Subscribe to Monitoring Matters RSS Feed

Monitoring Matters

by: Ginger Hill - Tuesday, August 18, 2020

When I hear the word “skyrocket,” it always reminds me of fireworks bursting overhead, spraying beautiful, illuminating dots and sparkles of color across a black nature canvas. However, when it comes to cyberattacks, there’s nothing beautiful at all about them; they’re detrimental.

Take a moment to really think about these malicious assaults that gain unauthorized access to a victim’s device. Sensitive data can be stolen, computers completely taken over and harmful takeovers of internal network infrastructure. 

Unfortunately, over the past 12 months, cyberattacks on U.S. companies shot up by 93 percent, according to an Atlas VPN investigation. VMware Carbon Black canvassed 250 North American company representatives operating across different verticals. Data from March 2019 to March 2020 was taken into account and produced the following results: 

  • 23 percent of respondents saw an uptick in attack volumes between 1 to 25 percent;
  • 42 reported a more significant increase between 26 to 50 percent; 
  • Nearly a quarter of the surveyed companies saw more than 50 percent growth in attack volume;
  • 4 percent reported attack volume surged by more than 2 to 4 times;
  • Financial services saw the highest average rise in cyberattacks at 56 percent, which is 11 percent above the norm; 
  • 43 percent of financial service companies reported an over 50 percent increase in the volume of attacks; and 
  • Healthcare saw an average increase of 49 percent in cyberattacks. 


Attacks come in a variety of types, kind of like Skittles, where victims can literally “taste the rainbow” (to quote Skittles’ commercials) of the types of tactics and techniques cybercriminals are using. However, most favored by cybercriminals in this survey was custom malware that leverages existing, legitimate, already-installed software on a victim’s computer. From this survey, 29 percent of the companies identified custom malware as the most frequent type of attack.

Other types of attacks included: 

  • Commodity malware reported by 1 in 10 of the surveyed companies;
  • Supply chain attacks reported by 9 percent; 
  • Ransomware at 7 percent;
  • Hollowing reported by 5 percent of the surveyed companies; and 
  • Island hopping reported by 2 percent. 


So, now that you’ve got all the data, stay tuned for next week’s blog when I talk about these types of attacks; identify what exactly they are; and give tips on how you can prevent you and your company falling prey to them. 

by: Ginger Hill - Wednesday, August 5, 2020

With all the negativity that the COVID-19 pandemic has bred, I find it encouraging and refreshing to see all the positive movement within the industry when it comes to the video surveillance camera market. As you probably heard, Motorola Solutions acquired Pelco, Inc. for $110 million in cash (not a bad chunk of change there!), and ADT and Google partnered to dominate the smart home market, so there’s almost an endless number of video camera applications here as more consumers are embracing the work from home lifestyle, putting even more emphasis on home/residential security. 

Perhaps this is just the first of significant acquisitions and partnerships within the video surveillance camera market that we’ll see in the near future, but one thing is for sure … the video surveillance camera market will experience growth through 2025 as forecasted by IDC. This is due to the increasing adoption of smart camera systems and analytical software that enables use in a variety of uses beyond just surveillance. 

“The worldwide video surveillance camera market will grow to $44 billion by 2025, up from $23.6 billion in 2019, with a five-year CAGR of nearly 13 percent.” — IDC

IDC’s video surveillance and vision application practice follows the application of machine vision that augment physical security, and includes: 

  • Data protection coverage beginning and ending with stored data or carried by an organization’s IT infrastructure;
  • Protection of data before it becomes data; protecting intellectual property that people carry around with them by protecting the people; and
  • Physical security of areas people occupy, including exposure to biological threats like COVID-19, which is critical to companies that depend on the introduction of innovative new services and products to drive revenue generation. 


While greater detail can be found in IDC’s report, “Worldwide Video Surveillance Camera Forecast, 2020-2025,” here are some key takeaways of upmost interest to most security professionals: 

  • The North American market is still the top consumer of video surveillance cameras, followed by China;
  • Consumer video surveillance cameras present 32 percent of the world total, currently, largely as a result of home security systems and mobile cameras;
  • The blacklist of Chinese camera manufactures by the U.S. government will not slow down market growth, but rather, open the market to many smaller camera producers; and
  • The use of advanced analytics (e.g., AI) to enable applications (e.g., facial recognition) may trigger regulations which could impede market growth. 


My thoughts? With an estimated 770 million surveillance cameras installed around the world and with the coronavirus practically demanding a touchless world, video surveillance cameras that are integrated with other solutions that can accomplish things such as not allowing physical access to someone who didn’t use hand sanitizer prior to attempting entry; contact tracing; people counting to ensure social distancing; etc., I think will always be a necessity in our modern world. The more solutions a video surveillance camera can offer to solve end-user pain points, the more this market will continue to flourish. 

by: Ginger Hill - Wednesday, July 22, 2020

The loo, bathroom, restroom, el bano, latrine, water closet, washroom, powder room, lavatory, outhouse, toilet, commode, throne, potty … whatever your special name is for this place, we all know others shouldn’t be “privy” to our private moments here. But, as technology advances and new “smart” apparatuses tempt the must-have-it-all-type of consumer, privacy wanes and cybercriminals find new ways into the more personal parts of people’s lives. Case in point, the smart toilet …

Scientists at the University of Wisconsin-Madison, Joshua Coon and Ian Miller, recently analyzed 110 of their own urine samples directly from a toilet bowl over a 10-day period. The smart toilet actually went into the molecular makeup of these men’s urine, giving information about what was in their blood. From that, Coon and Miller were about to see how much: 

  • sleep and exercise they got;
  • alcohol or coffee they drank and when; and 
  • over-the-counter medications they had taken.


The two reasoned that a toilet of this caliber could be used to not only detect things — urinary tract infections, kidney disease, diabetes and other metabolic disorders — before symptoms even presented, but could automatically send information to users’ doctors. So, they are on a five-year journey to create this preemptive potty, complete with:

  • A briefcase-size screen above the tank;
  • A phone app;
  • A bowl that resembles a compost toilet with an opening for collecting and separating urine samples; and
  • The ability to differentiate between six and 12 users.


Pretty nifty, huh?

I think so. This would propel medicine into being more preventative, just as security is focused on being more proactive rather than reactive. But (only one “t” and no pun intended), this would be yet another way to allow cybercriminals into our lives. Oh crap!

Whether creating a smart toilet or any other connected device, manufacturers must ensure that all data be collected, stored and transmitted safely at the very beginning. Antoinette King, PSP, key account manager, AXIS Communications offers the following guidance for manufacturers:

  1. “Create a secure communication link from the device to the endpoint that the data is processed and stored.”
  2. “Ensure that information cannot be intercepted as it is being transmitted to help prevent data leakage.”
  3. “Ensure that the people responsible for developing the code for the device itself have security as a priority and will test and retest for vulnerabilities prior to release.”
  4. “Whenever data is being stored, it needs to be protected with encryption and two-factor authentication should be used to gain access.” 

Consumers also have a responsibility to help "flush" out cybercrime and protect their data when using connected devices. King advised all consumers to ask themselves the following questions, as well as know and understand the answer, in regard to every connected, smart device they use:

  1. Who has access to the device?
  2. How is access gained?
  3. How is information stored?
  4. How is information transmitted?

“As consumers, we need to be educated and hold manufacturers accountable for how they handle our data and personal information," King said. "We cannot just consider how easy something is to use, but we must consider how secure they are as well. As we all know, we are only as good as our weakest link. In this ever-growing digital lifestyle we are living, now more than ever, we need to be vigilant about our personal identifiable information."

by: Ginger Hill - Wednesday, July 8, 2020

I’m always fascinated when I see articles stating that the top passwords of the year were “password” “1234” or “qwerty” or even “abc” in conjunction with the millions of articles about data breaches that offer easy-to-do actions for people to take to protect their personal data, either personal or work. Why are the exact same, weak passwords being used over and over when people know and understand that data can and most likely will be hacked? I recently attended “The Psychology of Passwords” webinar, hosted by the National Cyber Security Alliance with Gerald Beuchelt, CISO, LogMeIn, who presented the third annual LastPass research, to find out. 

Approximately 3,250 people around the world —Australia, Brazil, Germany, United Kingdom, the United States and Singapore — (and based on this research, presumably more people like you and I) are caught in the cognitive dissonance trap of not protecting themselves from security risks even though they know they should. Even having a security-conscious mindset does not translate into taking the actions needed to protect against cybercriminals. But, why?

