Category: Uncategorized

A healthy, growing business is almost always a good thing. Still, expansion brings with it certain responsibilities on your part.

If your business is growing quite quickly, it’s important to understand that large changes or adjustments may need to be made. This could mean hiring more employees, starting to provide employee health insurance, advertising more and spending more on marketing services, or obtaining more physical office space.

One area that you certainly won’t want to ignore as your business expands is your company’s information technology provider.

Many businesses who start small assume they can keep their IT provider as they grow. However, it’s important to realize that some providers aren’t equipped to handle larger businesses — those who often necessitate sprawling networks and extensive security needs.

To determine whether your company will soon require new IT services, consider the following questions about your current IT provider.

How familiar are they with your specific industry?

Often, when you’re just starting out, you’ll hire an IT provider who handles information technology services for a broad range of industries. Without a doubt, working with these types of providers will help your growing business by cutting costs. At the same time, you’ll still have your IT taken care of.

But as your business grows, you’ll want an IT provider with unique expertise in your industry. Niche IT providers who specialize in IT for hospitals, transportation services, or optometry offices, for example, are much more likely to provide you with better-quality service and improved security.

They are knowledgeable about and regularly brush-up on industry standards. They keep up with new and cutting edge technologies in your industry. And most of all, they are constantly aware of common security threats (and solutions) to businesses like yours.

Do they service other companies of similar size?

Take a look at who else your IT company serves. Are there any clients who match your company’s size? If so, do you believe those companies would also necessitate the same amount of attention and security as your company?

Even if your current provider services a company comparable to your size, if that company is a greeting card business and you own a chain of dental offices, you may have more to think about than just size. Namely, you’d have personal medical information within your network and a unique and crucial need to avoid breaches, scams, and possible liability catastrophes.

How often do you require troubleshooting services?

Are you already in near-constant communication with your IT provider for recurrent outages, network errors, slow-downs, and other problems?

Certainly, troubleshooting is one of the reasons you have an IT provider in the first place. However, the best providers should be able to set-up a network that requires infrequent service.

Moreover, preventable errors that happen once should not happen again. The downtime that results from problems in your network will inevitably hinder your business’s success. Moreover, as a company that’s growing, things will only get worse if you do not improve your service now.

How have they handled network problems to date?

When you have needed to make a service request in the past, what’s been your current provider’s track record?

Consider how easy they are to get in touch with. Are you able to speak with your own account manager or at least a representative who’s knowledgeable about your business?

How fast is your request handled? If it’s an emergency, such as a security breach or a system failure, how fast do they respond? If it’s a routine question or small system error, how fast do they respond?

Larger businesses need IT providers who know their business and are at-the-ready when a problem occurs. In fact, you should have a direct line to call when problems arise — one that answers to a live person.

Furthermore, as a growing business, you’ll want to anticipate that future problems will inevitably be more calamitous, especially when left unhandled for even a day or two. As your business expands, your IT provider must be immediately responsive, fully capable of handling any problem, and prompt in their service calls.

Have they presented a plan for accommodating your company’s growth?

First of all, have they taken notice of your company’s growth? A quality IT company will come to you first, noting that your company has been expanding and ideally, presenting a plan for your extended IT needs.

However, even if it’s you who needs to take the knowledge of your company’s expansion to your IT company, you’ll want to look for signs that they have a plan in mind to accommodate your anticipated needs.

They may, for example, suggest that you move from an as-needed payment plan to a monthly or yearly management plan. Many of the best IT providers who handle a range of company sizes will have at least these two options for their clients. When moving to a managed plan, you’ll be able to request assistance whenever necessary, paying a flat rate for their on-call care.

Find an IT Company Who Will Help Your Business Flourish

If, by evaluating the questions above, you’ve determined that it may be time to hire a new IT company, this certainly doesn’t mean that your current provider is entirely insufficient. It simply means that you’ve outgrown them, which in turn means that it’s time to move on to a more capable provider.

Taking the time to assess and realize your business’s extent of growth and possible outgrowth of an IT provider is an important step in your business’s expansion. Hiring an IT provider with adequate resources and capabilities to handle your expansion will ensure you’re fully prepared when it comes to your information technology — a foundational element that is, today, an invaluable component to businesses of all kinds.

Are you willing to pay the piper when it comes to cyberattacks?

Despite the growing number of cyberattacks on small- and medium-sized businesses, there is still a lack of awareness or proactive defense of the networks, computer systems, applications and devices being used. This inattention means it’s even easier for criminals to attack your business by worming their way into your data, stealing it and threatening to expose it. Other cyberattacks target the business itself, making systems and websites inoperable, costing businesses millions in the process.

Freeing the data or access often means paying a ransom, usually in the form of Bitcoin or some other cryptocurrency that’s impossible to trace.

