Culture is a tricky thing. You want one that stands out from the pack of other small businesses but you also realize that you don’t have the resources of a Google, Facebook or Amazon. So a few years ago, we decided to opt-in to one idea that we think is not only the right way to go in our company but in any other modern day business. We established an ‘unlimited vacation policy’.
HR Directors just fell out of their chairs
In a business that uses more brains than brawn, to have vacation based off of a traditional concept of work days just never made sense. It was a leap of faith when we decided to rip off the band-aid and we’re glad we did. Our employees, on average, take about 2.5 weeks per year, not including the time off they have between Christmas and New Years when we shut down. Everyone in the company realizes that vacation is an important concept and when you need to take it, please do. But they also know that when one person isn’t there, someone else is picking up their slack. Its just the way it has to be. So we say take the time you need to come back energized and just pay it forward by covering for someone else that takes vacation next time around. It really can bring a team together. Found this infographic that also has some good points.
By now you might have heard of the Heartbleed bug (CVE-2014-0160). The bug is a vulnerability in the popular OpenSSL cryptographic software library. The Heartbleed bug affects any sites and services running specific versions of OpenSSL (1.0.1 and 1.0.2-beta releases of OpenSSL are affected including 1.0.1f and 1.0.2-beta1). The bug received its name from an SSL function called heartbeat, which sends out a pulse to check the connection status. The bug allows spoofing of this “heartbeat” function and potential access to the server. The bug was a programming mistake in the OpenSSL library that provides cryptographic services. There is a fix available now and affected systems should upgrade to OpenSSL 1.0.1g. Systems unable to immediately upgrade can alternatively recompile OpenSSL with -DOPENSSL_NO_HEARTBEATS. For now, you should treat every website you have visited as being insecure. We recommend that you generate new passwords for your most critical websites after the vendors have updated their servers. Also, develop a plan on how to respond to your customers.
Here is a list of major services affected including whether or not you need to change your password with them: