Welcome to our Blog

The daily Post

Read our Blog

Top Ways to Avoid Phishing Scams (Including Spear Phishing)

Office Worker with Spear Phishing email

Top Ways to Avoid Phishing Scams (Including Spear Phishing)

Phishing scams — and, increasingly, spear-phishing scams — are the number one way that cyber hackers gain access to closed computer systems, steal information and money, and corrupt data.

Let’s take a look at what phishing and spear-phishing scams really are, how you can spot them, and how to help your organization avoid their highly detrimental consequences.

Phishing and spear-phishing: What’s the difference?

Both phishing and spear-phishing are forms of email-based cyberattacks.

Essentially, both terms refer to email-based attacks that attempt to gain personal or sensitive information using deceptive or disguised emails appearing to be from legitimate sources.

Phishing is the broad term for these attacks. Spear phishing only differs in that these email attacks are specifically targeted at an individual. This may mean that the email includes the individual’s actual name, address, and/or phone number. Or, the email may reference other personal information, such as the individual’s workplace, work position, alma mater, or where they bank.

Here are some examples of spear-phishing emails you may have seen before:

  • An email appearing to be from your actual bank: “Dear YOUR NAME, Your debit card may have been compromised. Click here to login to your account and check your statement.”
  • An email appearing to be from a store where you frequently shop online: “Your recent order from XXX STORE has been dispatched. Go here to track your shipment.”

Notice that each example includes a place where you should click. This is by design. Often, simply opening a phishing email will not result in any issues; however, clicking on a link inside the email can actually be enough to cause the bulk of the issues (sometimes, major issues). A police department employee in Florida recently opened a phishing email link that led to ransomware being installed on the city’s computer system. In the end, the ransomware cost the city hundreds of thousands of dollars.

How can clicking on a simple link end in such disaster?

The answer is malware.

Malware is a shortened term for malicious software. This software can be automatically downloaded to your computer and/or entire computer system and network by a “trap door.” These trap doors are disguised as links, attachments, login fields, or downloads, which are embedded within phishing emails.

If hackers can get a spear-phishing target to click on their “trap door,” they can use that gateway to install malware onto your system. And once this happens, your entire network and data are at risk.

How Can You Spot a Phishing Email?

Phishing emails often have specific features, which should raise red flags right away:

  • The message is unusual (comes at an odd time, is from someone you don’t know, is in a bizarre tone, makes a bizarre or out-of-the-blue request).
  • The message makes you panic (e.g., “Your money has been stolen!”).
  • The message is threatening (e.g., “If you don’t click here now, you risk losing your job.”).
  • It’s written poorly, as if by a non-English speaker.
  • The email includes personal information … but not very much.
  • The sender’s email address or the web address they want you to navigate doesn’t look right.

What Should You Do if You Think You’ve Received a Spear Phishing Email?

If you think you or someone else in your company has received a phishing email, do nothing at first. Remember that clicking on links, downloading attachments, and opening files or pictures are all the things that hackers want you to do, which is exactly why you should never do them if you are suspicious of an email.

On the other hand, some emails may be clearly legitimate. It’s important to know the difference.

For example, if you speak to Ross from accounting in person by the water cooler, and he tells you he’ll be sending over an invoice you need to sign in the next 10 minutes, if you get an email with an invoice attachment from Ross in the next 10 minutes, the email’s probably okay.

If you get an email from Ross out of the blue on a Saturday? And you didn’t expect it? And it’s not in the tone that Ross usually uses?

This is when you shouldn’t do anything. Instead, check the legitimacy of the email. Do this either in-person or over the phone. For example, call Ross or wait until Monday to speak with him personally. Double-check that he sent the email. If it turns out the email cannot be accounted for, contact your company’s IT security department immediately.

Train Your Employees to Spot Phishing and Spear Phishing Emails

Understanding and following these guidelines as a CEO or manager is important, but remember that spear-phishing emails can target your employees as well.

For this reason, ensure that all of your employees know and understand:

  • What phishing and spear-phishing emails are
  • How to spot these emails
  • What you should never do with a suspicious email (click, download, or login via the email’s prompt)
  • What to do if they suspect they’ve received a phishing email

By following these guidelines, you can keep your business safe from phishing scams and the subsequent ramifications.

