Welcome to our Blog

The daily Post

Read our Blog

How Can You Protect Your Data in a Natural Disaster?

Business Continuity Plan

Disaster can come from external factors, such as wildfires, floods and storms, as well as internal events, such as a toxic chemical spill or boiler failure in your facility. It’s crucial to have a plan to recover from these events and to provide a framework to return to work as quickly as possible.

Developing a business continuity plan can reduce recovery costs, safeguard your company’s reputation and may even save lives.

What’s the Difference Between Disaster Recovery and Business Continuity?

Business continuity planning creates a back-up plan that documents how your business will operate if it’s is crippled by unforeseen events. Examples include natural disasters, terrorist attacks, strikes and arson. A disaster recovery plan (DRP) is a subset of the BCP; it documents detailed instructions on how to respond to these unforeseen events.

Before fabricating a detailed plan, your organization should conduct a risk analysis and a business impact analysis that establish recovery objectives and time frames.

What’s the Percentage of Businesses that Close After a Disaster?

The Federal Emergency Management Agency (FEMA) reports that 40% of small businesses close following a disaster, according to CNBC’s hurricane preparedness report. Many small business owners don’t consider disasters among their business risks when making contingency plans or purchasing insurance coverage. It’s a mistake that could threaten your company’s very existence.

How Do You Decide Which Systems Are Essential in an Emergency?

Most BCPs consider how to keep essential functions running throughout a disaster and to shorten the recovery period. BCPs are essential for organizations of all sizes, but it may not be feasible to have complete backups for all your business systems. That’s why it’s important to prioritize essential systems, such as customer relationship management tools and compliance and reporting systems.

Many experts agree that once systems are prioritized the recovery budget should be allocated accordingly. Failovers systems should be initiated to ensure crucial components can be restored in case of cyber attacks, terrorism and other catastrophic events.

What Are the Components of a Business Continuity Plan?

The Components of a Business Continuity Plan:

Disaster Preparedness – Recognize the types of events that might compromise your business, assess the threats facing your company and identify steps to eliminate or minimize the impact of those threats.

Emergency Response – Develop procedures that enable you to respond when a disaster occurs or is forecast to occur. Continue with the plan until everyone is safe and there is no further threat of property damage or bodily injury.

Business Recovery – Identify your company’s critical business functions and define procedures that will facilitate restoration of sales, production and operations to pre-disaster levels.

How Do You Create a Business Continuity Plan?

There are five steps to creating a BCP:

1. Build Your Team. Use a top-down approach to build your plan. That means getting the buy-in of the C-suite, including sign-offs by senior management. One point person should own the process, supported by a core team with representatives from every business department.

2. Assess Risk. List out and rank all the hazards that could threaten your company. Examples include: climate, cybersecurity, supply chain, fire protection, facility construction, staffing and utilities.

3. Analyze Business. Create a business impact analysis (BIA) to rank the risks on your list. The idea is to strategize which systems need to come back online first after an emergency. The appropriate business units should be responsible for suggesting recovery strategies to get up and running within a recovery time objective. For example, backup data files need to be stored offsite and available within a few hours of a disaster, and your IT vendor may be able to expedite the shipment of replacement equipment following a catastrophic event.

4. Document the Plan. Documentation needs to include step-by-step procedures. This doesn’t have to be fancy — most plans are written using word-processing programs.

5. Test the Plan. To verify your recovery strategies, testing is essential. These tests vary in complexity from a discussion of the steps needed to respond to a disaster to comprehensive testing of your backup and recovery of core files and systems. Keep in mind that, business continuity planning should be continually reviewed since your systems and business relationships are static.

How Do You Plan for Personnel Disruptions?

Be sure to have a website or number that employees can call to check in. Services may be disrupted for several days, but most employees should be able to check in within 48 hours. Having a documented plan with one website and number makes it easy for everyone to stay in touch. Social media sites are another great way to let everyone post their status or ability to return to work.

Personnel disruptions. The BCP is often mainly operational, dealing with physical infrastructure. However, a business also needs its people to function. A potential disaster can affect your employees’ lives in various ways, including:

  • Employees may live in a disaster zone, even if your company is in a safe location.
  • The commute may be compromised.
  • Nearby disasters affect attendance and productivity.
  • When food, water and other necessities are scarce, it’s hard for employees to concentrate on work.

Who Should You Contact First After Checking on Personnel?

Consider your customers. During a disaster, your first calls may be to insurers and vendors. Don’t forget to keep your customers in the loop. Remember, customers want their regular services and are ready to go elsewhere to get it.

Consider vendor stability. If core services are provided by third-party vendors, double-check to make sure continued service is available during a disaster. Vendors may have an issue delivering goods to your business in a disaster area; vendors in other regions impacted by a disaster may not be able to make deliveries.

