encrypt.

Sharing Your Public Key and How to Send Encrypted Emails Back and Forth

To understand what’s really going on, here’s the flow: for person A to send an encrypted email to person B, person A has to first import person B’s “public” key into his keyring (you NEVER share your private key). Then, person A creates an email and encrypts the email to person B using Person B’s public key. Finally, person A sends the encrypted email to person B. When person B receives the encrypted email from person A, person B’s email program uses his private key (again, from the keyring) to decrypt and display the message person A sent him using person B’s public key).
Key point: The private key undoes the encryption the public key creates.
Note that many email programs will automatically know when you enter the email address, in this case for person B, that there is a public key available for person B and fill it in for you.
Similarly, for person B to reply to person A, person B would also have imported Person A’s public key.
Unless a key has an expiration date (an option when setting up the key-pair), you only need to import a person’s public key once.
Also, it’s perfectly acceptable to ask for someone’s public key to send a secure (encrypted) email.
There are also online public key repositories where some people store their public keys. You can also store your public key on your website. It’s public. A key benefit with PGP is there is no password sharing needed.

Limitations

The challenge with the encrypted email is that both email sender and receiver must be sharing their public keys. Therefore, to send/receive encrypted email with someone, you must have already set up PGP (creating your public and private keys for your email accounts and importing any public keys from people to whom you wish to send email). You can’t simply send an encrypted email using PGP to someone who has not shared their public key with you.
Another issue is that if you ask many people for their public key, they won’t have any idea what you’re asking them. You can try to explain what you are trying to do to secure your email, but you might only hear silence.
In cases where people have no idea what PGP encryption is, as mentioned above, you could try to use ProtonMail or a similar service. Using a third party company is still better than sending a totally insecure email. However, it may again be the case where the recipient does not use a third-party email encryption solution.
Another even less desirable option would be to send a password-encrypted zip file or similar. However, note that sending anything “password-protected” means you must share the password, which is the inherent problem PGP solves. With PGP, you freely share your public key. If you send a password using some other non-PGP method, then you must share that password. This old-style password approach is not secure since the password could be intercepted making your email readable again. Or, to share the password, maybe you call the person on the phone to say what the password is. Your (cell, VOIP, …) phone could be intercepted, too.
So, if all else fails, see if the recipient (the person who is asking you to send sensitive information in unprotected email) has a “portal” (a secure website you could log into) backed by HTTPS and then securely upload any documents.
The good news is that finding people who understand and use encryption is not as difficult as you might think and securing your personal and business data are well worth the effort.

Conclusion

Setting up secure email is often important for individuals and for businesses. Ask yourself if “this email” you’re about to send would be OK to print on a US postcard and drop in the US Mail in plain unprotected text. If you answer “no”, then you need to do something “on purpose” — like setting up encrypted email. There are plenty of “how-to” guides online that walk you through setting up PGP email (aka, GPG) for various email clients.
The workflow described above may sound complicated, but once you get PGP set up, and understand how it works, using it is simple and unobtrusive.
With any of these approaches above—even PGP, there is no guarantee what the recipient will do with your data once he decrypts your email and has your original, unencrypted, document(s). Thus, there is always the decision whether something should be emailed (sent) … at all.

Finally, with higher and higher Q-bit computing, we will probably soon need quantum-safe encrypted email. More on this topic in a future article.

Enjoy!

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Please read our disclaimer available from our home page.

If your city is growing at 5% per year, is this a good thing? What will the size of the city be in 10 years? Is that a linear or exponential growth?  If your checking account has a 10% interest rate, how long until you double your money? All good questions.

It’s been said that no layperson understands exponential growth and unfortunately, if that’s true, then neither do the media or popular TV shows. Try to explain exponential growth to someone and you may be greeted by a blank stare. Why does any of this matter?

First things first…

What is an exponential function?

An initial explanation might be that exponential growth is when something is growing at a very fast (non-linear) rate though possibly not noticeable initially. In normal everyday life we tend to think of things linearly getting faster, slower, bigger or smaller, but at a constant rate.  Exponential growth is different. It is not linear as it gets very large, or quick, at some point, and that point is sooner than you might think.

In high school, most students learned about functions like 2^x (or, “2 to the x”: 2 raised to the power of  x). Here, we have an exponential function since the variable is in the exponent itself. Having a variable that increases while in the exponent is the basis of what an exponential function is. Of course, things can, and usually do, get more complicated, but understanding the variable in the exponent is a the first step.

Graph — Look at the data vs. the graph below to see how the graph changes exponentially vs linearly

Note that the linear portion (right side) of the graph has the variable “x” not in the exponent. The linear portion has a line with constant slope.

Why does it matter?

Exponential growth is everywhere. Understanding it is important not only for day to day activities, but to understand how things work. Something that may not seem to matter with a few trials may actually be extremely important once proper analysis is done.

Examples?

Example1: Your bank’s interest rate on your investments.

Simple Interest: Simple interest is when you get, say, 10% per year (or other fixed amount) interest on your account or investment. Not much going on there. With a $100 principal amount, that’s just $10 per year. Easy.  So, if your initial amount, or P, was $100, you would have $10+$10+$10+$10+$10 more in five years. Simple interest, or $100 + $50 = $150. The interest is growing linearly. If you looked at the formula for simple interest, you’d see there is no variable in the exponent.

Compound Interest: Compound interest gets more interesting, since the interest, if compounded yearly (or otherwise), takes into account all the money you’ve earned (including the previous interest) to calculate your future amount. A quick example.

Using the formula:   Balance = P * (1 + r) ^ n, where P is the principal amount, r is the interest rate, and n is the number of compounding periods. Here, exponential growth quickly outpaces simple linear growth. If we start with the same values and assume a 10% interest rate, we would have:

Balance = 100 * (1 + 0.1) ^ 5 = $161.

Not impressed yet? How about after 10 years?

Balance = 100* (1+0.1) ^ 10 = $259.