How Much of an Issue is Cybercrime?

When it comes to cyberattacks on small businesses, the reality is, if you haven’t already been attacked, you will be. What matters is that you have the security protocols in place to make sure your business withstands these attacks and is not victimized by intruders looking to do harm.

The scope of cyberattacks, especially on SMBs, is staggering.

According to the 2018 HISCOX Small Business Cyber Risk Report, almost half (47 percent) of small businesses suffered a cyberattack in the previous year. Of those attacked businesses, 44 percent encountered a second, third or fourth attack. Eight percent had five or more attacks.

Yet the report shows a paradox. Business executives surveyed identified cyberattacks as one of their top two concerns, along with fraud. Sixty-six percent said they were concerned or very concerned about cyberattacks.

However, among those executives, the majority haven’t taken even basic steps to protect their businesses.

What Does a Cyberattack Mean to My Business?

If you do not invest in cybersecurity measures, you are a sitting duck. That means you’ll have to pay a ransom when your business is attacked. You will incur costs as well, including steps to identify and eradicate the intrusion, notify customers and regulators and pay for deep web monitoring or credit monitoring.

What is that financial cost? According to HISCOX, it’s $34,600 for small businesses. The 2018 Cost of a Data Breach Study: Global Overview conducted by the Ponemon Institute shows that among SMBs and enterprises, the worldwide average total cost is $3.86 million. The costs are increasing each year, too.

The Ponemon study shows some of the other inherent threats and disruptions a data breach can bring upon your business. Among key factors influencing the cost of a data breach, according to the study, are:

• The unanticipated loss of customers after a data breach is reported. Organizations that have established institutional trust and offer identity protection to victims are more successful in retaining customers.
• The scope of the breach and the number of records lost or stolen. Ponemon calculates the per-record cost at $148.
• Time. The longer it takes to discover the data breach and contain it, the more costly it is to the affected business.
• Scope of remediation. When an attack is discovered, your business is going to incur expenses it didn’t plan for, including for independent investigators, forensic analysis, auditing services, crisis PR management and continuing brand and reputation repair initiatives.
• Service needs. These included the demands for help desk services, marketing and communication, distribution of new account information or credit cards, legal costs, regulatory investigations and fines, product and service discounts to retain customers and increased insurance premiums.

The costs, both real and impressionistic, can cripple a small business that does not have the resources to recover from a cyberattack.

What Should Our Business Do To Protect Itself?

Protection begins with a thorough assessment of your systems and procedures to determine where there are vulnerabilities that need to be addressed. Working with a qualified managed service provider, you can understand where the exposures are and plan to fix them.

Your managed service provider will want to look at several components, including:

• Network security that’s based in next-generation firewalls to identify and contain unwanted activity
• Automated solutions to update anti-malware applications and install updates and patches
• Policies regarding access, password protocols and authentication

With the proper security in place, you can avoid paying a ransom and putting your business at risk.

Impacted Systems:

• Windows Server 2003
• Windows XP
• Windows7
• Windows Server 2008

Nonimpacted Systems:

• Windows 10
• Windows Server 2016
• Windows Server 2019

If you are still using Windows Server 2003 or XP, Windows 7, Windows 2008 R2, or Windows 2008 you could be in trouble. A wormable virus may be coming your way. The virus is designated as CVE-2019-0708.

This means that the virus can get into your system without you doing anything like clicking a malicious link. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights without your knowledge.

What Should You Do?

Microsoft has released a critical update for their Remote Desktop Services that impacts multiple Windows versions. The patches are for devices and systems that are both in and out-of-support, which is rare for Microsoft to do. This shows the importance of these patches.

The update addresses the vulnerability by correcting how Remote Desktop Services handles connection requests. To apply the patches, go to the Microsoft Security Update Guide for in-support systems and KB4500705 for out-of-support systems.

Note: Clients & Customers on a valid managed services agreement are being taken care of and there is no immediate action for any computer, server or other devices under a valid managed services agreement.

Microsoft recommends that customers running one of these operating systems download and install the update as soon as possible.

Does This Mean Even Systems Without Support Can Get The Patch?

Yes, Microsoft is aware that some customers are running versions of Windows that no longer receive mainstream support. This means that you wouldn’t have received any security updates to protect your systems from the CVE-2019-0708 virus.

Given the potential impact on customers and their businesses, Microsoft decided to make security updates available for platforms that are no longer in mainstream support.

All Windows updates are available from the Microsoft Update Catalog.

What Should We Do Before We Apply The Update?

It’s recommended that you back up all of your important data first. If you have a reliable backup, if the patch creates problems you can still access your data. You should do this before you install any patches.

What If We Can’t Apply The Patches?