What Is The CMO’s Role In IT For 2020 And Beyond?

CMO Technician

The role of the CMO has changed dramatically in recent years, and the push for more integration of marketing and technology shows no signs of stopping. With 2020 just around the corner, it is worthwhile to look more closely at how CMOs are doing their jobs today—and what the future holds for those serving as chief marketing officers.

The lines between marketing and IT continue to blur, which means CMOs and CIOs are going to be getting closer and closer as time goes on. By integrating areas of expertise when necessary, CMOs and CIOs can both benefit from the changes that are coming in the future. Each will still need to be the best at what they do, but CMOs can certainly learn from their interactions with CIOs and vice versa.

Change is a Part of the Job for CMOs

It was not that long ago that CMOs focused exclusively on marketing. They were tasked with developing advertising campaigns, connecting with customers and establishing brands. The evidence of their effectiveness in these areas is all around—just look at the many brands that are household names. But in the past decade, information technology has moved along at a rapid clip and become incorporated in the public landscape in ways that no one would have predicted 30 years ago. Big data, AI, social media—the world has changed significantly, and the role of the CMO has had to change along with it.

Today, CMOs are as involved in technology as they are in marketing. They really do not have a choice in the matter. The way that companies interact with their customers is dictated by a variety of ubiquitous technology platforms that seem to be here to stay. And even if the big players today fail to hold their top positions, it is almost certain that others will move in to fill in the gaps. The end result is that technology is just a part of life for most people—and those people are the customers that CMOs need to reach. Doing so will likely always require a deft touch with technology from now on.

Developing a CMO/CIO Relationship for the Future

Just a few decades ago, the main interactions between CMOs and CIOs centered on very specific needs. Fixing computers, installing software, handling antivirus programs—when the marketing team had tech issues with their hardware or software, they got help from the IT department. It was unlikely that the CMO and CIO would hang out and talk about marketing technology strategy because the marketing technologies that were available were few and far between.

Now, though, CMOs need the help of CIOs for a large portion of their work. CMOs need to leverage tech to reach customers and establish branding, and CIOs are still the leaders in the technology sphere for businesses. While CMOs can gain some substantial proficiency with marketing technology or martech, they are unlikely to be as technologically proficient as CIOs. Rather than trying to reinvent the wheel, CMOs look to CIOs to help them take full advantage of the technology tools at their disposal.

The developing of a close working relationship between CMOs and CIOs is going to be a major pillar of the business world in 2020 and beyond. While each executive will have their own sphere of responsibilities and expectations, those spheres will overlap in significant ways. Both need the business to succeed, and both need each other to make that happen.

What CMOs Will Be Doing in 2020 and Beyond

CMOs in the coming years are going to be tasked with performing the responsibilities of a marketing leader while also leveraging whatever technologies are available to achieve optimal results. If that sounds like a lot to take on for one person, that’s because it is. This is why CMOs are not going to be going it alone like they may have once done. They are going to require the assistance of skilled professionals who know how to provide the support necessary to achieve company objectives.

In practice, the role the CMO will play will be one founded in collaboration. The CMO will have company objectives to achieve and marketing objectives that will dictate the actions of the department. Making progress towards those objectives will require using various technologies to gather data, analyze data, communicate with customers, and predict future trends and more. Choosing which tech to use and how to use it to achieve business objectives is where the insight of CIOs will prove pivotal, which is why CMOs will be cooperating with CIOs regularly.

One of the most exciting developments for both CMOs and CIOs will be the development of cross-department expertise on both sides of the relationship. CMOs will know more about how CIOs think and what they need, while CIOs will gain a clearer understanding of how to help CMOs achieve marketing objectives. Eventually, each will be able to offer suggestions and insights that might never have developed without working together regularly. CMOs and CIOs are likely to become greater than the sum of each position, which could bring about even more substantial changes in how businesses operate and interact with consumers.

How to Keep Your Business Safe From the Dark Web

Dark Web

Assassins for hire, drugs by mail order, and fake passports: What do all these things have in common?

You can find them all on the dark web.

“Okay …” you may be thinking, “Sounds like a blast — but how does this affect me and my business?”

Well, most likely, you’re not surfing the dark web for fake travel documents and drugs by mail. But as it turns out, the dark web can affect you and your business. Most notably, your information can end up there — and that’s exactly where you don’t to find it.

Below, we’ll learn more about what the dark web is, how it came into existence, and how you can protect your business from the trouble that lurks there.

First Thing’s First: What Is the Dark Web?

The dark web began much more innocently than one might assume. In fact, at its very beginning in the late 1990s, it was the brainchild of a government entity, the U.S. Naval Research Laboratory (NRL).

The NRL’s main goal was to cloak their online presence, effectively protecting their clandestine communications online while also anonymously monitoring the world market and getting access to hidden data without a trace. The software development stage went by the name The Onion Routing Project and resulted in the creation of Tor (The Onion Router).

