Author: Stuart Crawford

How to build an effective Hurricane Survival Plan

Now is the time to double check your supply inventories, invest in protective measures for your business, and make sure you have an actionable Hurricane Survival Plan in place.

The 2019 hurricane season is almost here – are you ready for it?

According to Moody’s Analytics, the 2018 hurricane season caused up to $50 billion in damages. Can you afford to be a part of however large that number becomes this year?

All of this is to say – we know when the hurricane season begins, and we can take steps to protect ourselves, our families, our homes and our businesses.

Without effective hurricane preparedness planning, your business can suffer devastating consequences during an emergency. Property damage and data loss can affect your resources, continuity and more, leading to loss of business, and lower return on investment in these resources.

What does effective planning for a hurricane really look like?

Key aspects of a Hurricane Survival Plan include:

Developing a Plan

As with most endeavors, the first step is to create a workable plan. Your business’ hurricane plan should be carefully constructed and written down for reference and review.

Remember, many companies are required to maintain an Emergency Action Plan by OSHA so this can be considered part of that process.

Your plan should put forth policies and procedures regarding employee safety, business continuity, and contingencies that can be activated if your business’ facilities are damaged.

There are three steps to an effective Hurricane Preparedness Plan:

Protect your property.
While so much of disaster recovery these days is focused on data continuity, it’s important to remember that your facilities are a resource as well, and they should be protected.

• Make sure your windows have proper shutters or are boarded up with plywood to keep them safe from airborne debris.
• Inspect your roof prior to each hurricane season to make sure it’s in good shape.
• Assess whether there are any aging branches or trees that could fall and cause damage during a storm. If you’re unsure, have an arborist check it out for you.
• Bring sandbags to areas that could be affected by flooding.
• Secure heavier objects, including bookcases, shelves, filing cabinets, computers, etc.
• Secure utilities, and raise them off the ground if necessary to avoid flood damage. Prior to the hurricane reaching your area, make sure they’re all turned off.
• Relocate any fragile or valuable items to less dangerous areas, if possible.

Protect your documents.

Once all your physical assets are taken care of, don’t forget about your business documentation.

• Make sure you have a backup of info on important business contacts.
• Backup documents that are not easy to reproduce or acquire in the event of water damage – insurance and legal contracts, tax files, etc.
• Keep as much of your documentation as possible in waterproof containers.

Maintain a checklist of survival resources.
Lastly, you’ll want to make sure you have an inventory of all the hurricane-specific resources you’ll need.

These are the types of items you won’t be using otherwise year-round, and so, when you do require them, you don’t want to realize you’ve forgotten something.

• • Independently powered radio/TV
  • Three-day supply of non-perishable food for as many employees as you have onsite (including 1 gallon of water per person per day)
  • Blankets, pillows, cots, and chairs
  • First Aid supplies
  • Flashlights (and additional batteries)
  • Toolkit
  • Whistles and/or signal flares
  • Tarps, plastic bags, and duct tape
  • Cleaning supplies
  • Smoke alarms and fire extinguishers
  • Electric generator
  • A backup supply of gas and additional jerry cans
  • Cash, credit cards and ID
  • Emergency contact info

Defining Procedures and Assigning Roles

Determine the critical staff that will need to be on-site or on-call during an emergency. It’s important to define who will be needed to keep your business running, and who should be responsible for any emergency response tasks. Remember that safety comes first and that your plan must focus on keeping your employees out of danger.

Coordination

A comprehensive plan should prepare your business to coordinate with others during an emergency. How are nearby businesses going to operate during a hurricane? How will police, fire, and medical response be affected? These questions are best answered before the storm hits.

Briefing Your Employees

Your hurricane plan should not be written and then left on a shelf. Every employee should be familiar with your procedures and plans to handle any future emergencies. Hold a meeting where your plan is reviewed, roles are assigned, and your staff can ask questions.

Reviewing and Updating Your Plans Annually

Changes in your business or the community in which you operate can have a major effect on your disaster plan. Be sure to review your plan at least once a year and make any necessary revisions to keep it current and effective.

What’s the bottom line of Hurricane Preparedness?