If you can’t apply the patch for your system there are other things that you can do:

• If you don’t need the Remote Desktop Services, you can disable it.
• Block the TCP port 3389 (this prevents unauthorized requests from the Internet).
• Enable NLA (Network Level Authentication) for Windows 7 and Windows Server 2008.

Of course, the best thing to do is to contact your local IT services company. They’ll know exactly what to do.

What Is A Wormable Virus?

This means that any future malware that uses this vulnerability could propagate from one vulnerable computer to another. This is how similar malware like WannaCry spread around the world. Experts are worried that this flaw could be used to fuel a fast-moving malware threat like the WannaCry ransomware attacks of 2017.

Here’s what Simon Pope, director of incident response for the Microsoft Security Response Center tells us:

“This vulnerability is pre-authentication and requires no user interaction,” Pope said. “In other words, the vulnerability is ‘wormable,’ meaning that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017. It is important that affected systems are patched as quickly as possible to prevent such a scenario from happening.”

Have There Been Any Attacks Yet?

Microsoft said they haven’t found evidence of attacks against this dangerous security flaw. But one could happen at any time. Right now they are trying to prevent a serious, imminent threat with these patches.

Simon Pope goes on to say:

“While we have observed no exploitation of this vulnerability, it is highly likely that malicious actors will write an exploit for this vulnerability and incorporate it into their malware.”

What Does The Microsoft Remote Desktop Do?

You use the Microsoft Remote Desktop application to connect to a remote PC or virtual apps and desktops made available by your admin. You can control your desktop computer and all of its contents from another computer.

The app lets you connect to your desktop from wherever you are. The access to the remote desktop happens over the Internet or via another network. It lets you interact as if you were physically working from your desktop.

The Remote Desktop application also gives the “master” computer access to all of the contents on the remote computer.

What Else Should We Know?

If you had updated from Windows 7 to Windows 10 or from Windows Servers 2008/2008 R2 to Windows Server 2016 or 2019, you wouldn’t need to worry. This is why it’s essential to keep your systems up to date.

Soon, on January 14, 2020, support will come to an end for all Windows Server 2008, 2008 R2 equipment and the Windows 7 operating system.

If you’re still using these servers or operating system, it’s crucial to replace them now so that there’s no disruption to your daily operations or loss of data.

Any hardware or software product that reaches its end of life is a potential gateway for hackers to enter through. In addition to the security hazard, there are other reasons why it isn’t a good idea to keep using old equipment such as unresolvable outages.

Where Can We Get Help?

Contact us to ensure your Microsoft desktops and servers are secure and protected from unauthorized intrusions.

Opportunities to spend on tech are endless these days. But your budget isn’t endless. Your company needs to invest in technology, but you need to do it in a way that’s smart and strategic. Check out our CFO’s guide to smart investing in information technology. We’ll show you how to prioritize your technology investment so that you can make smart decisions and stay on budget.

The Problem

The problem with smart investing in information technology is the sheer number of choices available. Hardly a day goes by without a new B2B information technology product hitting the market. You can’t possibly purchase them all, nor does your business need them all.

As the CFO you may or may not be involved in specific purchasing decisions, depending on the size of your business and the size of the purchase. You do, however, bear ultimate responsibility for setting your purchasing strategy. With so many IT investment options available, you may be overwhelmed trying to cut through the noise and decide what’s best for your organization. The lower your comfort level with technology, the worse the confusion gets.

Understand the Importance

The first step toward solving this problem is to engage with it. Understand that in many real ways technology is the future. You can’t afford to sit on the sidelines or to keep doing business as usual. Your competitors aren’t, and you’ll be left behind.

Simply put, picking the right new tech and integrating it successfully into your business can give you a competitive advantage over competitors. Therefore, in concert with your business’s technology team, you and the financial team must evaluate new IT developments, selecting and implementing the trends that will keep you competitive.

A Framework for Evaluating Emerging IT Innovations

Typically, companies receive far more internal requests for new software or hardware that can be approved within the current budget. To add to the problem, B2B sales efforts come from every direction. These promise to solve one problem or another or to give you that competitive advantage over your competitors. Never mind that the salesperson is trying to sell the exact same solution to those competitors.

What’s needed is a framework for evaluating emerging IT innovations. The questions below can help you decide which internal requests and outside sales pitches are worthy of your attention . . . and your money.

Question 1: How does the tech improve the group requesting it?

Many businesses receive countless technology requests from within. You and the finance team likely can’t approve every one of these, nor should you. The easy questions to ask are “does an employee want this software?” or “Will this software improve the employee’s situation?”, but those aren’t the right questions. Instead, ask “how will this piece of software improve this department or the whole company?”