Whether you’d call these beginnings “innocent” or not, to be sure, the NRL never anticipated their creation to morph into the toxic netherworld it is today. During the late 1990s and early 2000s, the software was for government use only, but in 2004, it was open-sourced and went public, effectively creating an anonymous web browser for anyone and everyone to use.

What Is Tor?

Tor or The Onion Router is the software program used by the dark web. Normally, when you surf the web, you can be traced wherever you go because you always have an IP address trailing your clicks and searches.

Tor facilitates an Internet browser that messes with your device’s IP address, effectively enabling you to travel around the Internet anonymously. It does this by bouncing your IP address to a multitude of diverse locations. As a result, if someone were to attempt to track your site visits when you were using Tor, it would be an impossible challenge to pinpoint your exact location. For Tor to work, individuals from around the world “donate” their Internet browsing devices (computers, tablets, etc.) so that the bouncing IP addresses have more places to land.

So, the Dark Web Provides Anonymity and Privacy – How Does That Put My Business at Risk?

While Tor and the dark web can be used for good (namely, identity protection, which is often beneficial to whistleblowers or journalists, for example), it can also protect criminals. And it does protect criminals — lots of them.

Cybercrime is the number one thing going on on the dark web, and unless you have good reason to require the benefits of The Onion Router, the dark web is definitely not a place you want to find your information. This is what we mean by being wary of your business getting mixed up with the dark web.

There are numerous threats that the dark web poses to businesses of various sizes, industries, and backgrounds. This is where cybercriminals can learn how to obtain information such as access codes and passwords, credit card information, gift card information, customer data, and more. It’s also where they can sell such information to third parties who can then do with it what they please.

In other words, you should want to know the moment your company name, address, or other company-related information is noticed on the dark web because what happens next is bound to be bad.

How Can Businesses Protect Themselves From the Dark Web?

Essentially, you can protect your business from the dark web by doing two things: Ensuring a strong setup of cyber privacy practices (hiring a cybersecurity-savvy IT company) and monitoring the dark web so that you’re notified the moment your information is found there.

The latter can be a part of the services you outsource to your IT company because actual dark web monitoring involves getting dark web access and knowing how to accumulate, parse, normalize, validate, refine, and enrich what you acquire. If you don’t know how to do that yourself, professionals can come to your aid.

While the dark web may be a place that helps good journalists and few others stay hidden and anonymous, it’s predominantly a place of crime and misdeeds. Keep your business safe from the dark web by knowing the risks and taking the appropriate precautions.

Why Security Awareness Training Makes Sense for Your Small Business

Cyber Security Awareness Training

Your small business needs a cybersecurity strategy, but beyond that, it also needs security awareness training. These two areas are not one and the same. There are important, distinct differences.

The Importance of a Cyber Security Strategy

First, let’s talk about cybersecurity in general. By now you likely understand the importance of cybersecurity for your small business. If not, here’s a brief overview. Joe Galvin, chief research officer for Vistage, writes over at Inc. on some of his firm’s recent research. 62% of small and medium firms admit to having an out-of-date, inactive, or nonexistent cybersecurity strategy.

This is highly problematic, he says, because small and medium businesses are huge targets for cybercriminals. These companies tend to have weaker security and less skilled security personnel (if they have any security personnel) than larger companies do. Yet they often store huge treasure troves of valuable data, like credit card numbers and other personally identifiable information.

Cybercriminals see this as a win-win. Security is lower and easier to beat, and the data available is often just as valuable as what they could get going after a bigger company.

Further, the stakes are so much higher than just a momentary loss of productivity. Many firms that undergo a cyber attack never recover and are out of business within a year.

Clearly, cybersecurity is of utmost importance for small businesses like yours.

The Importance of Security Awareness

Cybersecurity is important, yes. However, the best, most robust, most secure cybersecurity plan won’t protect you from your most dangerous threat: your own employees. That’s a blunt and surprising statement, but bear with us.

You need to be protected against traditional, “movie style” hacking, where bad actors infiltrate your systems from some faraway location. That is a real thing, certainly (though we can’t say it looks anything like it does on TV). It’s just not as common (or as easy to do) as the movies suggest.

In the real world, most of the cyber threats you’ll encounter don’t look like the movies. Instead, they look more like phishing and social engineering. That’s where security awareness training comes in.

What’s the Difference?

We’re arguing that both a cybersecurity strategy and security awareness training are essential for your small business. In case it’s not clear yet quite what the difference is between the two, we’ll restate it this way. Security awareness training handles the human component, while your cybersecurity strategy covers the digital component. Both are important, but they follow very different processes.

