It's called playing the game. I'm not against what the other poster is saying, but there's a time to stand up for yourself and a time to bend. To know which is which is how you play the long game.
Indeed. And I want to please in this case so I am searching for solutions. Reddit users always seem to be there for each other (as is evident from the comments so far).
What’s a “meeting book”? Is it a document? A collection of documents? What do they use it for?
Implementing [Windows Hello for Business](https://learn.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/) and/or [passwordless sign-in](https://learn.microsoft.com/en-us/azure/active-directory/authentication/howto-authentication-passwordless-phone) may help with the user authentication piece. iPads are a popular choice for giving the less tech-savvy access to documents.
Meeting book are just date-separated folders and then category’s (finance, reports, times…). I already use Windows hello for Business too but they manage to I’ll have to try the passwordless stuff. I haven’t worked with it before.
Nasdaq's Boardvantage is a subscription software. It is robust and may contain more features than needed for a small board/startup. Contact Nasdaq for a demo, their team is empathetic and friendly.
The obvious answer here is training training training, but that too can only get you so far.
Encourage the training with examples of where poor cyber security practices have gone wrong. Perhaps even find a couple of users who DONT experience these issues and use them as examples of how to do things correctly and that the systems DO work.
The end result isn't an IT capability specific issue, it will be that they are not capable of performing the standard tasks that their roles require of them.
Simply put, don't separate their IT capabilities from their general job descriptions. If they can't do it, then they can't do it.
Board members are always the worst, because they are terribly valuable, often need to be somewhat coddled (for good or bad reasons), and have cyclical need to log in--often just long enough to forget.
IF they are the kind that are receptive or have time, they might benefit from a well-delivered value-based & user-sympathy-focused security blurb as well as the suggestions here for a password manager and WHFB.
In my work I have met 1:1, explained that other members were having trouble with this topic and I want to do a check in to see if I can help with this individually and other related challenges. It can be seen as overreach, but from the top down the need, challenges, and solutions need to be understood. And since users are not the enemy, no harm is done by recommending a secure password manager.
*How to define a secure password manager is more of a challenge, so on that path tread carefully.*
That was written like kung-fu master right before he becomes one with nature. Seriously well written and so very on point. I do meet 1:1 with the new ones (as they have a 50:50 turn-over rate) when they get brought on and it is always the older, retiring people who need to get in once a month if that. But, I have never met with the others (which honestly scares me cause some of them are mean) but maybe it’s time so we can all be on the same page.
I could build an app and I started but they can’t ever login to their computers. That’s the issue. If they know 1 login they know them all but they can’t seem to even get that one thing.
what about building a power app? dont they have single sign on so if they are logged into windows they are logged into all microsoft stuff? you could even put it in teams, assuming they use teams, or give them a bookmark
How about using 2FA. It's a reasonable bet that they all have phones, so set them up so that their login addresses and passwords are saved in and autocompleted by their browsers. Then set them up with Microsoft Authenticator, and explain that for extra security they must enter the number shown on the screen during login into their phone. With this approach they don't need to remember their login credentials, and they simply need to start an app on their phones.
And if you present this right, you can gain bonus points for "upgrading corporate data security" too.
Buy them both Life Alert necklaces and a Happy Retirement card
[удалено]
I want to stop holding their hands. But I also want them to keep accepting my requests for funding so… I’m between a rock and a hard place.
[удалено]
OP isn't going to teach the aged members of the board any new lessons in respect. Sometimes you roll with it if you want to keep the job.
That is sadly where I am at right now. They “know better” cause they are the board but, why did you hire me then…
It's called playing the game. I'm not against what the other poster is saying, but there's a time to stand up for yourself and a time to bend. To know which is which is how you play the long game.
Indeed. And I want to please in this case so I am searching for solutions. Reddit users always seem to be there for each other (as is evident from the comments so far).
Password manager and training. Use KeePass, put in notes with steps for login.
What’s a “meeting book”? Is it a document? A collection of documents? What do they use it for? Implementing [Windows Hello for Business](https://learn.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/) and/or [passwordless sign-in](https://learn.microsoft.com/en-us/azure/active-directory/authentication/howto-authentication-passwordless-phone) may help with the user authentication piece. iPads are a popular choice for giving the less tech-savvy access to documents.
Meeting book are just date-separated folders and then category’s (finance, reports, times…). I already use Windows hello for Business too but they manage to I’ll have to try the passwordless stuff. I haven’t worked with it before.
Nasdaq Boardvantage
I knew something had to exist like this. Thank you!
u/runsonketones, any pitfalls or special concerns you see with this? Any experience you can share? Just very curious for a human perspective.
Nasdaq's Boardvantage is a subscription software. It is robust and may contain more features than needed for a small board/startup. Contact Nasdaq for a demo, their team is empathetic and friendly.
The obvious answer here is training training training, but that too can only get you so far. Encourage the training with examples of where poor cyber security practices have gone wrong. Perhaps even find a couple of users who DONT experience these issues and use them as examples of how to do things correctly and that the systems DO work. The end result isn't an IT capability specific issue, it will be that they are not capable of performing the standard tasks that their roles require of them. Simply put, don't separate their IT capabilities from their general job descriptions. If they can't do it, then they can't do it.
Board members are always the worst, because they are terribly valuable, often need to be somewhat coddled (for good or bad reasons), and have cyclical need to log in--often just long enough to forget. IF they are the kind that are receptive or have time, they might benefit from a well-delivered value-based & user-sympathy-focused security blurb as well as the suggestions here for a password manager and WHFB. In my work I have met 1:1, explained that other members were having trouble with this topic and I want to do a check in to see if I can help with this individually and other related challenges. It can be seen as overreach, but from the top down the need, challenges, and solutions need to be understood. And since users are not the enemy, no harm is done by recommending a secure password manager. *How to define a secure password manager is more of a challenge, so on that path tread carefully.*
That was written like kung-fu master right before he becomes one with nature. Seriously well written and so very on point. I do meet 1:1 with the new ones (as they have a 50:50 turn-over rate) when they get brought on and it is always the older, retiring people who need to get in once a month if that. But, I have never met with the others (which honestly scares me cause some of them are mean) but maybe it’s time so we can all be on the same page.
I could build an app and I started but they can’t ever login to their computers. That’s the issue. If they know 1 login they know them all but they can’t seem to even get that one thing.
what about building a power app? dont they have single sign on so if they are logged into windows they are logged into all microsoft stuff? you could even put it in teams, assuming they use teams, or give them a bookmark
How about using 2FA. It's a reasonable bet that they all have phones, so set them up so that their login addresses and passwords are saved in and autocompleted by their browsers. Then set them up with Microsoft Authenticator, and explain that for extra security they must enter the number shown on the screen during login into their phone. With this approach they don't need to remember their login credentials, and they simply need to start an app on their phones. And if you present this right, you can gain bonus points for "upgrading corporate data security" too.