The Top Cyber Security Threats Facing Enterprises and How to Mitigate Them

CIO studying cyber security issues

The Top Cyber Security Threats Facing Enterprises and How to Mitigate Them

As cybersecurity threats become more prominent and the Internet of Things (IoT) devices become more essential, the tactics behind the threats are evolving into more sophisticated forms. This can lead to an increase in certain types of cybersecurity attacks and threats that can sometimes catch IT managers off guard. Knowing what types of attacks and tactics are on the rise can help managers plan proper prevention and mitigation strategies. Given that 31 percent of organizations have been subject to cyber-attacks according to United States Cybersecurity Magazine, managers can no longer afford to be lax when it comes to security protocols.

What are the Top Threats?

Financial fraud through compromised business emails, credential stuffing, web application attacks, data breaches, and malware attacks have made the top list of threats. Compromised business emails come in the form of false requests to employees to pay nonexistent invoices, modify bank accounts, and purchase gift cards. Many of these emails are written using spoofing techniques that make it appear as though the email is coming from a top-level executive or a person of authority within the organization. When employees are misled by the emails and disclose the financial information the attackers are looking for, the company’s financial accounts and resources become compromised.

Credential stuffing occurs with unauthorized access to the company’s systems or enterprise-level applications via a legitimate employee’s username and password. With credential stuffing, a large number of employees’ usernames and passwords are either obtained through social engineering, phishing, or random guessing. Since it is natural for most to keep reusing the same usernames and passwords, it can make it easy for attackers to guess credentials that are similar in nature or that are updated in a sequential manner.

Web application attacks take advantage of vulnerabilities in the coding of applications and configurations. Common types of attacks include distributed denial of service (DDOS) and bypassing network firewalls to obtain sensitive data. Sometimes web application attacks are used in order to gain access into an organization, including physical access to a company’s servers. Data breaches can occur through web application attacks and unauthorized access to a company’s cloud storage accounts. Weak encryption systems and malware are often to blame with data breaches. Malware can come disguised in the form of freeware or shareware, file-sharing programs, programs or infected files stored on USB drives, and infected files or links shared through email.

Mitigating the Risks

Guarding an organization against compromised business emails includes enabling two-factor or multi-factor authentication. With two-factor authentication, a person must not only enter in credentials but provide another source of verification. This can be a code that is sent via text message to the person’s cell phone. Secondary means of authentication can also come in the form of a fingerprint or key fob. While it is easier for an attacker to guess a weak password and username, it is not easy to gain access to a code sent to a physical device that is only in the possession of the authorized user or duplicate a means of identification that is unique to the person’s physicality. Other means of guarding against compromised business emails include detection rules, employee education about spoofing, and more stringent policies regarding accounting and appropriate uses of email.

Two-factor authentication can also protect an organization against credential stuffing. Additional means include manual checking of passwords against known compromised credentials, enforcing frequent password change policies, employee education about not disclosing credentials, implementing detection rules, and employee education about social engineering and phishing tactics. Web application attacks can be prevented through more stringent firewalls, intrusion detection tools, limiting inbound access requests to server-based applications and systems, stricter scrutiny of cloud service providers and the providers’ security protocols, and the implementation of stricter internal security processes and policies.

Cybersecurity threats are unlikely to become a thing of the past as more devices and business processes become network integrated. However, simply having an internal IT security team in place is not enough to guard against attacks and unauthorized access. Developing both a defensive and an offensive game plan for the top threats most organizations face is an important step towards protecting a company’s sensitive data and technology-related resources.

3 Ways to Improve Your Cyber Security Plan

CEO Reviewing Cyber Security Plan

3 Ways to Improve Your Cyber Security Plan

Cyber attacks cost organizations millions of dollars per incident and often results in system downtime. The average cost of system downtime per cyber attack is as much as $1.25 million, according to Cybersecurity Ventures. System downtime can be costly due to lost sales, frustrated clients, and unfulfilled requests that lead to a significant backlog. Some clients also have long memories that lead to negative word of mouth and a future drop in sales. Despite the real threat of cyber attacks, Cybersecurity Ventures reports that only 28% of firms involved in installing network-dependent technology regard security strategy as highly important. Although completely preventing cyber attacks is often regarded as unrealistic, assessing threats, establishing key performance indicators, and mitigating human factors can help technology leaders improve their security strategies.

Threat Assessment

A proper threat assessment does not involve a single activity or happen once. Threat assessment is an ongoing strategic activity involving research, analysis, simulations, and follow-up. Starting with a series of questions is critical during the start of the research phase, as it helps security teams and technology leaders develop a profile of potential threats to the organization. Some of the questions to ask during this phase include:

  • Who is most likely to launch an attack against the organization and its resources?
  • Why is the individual or group of individuals motivated to launch an attack?
  • What data or information is valuable to the potential attacker(s)?
  • How are the potential attacker(s) likely to try to gain unauthorized access to the organization’s systems and data?
  • How has the potential attacker(s) breached other organizations?