This strategic question can help you prioritize your technology spend. Software A may very well improve life for that one person in sales, but if Software B realizes far more gains for a 30-person division, it ought to rank higher in the budget.

Question 2: Would this investment disrupt our existing IT deployments?

Sometimes blowing up the status quo is just what you need to succeed. Other times, though, wisdom is to leave well enough alone. If a new technology investment isn’t going to play well with your existing systems, you want to find this out before signing off on the purchase.

Neither internal requests nor external sales pitches are immune from this danger. Work with your technology teams to discover how a new investment will interface with your current system. Don’t spend the money until you’re convinced that the new tech will integrate into your current systems.

Question 3: Would this investment disrupt our workflow?

This is similar to question 2, but it focuses on the human component. A shiny new piece of software may well speed up Step 4 in a complex process in your business. Maybe it even cuts the time in half. Sometimes, though, there are trade-offs. You need to know if it’s going to make Steps 1 through 3 an absolute pain to complete, or whether it will add time to Steps 5 through 8.

Avoid facing an employee mutiny by fully vetting the impact the new technology will have on your current workflow. Be sure it’s a true net step forward before you commit.

Question 4: What are the returns on investment we will see by implementing?

With question 1 you’ve already established how the product will benefit one or more departments. Now, take it a step further and look at your ROI. How greatly will this investment increase sales? What estimate can you place on the productivity or quality-of-life gains? Is the cost worth the advantage you’ll gain over competitors? Answering questions like these gets you to a more specific understanding of the true worth of a proposed investment.

Conclusion

Navigating the new technologies available will always be a challenge for CFOs. By asking these 4 questions, you can prioritize your technology investments smartly.

Human capital is one of the most important business assets and also one of the most elusive. Today’s employees are staying only an average of around 4 years, far different than years past when people regularly stayed with the same company for over a decade. Job stability is a serious concern for organizations, who often find that they are losing their highly qualified staff members when a better offer comes along or when opportunities dry up. This can happen because organizations do not have a stable and structured human resources staff that is able to continuously create opportunities for training and advancement within the organization — staying tuned to the needs of the highest-performing staff members while supporting a positive culture throughout the organization. With the focus on swift moves and organizational change, it’s a strategic imperative that you have a top executive focused on the human resources needs of the business.

“Culture Eats Strategy for Breakfast”

Anyone who has been through business school has heard this old adage from management guru Peter Drucker, as related by Mark Fields in 2006. While it may be a bit trite, this statement has never been more applicable as the corporate culture can quickly fester due to poor decisions by business leaders who are not keeping personnel needs in mind. People want to work somewhere that provides personal as well as financial fulfillment and that often means finding a flexible working situation or the ability to advance their careers with hard work and dedication. If the culture of your organization is toxic with poor leadership in place, it may not even be obvious until you begin losing high-potential staff members.

With a Chief Human Resources Officer (CHRO) in place, there is likely to be a greater focus on gathering employee feedback as well as looking into breaches in rules and etiquette by staff. It doesn’t take long for a positive corporate culture to turn into a negative without a continuous focus on employee satisfaction. The perception that “leadership doesn’t care” or a lack of accountability can poison even the most positive working relationships. A CHRO helps actively listen around the organization and has the ability to raise concerns to the highest level while adequately explaining the challenges and offering strategic solutions.

Encouraging Meaningful Diversity and Mutual Respect

Diversity of thought and cultural fit are every bit as important as ethnic diversity in your workforce. It’s easy enough for managers to hire someone who not only looks like them but also thinks like them — something that a CHRO can help guard against. There’s more to a hostile workplace than a single person or small group of individuals who are behaving badly. It starts with the idea that staff members can get away with atrocious behavior and that the perpetrators are being enabled due to their high-performance standards or position within the organization. It can be challenging to discipline individuals who are perceived to be exceptional, but having C-suite representation for all personnel can help lead to accountability and mutual respect. Meaningful diversity occurs when managers and supervisors are encouraged to step outside their comfort zone and work with people who may be a great cultural fit, even if they may not have exactly the right pedigree or high levels of experience. A dedicated and involved CHRO helps hiring managers to see beyond the surface to find the exceptional staff members that will help the organization grow and evolve in the future. It’s never too early to begin encouraging managers to celebrate diversity and inclusion through a variety of different initiatives that can ultimately result in a more balanced workforce.

Attract and Retain the Best

Creating a positive culture also means finding what motivates employees and being able to illustrate the real business benefits of reducing turnover and providing the perks that employees truly want. HR is moving far beyond simply being the “complaint department” or a way to ensure compliance with a variety of rules and regulations. Having a CHRO provides the business with a higher degree of strategy in the hiring and managing of talented staff members. Millennials and Generation X alike appreciate being able to work from home or remote locations when the work permits it, but a CHRO is able to help quantify the savings that can be expected for the business as well as the softer side of employee engagement. Proactive human resources support is quickly becoming a differentiator for businesses that view these roles as more of a strategic position instead of the tactical role that HR has played in the past.

FInding benefits that employees will appreciate is only a portion of what goes into attracting and retaining the best staff members for your organization. A proactive CHRO regularly reviews the competitive landscape to ensure that health and wellness benefits are commensurate with the marketplace. Creating wellness initiatives also falls to HR, with the long-term benefits of these programs helping bring a new focus to the value of encouraging positive health choices throughout the life of each staff member. Having a CHRO included as a deliberate part of corporate strategic decisions creates a more equitable focus on the individual needs of employees as well as the organization’s requirements for long-term growth.

Experience and Training Key for Successful CHROs

Not every CHRO comes up through human resources. It’s not unusual for someone more on the business, marketing or legal side see the value in making the leap in this direction. It is crucial that any CHRO candidate has a deep understanding of the privacy and liability issues that can arise from this sensitive position and department. These individuals thrive when they have a full understanding of people management, legal considerations as well as business operations in order to help managers and leadership identify staff challenges and how to move towards resolution. Few of these issues will be solved overnight, meaning your CHRO must have the ability to stay the course and navigate difficult relationships over time. The role of CHRO even has some aspects of a Chief Security Officer, as they will need to understand and be able to manage in-depth data privacy policies which can be quite complex depending on your business model. Measuring the success of various initiatives is also a data-driven operation that requires analysis and interpretation of diverse datasets.

Organizations may survive without someone from human resources at the executive table, but it is becoming more unlikely that they will thrive without this representation in the C-suite. Chief Human Resource Officers provide a needed counterpoint to the business-focused mantra that you may hear from other executives, providing a different perspective on reaching organizational goals through the introduction of positive culture change, accountability and diversity in hiring practices. This strategic role not only provides organizations with qualified candidates but also helps ensure that high performers stay and continue providing their brain trust to the business.

There was big business security news out of Brunswick, Ohio (a part of the Cleveland metro area) last month, this time involving a church. According to local reporting, the St. Ambrose Catholic Parish recently announced to parishioners that they had been swindled out of a whopping $1.75 million. The attackers’ methods have real implications for churches and businesses alike. We’ll look into their methods, but first a little more detail on this fascinating story.

A Church with Big Plans

St. Ambrose is in the middle of a fundraising and building campaign. As with many older church buildings, repair and restoration are needed. The parish’s Vision 20/20 campaign was supposed to be the answer. This campaign called for raising $4 million needed for repair and restoration, and the fundraising efforts were well underway.

The church only discovered there was a problem when the construction firm they’d hired, Marous Brothers Construction, started inquiring about unpaid bills totaling $1.75 million. The church leadership had been prompt in paying its bills, so they thought, and even had receipts and confirmations for funds transfers. They didn’t understand how the accusation of nonpayment could be true. The funds had left the account, after all.

An Old-School Hack, Well Executed

After involving the Brunswick police and eventually the FBI, an explanation surfaced. The church had indeed been hacked in a business email compromise attack, or BEC. An unknown attacker gained control over two church staff member email accounts. From there it was mostly social engineering.

The bad actors in control of these email accounts managed to convince (via email, of course) the rest of the relevant staff members that the construction company had changed its account information. The “new” account was, of course, controlled by the criminals. The most likely explanation from this point is that an actual, on-site staff member changed over the payment information, having been duped by very real emails that appeared to come from trusted colleagues.

The criminals kept the ruse going very effectively, apparently sending (bogus) confirmation emails so that the church staff thought they were paying the right people. Only when the construction company came calling was the breach finally discovered.

An Isolated Hack with Devastating Results

The church reported to local media that no other components of their IT infrastructure were compromised, including parishioner databases or stored financial information used for the church’s electronic giving service. The hack was isolated. All the hackers got was access to two email accounts. Yet they leveraged this small hack into a $1.75 million payday.

Strategies to Combat BEC Attacks

Stories like these underscore the importance of strong IT security, even in houses of worship. They also underscore the importance of training staff on recognizing the signs of phishing, social engineering, and other bad behavior.

Most BEC attacks don’t start as brute-force attacks. Rather, they start as phishing expeditions. Hackers lure credentialed people to give up their login information by presenting a sometimes extremely realistic fraudulent login page. The first step to preventing such attacks, then, is to educate your staff about how to spot phishing and other similar tactics. Teach staff not to assume that email is from who it appears to be from, especially emails that seem out of context or that ask for unexpected actions. At the enterprise level, implementing a better email authentication protocol like DMARC is an effective way to combat this kind of fraud.

