Uncategorized (17)


Emerging Technologies in Human Resource Management

Emerging Technologies in Human Resource Management

Jacob Beasley

For the past few years, I have been working in the business of Information Technology. Recently, I was brought on board as the Chief Information Officer of Splayback.com, a sports video website that also specializes in fund raising for sports organizations of all sizes. In the process of performing this role, I have learned a little bit about what is out there for automating human resource management. Additionally, in a previous employment, I was Chief Information Officer for a financial services company. In that position, I successfully implemented just about every piece of software explored in this paper. I will be writing about what I consider to be the easiest areas of human resource management to automate: recruiting, training, and processing paperwork. I have chosen these areas due to my own experience. After reading this paper, you should expect to be familiar with software, companies, and methods of automating your human resource management.

Without the proper employees, a company really cannot function. There are really two ways, in my experience, that recruiting can be automated: it can automate the search for people who are good candidates and it can automate the processing of their resumes. Before you can hire anyone, you need to get their resume. One of the simplest ways to do this, is to post an available position on a website, such as monster.com or craigslist.org.

Posting a job position on a website is not free; it can cost anywhere between thirty dollars and thirty thousand dollars, depending on where you post and the number of cities you wish to post in. So, you want to find the website that gives you the most coverage for your dollar. What you really need is a way to compare two different websites’ traffic, but does such a way exist? Yes, there are two major ways of doing this: you can compare their “Alexa” ratings or compare how often they are searched for using “Google Trends.”

Lets begin by using Google Trends to compare monster.com, jobs.yahoo.com, and craigslist.com. Now, this is not an exact science, but it is still useful to do the comparison. To do this, you begin by going to http://trends.google.com/. From there, you search for the terms you are looking for, separated by commas. To compare these three sites, I would type the following

into the search box and click search: “monster.com, jobs.yahoo.com, craigslist.com”. You may want to try variations on the name, such as “monster jobs” or “yahoo jobs,” just because sometimes people do not search for the exact url. After a few searches, you will see “big trends.” The graph to the right shows a search I did. Clearly, Monster.com had been the dominant player over the past few years, but ever since the end of 2008, Yahoo Jobs and Craigslist have been catching up. The graph on the left shows that for some sites, such as yahoo.com (which is not even on the map), the initial results can be misleading. You need to “think like a searcher” and pick terms that a person searching on Google would choose when they want to find a site. After all, not many people would search for “yahoo jobs” by typing in “jobs.yahoo.com.”

Alright, so Google Trends has its shortcomings. I admit it, but where it leaves off, Alexa picks up. Alexa is a piece of software that users can install that allows Alexa.com to track what webpages they go to. The more people who go to your website with the Alexa toolbar installed, the higher your site is rated on Alexa.com. Initially, this might be considered a “privacy concern,” but many businesses have its employees use the “Alexa Toolbar” in order to improve the business’ own Alexa rating. Additionally, many advertisers use Alexa ratings in order to judge the quality of advertising space (Maki). Through the use of Alexa’s ratings, we can judge how one job website compares to another.

So, you have posted your ad, but suddenly you receive 500 resumes. How are you going to be able to “quickly sift” through that many to pick out the best, say, 20 or 30 resumes? You need a system where resumes can be uploaded by potential job applicants. For this, I want to talk a little bit about Zoho Recruit, which can be seen at http://www.zoho.com/recruit/index.html. If you are ever in the position of dealing with thousands of new resumes, then I want to take a moment right now to encourage you to check Zoho Recruit out. From my past experience, it allows you to have a series of job postings, a series of recruiters, and a series of potential applicants. It then allows you to setup some basic filtering for the job posting and then filter your potential applicants based on that data. It is very simple to use and even easier to deploy. It all can take as little as 20 minutes from start-to-finish. Pricing is based on volume, but is extremely affordable. Additionally, it allows total private labeling, so nobody has to know you are using an off-the-shelf product.

Once an employee is hired, they need to be trained. One-on-one training is time-consuming and, as an organization grows, inevitably your employees will need to be re-educated on a regular basis. Though it may be practical to hold weekly training meetings, many businesses are finding that it is useful to use video tools, a “company wiki,” or web-based quizzing to make sure that their employees are well-educated and equipped.