Once security teams and leaders determine the answers to these questions, an analysis of the firm’s IT systems and infrastructure can occur. Finding vulnerabilities and ways to detect intrusions and other types of cyberattacks is as much about thinking like the potential attacker(s) as it is about discovering ways to stay a few steps ahead. This means setting up preventative measures and also conducting exercises to try to get around those preventative measures. By trying to accomplish a mock cyberattack, internal security teams can better identify previously unseen vulnerabilities in the organization’s infrastructure, processes, and security strategy. Follow-up activities involve analyzing system logs to determine if past indications of common or known attack methods exist.

Key Performance Indicators

Assessing vulnerabilities and developing a profile of high probability threats is important, but even the most sound threat assessment will be ineffective if performance measurements are not established. A sound cybersecurity plan contains ways to measure whether the organization’s strategy is working and identify areas for continued improvement. Common key performance indicators include:

  • Average detection time
  • Average time to mitigate detected threats
  • Number of identified vulnerabilities
  • Ability to control and prevent threats
  • Ability to meet and comply with the plan’s objectives
  • Whether key objectives or milestones were accomplished

Human Factors

Securing an organization’s systems and IT infrastructure against external threats is only part of a thorough cybersecurity strategy. Planning for the internal threats related to human error and inappropriate system access is even more crucial. Employees and vendors that have access to an organization’s systems should be subjected to security policies, including controlled access, account-level privileges, several layers of authentication, and awareness of social engineering and phishing techniques.

Education that includes security policies and training related to scenarios depicting potential threats is the cornerstone of a sound mitigation plan. Employees who understand what phishing attempts look like will be less likely to click on suspicious email links and less likely to download files that contain malware. Good communication, interactive training sessions, tests that simulate phishing and social engineering attempts, raising awareness about best practices, and implementing metrics can go a long way towards mitigating vulnerabilities related to human error. Implementing access policies that only give employees the system access they need to effectively perform their jobs is a secondary factor involved in mitigating internal threats.

The possibility of an organization becoming a target of a cyber attack is high if not a guarantee. Technology leaders and IT security teams cannot afford to not take cybersecurity strategy seriously. Conducting constant threat assessments, developing and refining key performance indicators, and finding effective ways to stress the importance of security protocols to employees and vendors are three foundations of a sound cybersecurity plan. Preventing cyber attacks from becoming serious incidents is important to an organization’s sustainability but learning how to make improvements based on existing vulnerabilities is even more critical to continued success.

What Are the Top Tips for Choosing the Best IT Company?

Two IT Company Professionals Working

What Are the Top Tips for Choosing the Best IT Company?

Website outages, cybersecurity attacks, and any number of other IT incidents can cost your company hundreds or even thousands of dollars — every minute. For this reason alone, you need an outsourced IT company who is competent and highly qualified to handle your IT needs.

But how do you choose the best IT company?

Naturally, the IT needs of each individual business will vary. A medical practice will need IT assistance that specializes in privacy as well as cybersecurity because they’ll have a tremendous amount of sensitive data in their systems. On the other hand, your industry may require less focus on privacy and more focus on the particular type of software that you use.

Finding an IT company who specializes in your industry is the first step to locating optimal IT support.

Here are some other tips to keep in mind when choosing an IT support company for your business.

1. Look for experience.

As is always the case when you contract out services, you need to look for experience. It may be tempting to work with a brand-new, up and coming IT company in your area, but something as important as IT support warrants hiring a company who’s been in the business for at least a few years.

To establish that the IT companies you are considering have enough experience to get the job done right, ask to speak with their current or past clients. Also, ask for the list of credentials that their support staff possesses. These are the individuals you’ll be working with regularly, and you want to look for certifications and schooling in IT-related fields.

Lastly, make sure the experience that these companies have is related to your industry, specifically. We’ve already touched on this a bit, but it’s important to reiterate that it’s better to find an IT company who specializes in your industry than to find night one who claims they can “do it all.” Many IT companies specialize in healthcare IT, transport IT, or other specific industries, which means they know and understand these industries inside and out. That wants you want.

2. Choose a local company.

Some IT companies will claim they can take on your business from across the state or the nation. While this is possible, it’s unlikely you’ll get the level of quality service you actually deserve. It’s much better to go with a local IT company who you can work with directly.

In many situations, you’ll actually need IT support staff from your MSP (managed service provider) to come to your business for installations, troubleshooting, or network setups. This shouldn’t have to be a huge production. Having a local IT company available for quick service calls is a huge advantage.