Need Help?

Does your business need help preparing for BEC, phishing, or social engineering hacks? Contact us today for more information.

Today’s businesses are nearly all in a period of transition. If you aren’t old enough to have lived it, all you need to do is stream a few episodes of just about any ’90s sitcom to realize that business has changed at an overwhelming pace since then. This change continues today. Companies are all at varying points on the journey of digital transformation. Some are on the bleeding edge, while most are taking a cautious or catch-up approach. A few remain blissfully unaware, but these aren’t likely to last much longer.

Doing Digital Transformation Right

Digital transformation sounds great, and I’ve already implied that it’s essential. That’s not quite accurate, though. What’s essential is doing it right. A poorly executed digital transformation can be just about as harmful as burying your head in the sand and hoping things will stay just as they are. (They won’t.)

Digital Transformation as a Journey, Not a Destination

One of the first aspects of a good digital transformation plan is to understand its nature. Digital transformation isn’t a one-and-done initiative. How do we know? For starters, we aren’t using Windows XP (or, shudder, the dreaded Windows ME) anymore. Technology will continue to evolve, and your digital transformation will continue as it does.

It’s better to think of digital transformation as a journey. Where are you right now? Where are your competitors? What do you need to do, procure, or implement to catch up with (or better, pass) your competitors? Once you’ve implemented those steps, start to look at what’s next.

Digital Transformation as Mission Critical

Businesses today must understand that digital transformation is mission critical. It’s not something you spend money on when business is booming and squeeze out of the budget when money is tight. As soon as you stop failing to innovate, you give your competitors an open door to squeeze you out of the marketplace. Keep up with your digital transformation journey and stay competitive.

Digital Transformation as a Monitored Initiative

Many companies that do form a digital transformation plan fail to follow through in some way. It’s important to regularly evaluate the progress of your company’s digital transformation plan (be it quarterly or monthly). If digital transformation is a journey rather than a destination, a company working from a 3-year-old digital roadmap is doing it wrong.

Evaluating Your Company’s Digital Transformation Efforts

Evaluating your company’s digital transformation is a complex process. If your company doesn’t have an evaluation plan in place, you might be wondering where to start. Here’s how to get started evaluating your company’s digital transformation.

Ask Questions

It’s easy to assume that a process or plan that’s not making too much noise is working well, but doing this is a mistake. As you should with any process or plan, ask plenty of questions at regular intervals. What is and isn’t working? What new implementations are causing friction among the staff? Is that friction due to lack of training or because the technology solution is failing to deliver? Is the plan sticking to budget? What new technologies or platforms are developing that should be added to the company’s digital transformation journey? What is the right time to add those technologies? Is a particular technology failing to deliver or costing more than you’d budgeted for?

Asking good questions of the right people can greatly improve your digital transformation efforts. Don’t be afraid to include a wide range of departments and seniority levels in your questioning, either.

Review Business Needs

Just as available technology changes over the years, so do your business needs. A piece of software that was mission critical in Accounting 10 years ago may be peripheral or even obsolete today. Similarly, the business needs of your Data and Analytics department today are likely quite different (and far more evolved) than they were 20 years ago. That’s assuming you even had a data and analytics group 20 years ago!

An important part of reviewing your digital transformation efforts, then, is reviewing each department’s business needs and processes. Providing new solutions to long-solved problems isn’t the best bang for your buck. Be sure you understand the problems and processes of each business unit so you can focus your digital transformation efforts in the areas that matter most.

Get the Right People in the Room

A digital transformation plan that no one really knows about isn’t going to accomplish much. A review of that plan that no one knows about won’t, either. Your digital transformation evaluation efforts should include a pretty decent cross-section of organizational leadership. The CFO and CIO (or their delegates) are key stakeholders, as are the leaders of various business units. The CEO must be informed and on board for this to be effective, though of course the size of your organization will likely guide the CEO’s level of real involvement.

Buy-In Is Key

You need the right people in the room, but you also need buy-in from those people. If digital transformation evaluation is a new concept (or a loathed one), you may need to educate first. Get the key stakeholders in a room and use points like these (not this one, of course) to help them understand the mission-critical importance of this process.

Data Is Everything (Else)

You don’t want your review meetings to be based solely on feeling. If your meetings sound a lot like “Well, Jane in Accounting is frustrated using this new software” and “I believe implementing this new platform will really help!”, you need a heaping helping of data. Task your analytics group with researching the effects of a new software suite, for example, so you have real data to go along with feelings.

Conclusion

The digital transformation journey is never-ending, and your efforts to evaluate that journey are as important as they’ve ever been. If you could use a hand, whether with the journey or its evaluation, let’s start a conversation today.