Effective hurricane preparedness keeps you safe and protects your assets, simple as that.

In addition to protecting yourself and your employees, proper business continuity planning should assess your individual requirements by estimating your current data retention needs and expected growth. You can then determine what systems are critical to your business and assess what recovery mechanisms are currently in place.

Based on this comprehensive analysis, you’re then able to build a hurricane preparedness plan that works best for your organization.

Remember – without comprehensive disaster recovery planning, you’re left vulnerable to any and all emergency situations, whether it’s a major meteorological event like a hurricane, or common — and still unpredictable — power outages. Consequences include:

• Permanent data loss as onsite copies of your data are destroyed
• Severe downtime as your business scrambles to replace hardware and get up and running again
• Major financial damages, from the cost of lost business to the cost of replacement hardware and more.

So, the question is: will you wait until after you get hit with a hurricane to start thinking about how you’ll recover?

Or will you do what’s right for your business, and start planning for the worst-case scenario today?

Organizational structure is something that is hotly debated at businesses around the world, but one of the biggest mysteries is where it makes sense to have the technology teams. IT has both a strategic thread as well as a day-to-day operational focus, making it a solid fit for the office of the CEO or the COO — yet IT often lands with the CFO, especially if there isn’t a CIO in existence. Businesses tend to organize around the functional strengths of their leaders and their business operations. If you are researching where IT makes sense in the structure of your business, see why organizations around the world continue to closely align IT with the finance department.

“We’ve Always Done It That Way”

Historically, IT has been aligned with finance due to the original reason technology was introduced to businesses: to aid in digitizing accounting functions. The highly detailed work that is performed by both finance and technology teams worked in lockstep, as finance executives leaned on IT for financial computing initiatives that would help make the organization more efficient and effective in their financial interactions. Over time, the original need for digitizing accounting morphed — yet the reporting structure still made sense. CFOs needed to have a tight handle on the burgeoning budgets that the technology teams needed to support the needs of the business. Many businesses find themselves locked into this aging structure for one of the worst reasons of all: “We’ve always done it this way”.

Aligning Departments Around Business Functions

At first blush, IT may seem to have more in common with operations than with finance. There are plenty of moving parts in both operations and technology, but that is where the parallels break down. Maintaining the daily execution of tasks is quite operational in nature, but the far-reaching strategic nature of IT is where the power truly lies for the organization. Hiding IT within the office of the COO could reduce the overall effectiveness of IT and may also lead to the team being a target when there is a need for budget cuts. Without a strong seat at the table for technology as it relates to the future of the business, both finance and operations Chiefs may reduce spending without seeing the longer-term impact of their decision.

Shifting Business Strategy

As more CEOs consider IT initiatives as strategic imperatives, the structure of organizations will continue to shift. CIOs — although they are “Chiefs” — have not always had a place reporting directly to the CEO of the organization as other chief officers do. Instead, they are relegated to second-string status by reporting to the CFO or COO, especially if there is a perception that the CIO is not comfortable enough working through complex business problems as well as providing technology solutions. The shifting business strategies that are caused by exceptional levels of innovation and competition in terms of technology make it more likely than ever that CIOs will be raised to the level of the CMO and CFO in terms of organizational structure.

There are no perfect or “right” structures for your organization. As technology leaders continue to expand their knowledge outside the scope of the technical realm, they are less likely to be reporting to the CFO and COO and more likely to be able to earn representation at the highest levels of the organization. This evolution of IT may feel uncomfortable for some organizations, but will ultimately help boost the visibility of technology projects that are often core to the success of the business.

Are You One Of Many Affected By The Quest Diagnostics Breach?

Financial & Medical Information of 12 Million Exposed

Quest Diagnostics reports that almost 12 million people could have been affected by a data breach.

On Monday, June 3, 2019, Quest Diagnostics said that American Medical Collection Agency (AMCA), a billing collections provider they work with, informed them that an unauthorized user had managed to obtain access to AMCA systems.

Quest Diagnostics is one of the largest blood-testing providers in the U.S.

Anyone who has ever been a patient at a Quest Diagnostics medical lab could be affected by the breach.