—
The side question often comes up as to how long it would take to double your money (dust off your college algebra for this one…)

    M = P (1+i)n

    Say you start with $100 and a 10% interest rate compounded yearly. How long would it take to double your money?
    200 = 100 (1+i)n
    2  =  (1 + 1)n
    or
    log(2) = n log(1.1)
    n = log(2)/log(1.1)

    napprox = 7.28 years.  (to double your money)

With compound interest, the money you earn is growing exponentially, not linearly.

Albert Einstein was supposedly quoted as saying the most powerful force in the universe is compound interest.

—————————

Example 2:

Doubling your money every day for thirty days starting with just one penny.

Say someone offered to give you (A) $500,000 or a (B) penny and double it every day for 30 days. Which would you take A, or B?

If you chose B, you’d be a lot better off since that daily penny doubling goes like this:

Day:            Pennies
———————————————————
1                1
2                2
3                4
4                8
5                16
.
.
.
…
30              536870912 pennies, or dividing by 100, $5,368,709.12 (over 5 million dollars!)

—————————

Example 3:

Paper Folding until you reach the Sun

Assuming you could physically fold a piece of paper in half over and over, how many folds would it take you to reach the Sun?  We can see that this is as 2^x exponential growth since each fold is doubling the paper thickness. We quickly realize that there is no way we could “physically” fold the paper in half more than a few times, but what if we could, at least theoretically? How many folds would it take to reach the Sun? You might (incorrectly) assume it would take too many folds since folding the paper once, then twice, then three times, doesn’t amount to much. Ah, but that’s the problem with exponential growth: the growth kicks in later.

Here are some possible answers to the question about how many folds, approximately, it would take to reach the Sun (which is closest).

What’s your guess?

A. 50

B. 500

C. 5,000

D. 5,000,000

Guesses?

Well, if you answered A or 50, you’d be right.

Here is the output of a computer program that actually computes this paper folding (you could get the same result manually).

We assumed the thickness of a piece of paper is 0.0001 feet and the distance to the Sun is 491,040,000,000 feet.

Let’s start folding…. (notice that nothing really happens on the first 10 to 12 folds, but then, with exponential growth, it gets interesting)

Let’s calculate this!

Number of Paper Folds so far: 1, distance traveled toward the Sun: 0.0002 feet
Number of Paper Folds so far: 2, distance traveled toward the Sun: 0.0004 feet
Number of Paper Folds so far: 3, distance traveled toward the Sun: 0.0008 feet
Number of Paper Folds so far: 4, distance traveled toward the Sun: 0.0016 feet
Number of Paper Folds so far: 5, distance traveled toward the Sun: 0.0032 feet
Number of Paper Folds so far: 6, distance traveled toward the Sun: 0.0064 feet
Number of Paper Folds so far: 7, distance traveled toward the Sun: 0.0128 feet
Number of Paper Folds so far: 8, distance traveled toward the Sun: 0.0256 feet
Number of Paper Folds so far: 9, distance traveled toward the Sun: 0.0512 feet
Number of Paper Folds so far: 10, distance traveled toward the Sun: 0.1024 feet
Number of Paper Folds so far: 11, distance traveled toward the Sun: 0.2048 feet
Number of Paper Folds so far: 12, distance traveled toward the Sun: 0.4096 feet
Number of Paper Folds so far: 13, distance traveled toward the Sun: 0.8192 feet
Number of Paper Folds so far: 14, distance traveled toward the Sun: 2 feet
Number of Paper Folds so far: 15, distance traveled toward the Sun: 3 feet
Number of Paper Folds so far: 16, distance traveled toward the Sun: 7 feet
Number of Paper Folds so far: 17, distance traveled toward the Sun: 13 feet
Number of Paper Folds so far: 18, distance traveled toward the Sun: 26 feet
Number of Paper Folds so far: 19, distance traveled toward the Sun: 52 feet
Number of Paper Folds so far: 20, distance traveled toward the Sun: 105 feet
Number of Paper Folds so far: 21, distance traveled toward the Sun: 210 feet
Number of Paper Folds so far: 22, distance traveled toward the Sun: 419 feet
Number of Paper Folds so far: 23, distance traveled toward the Sun: 839 feet
Number of Paper Folds so far: 24, distance traveled toward the Sun: 1,678 feet
Number of Paper Folds so far: 25, distance traveled toward the Sun: 3,355 feet
Number of Paper Folds so far: 26, distance traveled toward the Sun: 6,711 feet
Number of Paper Folds so far: 27, distance traveled toward the Sun: 13,422 feet
Number of Paper Folds so far: 28, distance traveled toward the Sun: 26,844 feet
Number of Paper Folds so far: 29, distance traveled toward the Sun: 53,687 feet
Number of Paper Folds so far: 30, distance traveled toward the Sun: 107,374 feet
Number of Paper Folds so far: 31, distance traveled toward the Sun: 214,748 feet
Number of Paper Folds so far: 32, distance traveled toward the Sun: 429,497 feet
Number of Paper Folds so far: 33, distance traveled toward the Sun: 858,993 feet
Number of Paper Folds so far: 34, distance traveled toward the Sun: 1,717,987 feet
Number of Paper Folds so far: 35, distance traveled toward the Sun: 3,435,974 feet
Number of Paper Folds so far: 36, distance traveled toward the Sun: 6,871,948 feet
Number of Paper Folds so far: 37, distance traveled toward the Sun: 13,743,895 feet
Number of Paper Folds so far: 38, distance traveled toward the Sun: 27,487,791 feet
Number of Paper Folds so far: 39, distance traveled toward the Sun: 54,975,581 feet
Number of Paper Folds so far: 40, distance traveled toward the Sun: 109,951,163 feet
Number of Paper Folds so far: 41, distance traveled toward the Sun: 219,902,326 feet
Number of Paper Folds so far: 42, distance traveled toward the Sun: 439,804,651 feet
Number of Paper Folds so far: 43, distance traveled toward the Sun: 879,609,302 feet
Number of Paper Folds so far: 44, distance traveled toward the Sun: 1,759,218,604 feet
Number of Paper Folds so far: 45, distance traveled toward the Sun: 3,518,437,209 feet
Number of Paper Folds so far: 46, distance traveled toward the Sun: 7,036,874,418 feet
Number of Paper Folds so far: 47, distance traveled toward the Sun: 14,073,748,836 feet
Number of Paper Folds so far: 48, distance traveled toward the Sun: 28,147,497,671 feet
Number of Paper Folds so far: 49, distance traveled toward the Sun: 56,294,995,342 feet
Number of Paper Folds so far: 50, distance traveled toward the Sun: 112,589,990,684 feet
Number of Paper Folds so far: 51, distance traveled toward the Sun: 225,179,981,369 feet
Number of Paper Folds so far: 52, distance traveled toward the Sun: 450,359,962,737 feet

Total Number of Paper Folds without going past the sun was: 52

WOW.