Believe it or not, the most common reason is fear, the research found. People are afraid they’ll forget their passwords, which is logical, thinking about the barrage of passwords a single person uses in a day from email to banking to social networking and simply creating a user name and password to read favorite news media. However, by using the same password over and over, all it takes is one time for a hacker to gain access to a single account and then BOOM! … they have access to ALL accounts.

In my opinion and to take the fear of forgetting off the table, the safest way to remember and protect passwords is the pen and paper method: list the website in one column and the strong, robust password in the adjacent column, and then store in a fire-proof safety box. Not too exciting, but effective. 

Going along with the fear of forgetting is the act of memorizing, but seriously, if using strong, robust and different passwords for each account, only a superhero could memorize them. Besides, memorizing isn’t working anyway … how many times do you reset your password because you forget it?! That would be me! 

(Confession: In the past, I have even used variations of the same password for my various accounts and “memorized” them, only to forget which password variation went with which account. Then, I’d have to reset my password just to access a single account, and then of course, I’d forget the “new” password, only to reset it again the next time I accessed the account. Ah, the never-ending password-reset-cycle begins!)

On a positive note, LastPass research also found that people are doing some things right: 

  • Using multifactor authentication more often on personal accounts;
  • Trusting biometrics: of those surveyed, 65 percent said they trust fingerprint or facial recognition more than tradition text passwords; and
  • Protecting financial and email accounts more often: 69 percent of those surveyed create stronger passwords for their financial accounts and 47 percent for email while 62 percent use multifactor authentication on financial accounts and 45 percent of email.


Here are some other things to do to secure your accounts: 

  • Make sure passwords are 20 characters or more, randomly generated, containing a mix of lower and uppercase letters, digits and symbols. 
  • Turn on multifactor authentication for all accounts that offer it. 
  • Monitor data with credit monitoring and/or dark web monitoring services.
  • Keep software up-to-date. 
  • Watch for phishing attacks, which are highly prevalent these days.
by: Ginger Hill - Wednesday, July 1, 2020

COVID has taken the physical world virtual. As stay-at-home orders abounded, and quite frankly, should still be observed, along with wearing masks, social distancing and washing of hands, colleagues, family, friends, clubs and other groups hit the virtual world to do business, stay connected and attempt to have some sort of calmness amid pure chaos. At the same time, threat actors and cybercriminals were at the ready, armed with a playbook of schemes to run interference. 

The platform of choice quickly became Zoom, offering free and cost-effective paid options, positioning Zoom to not only become more of a household and corporate name, but as a huge target for cybercriminals looking to gather information and data to use in phishing, vishing and mishing attempts, ransomware attacks and other virtual crimes. And, at first, due to Zoom’s lax security, intrusive videobombers were successful and a barrage of privacy breach lawsuits followed to which the CEO vowed to fix security issues in 90 days, starting April 1st. 

Well, it’s July 1st, exactly 90 days out, so is it time for Zoom to take a bow or “zoom” away into extinction? 

Based on Zoom’s CEO’s blog, I’d say, Zoom is here to stay. Here’s the progress Zoom has made toward a safer, more secure platform:

1. Enactment of a 90-day freeze on all features not related to privacy, safety or security and released over 100 features, such as meeting defaults including passwords, waiting room and limited screen sharing.

2.  Worked with a group of third-party experts to review and enhance the company’s products, practices and policies. 

3.  Prepared a transparency report detailing information related to requests for data, records or content. 

4.  Developed a Central Bug Repository and related workflow processes. 

5.  Launched a CISO council to facilitate ongoing dialogue about security and privacy best practices.

6.  Engaged in a series of simultaneous white box penetration test to identify and address issues. 

7.  Hosted 13 webinars every Wednesday since April 1st featuring company executives and consultants who took live attendee questions.

Just as the security industry has and is learning how to pivot, companies like Zoom are also having to pivot in order to stay safe and relevant during COVID and beyond. Being a part of the security industry and in my opinion, we understand this pivoting process and how it creates trust, integrity and fosters strong relationships; therefore, maybe we can all give Zoom a second chance.

Here’s some security tips to consider when using Zoom:

1.  Always join Zoom meetings through a web browser, not desktop software since the web browser version gets security enhancements faster. 

2.  When hosting a Zoom meeting, ask participants to sign in with a password, making Zoom-bombing less likely. 

3.  Don’t use social media to share conference links! Trolls find this information there and can easily figure out how to bomb your meeting. 