AMCA provides billing collection services to Optum360, which is a Quest contractor. AMCA first notified Quest about the breach on May 14th. Quest reports said that they are no longer using AMCA and that they are notifying affected patients about the data exposure.

The information included in the breached system includes:

• Bank account information
• Medical information
• Credit card information
• Social Security Numbers
• Other personal information

In its filing, Quest reported:

“Quest Diagnostics takes this matter very seriously and is committed to the privacy and security of patients’ personal, medical and financial information.”

What Should You Do?

Anyone who was affected by the data leak should freeze their credit report to prevent criminals from opening credit card accounts in their name. They should also be concerned that their Social Security numbers were exposed.

If you believe that your information has been leaked, you can contact Quest Diagnostics’ customer service at 1 (866) 697-8378 or on their contact page.

Here’s an honest truth: managed IT services cost money. With any business expenditure, it’s a good idea to understand the value that the expenditure will bring to the organization. We believe businesses can improve on many fronts by implementing managed IT services. One of the biggest areas of benefit is financial. Here are 6 ways that implementing managed IT services helps your bottom line.

Increase Productivity

Equipment downtime can be a huge detriment in any business setting. In the “break it fix it” model, businesses operate normally until something breaks, then work stops. If it’s IT equipment, the in-house IT team descends and attempts to fix. If, after some amount of time has passed, IT decides the problem is beyond them, they call in outside help. Then they wait. And wait. And wait some more. Work isn’t getting done while that piece of equipment is down. Waiting for an outside specialist can cost your company in a big way.

With managed IT, your managed service provider (MSP) is the outside specialist. As soon as something goes down, the MSP is on it, bringing their skills and specialties to bear on the problem. Use managed IT to get your business back up and running faster than the traditional model can.

Stabilize Monthly Spending

With the “break it fix it” model, your IT spend can spike wildly from time to time. When a high-value piece of your IT infrastructure goes down or even just needs replacing due to age, your costs soar. Companies self-managing their IT services also face sudden spikes in software upgrade costs.

Managed IT can stabilize your monthly IT spend. In this model, you pay a stable monthly rate for service regardless of how much or how little help you need in a given month. Software upgrades (or, more likely, subscription and licenses) are rolled into this monthly fee as well, removing those software spikes from your budget. Your finance team will appreciate this predictable expense.

Lower Your Initial Investment

Along the same lines, you can lower your initial IT infrastructure investment through managed IT. Depending on the terms of your agreement, some amount of your equipment may be owned by the MSP. The less equipment you have to purchase yourself, the lower your initial IT infrastructure investment.

Every MSP agreement is different, customized to the needs of the client business. If up-front costs are an obstacle for your business, be sure to craft a service agreement that lowers these costs.

Lower Overall IT Infrastructure Costs

Even if your MSP isn’t providing all your hardware as part of your plan, you’ll still lower your overall IT infrastructure costs in many MSP arrangements. For example, if hosting, storage, and backup are part of your MSP agreement, you eliminate some of your need for on-site servers. You’ll save money on hardware, power, and even real estate — since you won’t need space to house those servers.

The same principle applies to a number of other functions, including network monitoring and security. You won’t need to devote systems and system resources to functions that you offload to a managed IT provider.

Free Your IT Staff

Partnering with a managed IT services firm frees your IT staff to do what matters most. Contrary to what many assume, the goal of implementing managed IT isn’t necessarily reducing staffing levels. Sure, some larger businesses may benefit from reducing a bloated, inefficient in-house team, but the real value in managed IT service is freeing up your in-house team.

Your existing IT staff adds value to your company by wholeheartedly pursuing whatever high-value IT interests your business has—or, at least, it should. Many times, though, IT employees are too busy troubleshooting PCs and malfunctioning equipment to focus on the IT elements that are truly core to your business. Enlist a good MSP to handle the day-to-day IT troubles (among other things), and you’ll enable your IT staff to focus in and add value in the areas that are truly critical to your business.

Scale Your Business

It’s great to be a part of a growing business, but the growing pains are real. Scaling your business can cause IT headaches: new equipment is needed for each new employee, not to mention all the behind-the-scenes tech infrastructure, like server space, bandwidth, and software licensing.