Conclusion.

Exponential growth is all around you. We use it in so many things in everyday life we sometimes aren’t aware it’s there.

People say (typically on “the news”) that things are (loosely speaking) “exponentially” bigger worse or whatever. This loose terminology is, unfortunately, slang for “getting really bigger! (or worse, etc.)”. In many of the circumstances where you might hear exponential growth used (again, often, sadly, in the media), the growth is really not exponential.  Note that a^x type function is also geometrically increasing since it’s a constant raised to a power.

We recently blogged another example of how exponential growth works when using a longer and longer key space with an iPhone passcode. With six characters and only numbers we had 6^10 permutations, but with letters and numbers (lower case) we had 6 ^ 32 permutations. Thus, the key space is getting larger exponentially (since the exponent has the number of letters possible) but it’s getting larger linearly with the passcode length itself.

Exponential growth is not difficult to understand and it’s everywhere!

Enjoy!

——–

Please read our disclaimer available from our home page

Introduction:

The data you entrust to third parties like colleges, your credit card processor, or data you have no control over (OPM, IRS, or other “organizations”) has likely been compromised. In fact, there have been shocking data breaches reported in the last ten years. So many breaches that you may no longer really pay attention to the newest breach on the news.

The biggest breaches get the headlines, like the OPM breach that affected over 20 million federal workers. The numbers are staggering. From 2005 through 2016 (partial data), there have been 898,590,196 total records reported breached!

To make matters even worse, more than half (53%) of all breaches reported zero records breached — meaning an “unknown” number of records breached. Therefore, the total breached count is potentially much bigger than the nearly 900 breaches reported above.

These breaches happen in various ways. From hacking, unintended disclosure, fraud, insider threats, and other methods (see “Types of Breaches” below). Organizations affected run the gamut — from retail to government, financial, education, and other types.

The data in this article is from the publicly available information at https://www.privacyrights.org/data-breach. Using this publicly available information from the privacy rights clearinghouse, this article describes the breaches grouped and summarized in various ways. Below you will see breakouts of that data, many possibly surprising.

Conclusion:

Based on the data breakouts below, you should be concerned about the security and privacy of your information and the nearly total lack of security organizations (and, yes, the government) have.

What’s shocking about these results is that encryption for databases has been around for a long time, which would mitigate many of these breaches completely or at least to some extent. Yet, it seems few, if any organizations, actually bother to encrypt their data. Thus, when they’re hacked, and it’s clear from publicly available data that they are getting hacked, the hackers get the juicy raw (unencrypted) data.

Although there is little you can do about this remote data when businesses and government fail to protect your information due to outdated computers, computers not updated with security patches, insider threats, susceptibility to phishing attacks, lax security policies, or whatever, you can consider taking steps on your own to protect your local data and data in transit (a few possible ideas below):

(Note: You might need technical help or other support for some of these ideas below. Please see our disclaimer on our Web site.)

• Encrypt your hard drive
• Encrypt your emails
  • consider PGP or a third party email service like Protonmail.com
• Use a strong password (different) for every Web site
  • (use a password manager)
• Use an up-to-date anti-virus program and keep it updated
• Use an up-to-date anti-spyware program and keep it updated
• Avoid email systems that have the ability to run programs from emails or have been used as virus vectors
• Avoid running as “root” or “Administrator” except in rare, controlled, circumstances
• Do multiple backups and keep backups off site
• Use an Ad blocker with your browser (for example Ad Block Plus)
• Consider using Ghostery or similar to stop trackers
• Avoid using tracking search engines like Google
  – (Note: Google appeared four times in the data results, all with “zero” records reported compromised.)
• Get your own domain name and email hosting
• Other strategies…

Thus, organizations need to be held accountable for data breaches with financial penalties and possibly legal action. Until this day arrives, and the laws catch up to the data breach threats, additionally consider credit watches, freezing your credit, regularly checking your credit report, and taking all the possible steps you feel comfortable with to protect your privacy.

==================================================

Data Breakouts:

Types of Breaches:

1. Unintended disclosure (**DISC**) – Sensitive information posted publicly on a website, mishandled or sent to the wrong party via email, fax or mail.
2. Hacking or malware (**HACK**) – Electronic entry by an outside party, malware and spyware.
3. Payment Card Fraud (**CARD**) – Fraud involving debit and credit cards that is not accomplished via hacking. For example, skimming devices at point-of-service terminals.
4. Insider (**INSD**) – Someone with legitimate access intentionally breaches information – such as an employee or contractor.
5. Physical loss (**PHYS**) – Lost, discarded or stolen non-electronic records, such as paper documents
6. Portable device (**PORT**) – Lost, discarded or stolen laptop, PDA, smartphone, portable memory device, CD, hard drive, data tape, etc
7. Stationary device (**STAT**) – Lost, discarded or stolen stationary electronic device such as a computer or server not designed for mobility.

==================================================

Organization Types:
– Unknown or other (UNKN)
– BSO – Businesses – Other
– BSF – Businesses – Financial and Insurance Services
– BSR – Businesses – Retail/Merchant
– EDU – Educational Institutions
– GOV – Government and Military
– MED – Healthcare – Medical Providers
– NGO – Nonprofit Organizations

Years of Data: Years of Data: 2005-2016 (partial)
========================================

High-level Results:

Of all the data brach types, “HACK” is the highest occurring, with 1,281 separate incidents. The Insider threat also was high with 555 separate incidents.