3. Look for forward-thinking companies.

Not only do you want your IT company to focus on maintaining your current network and system structure, but you also want them to propel your business forward. Whether fast or slow, growing should be a primary concern for any business.

Some IT companies are more capable at scaling their services than others. Essentially, you want to find a company who will propel your business forward with their own IT ideas. They also need to have the employee-power and IT resources to scale your business up with ease and efficiency. As you expand, you don’t want to have to switch IT companies.

4. Make sure you can choose your level of service.

Again, needs vary where IT is concerned. You certainly do not want to pay for services you don’t need and won’t use. For this reason, look for an IT company who offers a range of service levels.

Most IT companies offer at least two or three levels of service. For example, they may offer an entry-level fee for simply monitoring your systems and alerting you as soon as possible if there’s a breach. If you require network setups, software installations, and other management services, you‘ll naturally want a higher level of service. Having options is the main concern here.

No matter what IT company you choose, it’s important to take your time, and do your research. Your IT company will be one of your business’s most important assets. Hire well, and you’ll reap the benefits of easier daily operations, higher returns on investment, and ultimately, more business opportunities.

How Technology Helps Today’s CFO Improve Operations

CFO Looking at camera on technology blog

How Technology Helps Today’s CFO Improve Operations

The business world is increasingly tech-savvy, and organizations are looking for CFOs who are comfortable with the language and strategies of digital technology. The office of the CFO has long been a center of excellence for driving efficiencies and technology provides a wealth of new opportunities for forward-thinking CFOs to improve operations and maximize their assets. Finding a CFO who is comfortable with and understands the balance of technology in the workplace can be a significant boon for organizations, especially those who rely on their operational prowess as a means to outpace the competition. From growing efficiencies on the front line to improving back-office processes, see how technology is quickly becoming a game-changer for enterprising CFOs.

The Evolution of the CFO

For years, CFOs have been a major part of creating seamless operations for the business, including finding the right solutions for finance and accounting as well as processes such as travel and payroll. These disparate systems continue to mature, making it crucial that CFOs understand how they fit together seamlessly and provide value back to the organization. It’s not unusual for today’s CFOs to be more deeply involved in other decision-making, including the selection of project management software, customer relationship management tools, marketing automation and more. With their eye for back-office processes, CFOs are in a unique position to add their voice to the conversation around holistic technology for the business. This evolving role requires CFOs to expand their knowledge of systems and data architecture while still maintaining a tight hold on operational excellence throughout the organization.

Driving Digital Business Transformation

Staying up-to-date on the latest advances can also require the CFO to act as a digital transformation strategist for the business, a role that isn’t always comfortable for this top executive. Watching customer trends, social media insight and a variety of different datasets is a requirement as CFOs attempt to predict the future of the organization and drive innovation. Emerging technology requires near-constant focus, something that can be extremely demanding when CFOs are attempting to split their time and attention between multiple priorities. Technology, marketing and finance are the three pillars where the majority of data is present in the organization, and these leaders need to collaborate closely to ensure that data is mobilized for use in future applications. Having a deep understanding of the way various systems are built and maintained will allow CFOs to stitch together solutions that will benefit the organization in the future.

Moving Faster, Cheaper and Smarter

Finding the right technology for the job can require an investment in time as CFOs seek to gain an understanding of the various options on the market. Cloud-based technology can easily form the basis of the new operations stack, providing CFOs with a noticeably better budgeting process that doesn’t rely exclusively on capital expenses but spreads costs operationally, instead. Automation is one of the ways that finance executives are finding to drive optimization in the business, allowing entire teams to move on new developments more rapidly and with authority. Project management, reporting and marketing solutions increasingly rely on automation and artificial intelligence to provide greater insight and a deeper understanding of customer needs and sentiment.

As the role of the CFO evolves, technology will continue to play a key role for the business’s top finance executive. From shifting strategies to understanding how to implement and measure the value of various strategies, CFOs are gaining experience and insight that can be leveraged to make good technology decisions in the future.

How to Stop Your CEO from Becoming a Phishing Target

CEO Fraud

How to Stop Your CEO from Becoming a Phishing Target

Business fraud affects businesses of all types and sizes, and there are no individuals within your business that are truly immune from the possibility of a targeted attack. However, there are some people who are more prone to an attack, simply because of the high value of their knowledge or access to the information within the business. Accountants, finance leads and your CEO are some of the most commonly-targeted individuals when it comes to business email compromise (BEC) attacks, more commonly known as phishing attacks. Knowledge is power, and these tips will help keep your CEO from becoming the next victim of these vicious attacks.