What Security Awareness Training Looks Like

Security awareness training can take a few different forms. Some security awareness training is done online. Your employees read materials or watch static videos, then they take assessments to gauge what they have learned.

The convenience factor with this method is nice: employees can work at their own pace and at any time of the workday. There are some trade-offs with this method, too. The training can be a bit stuffy, and it’s not interactive. If employees need help or clarification, it’s hard to get it. Hands-on learners may struggle with this method, too.

Some companies also offer a hybrid approach, where static courses are combined with live webinar-style classes. Some employees will benefit from the immediacy of a live teacher, but the trade-off there is that all employees must be present at the same time.

Some companies also offer live, on-site instruction, either as a standalone or as a premium add-on to their basic package. This can be a great option for single-location organizations.

Available Courses

A firm that specializes in security awareness training won’t take a one-size-fits-all approach. As your organization grows in complexity, varying business areas may need differing instruction. Certainly, some fields have specific, unique needs, too. Organizations that work in the health care orbit will have HIPAA rules to contend with, while those in education or finance will have their own.

Some firms offer 50 or more different courses as a part of their security awareness training protocols. Make sure that the providers you consider have courses that fit the needs of your business and industry.

Cost of Security Awareness Training

The cost of security awareness training varies based on many factors. The number of users receiving training is often the starting point. $1000 per year for an organization with 50 employees is a common starting point, but understand that program customizations and add-ons can increase this figure.

Other factors influencing costs include industry requirements, languages needed, and whether certification is desired. The number of courses each user takes may also affect cost.

Ask the providers that you are considering for a custom quote that breaks down the costs you can expect to see and which services those costs are associated with.

Conclusion

Having a cyber security plan and providing security awareness training are two vital components to your business’s digital security strategy. If you’re ready to explore what security awareness training should look like in your business, contact us today.

How Can You Focus Your Company on Reliable Anti-malware Strategies?

antimalware

Organizations across the country are learning from cyber attacks perpetrated in Atlanta, Newark, and Sarasota. Similarly, large targets such as San Francisco’s transit authority and Cleveland’s airport have also been targeted. The growing threat from ransomware, which locks up the victim’s device and files, is hard to track down to the source. Fortunately, many attacks are preventable with the right training and compliance with company policies.

Where to Focus Cyber Hygiene Efforts?

Cyber hygiene involves putting processes into place to make it more difficult for hackers to attack your network. First, use two-factor authentication. Also known as dual-factor authentication, this creates an additional layer of security since it requires two proofs of identity. The most common method includes both a password and a one-time code texted to the user. Individual users should also back up data offline using an external hard drive or another device.

Internal firewalls deter malicious actors attempting to access your computer. When suspicious activity is detected, the suspect device is locked and denied access to the rest of the system. It’s similar to quarantining sick people to protect healthy ones.

Require staff members to regularly update passwords since cybercriminals can sometimes buy stolen passwords through the dark web. Take special precautions for remote access, which creates unique vulnerabilities. Make sure that your IT team has a process for detecting and eradicating threats associated with remote access to the company’s network and data.

How Can Staff Members Reliably Detect Phishing Emails?

Most ransomware attacks begin with what’s known as a phishing email. The hacker tries to get users to open attachments or links — which install ransomware on the computer. Here are a few tips on identifying phishing emails:

  • Strange word choices
  • Odd links
  • Misspelled words
  • Weird attachments, especially .exe or .zip files

If an odd-looking email seems to be coming from a friend, verify its validity before opening the email.

How Does Updating Your Software Help Prevent Infection?

Hackers exploit vulnerabilities in software, and patches are released to fix them. When your computer prompts you to update the software, do it.

What’s the Best Way to Stay Prepared?

According to a recent 60 minutes episode, hackers shut down systems at a hospital in Indiana. The hospital had to pay a $55,000 ransom to unfreeze its systems. Other organizations should learn from this experience and establish a robust security protocol.

How You Can Prevent Astonishing Impacts of Scareware?

Anti-malware programs cannot scan your PC without permission. No reputable company sends you scary emails or pop-ups as a marketing ploy. These messages are scams and are commonly referred to as scareware. They may even introduce infectious viruses on your computer. Avoid opening emails from senders you aren’t familiar with. Never give your computer credentials, personal information or credit card information to these bad actors.

There are things you can do to avoid scareware threats. First, avoid programs that pester you to register your device or buy software to clean up your computer. You could end up paying to clean up your working computer. Even worse, you could end up giving unknown cybercriminals access to your personal information. When you want to purchase malware protection, go directly to a reputable provider. Many companies offer free software to scan your system from their home page.

What are the Dangers Associated with Bundled Software?

Sometimes, when you download software, you get a prompt asking if you wish to download toolbars or change the home page of your browser. Don’t do it. Even though this is becoming common with legitimate software, it puts your system at risk. Known as “crapware,” these extras are often harmless and may even be quite helpful. However, there are times when adding these components open you up to cyber theft. It can also display annoying pop-ups and impact your computer’s performance.