4.  Enable the waiting room feature so that participants wait until the host approves each one, giving control over who joins the meeting. 

5.  Limit screen-sharing ability only to the participants who need to share their screens. 

6.  STOP. THINK. ACT. THEN SPEAK. Consider what and how you say things during a Zoom meeting and what perception it will convey to others. Remember, people can actually SEE your facial expressions, but not necessarily your body language, which can interfere with how messages are received. Also, close all other windows on your computer screen to prevent others from seeing what else you’re up to, especially if you happen to be looking for another job or buying a surprise gift for someone! 

by: Ginger Hill - Wednesday, June 17, 2020

I feel like I should start this week’s blog post with “once upon a time …” yet that phrase typically fosters good memories of childhood fairy tales that usually led to happy endings, where the prince and princess live happily ever after. The tale I have for you today, unfortunately, is that of cybersecurity nightmares.

Getting right to the point, our very own Central Intelligence Agency (CIA), the group that should be outfitted with the top echelon of professionals who seek to serve the federal government of the United States by gathering, processing and analyzing global data, was hacked, releasing 34 terabytes of data, approximately 2.2 billion pages of information, where all eyes were privy to “secret” information. 

What’s worse? If that data had not been published, the CIA’s elite hacking unit — Center for Cyber Intelligence — would probably never have learned of the breach. 

Let that sink in for a moment.

Instead of securing systems already in place, the CIA’s team of elite hackers — sophisticated people who secretly access cameras and microphones on foreign targets’ smart devices and hack into adversary’s systems to steal design plans on advanced weapons that could later be used on the United States or our allies — were more enthralled with building cyber weapons. This decision snowballed into what U.S. officials have said was the biggest unauthorized disclosure of classified information in CIA’s history, causing the agency to shut down some intelligence operations and alerting foreign adversaries to the United States’ spy techniques.

According to a leaked report, the breach was an insider job, allegedly committed by a CIA employee, due to security procedures being “woefully lax” within the Center for Cyber Intelligence. The report also discovered that:

  • The United States’ most sensitive cyber weapons were not separated into parts; 
  • System users shared administrator-level passwords; 
  • No effective thumb drive controls were in place; and 
  • Historical data was available indefinitely to users.


I’m by no means a lawyer nor a politician, but seems like at the core of this debacle is a simple case of not implementing checks and balances that came back to haunt. And, while most princes are “charming,” I must say, Joshua Schulte, former CIA employee who worked at the Center of Cyber Intelligence and is on trial accused of stealing this data, is not charming in the least.

by: Ginger Hill - Wednesday, June 10, 2020

The struggle is real in this COVID-19 world we’re all living in with so many uncertainties, concerns, distracted thinking, working from home … the list goes on and on. A huge concern that employers and employees must realize is that to enable continued, gainful employment and the ability to work from home, technology/hardware has to be protected from threat actors and processes have to be in place to fend off cyberattacks. 

First, thinking must shift to that of protection, then the light-bulb realization that cyberattacks have and can destroy companies must be understood, followed with proper action taken now. 

Easy access - phishing

People working from home may be stressed and distracted — one of their family members or friends has tested positive for COVID; the dog barks at every slight noise; kids screaming, running around the house; spouses/partners working from home; trying to figure out what to make for dinner; doing laundry; loading/unloading the dishwasher between emails; etc. People are literally “half thinking,” putting themselves in cruise control when it comes to work duties. The bad guys know all of this and are taking advantage of and preying on you and other work from homers. (Doesn’t that tick you off? It makes me furious!) 

What are the bad actors doing? Deploying phishing campaigns that look very real and even “feel” real to recipients. These are known as “client-side” attacks and some are so well-done they can fool anyone!

What can employers do? Ramp up efforts on phishing awareness training and simulations. Encourage work from homers to “go phishing” by sending fake phishing emails to see which employees take the bait. Offer prizes to employees who don’t fall for it, such as awarding grocery store gift cards to the first 5 employees who email a certain person within the organization saying they discovered a phish!

What can employees do? 

  1. Separate devices for work/personal use, if possible. 
  2. Consider using direct Ethernet connection. 
  3. Ensure wireless connection is not open and is very secure. 
  4. Use VPN to access/interact with employer systems/data. 
  5. Upgrade router and modem firmware. (Usually internet and/or cable providers will upgrade modem firmware but verify this with them).

