If we always want to be perfect, we can’t work productively. So we have to get rid of our perfectionism if we want to become successful.

Again and again we meet people who e.g. Saying the following, “I can’t start working because I can’t put down my perfectionism” or “I can’t finish this project because I’m so perfectionist minded”.”

Often the supposed tendency to perfectionism has completely different causes. In truth, they would probably have to say “I’m distracted by other things right now” or “This work is overwhelming me right now” or “I’d rather do something else right now” etc.. But it could also be that we are just putting our perfectionism forward, but at heart we are actually afraid of failure or afraid of rejection.

In this article you will learn how to get rid of perfectionism in business.

1. Never wait for the perfect moment

Because of your perceived perfectionism, many people do not start working. They then say e.g. “I’m not good enough yet” or “I don’t have the right plan yet” or “the others are better than me” or “I don’t have the right work material.”

I could continue this list endlessly. Some people are very inventive when it comes to finding excuses why they can’t start work.

Remember: there is never a perfect time to start! We can never prepare perfectly for our work.

From my own experience, I can say this: you need to get rid of that perfectionism if you want to be productive. I often didn’t start taking action in the past because I kept coming up with new excuses. Always I was of the opinion that I was still missing a lot of things to create my website. My perfectionism really paralyzed me. Today I know: if I always wait for the perfect moment, I’ll never get started and I certainly won’t achieve my goals.

It is understandable that one wants to be perfectly prepared for a task. But at some point we have to say goodbye to this claim and just start working.

In the beginning, we cannot judge whether we are properly prepared or whether the framework conditions are perfect. It is only through our actions that we get results that give us information about whether we are on the right track. We may then find that we still need to take a course or do some research.

Set aside your perfectionism and take the first step. Then decide if your preparation and the framework are “good enough” for you to master the next tasks.

2. Improve your product constantly

Set aside your perfectionism by finishing your product and offering it to your customers, even if you think it’s not perfect yet.

You must first offer your product to the customer in order to make it “perfect”. Only through his feedback can you optimize the product. Only your customers can judge whether your product or service is “perfect”. Improve and optimize your product step by step. This is a continuous process.

Bringing a perfect product to market is difficult if only because the market is constantly changing. A product that is “perfect” today may no longer meet this requirement tomorrow.

Think about technical products of big companies. Do you know any software that is perfect on the day it is released? Every software, after it is launched, is improved step by step. New updates are constantly appearing that contain bug fixes and improvements. The same applies to technical devices. When a new device is launched, a newer optimized version is usually released shortly afterwards. Even if some people don’t like to hear that: New products are usually not yet optimal at the beginning. Only in the course of time, they are optimized and adapted to the needs of the customer.

3. Do your best

Set aside your perfectionism by resolving to always do your best. Being perfect and doing your best are not the same thing. To be perfect means to be perfect and free from defects. It is simply unrealistic. But if we do our best, we try to get the best results, within our possibilities. So we accept reality.

Actually, perfection is an illusion. Nothing in our world is perfect, because everything can always be done a little better. So wanting to be perfect is utopian and even harmful. If you want to get rid of your perfectionism, take it upon yourself to improve things step by step. This is much more realistic.

Nobody is perfect and we cannot create perfect things. Especially not “off the cuff. Just as there is no such thing as the perfect person, there are no such things as perfect products or services. But we can strive to continuously optimize our work and our products and services. This would be a healthy attitude.

In principle, there is nothing wrong with having high expectations of yourself and your work. But we must not take on too much at once, and we must not overextend ourselves in the process. In the worst case, this can even lead to burnout.

You decide yourself when your product is so “mature” that you can put it on the market. Often the product is already “good enough” for the customer to finish and offer it.

Recognizing this moment is not always easy. This is where it shows whether you are a perfectionist or a realist. The perfectionist never finds an end to his work and is never satisfied with it. The realist puts his product on the market because he knows he did his best.

Conclusion:

Perfectionistic people can hardly work productively and be successful in business. They do not start their work or they postpone it. Often it turns out that behind the supposed perfectionism other things are hidden. Often we get distracted from our tasks or we develop anxiety. With these tips, you can shed your perfectionism:

Do not wait for the perfect time, because it will never exist. Dare to take the first steps and start with your work. When you get the first results, you can decide whether you need to make further preparations or change the framework conditions.