Managed IT is the solution here, too. Your MSP has far more capacity than you need, so they can handle scaling issues during periods of growth or reduction.

Conclusion

By now it’s clear: that managed IT can help your bottom line. If you’re ready to begin the conversation about how we can help you, contact us today.

One of the major advantages of newer technologies is their ability to connect employees working remotely. Connections to colleagues, data and files help make doing business more productive, effective and accurate, no matter where employees and their teams are.

That’s why more companies are establishing bring-your-own-device (BYOD) policies. Such guidelines allow companies to save on the costs of providing employees with their own mobile devices or paying for their maintenance and replacement.

Adopting such policies requires companies to set clear guidelines for the use of such devices and what obligations employers and employees have.

What Are the Advantages to BYOD Policies?

Along with the cost reduction, there are several other advantages for companies that choose to use BYOD rules:

• Increased employee satisfaction. Employees who can bring their own devices are more satisfied in the workplace, don’t have to manage multiple devices and can use their own device for work-related tasks.
• More productivity. Employees with access to workplace apps on their own devices can respond faster to inquiries, gain needed information and address issues quickly.
• Flexibility. Make it easier for employees to work from home, remotely or while traveling with ready access to communication and apps that let them do their work effectively.
• Reduces uncertainty. For companies that pay for voice and data services for employee devices, switching to a BYOD policy saves not only on contract costs but also on data and voice overage charges.

“Employees who are willing to spend their own money to procure their own devices can be a boom for their bottom line. In some ways, this is a perfect arrangement. Employees get to use their chosen device, which can improve productivity and morale while saving companies money,” notes a recent article.

What Are the Primary Disadvantages to BYOD Policies?

The primary concern for many companies considering adopting a BYOD policy is security. Consider that for every device you add to your network, that’s one more device that has access to sensitive, proprietary or protected information. A company-owned device provides far more control of what websites are accessible, when devices are updated and how usage is monitored. Companies can control what anti-virus, anti-malware and anti-phishing tools are installed and how frequently they’re updated. Control means a greater understanding of what’s protected and how.

Another concern to BYOD workplaces is compatibility and support. Your employees are likely using multiple devices with multiple operating systems and capabilities. Your IT team will likely be responsible for some aspects of device management, including installation and updating of apps, security processes such as VPN and other protections, and ensuring security patches are applied. Having more devices in play means more expertise is required of your IT employees.

When employees leave, there need to be clear procedures and auditing rules about ensuring that all access to company files, apps and data is removed immediately.

Scalability is another concern. As the number of employees grows, with some of them using multiple personal devices, the staff demand for management and updating grows accordingly. Company network infrastructure also needs to be expansive enough to accommodate all the new devices.

For employees, the main concern is privacy. Employees may wonder how much of their personal activity and device usage is accessible to their employers.

Are There Other Options Besides Company-Provided and BYOD?

Some companies choose one of two alternative policies that reduce the risk:

• COPE. Corporate-Owned, Personally Enabled devices are those employees can use as their own but are purchased by and owned by the company. However, employee privacy concerns can make such an approach unpopular.
• CYOD. A choose-your-own-device approach requires employees to select from a limited number of devices for use with employer applications and access. While this helps minimize the amount of support required, it may require employees to spend more on new equipment.

How Can Employers Maintain Security with BYOD?

Clear and consistent policies are key to effective BYOD workplaces. Here are a few of the considerations you should use when implementing BYOD policies:

• Determine what operating systems and devices your company is willing to support
• Create device enrollment practices, requiring devices to be registered and authenticated before they are connected to your company network
• Require strong password or passphrase guidelines, including length, complexity, change frequency and failed-attempt blocking
• Create automatic lockouts on devices after a period of inactivity
• Require employees to immediately report lost or stolen equipment
• Mandate that personal devices can be disabled or wiped in the event of a loss or theft
• Install required anti-virus, anti-malware and anti-spam software on all BYOD smartphones, tablets and laptops
• Automate regular backups of company applications and data from personal devices
• Keep devices and applications up to date using automated patching and updating tools
• Encrypt all BYODs, ideally with full device encryption. If that’s not possible, require all sensitive data to be stored in encrypted folders on the devices
• Determine if BYOD users will be allowed to print, copy, save or email information pulled from your servers
• Require employees to sign an agreement stating they understand all the policies, procedures, regulations and consequences for noncompliance
• Detail the consequences of not adhering to company policies

When companies pay attention to the policies and guidelines necessary to ensure secure and proper use, BYOD policies can be an advantage to employers and employees alike.