Lets begin by exploring the use of video tools. These days, everyone is familiar with Youtube, but have you ever considered using video within your corporation for training, documenting procedures, and motivating employees? Youtube is launching a corporate version of their platform (Cashmore). Personally, I have encouraged people in the past to use Clip-Share or PHPMotion. Both can be setup for under $500 and thrown onto a webserver for under $100 per month. For a company that already has an IT department, it can be a great alternative to traditional training approaches. It is especially useful when your staff are not in the same area.

Wikipedia is synonymous with information these days, but what exactly is Wikipedia? Well, Wikipedia is just the largest site running the Wiki software “MediaWiki.” MediaWiki is totally free software, so installing it on your company’s server is easy. It takes less than an hour to get it setup and configured just the way you want, presuming you have a programmer on your staff. A wiki works like an encyclopedia that anyone can edit. Of course, MediaWiki does allow you to prevent just anyone from editing, but that is just a matter of having the proper configuration. Wikis can be used for documenting corporate policies, competitors, or just storing a list of commonly used documents for the staff. It is web-based, so if they have a web browser on their phone or computer, all the staff will have access to it without installing any software (“MediaWiki”).

Sometimes, a business may feel the need to train its employees in a fashion that is more “ordered.” They may want to setup a sort of “online college” for their staff. It could, for example, automate the orientation process for hiring new employees in other states, or be a way for the company to test every employee on changes to company policies on a monthly basis, thus allowing management to quickly know who to train based on their test scores. One tool that I have used in the past for this is called “Moodle.” It is completely free, easy to setup, and has literally hundreds of free add-ons created by other companies and schools who use the software (“Moodle.org: open-source community based tools for learning.”).

When I first started by own business, I was faced with seemingly insurmountable amounts of paperwork for hiring new employees, running payroll, and doing all of this in compliance with federal, state, and local regulations. I needed someone to help me out. I found Paychex, though there are a number of other payroll processing companies in the industry. Paychex targets small businesses and takes on the liability for any errors that they make, so they were a natural fit for me. I was just starting out and not large enough to warrant someone whose sole purpose was Human Resource Management. By hiring a third-party to process all of the paperwork for me, it allowed me to focus on running my business rather than on preparing professional looking paychecks for my employees. Additionally, they have automated the entire process electronically, so all I have to do is give them a call once a week and let them know how much to pay everybody. They then handle automatic deposit, taking out taxes, filing those taxes with the state and federal government, and allowing my bookkeeper to check all of the financial information online. They even integrate with Quickbooks (“Payroll by Paychex.”).

Though payroll is the most basic element of pay, it is not all of what is involved in rewarding employees. In this day and age, many people expect healthcare and retirement benefits. Additionally, our government provides tax incentives to provide these to employees, so it makes a lot of economic sense to do so, but providing all of this can be very challenging. It requires a lot of complicated paperwork; I would not even know where to begin. Luckily, there are companies out there that specialize in benefits processing. Like Paychex, they have leveraged proprietary computer software to automate the entire process. One such company is benefitprocessing.com (“Benefit Processing, Inc.”).

The modern business environment is increasingly competitive, and to succeed, an organization must be able to adapt and improve efficiency. Technology is one way they can do this. By leveraging modern technology in recruiting, training, and processing, I have been able to flourish in my career, quickly advancing myself from a novice computer hobbyist to the Chief Information Officer of Splayback.com. The one piece of advice I leave you with is this: All technology must be both practical and easy; if it is not, people will avoid it and it will be a waste.

Works Cited

“Benefit Processing, Inc.” Benefit Processing, Inc.. Benefit Processing, Inc., n.d. Web. 5 May

2010. <http://www.benefitprocessing.com/>.

Cashmore, Pete. “Introducing Youtube, Corporate Edition.” Introducing Youtube, Corporate

Edition. Mashable, n.d. Web. 5 May 2010.

<http://mashable.com/2007/07/18/youtube-enterprise/>.

Maki. “20 Quick Ways to Increase Your Alexa Rating.” 20 Quick Ways to Increase Your Alexa

Rating. Dosh Dosh, n.d. Web. 5 May 2010.

<http://www.doshdosh.com/20-quick-ways-to-increase-your-alexa-rank/>.

“MediaWiki.” MediaWiki. MediaWiki, n.d. Web. 5 May 2010.

<http://www.mediawiki.org/wiki/MediaWiki>.