What’s the Difference Between Phishing, Spear Phishing and Whaling attacks?

While phishing is the most common term that you may hear, there are two additional terms that are often used when it comes to upper executives or more targeted attacks: spear phishing or executive whaling. These more specialized attacks go beyond the broadscale spam of phishing attacks that are meant to net any type of “fish” who is willing to click a link. In a spear phishing or whaling attack, the hacker has researched your business and knows enough from either social media or your corporate website to target specific individuals. Cybercriminals spend the time and effort to find any key vendors for your business or some personal details that will inspire confidence in your executives. The assailants then leverage this information to create a highly specific and tempting message that feels more like a personal email from a known vendor partner or internal asset in an attempt to gain control of your systems or to get access to sensitive information. The term spear phishing generally refers to tactics that are specific to a few mid-level individuals in your payroll or accounting department while executive whaling is targeted directly at your CEOs and other C-suite leaders.

What’s the Potential Payoff for Cybercriminals?

This investment by the cybercriminal is expected to have a high-dollar payoff and there’s only one chance at success — so the hacker has a vested interest in taking the time to do it right the first time. Each subsequent request increases the potential of being discovered and reduces the possibility of a return on their investment of time. The fraudulent emails are often requesting that the recipient transfer a large number of funds, pay a massive invoice or otherwise release information to what the target thinks is a “trusted” party. The FBI estimates that a single targeted whaling attack can release upwards of $150,000 in funds to a cybercriminal, making this an extremely lucrative pastime for these malicious actors.

Your CEO Should Be Wary of These Tactics

Coaching your CEO to stay out of the way of cybercriminals starts with an ongoing dose of education. In this case, attackers tend to follow a pattern of sorts that is relatively easy to isolate as long as you’re actively looking for this type of interaction. Receiving an email from vendors that have already invoiced you for the month, or requesting a different payment method that they have not used in the past (such as a direct funds transfer) should be a big red flag for your senior executives. Be cautious of emails that come in from trusted individuals with a slightly different email address; e.g. “@Micros0ft.com” instead of “@Microsoft.com”, as hackers are now spoofing entire mail domains in an attempt to release funds and data from your organization. Funds aren’t the only things that are requested by these organizations — personal information such as tax records also command a high rate on the dark web. This quick flowchart from KnowBe4.com may be a helpful graphic to share with your executive team.

Protecting your organization from the tactics of cybercriminals is not a one-time problem or solution, but requires an ongoing and dedicated effort to foil the efforts of these actors. Keeping your finance teams and senior executives safe can save your organization hundreds of thousands of dollars in remediation and notification costs, not to mention the frustration and difficulties associated with handling a significant breach.

Old School Meetings Revisited

You know running a successful business requires much more than just offering a great product or service. It takes constant engagement and collaboration of all of your employees to produce the best results, and it takes your best effort to remain competitive in a crowded marketplace. Collaboration between employees used to mean lots of daily and weekly meetings. Those long hours stuck in the meeting room often wind up taking a toll on productivity, and this loss of productive is quite often negatively reflected in a company’s bottom line.

Microsoft Teams

The good news is that modern technology now provides an alternative to the traditional meeting: Online meetings. Conducting meetings online not only saves employees travel time and the expense of attending a meeting in person, but quality online meeting software provides the tools that make hosting a meeting more convenient and more efficient than ever before.

Many companies used to avoid online meetings because they were complicated to set up, time-consuming to maintain, riddled with technical problems, and expensive to purchase. But now there are no more excuses. Microsoft offers businesses of any size a quick, powerful, and inexpensive way to streamline meetings: Microsoft Teams and Microsoft Teams Rooms.

What is Microsoft Teams and What is Microsoft Team Rooms?

Microsoft Teams is an ideal way to keep everyone who works at your company, as well as your partners and shareholders, in the loop and working in concert. Microsoft Teams is a suite of communication tools, including web-based, allow employees access to secure and private chat, file sharing, critical business apps, and the video meeting software, Team Rooms. Microsoft Team Rooms eliminates many of the hassles and time-sucking aspects of face-to-face meetings while still allowing them to be productive.

Whether you are having a 1-to-1 meeting or hosting a webinar for hundreds of people, Microsoft Team Rooms goes beyond many of the standalone online meeting solutions to give you the features which really matter to you. A few of these standout functions are easy scheduling, one-click joining, automated note-taking, extensive whiteboarding tools, along with the ability uploading files and share desktop screens. The best part is that Microsoft Teams and Microsoft Team Rooms is part of the Office 365 subscription you probably already use!