IT consultants provide valuable insights to businesses looking for guidance on technologies that lead to better business outcomes.

Having a strong relationship with your IT consultant leads to more productive collaboration and discussions that are more fruitful. It begins with making the right choice to be your IT partner and requires commitment, communication and trust to remain effective. The scope can be vast or project-specific.

As noted in a recent ITBusinessEdge article, “Consultancy firms can help with everything from one-off projects for companies that don’t have enough time to pull together a team, to long-term projects that require a team with deep experience in an emerging or cutting-edge technology.”

Here are a few tips for making and keeping a great relationship with your IT consultant.

What Should I Look for in an IT Consultant?

The relationship begins during the selection process for an IT consultant. It starts with being clear about what your company needs from the consulting engagement. Define your desired outcomes, whether for a specific project or a longer-term, ongoing relationship. These scope documents should include your expected timeframe, internal resources, reporting expectations and success factors.

You should be clear about your immediate and future needs, whether they’re an improvement in network performance, better IT security, compliance mandates or better efficiency.

There are several things to consider during the selection, including

• Who will be working on your account (ask to meet them before signing)
• How much experience the consultant has with your business
• Performance, success stories and references
• An understanding of your business, its needs and your industry

Think as granularly about the project as possible so you aren’t surprised by anything down the road. Do you need a very hands-on team? Can your working structure or schedule be flexible? What development methodologies are a must-have? While it may take a little more time and effort, making sure you’re selecting the right firm from the start will result in a smoother ramp-up and integration process.

What Communication Should I Have with an IT Consultant?

Regular status meetings are an important part of the consultant-client relationship. Updates should happen on a mutually agreed schedule that’s included in your contract. The meetings should have a clear purpose, agenda and outcome. In most cases, these meetings should review progress on projects and data on the performance of deployed technologies. There should be a discussion of business needs and potential solutions using emerging technologies, too.

Communication with your IT consultant needs to be a two-way street. You should provide regular feedback on the consultant’s work, including what’s working well and what needs to be improved.

How Do We Prepare for Working With an IT Consultant?

Your internal IT team may feel intimidated by having an outside IT consultant become more involved in the decision-making and strategy for your business. The reality is that most internal IT staffs are stretched thin and cannot manage the day-to-day tasks, the strategic IT discussions and project management you need.

It’s important to be clear about how the IT consultant and your internal IT staff will work together. It’s important to think of the consultants as part of your IT team, a valued extension. Internal and external teams need to work together to achieve your goals. That means broad information sharing, progress updates, shared work and a true partnership.

Your IT consultant needs a candid assessment of the IT team and other relevant staff members. They also need to understand your products or services, your market and your existing technology solution. Many IT consultant relationships begin with an assessment of your current IT systems, hardware, software and business processes.

There’s another component to prep work with an IT consultant. If they’re going to be deployed internally, be sure they have the resources necessary from the start. That means a clean workspace, equipment, passwords and system access, an email account and phone number. You should communicate to your teams who the consultant is, why they are being hired and the scope of their work.

Provide the consultant with the procedures, policies, company overview, safety protocols and a sense of the company culture before they walk in the door.

How Should We Monitor the IT Consultant’s Work?

It begins and ends with trust. You need to trust that your consultant is doing what you’ve contracted for. Consultants usually have ample experience, extensive technical knowledge and experience with assessments and project management. Communication should be regular and consistent, knowing that you shouldn’t micromanage and that urgent issues will be brought to your attention.

You also need to trust that your IT consultant will be fully informed of technical options for your company. As the client, you are the ultimate decision-maker, but you need to be comfortable with taking a leap of faith. Your consultant’s recommendations may be very different from what you expected, but if believe that their guidance will give your business a competitive edge, it’s important to take their recommendations seriously.