“Moodle.org: open-source community based tools for learning.” Welcome to the Moodle

community!. Moodle, n.d. Web. 5 May 2010. <http://moodle.org/>.

“Payroll by Paychex.” Payroll by Paychex. Paychex, n.d. Web. 5 May 2010.

<http://www.paychex.com/>.

  • Share/Bookmark



Preventing Hacking 101 By Jacob Beasley

As Sun Tsu wrote in his book, The Art of War:

So it is said that if you know your enemies and know yourself, you can win a hundred battles without a single loss.
If you only know yourself, but not your opponent, you may win or may lose.
If you know neither yourself nor your enemy, you will always endanger yourself.

In the context of business, a businessman or businesswomen needs to understand how to secure themselves from threats, internal and external. Understanding the basic types of attacks is the foundation to, metaphorically, “knowing your enemies.”

Why People Hack?

Traditionally, hackers were split into two categories: white hat hackers and black hat hackers. The idea was that black hat hackers did things illegal purely for evil, personal gains (hot women, drugs, etc) and white hat hackers ran around with angel wings helping companies test for potential security risks.

I should also point out that there is another kind of hacker generally called a “Script Kiddie.” This kind of hacker is somebody who does not know what they are really doing, but might have a few tricks up their sleeve (maybe spent a couple hours Googling on how to hack or something). This is probably the disgruntled employee who just wants revenge, or the ex-business-partner wanting something that isn’t there’s. Be aware of who these potential people could be and what their level of skills are.

The tools of the hacker

A hacker, these days, generally has a relatively modern computer, an internet connection, and a few “tools” to be successful. These tools consist of software for tracking network traffic, trying hundreds of passwords, or preforming other basic attacks. Many of the more advanced attack require a computer with Linux, though many of the basic ones (the ones described in this article) can be done on a Windows machine (probably Mac too).

Tool 1: Sniffing

You’d be surprised how many companies don’t encrypt their webpages and login systems. If you are using a public internet connection that is not encrypted, then it is extremely easy for somebody to just “sniff” for all internet activity coming over the network. If they know what they are looking for, then it is extremely easy to pickup everything that a person is doing. If the data is encrypted somehow, however, then it all looks like gibberish. In short, SSL (secure socket layer) is the simplest form of “encryption” being used on the internet. Want to know if your connections are secure? Below is a list of different internet protocols and their “nonsecure” counterparts. Make sure you are using things encrypted if you do not want people to be able to see your passwords when using this form of hack. If you want to perform this hack, a person would download a copy of “wireshark” and watch this video on how to use it: http://www.youtube.com/watch?v=0bazkLeY6b4

Unsecure Protocol Secure Protocol Purpose
http https Used for webpages. look for https:// before any webpage you go to and have to type in a password at.
ftp ftps Used for transferring files to web servers. Look for ftps:// instead of ftp://. If using file-zilla or another ftp tool, make sure to check the “use ssl encryption” box in your ftp client to force encryption.
email email There are a number of email protocols in wide usage and the protocols aren’t really “named” different if encrypted. Just make sure that you check the “use ssl encryption” box in your email program to FORCE encryption. Alternatively, use a website-based email client like gmail that forces encryption.

Tool 2: Cracking With Brute Force

Okay, what if you could just try a million passwords until you get the right one? Enter brute force. There are many different ways to use brute force, but they all consist of trying hundreds of thousands of passwords until one works. This will fail with most high-end database systems (ex: banks will shut your account off after 5 failed login attempts), but for cracking microsoft word files, zip files, pdf files, etc, it is pretty easy. There are many tools out there that already do this. Just go to sourceforge.net and search for “brute force ____” when you need to crack a file. Some old web servers or online systems can be cracked like this, but don’t count on it. Even if you could try 10000 per minute, it could take months because of the millions of possibilities. You can narrow it down by using a “dictionary list” of the most used 1000 passwords (just google for that, too), but when that fails you’re pretty much out of luck. Brute force cracks can take a long time and should be avoided as much as possible. Sometimes, however, they can take as little as 3 or 4 minutes if you are cracking highly vulnerable things (like a Windows password given a Windows SAM Passwords File).