Mobile devices – where have you been? 

Eerily, iOS devices keep a record of all location data, so obviously Apple, third parties, whomever the data is sold to, bad actors who want to stalk or harass others, etc. can access this data. 

In other words, bad actors can determine exactly where you’ve been, physically, and likely to return to at a later date! 

Check this out: on your iOS device go to settings – privacy – location services – system services – significant locations = a list of all past locations you’ve been!

All I can say is: Turn. It. Off.

Smart devices in the home 

Remember, all services tied to smart/IoT devices are accessed through the cloud and a lot of people use the same credential across various accounts. If the cloud is hacked, threat actors gain access to your login information and then use this credential to try to hack all your devices or systems. So, if you’ve heard it once, you’ve heard it a thousand times … “make sure your passwords are robust and use different passwords/credentials for every account you have.”

Should a threat actor gain access to your smart devices, he or she can use knowledge gained or videos of you in your home as blackmail or extortion. And, remember, most of these devices allow sound as well, so bad actors could be listening to conversations you are having with your employer, co-workers, clients, etc. 

What employees can do? When having confidential and/or work-related conversations at home, unplug your cameras, then you don’t have to worry about anything! 

by: Ginger Hill - Wednesday, May 13, 2020

The #SSNTalks’ Team is passionate about recognizing diverse, talented, young security professionals representing the next generation of industry leaders via our yearly “40 under 40” awards. We are thrilled to currently be seeking our “40 under 40” Class of 2020, comprised of consultants, integrators, monitoring professionals and end users. Submit nominations online here.

“I have always considered SSN’s ‘40 under 40’ the ‘gold standard’ in our industry and being recognized really made my family and I proud that colleagues that I worked with valued my work and wanted to have me recognized,” Randy Guarneri, vice president of Loss Prevention, Fresh Value Supermarket and SSN’s Class of 2019 award-winner, told SSN

The “40 under 40” Class of 2019 recognized many with military and law enforcement backgrounds, who showed how the IT sector is drawing young talent into the security industry. The Class of 2019 also gave advice on how to help diversify the industry and many were bullish on cloud, AI, machine learning and analytics. 

“When I received word from Ginger Hill, managing editor of SSN, that I was selected to this illustrious group, to me, it was like a sports hall-of-famer getting that call that they were inducted into the sport they played Hall of Fame,” Guarneri remembered. “Only the ‘best of the best’ can enter this prestigious class each year.” 

The SSNteam is excited to see what the Class of 2020 brings to the security industry in terms of talent, leadership qualities, business acumen, tech-savviness and commitment to our industry, as well as celebrate them accordingly with: 

·      A special ceremony at SecurityNext

·      A personalized profile on our website and in the October and November 2020 issues of Security Systems News

·      A special logo to use in email signatures, on social media, etc., establishing them as part of our Class of 2020; and 

·      Opportunities to be interviewed and quoted in our future endeavors to help further establish them as industry thought-leaders.

“Colleagues, friends and even yourself should nominate for this renowned award that recognizes hard work, leadership, integrity, dedication to their field and true passion for that is done in the field day in and day out, while being committed and making a huge influence in the field,” Guarneri encouraged. “A person can have one year or 25 years on the job to exhibit some of the characteristics listed to enter SSN’s ’40 under 40’ Class of 2020.”

To be eligible for SSN’s ’40 under 40’ Class of 2020, nominees must have been born in 1980 or later; work at a system integration firm, alarm installation company or central monitoring center; work in a security professional role for an end user; or be a security industry consultant; and complete/submit the online nomination form.

“Each year a special and entirely new class enters,” Guarneri explained. “The award is far from a ‘life-time’ achievement award, but rather an award that recognizes ‘best’ in class by those that are ‘best in class.’”

*Questions regarding this prestigious award can be directed to SSN Editor, Paul Ragusa, at or SSN Managing Editor, Ginger Hill, at

by: Ginger Hill - Wednesday, April 29, 2020

I venture to say that the “corona-crisis” is not the first “crisis” you’ve had to deal with as a business owner, employee, parent, son, daughter, brother, sister, grandparent, aunt, uncle … nor will it probably be the last. That’s not thinking negatively, either; that’s just based on the uncertainty of life and the human inability to predict the future. 