How Can Microsoft Teams and Microsoft Team Rooms Help to Make Your Next Meeting Better?

When it comes to hosting a productive meeting, you need a system that you can depend on no matter what. Microsoft Team Rooms has you covered by:

  • Offering a single platform accessible through desktop computers, mobile devices, and dedicated video conferencing systems. Whether your meeting attendees are at your home office, in the field or even at home, accessing Microsoft Team Rooms is a breeze. Everyone will be able to participate fully using one seamless and secure application.
  • Securing your data. As part of the Office 365 suite of applications, Microsoft Team Rooms reduces the security risk of transmitting your private data using another video conferencing solution. Microsoft is dedicated to protecting your information.
  • Making administration and maintenance a snap. Even if you have a dedicated in-house IT department, you want it to concentrate on running your business, not your video conferencing software. Setting up Microsoft Team Rooms is intuitive, and if your employees ever run into problems, assistance is always available.
  • Providing almost infinite scalability. Do you host a variety of meetings from small groups to large webinars? You don’t have to spend thousands of dollars on dedicated video conferencing equipment, use any smart monitor or computer-attached screen. Do you have a lot of new hires? They can immediately access Microsoft Team Rooms meetings with their Office 365 account through their computer!
  • Supporting post-meeting follow-ups. Since Microsoft Team Rooms is part of the Office 365 suite of applications, if you choose, your employees will continue to have access to notes and files after the meeting. This accessibility makes it a snap for your employees to work together and reduces the amount of time it takes to complete a project.

With the quality tools you need to host an online meeting, the collaborative tools you need for your employees to be productive, and a price point you can’t believe, Microsoft Teams and Microsoft Team Rooms are a comprehensive online meeting solution.

Arming the Next Generation of Cyber Warriors

Cyber Warriors

There are everyday warriors in businesses across the country, but these individuals may never have worn the uniform of their country. This next generation of cyber warriors is being groomed by organizations of all sizes in an attempt to overcome the growing skills gap in the cybersecurity world. While many current cybersecurity analysts started in general IT, there are individuals throughout the business and technology world that are moving towards this lucrative career path. Unfortunately, there are few set career paths already in place and no firm list of skills to develop to move in this direction. See what Under Armour’s VP & CISO, Matt Dunlop, is doing to arm the next generation of cyber warriors that he knows his organization desperately needs.

Background of a True Cyber Warrior

One of the key reasons that Matt Dunlop sees the value of developing these skill sets is because he’s worked throughout the fields of mathematics and computer engineering since his time in the U.S. Army as a colonel. After starting as a network engineer, he further developed his skills by completing a master’s degree in computer engineering and ultimately a doctorate in a related field. When the U.S. Army Cyber Command was created, he was a logical choice to help stand up this new division — partially due to his status as a computer science educator at West Point. In his position as CISO with Under Armour, he’s able to bring together his passion for teaching and marry it with his deep knowledge of technology and cybersecurity. “As we look into the future and project this huge job shortage, companies are looking for the silver bullet,” says Dunlop. “But I look at it as a long game.”

Creating Lifelong Learners

Cybersecurity is an ever-changing landscape and one that doesn’t have a set career path or an endpoint. Dunlap is currently working with the National Cyber Education Program to help create a generation of students that are interested in the exciting field of cybersecurity. There is a major deficit of individuals who have the breadth and depth of knowledge that would allow them to effectively provide cybersecurity protection for an organization. Sparking the interest of the next generation of smart workers is crucial, especially as automation takes the place of low-level activities and leaves plenty of room available for strategists and individuals who are able to implement more complex — and therefore more challenging — environments. Historically, cybersecurity professionals begin as entry-level IT professionals and work their way through the ranks to ensure that they gain the necessary knowledge about infrastructure and integrations to help protect an organization from both malicious actors and internal business challenges.

Cloud is Changing the Face of Cybersecurity

As cloud-based applications gain prominence in today’s business world, cybersecurity professionals will need a better understanding of data and integrations as well as hardware and servers. Transitioning from general IT to cybersecurity requires in-depth knowledge of how and where weak points can occur in an organization’s security net. From next-generation firewalls to strategies for warding off malware and phishing attacks, there are integration details that require recognition of how data flows throughout your business — and beyond. Pulling together information from disparate cloud-based platforms leaves a fail point that needs to be monitored, especially when you consider the proliferation of third-party vendors in the business ecosystem. Each link in the chain that passes data between organizations and customers must be analyzed and monitored for compliance and security throughout the sales and manufacturing cycle.