Tool 3: Cracking With SQL Injection

Many small business and local counties use database systems designed by “Microsoft Certified Engineers” who do not fully understand the underlying technologies. When you access a website (lets say my website), oftentimes it queries up a database for contents. That “query” may contain some of what you typed in (for example, a username or search query). So, lets say the sql code is below:

SELECT * FROM users WHERE username=’jacobbeasley’;

Okay, so I type in jacobbeasley, it generates the above query, the database returns my information and the webpage displays my personal information. Vuala, right? Foolproof? Absolutely not. You see, what if, hypothetically, you typed in a single quote into the query? Maybe you type in: jacobbeasley’; delete from users where 1; select ‘

Then the sql becomes:

SELECT * FROM users WHERE username=’jacobbeasley’; delete from users where 1; select ”;

Even the average non-sql-ite can figure out basically what is happening. You see, I effectively caused three DIFFERENT pieces of sql code to run:

1) SELECT * FROM users WHERE username=’jacobbeasley’;

2) delete from users where 1;

3) select ”;

Number 2 from above would delete all users. Obviously, very problematic. Now, if the website/database was made by a GOOD programmer, then this is preventing using a method called “escaping” in which anything the user entered is “escaped” so that the database knows to not interpret it as a separate command. Keep in mind that if weird character sets are being used, sometimes there may be multiple characters for a quotation mark, in which case if you try many types of quotation marks, you might get a hit and be able to do anything you want in the database.

Tool 4: Keyloggers and Phishing

This is one of the oldest and SIMPLEST methods of hacking a computer. A keylogger is a piece of hardware or software that logs everything someone types. Keyloggers are extremely easy to make for windows using c++ and the “getasynckeystate” function and, when combined with a little con like, “You need this software to open ____ file” you can generally get people to download the software. Then, you program the software to email you after a week everything they typed and delete itself. Phishing involves making a website that looks just like another website, but when the user logs in, you steal their username/password. You could reconfigure a person’s network settings so that a site like yahoo.com or gmail.com forwards to YOUR VERSION OF GMAIL/YAHOO instead. Then, when they try and login, you steal their passwords, store them, and display some “you need ____ update” thing. Once they update, it removes your phishing scam and the user never even knows you stole their password. Any decent antivirus software will prevent this sort of things by locking down your internet connection settings and tracking computer programs for calls to “getAsyncKeyState” or other common keylogging functions (at least, they “should” be doing this).

Tool 5: Easy Con

The weakest link in many companies is the people themselves. For example, if you made a call to a person pretending to be “tech support” from their company, you might be able to con them into giving you their passwords. Alternatively, you could call their IT person pretending to be them in order to have their “password reset” and emailed to their “new email.” Be sure to follow the “not getting caught” tips below to avoid getting caught.

Not Getting Caught

These days, everything is trackable. Here are some quick tips to avoid getting caught.

When doing things online, don’t do them under your own name or internet connection. Whenever you connect to the internet, you are given an “IP Address.” These addresses are registered by your internet service provider and it is pretty easy to figure out who you are by:

1) tracking ip addresses (it is transmitted with every webpage you request – http://www.whatismyip.com/)

2) taking ip and looking up what internet service provider it is for

3) getting court order to force the internet service provider to say what physical location (your home address) was associated with that ip at such and such a date. In effect, it will be your home location or wherever you are accessing the internet. From there, they can look at security cameras or look up who registered the internet connection to identify you.

To avoid the above, you need to “funnel” anything you do through a “proxy server” in a foreign country. Keep in mind that some proxy servers are logged, so consider going through several proxy servers or, alternatively, picking a proxy server in a country that does not trade information with other countries, such as china or north korea. You can find lists of tons of proxies on Google.

Also, if you ever make phone calls, be sure to follow the above tips AND use an online service like skype to make the phone calls. When using this service, don’t ever use your credit card. Consider either stealing somebody else’s (somebody you don’t know) or, even better, using an unverified paypal account registered to a gmail/yahoo/hotmail email that was created/accessed using a proxy, that way there is nothing tying it directly to you. To do this, however, you need to get money in the paypal account. How?

1) Open up an account with an offshore IT outsourcing service like scriptlance.com under a false identity or alias.

2) Do some work and earn some money.

3) Take that money and have it deposited in paypal account.

4) buy anything you want online and the money is virtually untracable.

5) BE SURE TO DO EVERYTHING BEHIND A PROXY! Then you’re almost 100% untouchable.

To prevent somebody from using proxy servers, have firewalls setup on your servers that block any out-of-country requests. Additionally, log people’s ip addresses and if a person logs in under one ip address and seems to “switch” ip addresses in the middle of using the site, force them to login again.