You can avoid these attempts to bundle software. Extra apps that companies sneak onto your device aren’t always malware initiatives. They are, however, very annoying. Your computer can become so bogged down it’s practically inoperable. If you download the latest version of software such as Adobe Flash, reach every screen during the installation. Uncheck all boxes regarding additional toolbars.

9 Cybersecurity Terms You Need To Know

Every business should have a comprehensive cybersecurity plan and a competent team that can execute that plan. Otherwise, cybercriminals and malicious actors can and most likely will take advantage of security vulnerabilities to access company data and cause damage. But as important as it is to have skilled IT professionals looking out for your business, it is equally important to educate yourself in the basics of cybersecurity so that you can avoid compromising your valuable information accidentally.

The following list of cybersecurity terms is one that every business owner, manager, executive and other professional should be aware of. The more you understand the basics of cybersecurity, the better equipped you will be to protect your valuable business data and personal information moving forward.

Cybersecurity Tips

9 Cybersecurity Terms Every Business Professional Should Know

1. Malware

From the time the average family had a personal computer in the house, most people had heard of computer viruses. Today, it is still common for many people to think of all types of attacks to computer systems and networks as viruses. In truth, a virus is only one type of attack that you need to be aware of. There are many other types of attacks, which along with viruses, fall under the umbrella of malware. Anything that is made to access your network or data—or cause damage to your network or data—is referred to as malware.

2. Phishing

Like the common term it comes from, phishing can be thought of as throwing out attractive bait in hopes that someone will bite and give up their valuable information. Phishing involves making a website or application that looks just like a site or app that people trust. You might get an email from Google or the IRS that looks legitimate. It could claim that the company needs you to update your information or your password and then take that info and give it to a cybercriminal.

3. Antivirus

An antivirus program is just like it sounds—a program for fighting computer viruses. What it is not is a program that will handle all of your cybersecurity needs. It will search for common viruses and eliminate those viruses, but it will not necessarily protect against other types of malware. Your antivirus can only scan the drives it has access to, and can only identify viruses that have already been identified by the company that makes the program.

4. Social Engineering

Social engineering refers to deceiving people instead of computers. While creating malware requires focusing on technical aspects, social engineering focuses on ways to manipulate people into doing what you want them to do. The scams where people ask you to cash checks on their behalf and send them the money because they are out of the country are an example of social engineering.

5. Ransomware

A common type of malware being put out by cybercriminals is known as ransomware. Ransomware takes some of your sensitive data and encrypts it so you cannot access it. The cybercriminal then demands a ransom for you to get access to your data. All of the cybersecurity terms you see that end with ware are types of malware.

6. Zero-Day Attacks

One of the biggest weaknesses of antivirus programs or other anti-malware programs is that they can only detect and protect against malware that has already been identified. Cybersecurity experts are constantly on the lookout for new malware, but they are not able to catch every piece of malware before it compromises systems and networks. There are always holes in the protective layers offered by cybersecurity teams. When a piece of malware compromises a hole, or vulnerability, in standardized security layers, it is known as a zero-day attack.

7. Redundant Data

While cybersecurity experts and your IT team are always striving to protect your system and network from attacks, sometimes your data can still become compromised—like with a zero-day attack. The reality of cybersecurity is that there is always the possibility of compromise, which is why backing up your data is a necessity. Not only does backing up your data protect against cybersecurity threats, but it also protects against equipment failures.

A quality backup will be quarantined in a facility that is not in the same location as your business.

8. Patch

A patch is what software developers send out when they discover a gap in the security of their programs. You should download available patches regularly to ensure optimal protection.

9. Intrusion Protection System (IPS)

An IPS is placed between your firewall and your system to identify intrusions and stop them before they cause damage.

For more information about cybersecurity for your business, please contact our team.

What Role Does The CFO Play In Digital Transformation?

CFO Digital Transformation

While technology teams are often found reporting to the CFO, that role may not be the first one that comes to mind when you’re discussing digital business transformation. There may be a perception that CFOs are the ones requiring justification for expenses instead of the leaders who are dreaming the big dreams required to fundamentally remake the business. Today’s CFOs are stretching in new directions as their role evolves to be a more visible part of process growth, technology and visioning for the future. With the massive investments that are required to implement new technology solutions, a critical success factor for these projects is to have the full buy-in of finance — and the layer of accountability for results that comes as part and parcel of a CFOs tight involvement in these initiatives.