As stated above, there were 898,590,196 total records exposed

Below is a table showing the type of breach and the number of incidents:

(see “Organization Types” above for to decode the Type below)

TYPE NUMBER

NULL – 46

CARD – 66

UNKN – 149

STAT – 248

PHYS – 542

INSD – 555

DISC – 846

PORT – 1113

HACK – 1281

You might not think that from the numbers of separate incidents above, that not that much data was exposed, but the table below breaks down the number of records exposed per hack type:

Number of total records exposed by hack type:

UNKN — 6,306,078

CARD — 7,203,035

STAT — 11,568,743

DISC — 32,113,235

INSD — 36,268,831

PORT — 172,876,499

HACK — 629,035,293

Data breaches by Entity (government, financial, etc.):

NGO — 107

BSR — 552

BSF — 633

GOV — 722

BSO — 740

EDU — 772

MED — 1274

Note that medical is the highest breach type followed by education. Government is also high with 722 incidents.

Looking at the actual number of records exposed by Entity Type, we have:

NGO — 2,038,766

EDU — 14,790,624

BSO — 21,505,346

MED — 45,403,049

GOV — 178,534,105

BSR — 257,517,157

BSF — 378,801,149

Above, we see that the number of total exposed records was the highest in the business financial area (BSF), followed by businesses retail/merchant. Government brings up the third highest breach count. So, although education and medical had the highest breach counts by entity, the number of total exposed records is by businesses and then by government.

Below, due to space limitations, is very small representation of the organizations involved in these hacks. The list shows only the first 25 characters of the company name. And, since there are so many breaches by company name, we limited the list to only those breaches with 100,000 total records exposed or more. And, even then, there were too many organizations (229) to list them all!

Partial list of organizations with at least 100,000 data hacks:

Finally, if you think things are getting better over time, 2015 was the second worst year on record for total records compromised with 2009 being the reigning champion.

Records compromised by year (2016, partial):

2009 — 218,903,159

2015 — 160,162,774

2007 — 130,261,978

2014 — 71,138,652

2011 — 66,131,642

2013 — 57,651,691

2005 — 52,821,610

2008 — 49,734,455

2006 — 48,607,177

2012 — 27,777,064

2010 — 12,861,822

2016 — 2,538,172

One more thing…Some organizations have multiple data breaches over multiple years so they don’t seem to be fixing things or learning from their mistakes. The short list below shows the top 10 organizations with at least 1,000 records exposed but with at least two breaches in different years. The actual list is quite long and you would recognize many of the organizations.

Name Number Breaches Total Records Exposed

Name — Number of Breaches — Most Recent Breach
—————————————————————————————

University of South Carolina – 5 – 2013-06-28 00:00:00

Texas A&M University – 4 – 2012-04-14 00:00:00

UC, San Francisco (UCSF) – 4 – 2013-11-25 00:00:00

Ohio State University – 4 – 2010-12-15 00:00:00

Columbia University – 4 – 2012-04-30 00:00:00

AT&T – 3 – 2015-04-08 00:00:00

Eastern Illinois University – 3 – 2009-12-04 00:00:00

Merlin Information Services – 3 – 2007-09-25 00:00:00

Purdue University – 3 – 2011-08-16 00:00:00

University of Florida – 3 – 2013-05-29 00:00:00

(IRS was number 11 in the list above.)

———

The publicly-available data file we used (see URL above) for this blog has other useful or interesting information. For example, there is a field that describes how the data were actually stolen. Another field that documents when the breach became public.

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Please read our disclaimer available from our home page

What’s up with Email Hacking?!

With so many stories about email hacking, you’d have to think it’s inevitable, right?

NO! NO! NO! EMAIL HACKING IS NOT (AND SHOULD NEVER BE CONSIDERED) NORMAL!

The Problem:

Because of weak email passwords and no email encryption as “the norm”, email sits on (Internet) servers unprotected behind, often, weak front-end security. Just like a plain text file, if a hacker successfully attacks the server, then all the emails are there for the taking and can easily be read.

Popular web-based email services ALL WORK THIS WAY (Protonmail being one obvious exception). Thus, if you don’t take steps to protect your email, your un-encrypted emails might be in the next email hack you read about. But you say, you don’t have anything in your emails “to worry about”. That’s not really the point. And, upon closer inspection, you probably wouldn’t want your emails totally open to hackers, either.

The Solution:

With just two basic steps, you can almost totally avoid the chances of your email ever being compromised.

Step 1: Use strong passwords on your email accounts!

It’s a sad fact that year after year, most people do not use strong passwords and even re-use weak passwords across email accounts. “Password1” remains the most popular password since it “passes” most password checkers for upper-lower case, a number, and length. Unfortunately, if you use this password, you aren’t using a password at all since this is one of the first a hacker would use in an attack on your email server!

How about a much stronger email password like: 8Y6N2U}(@8N2u8/?Rie9@b=9. ?

——

Step 2: Encrypt your email!

This isn’t new technology, either. Hello, it’s been here for…decades. So, what do we mean by “encryption”?

Two types:

(1) Transport. That is, when you send your email the transport layer should be encrypted. But, transport encryption only encrypts your email on its way to your own email server (and not beyond your server to other email servers). Therefore, what’s the point of securing your email for only part of its journey and then again if the email finally just sits unprotected on the server itself? So, then there’s:

(2) End-to-End encryption. Here, novices will suggest to you that you can encrypt your email and send them the “password” to the recipient. This “Symmetric Encryption”, where the same password encrypts and decrypts, is weak since you must transmit the password itself. The weakness with this approach is that hackers could also intercept that password thus voiding your encryption attempt.

A much stronger approach is to use PGP or other Public Key Encryption email setup for your sensitive emails. With this method, you share your “public” key, but keep your private key private. Thus, this approach overcomes the weakness with symmetric encryption: you do not need to transmit the password.

Setting up PGP can be a little daunting for computer novices. You need to install the program, set up a “keyring”, generate keys, and other one-time setup items. You can also select how long a “key” you want to generate. (A skilled computer user could set up an email client to use encryption as described in about 30 minutes.)