Offer your product, even if you think it is not “perfect” yet. You can make your product “perfect” only after you offer it. Customers decide whether your product meets their needs and wants. After that you can constantly improve your product.

Always give your best. To be perfect means to be perfect. Perfectionists behave unrealistically. However, if you do your best, you strive for the optimal result, within the limits of your possibilities. It’s good to have high expectations of yourself. But nobody is perfect, and neither is any product in this world. So when you set aside your perfectionism, look reality in the eye.

The post 3 Tips on how to ditch your perfectionism appeared first on education.telefony-taksi.ru.

Encouraging self-organized, responsible and meaningful thinking and action

ibo-Blog: Mr. Konz, how did you actually become an Agile Coach?
Christian Konz: That's a good question, because I have several answers to it at once. At my last employer, after a short probationary period, I was simply assigned this role within the company. Whether it's because of my skills or whether it's simply easier to pronounce than my official job title of "In-house Agile Consultant", that's for others to judge. In the meantime, I was also active as a Scrum Master. And I was also an Agile Transformation Coach. The role of Agile Coach is difficult to define or delimit in practice, it is neither an official job title nor is there an institutionalized job description behind it – ultimately, anyone can call themselves this or something else.

ibo blog: … and what's your next answer to that??
Christian Konz: The answer I like much better (laughs) is that behind my role as an Agile Coach is a personal development story that began about 10 years ago with a passion for corporate management, structural organization and innovative business models. The fact that I now advocate self-organized, autonomous and meaningful thinking and action in organizations has only limited to do with the hubbub of agile approaches, methods and tools that are currently sweeping through the corporate landscape. Ultimately, it is in my own selfish interest to help companies and organizations develop and improve by helping the people who work in them to develop their potential in a way that creates value and meaning.

Lightning rod and fire extinguisher in one

ibo blog: What is special about this role?
Christian Konz: Personally, I don't know of any role that is more varied and exciting than that of Agile Coach. There is no such thing as a regular daily routine – even if I do yearn for it from time to time (grins). For me, it is the perfect role to be a facilitator and coordinator
Initiate, promote and witness the business change between strategic management level and operational teams across divisional and departmental boundaries.

ibo blog: In this role, however, you don't just make friends, or?
Christian Konz: I can't disagree with that. However, if as an Agile Coach I let myself be impressed by an existing hierarchy, then I do not deserve this role. Because artificially pulled in management levels, head monopolies and department borders are to be changed straight. You can sometimes get a bloody nose there. Sometimes you are a lightning rod and fire extinguisher in one! But this is part of the process. Informal power relationships interest me much more than formal hierarchical ones anyway. Because these networks often reflect the true competencies in the company and what is possible.

Leaders in networks develop from the bottom up

ibo blog: What do you mean by this? Can you explain this?
Christian Konz: In contrast to the classic hierarchy, leaders in such networks are formed bottom up, they are democratically legitimized. It is not about titles or status, but about recognition. This can be seen e.B. in how often someone is involved in decisions or how often I am involved in decisions. and to the extent that its recommendations and interventions are recognized, accepted and implemented. Agile coaches should encourage this development and do the convincing, not only by asking smart questions, but also by advising and empowering colleagues.

ibo blog: And how do you do that concretely?
Christian Konz: I open manageable development spaces for the development of potentials. For complex issues or. After all, the solution to a problem is not obvious. In such situations, there is often a danger that employees become passive, withdraw and often take on the role of victims. The question of the big shot, the comprehensive solution, is often a hindrance and leads nowhere! In such situations, I often ask activating questions such as: "What could you do to make your problem even worse?? What would have to happen to prevent this from happening??"When e.g. an important project stalls, then things get worse by starting more and more projects. Then we have a prioritization problem, the focus is lost. It is then often easier for employees to name what they do not want, i.e. no prioritization conflicts and instead more focus.

The first steps out of passivity are usually taken by means of smaller interventions agreed upon over a manageable period of time, e.g., by means of a "change" program. Micro Changes. Such an intervention could be, for example, that in the next week all tasks and requests are consistently rejected that have nothing to do with the main project. Call forwarding is activated, the calendar is blocked or the room is changed. If this succeeds, the self-efficacy of the person concerned is strengthened. A constructive discussion of the problem takes place, in which the people concerned often gain increasing competence in answering problem-relevant questions.