Businesses Are Spending $6 Trillion on Digital Transformation

That’s right — trillions of dollars are being leveraged to drive digital initiatives from artificial intelligence to IoT (Internet of Things) and augmented reality. The costs of hardware and storage may be negligible, but the never-ending changes to software platforms drive a significant portion of the costs associated with major change. This puts technology leaders in a tenuous position in terms of justifying the spend because these are sunk costs from the perspective of the CFO. Deriving ongoing value from an asset can be challenging when it’s likely to be deprecated in only a few years and has negligible resale value.

Data is a Vital Strategic Asset — and a Risk

The capture and storage of customer data is no longer the realm of marketing folk, as technology leaders and finance professionals alike are scratching their heads in an attempt to keep up with morphing regulations and cybersecurity challenges. Consolidation information into centralized databases is more crucial than ever before due to the shifting climate around privacy regulations in the U.S. and abroad. Leveraging this data to drive advanced personalization can become the competitive advantage that businesses need, but it doesn’t come cheap — or quickly. CFOs are a needed point person between financial activities, the data flowing throughout the organization and are also able to keep their fingers on the pulse of the operational needs of the organization.

Providing Operational Support for Key Digital Initiatives

CFOs can help step in on projects that are floundering and push teams to define core deliverables and stick to the solutions that have the greatest promise for the future. As the head of finance, it’s imperative that CFOs have a handle on where and how data is stored or the organization risks excessive fines and public exposure in the event of a cyber attack or even loss of data access due to a disaster event. In this new and expanding role, CFOs are best able to align the strategic initiatives of the organization with the funding required to drive them forward.

Digital Transformation CFO

CFOs Taking the Lead in Digital Business

According to McKinsey, CFOs are increasingly pushed to the forefront of digital finance initiatives but are often still struggling to find how they can effectively work with other executives to drive transformative activities. Digitization in finance is a growing trend and one that is being actively embraced by leadership and staff members alike due to the added efficiencies that can be realized with solid technology implementations. Unfortunately, it’s just as easy to have a miss as a home run when it comes to digital finance operations — requiring a strong partnership between technology leaders and financial executives to determine where the priorities should lie for business transformation.

Whether or not they are leading digital transformation within the business, CFOs are feeling the disruption that is rippling throughout the organization with the introduction of new technologies and business requirements. “Digital technology is disrupting the role of the CFO. It is fundamentally changing the way organizations approach finances and how they interact with customers,” explained David Axson, managing director at Accenture Strategy. With all of the focus on digital transformation of the business, CFOs will have more than their share of challenges over the next decade.

Cyber Security Advice: 6 Crucial Strategies

Computer Security Tips

Cyber security is more important than ever before. The news is full of stories of leaks and breaches large and small. Some of these result from sophisticated, targeted hacks, and others occur thanks to enterprising hackers taking advantage of security holes in insecure or out-of-date software.

At the end of the day, though, just about every organization has the same weak link: its employees. The finest security tools are no match for bad (or just naïve) behavior from your employees. With that in mind, today we’ll review 6 strategies and tips crucial to improving your employees’ cyber security behavior.

1. Use Long, Complex Passwords

People tend to be lazy. It’s a part of human nature. If your IT policies allow people to set their passwords to “password” or “12345”, you can be assured some of your employees will do just that. Short, simple, easy-to-guess passwords are a security threat to your business. Not only can passwords like these be easily guessed by a human, they take next to no time to be brute forced by hacking tools.

Encourage (or, better, require) your employees to use long, complex passwords. A phrase that’s memorable to the employee is a good start. Add in some complex characters (symbols, mix of capital and lowercase) to increase the complexity further.

2. Understand That Everyone Can Be Targeted

Don’t think of cyber crimes in the same way people used to think about military conflict: as something that occurs between large entities with high-powered offensive and defensive capabilities. Yes, it’s the Targets and Experians of the world that make the national news when they are breached, but those high-profile cases are the exception, not the rule.

Smaller hackers aren’t going after hard targets, like governments or Wall Street. They’re going after soft targets: small and medium businesses that think they “can’t afford” good cyber security. In other words, they’re going after you.

3. Don’t Go Swimming and You Won’t Get Phished

One of the best tools hackers use is phishing. Phishing starts with your employees receiving a fake email. It could look like a legit business message or like a message from a vendor or service that you’re already using (like Microsoft Office 365). In other cases it looks interesting, tantalizing, or even salacious. These emails will contain a link or an attachment and will encourage users to click the link and log in or to open the attachment.

But the links and attachments aren’t what they appear to be. Once users do those actions, their credentials or devices are compromised.

Our best advice here is don’t go swimming so you won’t get phished. Don’t click on suspicious links, no matter how interesting they look. Don’t open attachments from unfamiliar accounts. If the email looks to be from a legit service (like Office 365), navigate to that service manually instead of by clicking the link. Lastly, if you’re not sure about an email, check with your IT group before continuing.