Unlike many other professionals, real estate brokers are constantly moving and constantly juggling multiple deals and contracts at various stages. With whom a broker conducts regular business will vary drastically from day to day. And no single day is ever like another.

As a result, the role of technology for real estate professionals is crucial. For decades, real estate firms have been on the cutting edge of new organizational tech platforms, all of which surely attempt to make the life and business of brokers easier and more effective.

Nevertheless, it’s one tried and true program that’s risen above the rest: Microsoft Office 365.

How Exactly Does Microsoft Office 365 Improve the Work of Real Estate Brokers?

Microsoft Office 365 came on the global scene in 2011. The goal was to provide cloud-based Microsoft Office software via a subscription service, namely to businesses and professionals. Because Office 365 works through a subscription license, all updates are automatic and free.

For real estate agencies and their brokers, Office 365 has been a blessing from the start. Here’s why:

Office 365 juggles multiple databases on one seamless platform.

The nature of a real estate broker’s job necessitates juggling a multitude of deals and interpersonal connections at once. Moreover, each of these transactions is generally at a different stage and features varying degrees of attention and focus.

Microsoft Office 365 was built for situations like this.

Because brokers can access these databases and programs all on the same platform, each of their daily actions becomes faster, easier, and less stressful. Office 365 stores information remotely in the cloud, so even a glitch in an individual device won’t cost the broker a sale or loss of a contact. Prior to this, such a glitch may have lost an agent a full day of troubleshooting or caused a critical error, such as losing a contact’s phone number forever or completely missing an important showing.

The integrated platform of Microsoft Office 365 means brokers can traverse seamlessly from calendar, to contacts, to email, and more. In fact, all three of these features are the cornerstones of why Microsoft Office 365 works for brokers.

Calendaring is one of the platform’s key useful features, allowing easy access to a broker’s own personal calendar as well as access to co-workers’ calendars. Furthermore, a complete catalog of contacts is always at a broker’s fingertips with Office 365, and email integrates seamlessly with all other features.

Access is available and easy to use on all devices.

It’s not uncommon for a real estate broker to be on-the-go virtually all day. Whether they’re in the office, at home, hosting an open house, or showing homes to individual buyers, they need constant access to their email, calendar, and contacts.

With Office 365, all of these features and more are available on desktops, laptops, smart phones, and tablets — yet another reason it works especially well for real estate professionals.

If you own or operate a real estate firm and are interested in acquiring a Microsoft Office 365 subscription, the upgrade can improve your entire business from the start.

Such a massive transition, however, will take time and adaptation on everyone’s part. An IT management professional can help your business make this enormous shift efficiently and effectively. Speak to a managed service provider in your area today to learn more.

The security of user data is of high importance, and that importance only grew with the implementation of the EU’s General Data Protection Regulation (GDPR). These sweeping new regulations went into effect on May 25, 2018. They are European Union regulations, but they have sweeping effects since they apply to any business that stores personal information of any EU citizen.

It’s important to comply with GDPR. The first step, though, is to understand what exactly GDPR requires for your business.

PII Under GDPR

The short answer to the question of what PII is under GDPR is that it’s not a thing. Personally, identifiable information is an American term. The rough European equivalent is personal data. It’s important to note, though, that the two are not identical. The European standards are more restrictive, and the European category (personal data) is, therefore, more inclusive.

Here’s the bottom line: don’t assume that if you’re PII compliant that you’re automatically GDPR compliant. You need to do more for the latter.

Defining Terms

If you’re asking the question “what is PII under GDPR?” there’s a good chance you know some of the lingo already, but it’s worth reviewing.

Personally Identifiable Information (PII)

This term refers to any number of pieces of information that a company might store that can be used to identify individuals. Bad actors who accumulate enough PII on an individual may be able to compromise the individual’s accounts or even steal the individual’s identity. Examples of PII include (but aren’t limited to) driver’s license numbers, social security numbers, full names, physical addresses, and credit card numbers.

Remember, this is an American term, not a global one.

Non-Personally Identifiable Information (non-PII)

Non-PII is what’s left that’s not PII, in the American way of viewing things. This is the kind of information that can be used in aggregate forms. It’s useful data, but it can’t be used to identify individuals on its own. Examples include IP addresses, device IDs, and cookies left behind on devices while browsing the web.

Personal Data

Personal data is the EU equivalent of PII. It’s the information that businesses store on customers that could be used to identify those customers. The important difference here is the breadth of the definition.

GDPR concludes that even non-PII can be personal data. Cookies and IP addresses, for example, can be used in conjunction with PII to help reconstruct a person’s identity. For this reason, even these forms of information are considered personal data and are protected under GDPR.

The ruling that even cookies can be considered personal data is why you’ve started seeing cookie warning messages all over the internet. Those companies are seeking to comply with GDPR by receiving permission from all visitors to use cookies.