Best yet, popular programs like Mac Mail, Thunderbird (on Mac/Windows) and others, have support for email encryption once you set up the keyring.

You can also just encrypt some text in a window and save that without even using an email program or encrypt a file on your computer. These encryption programs like PGP (and GPG, the free alternative) install right-click menus (shell extensions) so you can encrypt files/text in other places rather than just in emails.

KEY POINT: With encrypted email, your emails remain encrypted on the server until you decrypt them, thus making them useless to hackers (and to other snoops)

Hackers (and other snoops): Good luck decrypting and reading this email:

hQIMA1n71tMYS1g+ARAAryKaRxDQcyd3zjiCRzZe2ZFu9z27ZUFQvPp+NT+8fA2E 8cDDTHPH1gqtlXMKexz4+lsXK73DahsiE9horLJCCF8l5gfsjaj4kWle+XkhBZD8 UAYFyoyWJ6x2AFlh1S2f7vm/xpg3NxAjWyBVD9GypN88xiCk/J154kzHgGm52aCo EwqJ97SiRnPl+/EzbxfouJp9uFPX+VP1b3PMMk6jGLC7+Clhd6sng4YGHvr4OTqH S7DvFxeq7YB9CJFxe76DS6ipEcQqpWEud63VnYrbcJ1r0EU6fAmEvvXDIaoyEL6b pZ8Vz9UM2gsSKQ6zyJqSUo3XHqCsWLstVH1tzJUgFRbnOmJ9LYzwMrrbQykB/BX3 lEZNKLtHNgvtYUKXzmKcZeMKClvvcU/JVDgh5pMUYu1EIB19tPRQtBMre/HqSt+p 5R6edPuZ9PQbNrgfZ49lIbE01ZzrvW6wEhRpn7m33F9xnkrmGNuH0VwwHWuuQ0na ovVj/uXjZeCnHoCsNiqiV7tBZ9czzGq81emCE5CMswKBciO9EB72laXeebQNqFEu XhhmA8yLeANWlk+PogYQh4drrh1VVroK8eTJMN6n1wcICjTL5QDyaFHfX4C7jSMX k7ERBYKU7sJI4KqTvMREbLB9Mse7o7AebdPfwUY2bvIRjcSlPk4z2XlXbAPW2ofS TwEAo0hVPS1Uq1hbhnZemjFzoVy1gCoRUniA234Vm8TAA6ckZ4d1v1jRCgBRHVvZ
oylFIyXuvcnEGGIx57xucxI8XBe6WeGEur2ZUDUrwLg==jxG6

Best yet, the tools mentioned here, like GPG, and the related PC and mac encryption plug-ins are….FREE.

Conclusion:

While it’s disconcerting in 2016, from all the email hacking disclosures, that our elected officials, and government in general, remain clueless about basic email security, that doesn’t mean you have to! Just do a couple basic steps as outlined above to all but eliminate (if not totally eliminate) hackers getting to your email (or being able to read your email even if they do!).

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Please read our disclaimer available from our home page

▾    Why go paperless?
    ▾    Going green
    ▾    Getting bank and other company statements electronically reduces waste at many levels.
    •    Trees being cut down for paper
    •    Paper delivered to stores and to companies
    ▾    Company resources to print paper
    •    Printer, ink, electricity, mailing fees
    •    Paper transmitted via truck, mail, etc., takes fuel and further pollutes the atmosphere
    •    Paper waste (stuff you throw out) ends up in landfills polluting the environment
    ▾    Less clutter
    •    Having a paperless office, or a mostly one, means you don’t have stacks of paper everywhere in boxes and file cabinets.
    ▾    Better security
    •    If you have good data security, then your data on your computer should be more protected than paper files
    ▾    Disaster Recovery
    ▾    If you had a fire or flood, your offsite backed up paperless files would be totally intact.
    •    Note: Offsite backup is a serious topic but not discussed in this blog.
    ▾    Being able to find information quickly
    •    This is one of the best reasons to go paperless – SEARCH!
    •    Using software utilities, discussed below, be able to find just about anything ever scanned in seconds.
    ▾    Be able to automate paperless workflow!
    •    If it’s not automated, why do it? 

▾    What you need

    ▾    A good scanner (not a flatbed scanner — too slow and cumbersome!)
    ▾    Take a look at the ScanSnap ix500. It can scan 25 pages per minute, double sided color, with OCR.
    •    Can also scan to MS Office formats, PDF.
    •    Includes a “Card Minder” application for scanning business cards
    ▾    Some software
    ▾    Scanner’s included software
    •    Scan to PDF
    •    Scan to Folder
    ▾    Automated software to move, sort, and rename your scanned images
    ▾    Software like Hazel (mac) or Belvedere (Windows)
    ▾    Lets you set up rules so the software will automatically move, rename, sort, etc., files you scan into some common folder
    •    It takes a while to get all the rules just right, but once they’re set up, you can scan and sit back and relax
    •    On Windows, consider a program like File Locator Pro to help you find the data you want on your PC
    ▾    On Mac, Spotlight is probably all you need, but you could also consider a program like DevonThink if your searching needs are greater.
    •    Note: DevonThink has support for the ScanSnap scanner
    ▾    Automation software for file names
    •    You can also use programs like TextExpander to help you automate file names.
    ▾    Some time to input old paper wanted
    •    If you have a good scanner, the time consuming part is just organizing all that old paper you want to scan.
    •    Get a good shredder for the scanned paper you no longer want or need
    ▾    A regular schedule to scan
    •    Put paper that comes into the mail or via other means into an “inbox” for later processing
    •    Then, set aside a little time each week to scan this paper into your paperless system
    •    Shred the paper if necessary

▾    Other considerations

    ▾    Make sure you have plenty of disk space
    •    Even OCRed PDFs can take up considerable space
    ▾    Make sure you do regular backups of your computer
    •    Backup is a huge topic, not discussed here, and a topic to be taken seriously
    •    Make sure you keep your computer up to date
    ▾    Have patience at the beginning
    •    Getting started with scanning and going paperless may seem difficult at first. However, once you get into the flow, and automate the filing with Hazel, for example, it’s a breeze.
 