Computer Network Security

4. Consider the Security of the Network You’re Using

One of the advantages of cloud services is the ability to access many work systems from anywhere. As more and more firms move to cloud software and cloud services, those firms’ users need to stay up to date on security best practices. Employees dealing with sensitive company information or accessing customer data should only do so on secure networks. Public computers, free Wi-Fi at the corner café, and your cousin’s open Wi-Fi network are all examples of insecure network environments. Save the sensitive stuff for a more secure environment like the office.

5. Be Physically Aware

Many cyber attacks are perpetrated through actual, physical access to systems. Employees can be shockingly careless with company tech. If you walk away from your computer, phone, or tablet — even just for a second — lock the device. This is true even in your own cubicle or office. You never know when a disgruntled coworker might attempt to compromise something while posing as you.

Also, make sure employees understand that devices can be compromised by anything that’s plugged into them. Computers can be compromised by plugging in a flash drive or SD card that’s infected with malware. Be sure you trust the source of any external device that’s coming into your company.

6. Beware Social Engineering

Employees also need to watch out for social engineering schemes. These are similar to phishing schemes, but instead of stealing credentials using a fake form or website, thieves convince employees to hand credentials over outright. Don’t be afraid to hang up on (or stop emailing with) someone claiming to be from an important vendor (we’ll use Microsoft again). If anyone is asking an employee to supply credentials or to take actions on your computer or network, that’s a huge red flag. Legitimate vendor contacts likely wouldn’t need the employee to do this for them. Employees can call back directly using a number they know is legitimate. If the concern is real, the real support team will know about it.

Conclusion

These 6 strategies will help your employees resist cyber intrusions, but there is so much more for your team to know. For more comprehensive help with your cyber security strategy, contact us today.

Is The CMO Responsible For Digital Technology Decisions?

CMO Technology Decisions

All businesses today are faced with numerous technology decisions. The rapid rate of tech development and adoption has led to some truly remarkable transformations in the business landscape—and in the responsibilities, various professionals are expected to perform. CMOs are no exception. In fact, if you have been a CMO for very long, you have likely seen your list of responsibilities grow as new tech has arrived. It is precisely because you are expected to leverage marketing technologies to achieve business objectives that you need to participate in the decision-making process regarding digital technologies. Your perspective is vital to ensure that your company chooses the right technology and gets the maximum benefit from that technology once it is incorporated.

Why the CMO Needs to Be Involved in Technology Decisions

As the chief marketing officer, your main responsibilities are focused in the marketing segment of your business. Once, your role would have centered on building the brand, engaging customers and advertising. Now, you are still expected to ensure that these areas are seen to. But you are also expected to maximize your effectiveness by utilizing all the technology tools available to you. Your engagement with marketing technologies and your familiar with the marketing and business objectives of your company make you a unique, knowledgeable voice in the digital technology decision-making process. You do not necessarily have to be solely responsible for those decisions, but you do need to play a major role.

When deciding how heavily you should be involved in tech decisions, you can ask yourself two questions:

Does the technology decision have anything to do with marketing?

There are plenty of technology decisions that do not involve marketing. The IT department in your organization and the CIO, in particular, make tech-related decisions every day, many of which have nothing to do with the marketing department. From servers to power supplies, password resets to OS installs, the IT team has plenty on its plate that falls squarely within the realm of technology. It would be a waste of your time and of theirs if you were involved in decisions that did not relate to your field of expertise.

Of course, there is an increasing number of technology decisions that do involve marketing or affect marketing. The spending on marketing technologies is expanding at a rapid rate across most businesses because it offers so many possibilities and is often required to remain competitive. Any technology decisions that relate to customer engagement, customer data, advertising, or anything to do with marketing or achieving marketing objectives should have your input.

Does the technology decision have anything to do with customer interaction?

Customer interaction does fall under the marketing umbrella, but it has become more of its own area as companies have embraced social media platforms and CRM technology. Your company needs to collect customer data and it needs to maintain a constant presence for customers, all of which can benefit from the deft touch of marketing professionals. You can help other decision-makers understand what works and what does not when it comes to engaging customers and keeping them engaged.

Make Your Job Easier by Partnering with the CIO

As fast as you can learn marketing technologies and incorporate them into your business, there will always be a lot you do not know. When approaching such a massive subject as digital technologies, it makes sense to combine your abilities with others in your organization to ensure the best possible results. The CIO is the perfect partner in your efforts. While you focus on achieving marketing objectives, the CIO can focus on ensuring that the technology your business uses to achieve those objectives is functional and that nothing slips through the cracks. The work of the CIO makes sure that all the marketing technologies you rely on are there when you need them.

Developing a relationship with the CIO benefits both of you in a myriad of ways. You can learn more about how the different technologies in your organization function and support one another—which allow you to make clearer decisions about what tech you want to use moving forward. By working with you, the CIO gets a better grasp of how you use technology to achieve marketing objectives. Ultimately, the CIO should be able to offer suggestions that would not have been possible without the familiarity gained by working hand in hand with the marketing department.