Arming the next generation of cyber warriors starts with firing the imagination of generations of children and young adults as they enter the formative years of their education. Cybersecurity is an exciting career path and one that will continue to morph as threats emerge. Encouraging staff members to become lifelong learners is one of the shorter-term ways that Dunlop encourages individuals to enter the cybersecurity field, but he is the first one to recognize that we need a broader group of future professionals to enter this critical field and support the security of businesses in the future.

How Can You Protect Your Data in a Natural Disaster?

Business Continuity Plan

Disaster can come from external factors, such as wildfires, floods and storms, as well as internal events, such as a toxic chemical spill or boiler failure in your facility. It’s crucial to have a plan to recover from these events and to provide a framework to return to work as quickly as possible.

Developing a business continuity plan can reduce recovery costs, safeguard your company’s reputation and may even save lives.

What’s the Difference Between Disaster Recovery and Business Continuity?

Business continuity planning creates a back-up plan that documents how your business will operate if it’s is crippled by unforeseen events. Examples include natural disasters, terrorist attacks, strikes and arson. A disaster recovery plan (DRP) is a subset of the BCP; it documents detailed instructions on how to respond to these unforeseen events.

Before fabricating a detailed plan, your organization should conduct a risk analysis and a business impact analysis that establish recovery objectives and time frames.

What’s the Percentage of Businesses that Close After a Disaster?

The Federal Emergency Management Agency (FEMA) reports that 40% of small businesses close following a disaster, according to CNBC’s hurricane preparedness report. Many small business owners don’t consider disasters among their business risks when making contingency plans or purchasing insurance coverage. It’s a mistake that could threaten your company’s very existence.

How Do You Decide Which Systems Are Essential in an Emergency?

Most BCPs consider how to keep essential functions running throughout a disaster and to shorten the recovery period. BCPs are essential for organizations of all sizes, but it may not be feasible to have complete backups for all your business systems. That’s why it’s important to prioritize essential systems, such as customer relationship management tools and compliance and reporting systems.

Many experts agree that once systems are prioritized the recovery budget should be allocated accordingly. Failovers systems should be initiated to ensure crucial components can be restored in case of cyber attacks, terrorism and other catastrophic events.

What Are the Components of a Business Continuity Plan?

The Components of a Business Continuity Plan:

Disaster Preparedness – Recognize the types of events that might compromise your business, assess the threats facing your company and identify steps to eliminate or minimize the impact of those threats.

Emergency Response – Develop procedures that enable you to respond when a disaster occurs or is forecast to occur. Continue with the plan until everyone is safe and there is no further threat of property damage or bodily injury.

Business Recovery – Identify your company’s critical business functions and define procedures that will facilitate restoration of sales, production and operations to pre-disaster levels.

How Do You Create a Business Continuity Plan?

There are five steps to creating a BCP:

1. Build Your Team. Use a top-down approach to build your plan. That means getting the buy-in of the C-suite, including sign-offs by senior management. One point person should own the process, supported by a core team with representatives from every business department.

2. Assess Risk. List out and rank all the hazards that could threaten your company. Examples include: climate, cybersecurity, supply chain, fire protection, facility construction, staffing and utilities.

3. Analyze Business. Create a business impact analysis (BIA) to rank the risks on your list. The idea is to strategize which systems need to come back online first after an emergency. The appropriate business units should be responsible for suggesting recovery strategies to get up and running within a recovery time objective. For example, backup data files need to be stored offsite and available within a few hours of a disaster, and your IT vendor may be able to expedite the shipment of replacement equipment following a catastrophic event.

4. Document the Plan. Documentation needs to include step-by-step procedures. This doesn’t have to be fancy — most plans are written using word-processing programs.

5. Test the Plan. To verify your recovery strategies, testing is essential. These tests vary in complexity from a discussion of the steps needed to respond to a disaster to comprehensive testing of your backup and recovery of core files and systems. Keep in mind that, business continuity planning should be continually reviewed since your systems and business relationships are static.

How Do You Plan for Personnel Disruptions?

Be sure to have a website or number that employees can call to check in. Services may be disrupted for several days, but most employees should be able to check in within 48 hours. Having a documented plan with one website and number makes it easy for everyone to stay in touch. Social media sites are another great way to let everyone post their status or ability to return to work.