Agile coaches should work every day to make themselves redundant

ibo blog: Does it take a certain attitude to be good in this role?
Christian Konz: I don't know. What I can say from my own experience, however, is that Agile Coaches are often hypothesis-driven and experience-based learners. And they shouldn't be afraid to act beyond their 'comfort zone' and put their finger in the wound, even if it hurts sometimes. It also often helps if people don't take themselves too seriously and the certainty that they don't know everything.

ibo Blog: But Agile transformation is serious business, isn't it??
Christian Konz: In any case. But an Agile coach should work every day to make themselves redundant. Because if my work resonates with people and is embraced, then hopefully the role of Agile coach will soon no longer be needed.

ibo blog: And then what do you do?
Christian Konz: Then the next transformation is already around the corner! (laughs)

ibo blog: What do you recommend to someone aspiring to the role of Agile coach?
Christian Konz: In my opinion, prospective Agile coaches should have a sufficient level of basic business knowledge and be able to understand organizational and process structures. For the Agile part of the role, there have long been very good and tailored
Further training opportunities that quickly provide the necessary tools for the known approaches, methods and tools. And, of course, something similar applies to aspiring coaches – even if the day-to-day life of an Agile coach doesn't always consist of coaching. And everyone should bring along a little empathy. After all, this can also be learned to a certain degree. Walking in the shadow of an experienced coach for a while can't hurt. I have benefited a lot from getting regular feedback from my colleagues and exchanging ideas with other Agile coaches.

ibo blog: Thank you very much for the interview!

The post Agile coach – opening individual development spaces and making companies better appeared first on education.telefony-taksi.ru.

Security has always been a top priority in the financial industry. But proven IT protection mechanisms such as web application firewalls, two-factor authentication or CAPTCHAs can no longer adequately fend off modern attack methods. This is because cybercriminal attackers are increasingly exploiting inherent vulnerabilities that arise from current business processes and cannot be patched in a traditional sense. This requires new approaches to solving the problem.

By Dan Woods, vice president of the Shape Security Intelligence Centre at F5

F inancial service providers are among the most frequently attacked companies worldwide. As administrators of accounts and transactions, they form a particularly attractive target for sophisticated and well-equipped cybercriminals. In order to identify and defend against new and increasingly complex attacks, it is becoming more and more important for the entire company to work together.

This is because attackers exploit inherent vulnerabilities that cannot be patched in the traditional sense because they arise from central and often critical business processes.”

Credential stuffing

One example of this is the attack method of credential stuffing. In the first step, hackers obtain several hundred thousand or even billions of login data such as user name and password from the dark web or from poorly secured companies. They then try them out on other companies’ login pages in an automated way. Since many consumers use the same login credentials for different offers, hackers are often successful with this method. For a bank, entering the correct data looks like a legitimate login of the real customer. Therefore, other data such as IP address, device ID, or the use of a proxy for obfuscation must be analyzed to detect identity theft by cybercriminals.

Another method, which is used more and more often, is the attack via third parties. This works similarly to the infamous ransomware attacks on IT service providers Kaseya and Solarwinds. Via their software systems, the infiltrated malware was distributed to more than 1.000 customers distributed. In finance, this often works through FinTech companies such as loyalty program providers or payment service providers.

To use their often free services, customers must first enter their bank account. Then link the account to login credentials at other providers such as retailers, hotels, airlines or telecom providers. This involves customers sharing their username and password with the FinTech for each user account. FinTechs then attempt to programmatically log into each account. If the subscriber has entered the correct username and password, the link will continue. After an account is linked, the rest happens automatically:

The fintech repeatedly logs into the account and retrieves the content – sometimes more than a thousand times a day.”

If cyber criminals overcome the security mechanisms of any provider, they can also use the automated processes to access the user’s bank account through the user account at FinTech. This is done, for example, by installing appropriate malware such as Trojans to manipulate the transactions. Since the access looks like a legitimate, automated request from the third-party provider, the attack can only be detected by taking special precautions.

Attacks on accounts

Another attack technique is to just try an application to see if a valid account exists for a username. If this is not the case, the attacker does not even need to try the associated password. If the username is valid but the password is not, an input screen often appears along the lines of “request new password”.