Best Practices for Businesses

Given the changing landscape of privacy regulations, businesses must adapt and stay compliant. Here are a few best practices for complying with GDPR.

Survey What Data You Collect

The first step toward compliance is to know what your business is collecting. Conduct a comprehensive survey of the data that you collect and store through your site.

Keep Only What You Need

Second, ask the hard questions about what personal data your business truly needs. If it’s not providing real value, dump it.

Get Permission to Keep It

Whatever you decide is essential, ask permission to keep it. That’s what the cookie notices are doing, and you need to do the same.

Conclusion

Data privacy regulations are complex. You might not want to go it alone. If not, we’re here to help. Contact us today!

The career-centered social media network LinkedIn is the latest victim of phishing efforts on the part of cybercriminals—demonstrating that no organization, no matter how big, is immune to such threats. The phishing attacks are tailored to what LinkedIn users are most likely to be interested in and seek to obtain valuable information from victims. What makes these attacks most concerning from a business perspective is that many LinkedIn users are logging in with their corporate email accounts. When the cybercriminals succeed in getting the information they want, they can gain access to the information of not just the immediate victim, but the organization they work for as well.

Cybercriminals Targeting LinkedIn Users

According to the Security Awareness Training company KnowBe4, a new wave of cybercrime is hitting the LinkedIn community to gain valuable corporate information. Cybercriminals are attempting to get employees to fall for phishing emails—emails that encourage recipients to click a link that leads to a request for confidential information.

The phishing emails are designed to appeal to the personal interests of the recipients, a common tactic with phishing attacks. The goal is to excite the recipient enough that they forget to be cautious. According to KnowBe4, the most popular type of phishing email is one that has LinkedIn in the subject line. Messages from LinkedIn are opened around 50% of the time, so it makes sense for the cybercriminals to use what is most likely to work. They know that around one in two users will open an email that appears to be from LinkedIn, so they tailor their phishing emails accordingly.

Particular Concern for Those with Business Responsibilities

When a phishing attack succeeds against an average person, their personal information and financial information is at risk. But when a phishing attack succeeds against someone who has responsibilities at a business, and therefore security access to protected information of the business, it can lead to damage that harms the business and all of its employees. No one deserves to be the victim of a phishing attack, but there are individuals who, if compromised, can deliver information that will harm more than just one person.

It is predictable that the ones that cybercriminals want most to fall for their LinkedIn phishing attacks are those with higher security clearance in businesses. They know that they could strike a gold mine if they get the right person, with the right information, to fall for one of their phishing emails. That is why they are so devious in the way that they construct their traps. They look closely at the areas of interest of their targets to ensure that they have the highest chance of success.

Areas Where Cybercriminals Focus on LinkedIn

Not just any phishing email will lead to a click from the reader. To get the desired result, cybercriminals must create the kind of emails that recipients are most likely to fall for. KnowBe4 actually conducted tests on LinkedIn to determine which types of emails recipients would click the most often. As mentioned earlier, the most successful phishing emails included LinkedIn in the subject line of the email. According to an article from ChannelFutures, once the recipient looked at the email, they were most likely to click on emails that had the following in the subject line:

• Profile Views
• New InMail Message
• Join my network
• Add me to your network

It makes sense that these subjects would attract the most clicks. They all indicate an interest in the recipient, specifically the kind of interest that could lead to an excellent networking opportunity. A desired employer or contact might have looked at their profile or sent them a message. Even better, they might have requested that the recipient become part of their network, or that the recipient allow them to become part of their network. All four subjects target those who are using LinkedIn to further their careers, which explains why they were so successful.

What Can LinkedIn and Users do to Fight the Problem?

For LinkedIn, the risk of phishing scams and cybercrime is and has always been present. As the company has grown, they have been well aware of the dangers that cybercrime poses to their business and their users. That is why, as with all other major social media platforms, LinkedIn has a dedicated team to identify cybercrime on their platform and to do what they can to fight it. However, there is a limit to what LinkedIn’s dedicated security team can accomplish on their own. Once a platform has millions of users, there will always be criminals who can slip through the cracks. LinkedIn will not be defeated by cybercriminals as a platform. However, the platform’s users do need to be aware of the risks they face.

For businesses, it is best to avoid relying on LinkedIn to keep them and their employees totally secure. Companies have to accept that from time to time, their employees will be targeted by cybercriminals. That is why employee awareness training is so necessary. Businesses must train employees to be aware of the risks of cybercrime, including phishing emails. If you are worried about your employees falling for a phishing scam, consider training them in the red flags of social engineering.

To learn more about cybercrime risks and how to avoid them, please contact our IT services team. We can help you protect your employees and your business.