You should also appoint an internal contact who will be the consultant’s primary liaison within the organization, solving day-to-day problems and answering questions. This contact also needs access to the CEO or other senior leadership and have a seat at the table when making decisions about projects and the consultant’s work.

An IT consultant brings with them knowledge, experience and solutions focused on boosting your business. Having a clear sense of how to work with them effectively means a greater return on your investment and better outcomes.

Today’s CEOs are increasingly being asked to lead their business into a data-driven world, but does that mean that immersive courses in understanding the technology are crucial? Not necessarily — in fact, it’s much more important that CEOs understand the potential of the technology and how to drive culture change throughout their organization. While Artificial Intelligence (AI) is truly changing the landscape of business, it’s doing so because fearless leaders are dreaming about the changes and improvements that are now possible through the genius of technology. See how this cultural revolution in the way we work is sweeping through business and leading a fast and furious discourse on how organizations will interact with data and individuals in the future.

The Promise of AI

CEOs have likely seen several generations of “transformative business models”: cloud-based computing being the most recent. As businesses are still reeling from this rapid-fire shift to Software as a Service (SaaS) models, the promise of artificial intelligence has the C-suite scrambling to understand the implications for their business. Scrappy start-ups do as they have always done, harnessing a new technology direction to quickly make changes to their business model as tech is introduced into the marketplace. Larger businesses and enterprises may be slower to act, as they can be weighed down with limited budgets, heavy infrastructure and disparate legacy systems. It takes time to move in a new direction, but the promise of AI is significant enough that business leaders throughout the world are exploring how to deploy data-driven decisioning in their operations, marketing and accounting solutions. From computers that recognize an individual human’s face to predictions of sales based on the weather, AI can be found in any number of practical applications throughout the business world — as evidenced by the 270% growth rate that AI has enjoyed in the past several years according to Gartner research.

Understanding How AI Works

In this season, the hype around AI is beginning to manifest itself in workable business models such as chatbots, next-best actions for customer service and predictive analytics. These systems can sense, analyze and respond to their environments in a way that is both interactive and intelligent. Creating a machine that is able to make better decisions over time based on the validation of its hypotheses requires a great deal of programming and math. However, the beauty of AI is that once the background work is done, humans are able to interact with the systems to continue the cycle of learning. AI systems “see” and “hear” sensory inputs and are able to translate that information, extract value and provide intelligent feedback to the user. Sensors and IoT (Internet of Things) connected devices also serve as input mechanisms, allowing machines to “feel” when something is cold or hot, positive or negative. This level of intuition is what is new to the business horizon, and it provides organizations with an ever-expanding range of possibilities to solve business problems.

3 Levels of AI Comprehension

While AI may have initially brought to mind futuristic robots that have taken over the world, true intuitive thought and “leaps of logic” are still beyond the limits of current AI technology. For example, an AI program can identify the difference between dogs and humans. The same program may be able to recognize how the two relate to each other as owner and pet and make the leap that they were going for a walk because the owner was holding the dog’s leash. However, it would not be able to intuit — or make an educated, quantifiable guess — anything about their relationship to each other in the future. This type of abstraction is still beyond the limits of current AI computing. The three primary levels of AI comprehension can be defined as:

• Recognition: Identify items in a picture or video
• Comprehension: Determine how the items relate to each other
• Abstraction: Evaluate the information and make a prediction about future performance

Each stage in the evolution of AI has taken years, but the advances are coming more quickly all the time as business leaders and technology teams come together to dream and create the interactions of the future.

Bridging the Knowledge Gap

Business people are struggling with an unfathomable knowledge gap between their understanding of business intelligence and AI and the possibilities for the future. Data scientists are swiftly becoming the bridge that helps cross this gap between technology teams and business leaders, providing the insight that can translate business needs into practical applications of AI and machine learning. As CEOs deepen their understanding of data and possibilities for their business, a data scientist or business analyst may provide the necessary cohesion to maintain forward momentum on these highly technical projects.