     Conclusion
     Going paperless will take some time and money and may not be for everyone. Some people just prefer paper. There is also some risk about the computer that stores paperless information that could crash, etc. That risk needs to be understood and taken into account. If you’re not sure about jumping in and going paperless, but it sounds interesting, do some additional research and see if going paperless might be right for you.

      —–
Please read our disclaimer available from our home page

• Introduction

    – With everything in the media about “The Cloud”, you might think
      it’s the best new thing out there. However, there are some good
      things and even some not so good things to consider. You could
      think of  “The Cloud” as another hard drive somewhere else on the
      Internet that you don’t control. Flexibility and convenience are
      among the greatest cloud benefits whereas vendor lock-in and loss
      of control of your data are among the least useful items. We’ll
      take a look at just a couple of popular cloud use cases. Whether
      the cloud is right for you, for those things you can control –
      your data – is up to you.

      The blog below makes a few points and asks a few questions to
      consider.

– The Cloud In General

    – The good (these are very good reasons to consider using the cloud)
        – Works from any computer
            – Create an account using DropBox, SkyDrive, or iCloud and
              you’re easily able to store and, in most cases, sync your
              data across multiple devices
        – Usually free to use up to a certain data threshold
        – It’s easy. Nothing much to set up other than the basic cloud
          server connection information
    – The not as good (these are very good reasons to be skeptical
      about using the cloud)
        – Vendor lock-in
            – Proprietary cloud solutions by major vendors
                – iCloud, SkyDrive, …
                – No secret that companies want you to use their cloud
                  implementations so you’re “stuck” with them
        – Change of Service provisions
            – “Terms of Service” and their inevitable changes you must
              agree to use and to continue to use the cloud service
                – Remember if it’s free….”you are the product.”
                – Service could go from free to paid at any time
                – Shrinking free data amounts over time
        – Your data is under the total control, whims, and profit
          motives, of the cloud vendor
        – Your cloud account could be disabled, removed, or corrupted
          through no fault of your own
            – As one example, read the article below and draw your own conclusions:
              http://www.pcmag.com/article2/0,2817,2456807,00.asp
            – What happens to your data if your account is removed,
              locked out, corrupted, hacked, etc.?
                – Do you have a backup for this contingency?
                – Did you also have a local copy of your data or did
                  you trust the cloud to be totally fault tolerant?
        – Questions exist about who actually “owns” your data when it’s
          cloud-hosted
            – (yikes!)

– Cloud Computing

    – Cloud Computing is when you run applications from the Internet,
      not from your computer. You generally, almost always, pay a
      regular fee to use these applications.
    – Advantages
        – Software is usually up to date
        – Use the software only when you need it
        – Limits software installed locally and maintaining it
        – Less money up front to get software access
    – Disadvantages
        – Pay to play required — If you don’t pay the fee, you don’t
          have the software
        – Harkens back to mainframe computer days where you get
          services from the “mainframe”, now “the cloud”
        – Seen by many as a cash grab, mainly serving to improve
          monthly cash flow for software vendors
       – Losing Internet connection or the company going offline for technical
          or other reasons means no application access

      
– Cloud Backups and Restores

    – You lose control of your backed up data “in the cloud” (someone
      else’s computer/disk)
    – Does the cloud vendor offer full backups (disk images) or only
      partial backups?
        – This cloud vendor backup completeness (that is a whole disk
          image vs. just data) can vary even by computer operating
          system
    – What’s the cost of the service?
    – Who has access to this data on the server?
        – ID Theft issues possible?
    – Does storing this data violate any HIPPA regulations? (May depend
      on answers to other questions.)
    – Is your computer data encrypted during transmission over the
      Internet (HTTPS)?
    – Does the HTTPS use OpennSSL, which could be vulnerable to the
      “Heartbleed” Internet bug?
    – Are you concerned with possible other ‘zero-day’ exploits that
      could put your data at risk?
    – How long does the backup take? Minutes?, hours?, many many hours?
        – What happens to your machine’s performance during long
          backups?
    – How are restores of your data done?
        – Who does restores in your office or work environment?
        – How do you search for a particular version of a backup file?
    – Can you also create local backups in case of lost Internet
      connectivity?
    – How long is data, from backup to backup, retained?
        – Can you go back and get a “version” of a file backed up last
          week? Last Month? Last Year?
        – As stated above, some cloud backups do not have full disk
          image backups and their “retention policy” over many multiple
          backups might not be what you want or expect. Thus, the
          backup company’s goals and yours may be, and probably are,
          out of sync. One of their goals, obviously, is to “minimize”
          how much data you store on their server(s). Therefore, their
          corresponding “retention policy” is one way how they manage
          data size on their server(s). Their retention policy could
          mean you might not be able to restore an older version (or
          other file) since it wasn’t  … “retained”.
    – Have you experimented calling technical support to see what help
      is available from the backup vendor?
    – Is the cloud backup itself … backed up?
        – How often?
        – By whom?
        – How does the backup company secure their backups of your data?
        – Who has access to this backed-up data?

    – Alternatives: Can you set up the same sync for free on your own?

        – In most cases, YES!
            – CalDav and CardDav are open standards supported by major
              vendors so you could set up your own server for syncing
              contacts, calendars, to-dos, and reminders.
        – Advantages
            – Your data is your own. No cloud company games. This is
              the primary advantage of having your own private cloud or
              sync service
            – Once setup, it’s always free (it’s your server!)
            – No data limits other than your own limits on disk space
            – None of the Change of Serve Terms of Service or other
              heavy-handed (“we’ve got you now”) cloud vendor games
            – Based on open standards so no vendor lock in
            – No chance your service could be canceled by mistake
        – Disadvantages
            – Without VPN, the sync would not work everywhere
            – You are responsible for the server maintenance and updates
                – You could still lose your data if you don’t backup
                  your data and your machine dies
            – Backing up your Synced Data
                – You have to learn and use backup software
                    – Current versions of Windows include backup and
                      Mac systems have built-in Time Machine that
                      automatically creates versioned backups
                    – Have to buy backup infrastructure like USB hard
                      drives
                    – Need to consider offsite backup and other
                      strategies
            – Can initially be complicated to set up
                – Videos on the web make setting up a sync server
                  relatively easy
            – Server must be up and running for sync
                – No one to directly support you if problems arise
                – Will require special software configuration so
                  calendar, todos, and other programs don’t try to sync
                  when server is not up

– Other free alternatives

    – There are free web alternatives to DropBox, for example. However,
      these, again, are web cloud-based services so you have to agree
      to Terms and Conditions. Implicit among these terms and
      conditions is that YOU are the product and that these terms and
      conditions can (and probably will) change without notice. Local
      server options also exist, but these options often require a
      static IP address which means you might have to upgrade to a more
      expensive (home) business account.