The Weakest Link

If you really want to be a good hacker, keep in mind that people are people. There’s no magic here. The best hackers are also the best con men. The weakest link is the person. It does not matter how good the security of a building or website is if the people running it are not trained in basic it policies.

Namely:

1) never give out your password to anyone, ever.

2) If an IT person calls asking for your password, tell them just to reset it themselves. There is no reason why they should ask you for your password.

3) Have a process for resetting passwords that requires full identification in a manner that cannot easily be bypassed. This manner will vary from organization to organization.

4) Require antivirus software that can prevent the most common phishing and keylogger attacks.

5) have regular backups of the database made to multiple locations so that, in the event of an attack, recovery from that attack can happen fast.

6) Only whitelist your office ip addresses to be able to login to the system(s), thus preventing people from accessing them behind a proxy. This is sometimes impractical. alternatively, when they login under a new ip address, force them to complete some sort of email verification process (so the chance of someone operating behind a proxy is less likely).

7) Secure the local premise and all wireless networks in order to prevent the unauthorized on-site attacker. Use encryption methods that have not been cracked (just Google to find out if they have been cracked).

8) Have your applications tested for sql-injection and brute-force attacks. Preventing these is easy; its just a matter of following best-practices. Have it log the number of failed login attempts and prevent more than, say, 20 per hour. At 20 attacks per hour, a brute force attack will take around 2000 years.

  • Share/Bookmark



PDF Editor

Have you ever wanted to recorder the pages within a pdf file, delete pages, or merge multiple pdf files? Wouldn’t it be nice if you could see previews of each page while doing so? Well, this is exactly what I’ve created. I originally created this for a mortgage company, but they’ve since closed down so feel free to try it out. Its written in php and uses ghostscript as the pdf conversion library.

Download Link: PDF Editor Setup

Jake

  • Share/Bookmark



Goaldstandard.com

For years, people have had a common struggle: doing what they want to do.

Seriously, it sounds ridiculous, right? You set out to do something, such as lose weight, gain weight, study hard, etc, and before long you find yourself lazily sitting around watching The Late Night Show or, heaven forbid, Opera.

So, why do we have such a hard time doing what we want to do? Honestly, I have no idea. I mean, I could provide plenty of philosophical, psychological, or religious answers, but the real question we should be asking is not why I have such a hard time, but how do I overcome this.

So, I made goaldstandard.com. Its a system where you have a number of goals. Each goal corresponds to a certain day of the week and a number of “accountability partners” (just lists of email addresses). Everyday, you must login and mark off the goals you completed. If you don’t your accountability partners get emails. Additionally, if you delete a goal, edit a goal, or remove an accountability partner, they get an email telling them what happened, so there’s no way to “skip your goals” and not have your accountability partners know about it.

My fiance, a few friends, and I have been using this, along with splayback.com, in order to achieve a measure of success. For myself and my fiance, it has worked wonders on our lives! I’ve gained 20 pounds!!! (That’s muscle, btw, as this has caused me to exercise more than I was). My fiance has lost weight and, more importantly, has gained a great deal of self-confidence and now has a very positive self-image.

Of course, some of my friends have not had success. Why? Honestly, its because they changed their email address and aren’t getting any updates anymore. Additionally, some people truly are totally hopeless when it comes to doing things they commit to doing, but most people can succeed. It helps if your accountability partners take the time to respond and encourage you when you don’t quite get them all done.

Try it out!

http://goaldstandard.com/

  • Share/Bookmark



“HTML IN COMMENTS” WordPress Plugin Released!

I have just released a MUCH NEEDED wordpress plugin that allows users to include html code in their comments. It takes the html code and replaces all “<” characters with “&lt;” and all “>” characters with “&gt;”. I needed this because comments containing html kept being garbled up.

Download link: htmlincomments wordpress plugin

Jake

  • Share/Bookmark



Twitter Fully Integrated

Now my posts show up on my twitter account! Yay wordpress!

  • Share/Bookmark



Hello world!

This is my first post! I just got my twitter and this blog setup. I expect that I will post a weekly article on a topic related to work that I am doing. I have past articles, too, that I have written for clients or employees that may prove useful. Check back later to read some articles and please feel free to discuss.

  • Share/Bookmark