Creating a Culture of Innovation

Perhaps the most important challenge faced by CEOs when it comes to AI isn’t technical at all — it’s cultural. If the organization is not willing to embrace the future potential of this emerging technology, it’s unlikely that AI-based projects will be successful. There is a fundamental fear within many organizations that AI or machine learning tech will replace individual knowledge workers as the AI can produce similar results in some instances as long as the correct inputs are being provided. A great example is in healthcare, where nurses or intake professionals traditionally gather basic information while assessing patients in an emergency room. AI chatbots can be programmed to not only gather and log this information quickly but also use micro-data to determine the level of distress of the individual — potentially classifying their level of pain for more immediate action by doctors. Minute facial changes, heightened breathing and sweating are all inputs that an AI can process in milliseconds that might be overlooked by a harried charge nurse.

While that scenario sounds as though it could potentially replace a position, what it actually means is that the human nurses are freed of repetitive tasks so they are able to add more value to other interactions. These lower-level engagements with patients are simply a distraction for nurses, taking time away from patient care and their ability to connect on a deeper and more proactive level instead of being stuck in a place of reaction to outside stimulus. CEOs who are able to clearly communicate the value of AI to their organizations in a way that is both non-threatening and that drives excitement within staff are more likely to be able to successfully sustain change initiatives for the future.

Rethinking Traditional Business Models

In a traditional business model, managers, directors and even chief executives are accustomed to making decisions based on incomplete data or inaccurate assumptions. While this often works out, the deluge of data that is now available allows for more informed decisions to be made — as long as business leaders are willing to take the time to ask questions and refine their understanding of business problems. Machines are exceptional at uncovering patterns, and many of these designs can fool people into making certain decisions based on their intuition. With the introduction of AI-driven decisioning, it shouldn’t be surprising that there are unexpected variances in the data that point to inefficiencies, inaccuracies and outright errors. Understanding how to interpret this information can often fall on the shoulders of a data scientist, but helping work through those questions and drill into root causes of issues will be a crucial skill for all business leaders in this brave new world of data.

Getting Started with AI

Whether you have a million ideas you want to vet with your team or are just starting to consider how AI can impact your organization, the time to get started is now. Organizations of all sizes are embracing basic AI — everything from social media chatbots that can help customers place a simple order or learn more about a product to connected systems that predict which products consumers may purchase next based on the buying patterns of others throughout the world. Determining where to begin is challenging, but here are a few basic considerations as you’re prepping for action:

• Determine the reporting structure for AI, and this could change for every organization depending on the needs of the business. Will AI be mostly used in marketing or communications, operations or as a predictive analytics engine to determine when a potential breach has occurred? Understanding the application of AI technology can help ensure that the project gets the support that it needs to be successful.
• Will you hire or rent the technical know-how for implementation and ongoing support? Here again, there is no “right” answer, but it requires contemplating the breadth of the engagement and how quickly you want to ramp up for your AI-based project. A similar question is needed to determine whether you will buy a codebase that contains the majority of what you need and customize it, or build your AI applications from scratch.
• What’s the business case for AI? The most successful organizations are the ones that are able to quantify the value that they expect to gain from AI in terms of time savings, productivity boosts or improved customer engagement rates.
• Understand (and be able to articulate!) the “Why” of your project. Are you solving a problem, beating a competitor to a goal or simply exploring the potential for the new technology within your business? Being realistic about expectations helps reduce the potential for pushback from non-believers within your organization.

Artificial intelligence has far surpassed the time when it was simply a buzzword that people loved to throw around and is now a thriving part of the business landscape with over 60% of businesses adopting some form of AI in the past year alone. Understanding the potential for disruption in your industry — both positive and negative — and how AI can be leveraged will be crucial skills for successful CEOs both now and in the future. There’s one thing for sure: AI is here to stay. Business leaders can make a decision to avoid moving forward with any AI-driven initiatives, but the cost to the organization may be higher than stakeholders are willing to pay.