Choose Your Role in Technology Decisions

Every organization is unique and requires a customized approach to tech decisions. You are the best person to determine where your role fits within the framework of tech decisions for your company. It may be best for you to head the decisions, or it may be better to serve a support role. What is important is that you take firm steps into the realm of marketing technology and apply your marketing knowledge to the decision-making process. The business will benefit from it, and your role as CMO will only get more interesting and engaging as a result.

How CEOs Can Use Their Blog To Communicate With Staff & Customers

CEO Blog

As a CEO, you have tremendous influence over your company’s brand, messaging, values and strategies. You also have a personal brand that increasingly today needs its own shaping, nurturing and feeding.

One powerful way to improve your personal brand and your company’s messaging is to have your own blog. Your voice, insights, opinions and news needs a vehicle that can project your thoughts across multiple channels.

Knowing why a blog makes sense and best practices is an ideal way to get started.

Why Should I Create a CEO Blog?

First, consider the multiple audiences to which your voice matters. There are stakeholders and in some cases shareholders that value your communication.

Internal blogs allow you to communicate to employees in a very different way. The benefits include:

  • Providing an up close and personal insider perspective on work, values and messages you want to convey
  • Promoting your internal persona
  • Promoting and reinforcing key messages
  • Building and celebrating a positive company culture
  • Fostering two-way communication between the c-suite and other employees

What Is the Difference Between Internal and External CEO Blogs?

External blogging has its own advantages. The tone and content of internal and external blogging likely will be different but the tone, themes and messaging should remain consistent. The advantages of external blogs are:

  • Thought leadership. Insights on industry trends, needs, challenges and transformation help establish you as a leader in your field.
  • Valued added. Customers and potential customers are more likely to choose your business if you can provide them with valuable, needed information that helps them do their business better.
  • Authenticity. Build authenticity with external stakeholders with consistent valued content, especially in challenging times or crises. That’s when your voice should be loud, not silent.
  • A face with a brand. Too often companies, especially as they grow larger, become faceless. A blog helps put a human face on your business and brand. Your blog helps keep your business front of mind, especially when they see your information popping up regularly in email inboxes and on social media.
  • Brand loyalty. Customers are going to come back when the products and services they receive are of high value. A blog can help in reinforcing your commitments to quality, customer service and continuous improvement.
  • Spreading your message. When your content is compelling, readers will like, share and forward it to others. This viral marketing, at no additional cost to you, spreads your brand and your thought leadership.
  • Beating the competition. It’s likely some of your competitors are blogging. Get ahead of them with better, regular and more valuable information.

In a 2016 New York Times article, Microsoft founder Bill Gates, who focuses much of his energy now on his philanthropic foundation, spoke about why he blogs. “It … helps to have a platform for talking about the work I’m doing, both through the foundation and separate from it, because I find people are curious about it,” Gates said.

What Makes for a Successful CEO Blog?

The best CEO blogs are authentic. They don’t just regurgitate press releases or quarterly results. They inject humanity and persona into the work that your company does and gives you a visible, recognizable brand. Here are some other elements of a successful CEO blog:

  • Personalization to a point. This is not the place to talk about your son’s high school graduation. However, personalization is important. Instead, offer glimpses behind the curtain about why and how decisions were made or what you see as key issues or opportunities in the industry.
  • Design matters. You want your blog to be easily readable, especially on mobile devices.
  • Onmichannel. Content is valuable … and you and your marketing team should strategize about how to get the most out of what you provide. Longer blog posts can be followed up by other content — written by you or others — that points back to your hub information. Posts should be teased or delivered via multiple social media platforms. Depending on your business, that may include LinkedIn, YouTube, Facebook, Instagram or Twitter.
  • No jargon. Inside baseball is cool, but not when no one can understand what you’re writing. If you’re going to use jargon, be sure that it commonly used within your industry. Otherwise, you could alienate existing and potential customers.
  • Focus on customers. All of your blog content should have a singular focus: What do our customers need? Whether it’s product information, industry news or company information, be sure that it is written to help customers solve problems. Ideally, those problems are those your company is uniquely qualified to address.
  • Use humor … if it’s funny. Humor is a lot harder to write than you would think. Written words cannot easily express tone, pace and intent. Humor adds a personal element to your writing, but it has to be done with care and strategically.

Where Can I Find Good Examples of CEO Blogs?

Looking for inspiration for your own blog? There are plenty of sources of great CEO blogs and leadership blogs from which to take inspiration. Here are a few examples to review:

CEO blogging can have a deep impact on internal and external messaging. With a clear understanding of goals and tips, your blog will be ready to be published.