So, here’s the deal … we are all coping with the same coronavirus crisis right now and that is the one common denominator that we all have with each other, the “crisis connection,” if you will. But, it’s how you communicate with others during this time that will deem you a success or a failure, professionally and personally.

I recently sat in on a SIA MarketShare webinar with Janet Fenner, SIA Membership and Marketing Committee and member, SIA Board of Directors; Kevin Friedman, principal, Maize Marketing and Jody Ross, vice president of sales, AMAG and member, SIA Board of Directors, and their overall combined message really resonated with me as they emphasized the importance of being empathetic.

“We’re learning as we go,” Friedman said, “it’s really about empathy and being empathetic toward our customers and our employees and our sales staff, and showcasing this is one thing we’re all in together.” 

When I was a teacher, I learned that a student doesn’t care what you’re trying to teach them or say to them, if the student doesn’t feel, know and understand that you generally, authentically care — nothing else you try to do with that student matters. A barrier has been placed, blocking all efforts. And, trust me, if you fake it, they know. The same holds true in all human-to-human relationships. 

“Instead of trying to go for the sale, go for checking in on them [customers]," Fenner said. “Make sure that they’re okay; they’re families are okay; and the more you speak with them, you learn about what their ‘after normalcy’ is going to look like, so you know how to support their efforts.” 

Ross added the importance of listening. “You have to listen to them [customers] and again, empathy,” she said. “You can’t be a bulldog moving forward and pushing them [customers] right now. Everyone is struggling. So, you have to listen.” 

So, what exactly is empathy? It’s simply the ability to understand and share the feelings of another. We’re all going through the same coronavirus situation; this common denominator gives us the ability to literally understand what others are going through. People are craving connection right now, and it’s the companies and businesses who take the time to authentically reach out and listen, hear and understand what others are saying that will come out of this pandemic ahead with strong partnerships and relationships in place.

This isn’t the time for simply “hi, how are you?” with the typical reply of “I’m good.” Nor is it “about pushing product down throats; it’s about checking in … let’s just talk in ‘normal,’” Friedman said.

by: Ginger Hill - Wednesday, April 15, 2020

I’ve been hearing and seeing the use of the word “nimble” lately when it comes to security businesses continuing their success during this trying time of the coronavirus, working from home and social distancing as our new norm. A recent example comes from an online panel organized by Arcules in which Ryan Schonfeld, founder & CEO of RAS Security Group and SSN “40 under 40” class of 2019 said: “ … I think being able to be nimble and adapt to changes quickly is going to be critical.” 

What does “nimble” actually mean and how can it be used in business? 

According to Merriam-Webster, nimble is an adjective that means quick and light in motion, like being agile as well as marked by quick, alert, clever conception or resourcefulness, responsive and sensitive. 

For me, the word nimble brings back memories of nursery rhymes  — “Jack be nimble; Jack be quick; Jack jump over the candlestick.” Which, you’re jumping over fire, it’s a good quality to be “light in motion, agile.” 

Let’s suppose for a minute that the candlestick in full flame in this age-old “rap” is 6-foot-tall and represents the coronavirus and let’s pretend you’re Jack, a well-dressed, savvy, security-industry business man (or woman, “Jackaline”). The only thing holding you back from your next million-dollar deal is a 6-foot burning candle right in front of your face. 

You can see the wax melting, drip by drip and feel the heat from the flame. You have no room to back up and gain momentum as you run forward to leap over it; there’s no room on either side to sneak past; there’s no way under it; there is no sort of hoist to lift you over dangling from the ceiling … it’s just you and a 6-foot burning candle. What are you doing to do? 

Simple. Be nimble. Be quick, agile, clever and resourceful. Be responsive yet sensitive. 

  1. Quick – fast in development … make/devise a plan. 
  2. Agile – well coordinated in movement … effectively execute the plan.
  3. Clever – mentally bright, sharp intelligence … use the things you’ve learned in the past, and don’t be afraid to try and learn new things.
  4. Resourceful – capable of devising a way … don’t second guess yourself; once you’ve made a plan, stick to it, but also be “responsive” to your plan. 
  5. Responsive – being prompt and willing … ready and inclined to take charge and make changes if necessary to your plan, business, personal life, etc.
  6. Sensitive – aware of and responsive to the feelings of others … consider your employees and customers needs, and do whatever you can to help.