Understanding the threat landscape is a crucial part of a CEOs job as you attempt to protect your organization now and in the future. The cybersecurity and compliance landscape is changing rapidly, and it can be difficult to keep up with the various challenges your business is facing — from ransomware to phishing schemes, not to mention global and domestic privacy act compliance. While compliance and cybersecurity may not feel like exactly the same topic, understanding how all the moving pieces work together can help you synthesize strategies that will protect your business. See how these fast-moving fields continue to morph and how you can manage the risk inherent in today’s digital businesses.

The Digital Landscape is Rapidly Changing

Just a few years ago, CEOs were vision-casting how all these great new technologies would work together: customer data driving targeted marketing, operations becoming more efficient due to the use of connected devices and augmented reality forming the basis for your selling strategies for physical goods. As these advanced technologies become more mature, CEOs are finding that each interconnected system provides yet another point for failure. Each mobile phone that is tied into your network infrastructure could be the cause of a data breach. Cybercriminals are becoming more crafty with their messaging to your teams by mimicking vendor email addresses in requests for funds. Augmented reality and next-level marketing techniques are causing consumers to become more concerned than ever before with how much data is being tracked by companies — and how that information is being used.

Intense Focus on Privacy Requires Unified Compliance Strategy

CEOs are no longer able to assume that individual business units understand the full implications of privacy policies and are acting upon them. Instead, a unified compliance strategy is a crucial step that businesses must take in order to stay within the aggressive privacy policies that are being put into place in Europe and now in the US. California is the first state to create consumer data privacy laws that are very similar to those already enacted in May 2018 by the European Union’s GDPR (General Data Protection Regulation). The California Consumer Privacy Act (CCPA) takes compliance a step further and mandates strict consequences for organizations that refuse to comply or cannot show that they are moving towards compliance. The complexity of these laws is such that attempting to manage data at a business unit level is no longer feasible, requiring what may be expensive consolidation of disparate databases, IT infrastructure and reporting.

Determining Acceptable Risk

When it comes to cybersecurity and compliance, it’s important to determine the acceptable risk for your organization. There are no guarantees that your systems cannot be infiltrated even if you invest in the most sophisticated system in the world. The unfortunate fact is that a significant percentage of data breaches are caused by users by poor password habits, inadvertent interactions with malware or even improper access levels to sensitive data. Mitigating each of these risks is not a reasonable ask to your IT department, making it vital that you work with your executive team to identify the most likely risks and how they can be discovered so remediation can begin quickly. Cybersecurity is a key consideration simply because it’s rarely a matter of “if” your organization will be affected — but “when” and to what extent the incident will occur. If you are able to achieve true resiliency for your organization, the combination of disaster recovery and business continuity plans that combine monitoring, detection and response services may help you reduce the overall costs of an attack or breach.

Elevating the Conversation

When CEOs step into the battlefield of cybersecurity, it raises the importance of the conversation and helps ensure that there is a continued focus on protecting the organization from these digital perils. Everything from convincing business units to work together to gather and store data to approving additional spending on security and monitoring software becomes easier, as the CEO is able to lend their global view to the conversation. Cyberattacks can cause losses in unexpected places, such as the loss of consumer confidence or vendor relationships. Quantifying these risks can be a challenge, but organizations are now estimating that a single attack may cost their business as much as $1.67 million. Cybersecurity aside, non-compliance with state and federal data privacy regulations can also be a pricey proposition, with new legislation in place in California that has severe civil penalties and even includes the potential for statutory damages.

Cybersecurity Isn’t a One-Time Resolution to a Problem

As technical and troubling a problem such as cybersecurity is, there is no one-time resolution to this thorny problem. While hackers are the cause of a significant portion of the cyberattacks, it’s every bit as likely — if not a bit more so — that your cyber risk is accidentally caused by employees or contractors who simply made a bad decision. That means ongoing education and continual system monitoring will need to become part of the landscape of your organization if you hope to reduce your overall cybersecurity risk. Active monitoring solutions can help identify any immediate threats, but continued diligence on the part of the executive team will help ensure that cybersecurity and compliance remain top-of-mind for the organization.

All organizations are vulnerable to risk in different ways, but it’s crucial that the organization’s top executive is part of the conversation and solution to the problem. Without this top-down focus on digital risk, businesses are much less likely to put the infrastructure, processes and procedures in place that will protect their data and business operations.