– Conclusion

    – The cloud offers incredible convenience and ways to share and
      collaborate that we’ve never seen—especially in enterprise
      environments. However,  for home and for small business users,
      the case for cloud, while still strong, has some significant
      drawbacks to consider.  While businesses are embracing the cloud
      for its cost-cutting benefits, these same benefits for business
      may put your data at risk. What you do when your cloud account
      gets accidentally deleted or through some “misunderstanding” is a
      serious concern. Even in the best case, consider the case where
      you lose Internet for days or longer because of some natural
      disaster. Therefore, “the cloud” for storage of personal and
      small business information, while very compelling because of its
      ease, is still a mixed bag.
    ———

      Please read our disclaimer available from our home page

* With our systems, you can start very inexpensively and then grow your system as needed.
* There is NO need for an expensive enterprise software stack some companies require you purchase ($$$) before you could do anything.
* We use a RAD/Spiral approach to quickly develop your software.

   1    Gives You Better Customer Knowledge

Be able to quickly look up all aspects of a customer
    •    A    Instant access to customer and their order information
    ▾    B    Have images in your database system of jobs “before” and “after” for Web site posting and customer history
    •    Images are a valuable way to refine your smart marketing and also to refresh your memory what was done on a particular job

    2    Gives You the Ability to Do Smart Marketing – Very Few Companies Use This Obvious Enhancement to Their Marketing Efforts

When was the last time you got a mailing that referenced anything you had ever done with a company you work with?

    ▾    A    Send customers information relevant your customers using information about what they have ordered from their history in the database
    •    Send a promotion to your best customers
    •    Send a promotion to new customers
    •    Send a promotion to customers who haven’t ordered in a while
    •    Send a “how are we doing?” follow up, automatically, after each customer project/job
    •    Send relevant promotions for customers, based on their history, when you have an extra quantity on hand for a particular item

Note: The database system captures your customer contact preferences so you don’t send them unwanted communications.

    ▾    B    Reconfirm your relationship with your customers
    •    Using Smart marketing, you remind the customer you have done work, that you remember what that work was, and that you want to do additional work for them
    •    Helps your company stand out from the companies who don’t think to reach out to their existing customers

    ▾    C    Have a stateful relationship with your customers (that is, remember the customer from contact to contact)
    •    Customers like to be remembered
    •    Too much of what is received in the mail or email is irrelevant
    •    Your marketing shows your customers you think of their needs

   3    Give You Instant Access to the State of Your Business

    ▾    A    Features beyond what typical accounting systems offer
    •    For example (not relevant for every business) be able to access all customer details, products ordered, inventory used, customer contacts.
    •    Print labels, other (automated) mailings
    •    Automated reminders

    •    B    Automatically updating graphs and other customer information

   4    Allow Multiple Employees in Your Company to Be Able to Print Invoices, Email Receipts, and Interact With Your Office System while at the Customer’s Site!

Being able to access your computer system while at a customer site is a true distinguishing feature. Hurricane’s systems run on popular iOS devices and will connect via 3G/4G to your back office database.
    •    Your office database system is up to date since it’s updated via the 3G or 4G connection from the employee at the customer’s site
    •    No data entry required at the office when data entered on iPad, for example, at the customer site
 

——–

Please read our disclaimer available from our home page

Reading the news nowadays it seems that many people are saying that everyone should learn to program. But is this skill really necessary or even a good idea for…everyone?  (Hint: NO!)

The actual skill people need to learn is critical thinking and problem solving. Programming, or “coding”, is that last part….after you have done the thinking and solved the problem. The coding then is merely the translation of the solved problem into a computer program for execution. (Don’t expect the computer to solve a problem you yourself don’t understand.)

Yet, deciding on whether to learn to code may not be an option depending on where you are in the educational system, but learning to code (program) has advantages and disadvantages. Keep in mind that …”just because you drive a car doesn’t mean you need to become a mechanic”.

Quick Example: How many times does this for loop run (pseudo code)?
For i = 0 and ≤ 10
    do <something>

(Ans: 11)

The above example is a classic “off by one” error that is present in many computer programs. Note that this error is “logic” problem. Fixing logic errors can take lots of time once the programmer fixes any syntax errors.

Below are some advantages and disadvantages of learning to code:

    – Advantages
    •     helps train the mind how to solve problems
    •    could help prepare someone for an inevitable future working, in some way, with computers
    •    can be extremely rewarding
    •    gives you total control of the machine
    •    programmers are in huge demand ($)

    – Disadvantages
    •    coding is not for everyone (critical thinking is)
    •    can take many years to be truly proficient in a single language
    •    learning to code may never help someone use the computer for the applications they actually need for their job
    •    very time consuming to learn
    •    very time consuming to do
    •    can be extremely frustrating
    •    requires setup and learning about complementing technologies
    •    requires some development environment setup
    •    requires constant effort to stay up with current versions and technologies
    
    – Alternatives
    Become a power user. Many people would benefit far more from learning to use their applications more fully. Perhaps also learn some basic scripting on their computer, for example learn some basic AppleScript, to better interact and control applications.  Additionally, on the Mac, there’s an excellent program called Keyboard Maestro, which enables its users to easily create powerful computer “programs” (macros). For the average person looking to automate their workflows and increase their productivity, programs like Keyboard Maestro might be much better than learning to code in say, Java or C++.