Then the attacker makes sure that the new password is redirected to one of his mail addresses.”

However, cyber criminals also exploit the ability to create a completely new account. This is especially true for financial service providers, which are abused to launder money and create and maintain synthetic identities. These are fake accounts that are not associated with any real owner or company, in order to disguise the true owners and thus evade law enforcement agencies.

Here’s why traditional defenses no longer work

Dan Woods is vice president of the Shape Security Intelligence Center at F5 (website ). He previously served as assistant chief special agent of special investigations in the Arizona attorney general’s office, where he investigated computer crime and cyber fraud. Previously, he spent 20 years in local, state and federal law enforcement and intelligence agencies, including the FBI as a special agent investigating cyberterrorism and the CIA as a technical operations officer. There it was specialized in cyber operations.

Common security measures in financial services include layer 5 to 7 precautions, for example, web application firewalls (WAFs), enforced two-factor authentication (2FA) on the corresponding application, or bot detection and prevention tools such as CAPTCHA.

However, WAFs primarily look at the application layer to defend against the top 10 web application threats according to the Open Web Application Security education.telefony-taksi.ru (OWASP) list. However, the application layer does not provide sufficient signals with which to reliably detect sophisticated automated processes. Additional signals are required for this. These include, for example, those obtained by collecting behavioral biometric data and querying the browser/device environment.

2FA is effective against many attack methods. However, large-scale deployment is expensive and creates hurdles for customers. Also, it can’t always prevent credential stuffing, even if account takeovers are made more difficult. In most 2FA implementations, a customer enters a username and password. If these are correct, the user is prompted to enter the second factor. If the username or password is incorrect, the customer receives an error message and is not prompted for the second authentication factor. However, this difference tells the attacker if the credentials are correct. The attacker has not taken over the account, but can sell the now known correct credentials to another attacker who specializes in bypassing 2FA. This includes, for example, port-out scams involving phone number and provider switching, SIM swapping, SS7 gaps, iOS/Android malware, or social engineering.

CAPTCHAs create an unnecessary hurdle for customers when logging in and can lead to aborted dial-in and lost revenue. Also, similar to 2FA, they do not stop bots completely. Many attackers bypass CAPTCHAs through optical character recognition (OCR), machine learning, and even using cheap human click farms.

Important safeguards

Therefore, comprehensive protection against attacks against inherent vulnerabilities can only be achieved with the following steps:

1. Provide transparency

First, identify the applications that are under automated attack. This is done by providing informed and objective answers to the following questions: why would someone launch an automated attack against this application? How could someone use it to get money or information? Or is there a long-term, more strategic reason? To get answers to these questions, financial services need to have a thorough understanding of their applications and workflows, and a comprehensive understanding of the automated attacks that are being seen on the Internet.

2. Take appropriate measures

For financial services, it is very important to distinguish legitimate from illegitimate automated processes. Legitimate automation must be allowed, illegitimate must be prevented. The following points play a decisive role here:

• Transactions should not be placed on the Allow list with an attribute that can be easily forged. This includes, for example, a user agent string. In the best case, only transactions with a shared secret in the HTTP header are allowed.

• Financial services should not simply terminate the session in the event of an automated attack. This could give the hacker helpful feedback for reworking their tool or on the cause of the error such as incorrect password. Instead, attackers should take longer to realize they have been stopped. This can be achieved for example by redirecting or forwarding the transaction, injecting or changing the transaction and redirecting it back to the source or replying with a complete HTML page.

3. Perform ongoing retrospective analysis

Organizations must perform ongoing retrospective analysis of transactions targeting an application to quickly identify modified attacks or other unwanted automations. This is best done with artificial intelligence and expert assistance, as well as machine learning systems that can handle aggregated transactions. Also, financial services need to update their real-time defenses quickly without hindering legitimate customers in the process.

Outlook

The battle against new types of automated attacks on web and mobile applications, which often takes weeks or months, is not over even after they have been successfully repelled. Many attackers instead continue their activities with modified tools, login data or manual input via click farms. Therefore, financial services should involve security experts and use products that are constantly evolving to protect against new types of threats. Dan Woods, F5

The post Hackers attack central fs business processes – three tips against attackers appeared first on education.telefony-taksi.ru.