Personnel disruptions. The BCP is often mainly operational, dealing with physical infrastructure. However, a business also needs its people to function. A potential disaster can affect your employees’ lives in various ways, including:

  • Employees may live in a disaster zone, even if your company is in a safe location.
  • The commute may be compromised.
  • Nearby disasters affect attendance and productivity.
  • When food, water and other necessities are scarce, it’s hard for employees to concentrate on work.

Who Should You Contact First After Checking on Personnel?

Consider your customers. During a disaster, your first calls may be to insurers and vendors. Don’t forget to keep your customers in the loop. Remember, customers want their regular services and are ready to go elsewhere to get it.

Consider vendor stability. If core services are provided by third-party vendors, double-check to make sure continued service is available during a disaster. Vendors may have an issue delivering goods to your business in a disaster area; vendors in other regions impacted by a disaster may not be able to make deliveries.

What Is The CMO’s Role In IT For 2020 And Beyond?

CMO Technician

The role of the CMO has changed dramatically in recent years, and the push for more integration of marketing and technology shows no signs of stopping. With 2020 just around the corner, it is worthwhile to look more closely at how CMOs are doing their jobs today—and what the future holds for those serving as chief marketing officers.

The lines between marketing and IT continue to blur, which means CMOs and CIOs are going to be getting closer and closer as time goes on. By integrating areas of expertise when necessary, CMOs and CIOs can both benefit from the changes that are coming in the future. Each will still need to be the best at what they do, but CMOs can certainly learn from their interactions with CIOs and vice versa.

Change is a Part of the Job for CMOs

It was not that long ago that CMOs focused exclusively on marketing. They were tasked with developing advertising campaigns, connecting with customers and establishing brands. The evidence of their effectiveness in these areas is all around—just look at the many brands that are household names. But in the past decade, information technology has moved along at a rapid clip and become incorporated in the public landscape in ways that no one would have predicted 30 years ago. Big data, AI, social media—the world has changed significantly, and the role of the CMO has had to change along with it.

Today, CMOs are as involved in technology as they are in marketing. They really do not have a choice in the matter. The way that companies interact with their customers is dictated by a variety of ubiquitous technology platforms that seem to be here to stay. And even if the big players today fail to hold their top positions, it is almost certain that others will move in to fill in the gaps. The end result is that technology is just a part of life for most people—and those people are the customers that CMOs need to reach. Doing so will likely always require a deft touch with technology from now on.

Developing a CMO/CIO Relationship for the Future

Just a few decades ago, the main interactions between CMOs and CIOs centered on very specific needs. Fixing computers, installing software, handling antivirus programs—when the marketing team had tech issues with their hardware or software, they got help from the IT department. It was unlikely that the CMO and CIO would hang out and talk about marketing technology strategy because the marketing technologies that were available were few and far between.

Now, though, CMOs need the help of CIOs for a large portion of their work. CMOs need to leverage tech to reach customers and establish branding, and CIOs are still the leaders in the technology sphere for businesses. While CMOs can gain some substantial proficiency with marketing technology or martech, they are unlikely to be as technologically proficient as CIOs. Rather than trying to reinvent the wheel, CMOs look to CIOs to help them take full advantage of the technology tools at their disposal.

The developing of a close working relationship between CMOs and CIOs is going to be a major pillar of the business world in 2020 and beyond. While each executive will have their own sphere of responsibilities and expectations, those spheres will overlap in significant ways. Both need the business to succeed, and both need each other to make that happen.

What CMOs Will Be Doing in 2020 and Beyond

CMOs in the coming years are going to be tasked with performing the responsibilities of a marketing leader while also leveraging whatever technologies are available to achieve optimal results. If that sounds like a lot to take on for one person, that’s because it is. This is why CMOs are not going to be going it alone like they may have once done. They are going to require the assistance of skilled professionals who know how to provide the support necessary to achieve company objectives.

In practice, the role the CMO will play will be one founded in collaboration. The CMO will have company objectives to achieve and marketing objectives that will dictate the actions of the department. Making progress towards those objectives will require using various technologies to gather data, analyze data, communicate with customers, and predict future trends and more. Choosing which tech to use and how to use it to achieve business objectives is where the insight of CIOs will prove pivotal, which is why CMOs will be cooperating with CIOs regularly.

One of the most exciting developments for both CMOs and CIOs will be the development of cross-department expertise on both sides of the relationship. CMOs will know more about how CIOs think and what they need, while CIOs will gain a clearer understanding of how to help CMOs achieve marketing objectives. Eventually, each will be able to offer suggestions and insights that might never have developed without working together regularly. CMOs and CIOs are likely to become greater than the sum of each position, which could bring about even more substantial changes in how businesses operate and interact with consumers.