    – Suggestion
            If you’re interested in seeing if coding is for you, try a programming class at your local community college where you can work with others and share experiences. Most of these classes will focus on problem solving first.

    – Conclusion
    Coding can be fun and extremely rewarding, but it’s not for everyone. If you don’t love to work through a difficult “debug” problem (often for hours) to finally arrive at “working code”, you may find that coding is really not for you. And, that’s OK. But, if you get that programmer’s “high” after solving a difficult program issue, then programming may be just the ticket.

——–

Please read our disclaimer available from our home page

It’s difficult to understand exactly why technical writing is often mostly gobbledegook. But it seems that when people write, for example, regular emails, those emails are often short and concise. Yet, those same writers, when writing technical documents, often end up writing gobbledegook. Sadly, this phenomenon seems to also be true with (non-trained) technical writers. Unfortunately for their audience (readers), technical writers are often document “assemblers” and take for granted the “boilerplate” and other poorly written text they receive and sometimes even write.

Most technical writing problems fall into several readily-noticeable categories. Below, we list those categories (see: “Change this” and “To This:”) to show how to improve otherwise gobbledegook writing.

Outline: get organized —> Don’t write linearly.

Modern word processors present a page metaphor. This metaphor encourages us to jump in and to write linearly with little if any up-front organization. While writing linearly may be acceptable for a short letter or email, technical writing demands planning. To help plan, consider using an outlining tool or at least a writing environment that includes, or can import, outlines. Having this outline roadmap of what you want to say is critical as you dive into the writing details. Said another way, an outline is your roadmap and will help keep you on track.

(Note: Programmers who “jump in and start coding” with no preparation often end up with buggy programs, difficult-to-maintain code, or, worse yet, never actually finish their tasks.)

Avoid boilerplate gobbledegook

Many companies have so-called “boilerplate” text. This text is often full of unnecessary text, jargon, and other gobbeldegook to make their documents appear “professional” and consistent. Some companies believe more-pages-is-better (wow, look at all this text we can present to you!). Most of this boilerplate text is so poorly written nobody reads it. Therefore, if boilerplate text is required, and if you’re allowed, write that boilerplate text yourself or modify the jargon-laden existing boilerplate text so that it fits your writing project.

Know your audience and write for them

One of, if not the, the most important issues you face is writing to the correct audience. For example, if your audience is management staff, but you’re writing about a program’s algorithms and threading assumptions, then you’ve clearly missed the mark. Conversely, if you’re writing to the technical staff, but you are focusing on corporate objectives and other strategic goals, you probably also have missed the mark. Therefore, one of the first steps to take is to figure out who your audience is and then write to them.

Below are a few examples of typical technical writing issues…

Avoid redundant expressions

Avoid redundant expressions like “in the area of” or “green in color”. Redundant expressions unnecessarily tell us something we already know.

Change this: “He is experienced in the area of technical writing.”

To This: “He is an experienced technical writer.”

—

Change this: “The purpose of this document is to outline the corporate objectives.”

To this: “This document outlines the corporate objectives.”

(Note: Funnily enough, you’ll see redundant expressions even on sites that are supposed to help technical writers write better.)

Avoid ambiguous antecedents

When you start a second sentence with the word “It”, or other pronoun, it’s up to the reader to puzzle over what actual noun in the previous sentence “It” is referring.

Change this: “Many students use a computer to help them write a paper for an exam. It is often stressful.”

(Does “It’ in the second sentences refer to “computer”, “paper” or “exam”?)

To this: “Many students use a computer to help them write a paper during exams. Writing a paper is often stressful.”

Avoid passive voice

Passive voice has no actor and lacks action or interest.

Change this: “The proposal was written by the team.”

To This: The team wrote the proposal.

Because active voice has a subject acting, active voice is easier to read.

Avoid weak verbs

Drop-kick weak verbs like “provide”, “perform”, and similar. These verbs add nothing to technical writing. Instead of these verbs, use more descriptive verbs.

Change this: “The work to be performed in the area of task analysis will be completed by June 1.”

To this: “The team will analyze tasks by June 1.”

Which of the two above was easier to read for you to immediately grasp?

Use short sentences

Keep your sentences short. Don’t use commas, semi-colons, and other punctuation to justify longer sentences.

How to Be a Better Technical Writer (and Have Your Readers Better Understand What You Write)

Write simply. Use simple English.

Avoid Elegant variation:

When writing, avoid using synonyms to keep from repeating a word — even if that original word is the right choice.

The tendency by some writers is to look up in the thesaurus some synonym for a word to avoid using the same word over and over.

Simple language is always appreciated by the reader.

Change: “The use of software to write software modules has increased productivity. Modular utilization of software has also cut costs.”

To this: “The use of software to write software modules has increased productive. Modular use of software has also cut costs.”

In other words, don’t use “utilization” just to be different from using “use” the first time. “use” is fine in both sentences. (The examples above also have redundant expressions that the writer could have better worded.)

Avoid needless word complexity. For example, rather than writing “utilize”, try “use” (And similar).

Avoid long variants of verbs.

Include graphics or report samples to back up text

The old saying that a picture is worth a thousand words is applicable when clarifying complicated technical content. For example, when describing a complicated system output, such as a report, consider including a report output sample. Similarly, when describing a graph, show what a perspective graph would look like.

Including graphical output will help you get better feedback from users and from current and prospective customers. There are many tools that will help you prototype system outputs for reports, proposals, and for other technical documents.

Conclusion:

Writing for most people is difficult. Keys to success include:

1. Getting organized
2. Doing your research
3. Outlining your writing to stay organized
4. Writing simply
5. Knowing and writing for your document’s audience
6. Revising as necessary
7. Reviewing with others

Writing is something we all do every day. Fortunately, becoming a better technical writer is not difficult. Strive to keep your writing simple with short sentences. And, use simple English. By making just a few adjustments to your technical writing, you will make it easier for your readers to better understand what you are trying to convey.

Enjoy!

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Please read our disclaimer available from our home page