by Felicien | Apr 30, 2019 | Education
Evaluating information technology can be a challenging aspect of the CFO role. Your organization is likely inundated with requests for new IT features, and understanding the true value of many of them requires technical knowledge you may not have. The spending possibilities are nearly endless, and many CFOs have reason to be cautious. Perhaps you’ve been burned in the past, too, convinced by your CIO to sign off an expensive software package that failed to deliver.
In this arena, there are competing fears. You want to avoid spending money on IT solutions that don’t ultimately deliver the promised benefit or that cause unneeded disruption. You also can’t afford to reject an IT request that would have given you a competitive advantage (or worse, one that allows your competitor to gain the upper hand).
Evaluating IT is a tricky business. Here’s our CFO’s guide to evaluating information technology.
Communication Is Key
Communication from the CIO or the tech team is one of the big pain points CFOs face. There are a few reasons for this.
Apples and Oranges
The first communication difficulty is one of dialect. It feels like the IT folks are speaking a completely different language than the finance folks. To a certain degree, they probably are. Your IT group is focused on enabling the company to do more through technology and on increasing your business’s capabilities. Your group spends its time considering the financial aspects of the business. There can be inherent tension there.
Unhealthy Shortsightedness
In some businesses, it’s even worse. In unhealthy businesses, the CIO and IT team pursue technology innovations that don’t truly align with the company’s needs. They lobby to purchase software that adds capability you don’t need and solves problems you don’t have. Similarly, the CFO and the finance team in an unhealthy organization can fail to see the value of a spend or defer a purchase long enough that a competitor gains an advantage.
Either side of the equation—IT or finance—can become too narrowly focused on its own objectives. When this happens, the company loses out.
Finding Common Ground
CFOs and CIOs need to find common ground, a shared language that focuses both on the ultimate goal: making the company succeed. Ask bigger questions. Which of the company’s (not the department’s) goals will this IT spend help achieve? Is there a less expensive alternative that will still meet the company’s goals? What metrics will we gain by implementing this solution, and how will those benefit the company? Are there any metrics that can show how the proposed investment will improve a process? If those metrics show that an investment is failing to deliver, can we get out of the contract?
Questions like these are all rooted in a “what’s best for the company” mentality. Find a common language using questions like these, and avoid conversations that only benefit finance or IT.
Establish a Clear Approval Structure
The likelihood of conflict between the CFO and CIO increases greatly in organizations without a clear approval structure. To determine whether that’s your organization, mentally answer the following questions.
Do you (or your reports) approve every IT spend?
If not, who else can approve?
What criteria determine which requests require CFO approval? Dollar amount? Subscription/lease entanglements? What else?
Is there an established, documented appeal process when you deny an IT spend?
Depending on the size of your organization it may not be sensible for the CFO to approve every spend. Individual projects may have their own needs and budgets. If that’s the case, a clear approval structure is still crucial. Who on the team can make purchasing decisions? What criteria kick the decision up to a higher level?
In the end, to have a clear approval structure your business needs both a clear vision and strong, clear communication between the finance and tech teams and their leaders.
Visualize your Strengths and Vulnerabilities
Another central problem with evaluating information technologies is prioritization. Everyone wants a piece of the budgetary pie, and it’s your job to allocate it. You need a way to determine where your priorities ought to lie. This is challenging in complex organizations due to the number of requests and the varied nature of those requests.
Creating a visualization of your IT strengths and weaknesses can help you plan and prioritize. What can IT presently do for you? What are the known vulnerabilities? What systems or programs are on their way toward obsolescence? What functions or abilities does the organization view as needful but doesn’t have currently? Are there information technology solutions for those functions or abilities?
Mapping out your strengths and weaknesses gives you a clearer picture of which moves are strategic.
Conclusion
That’s it for our quick CFO’s guide on how to evaluate IT spends. If you want to learn more on this topic, or for assistance with a wide range of IT-related questions, contact us today.
by Felicien | Apr 30, 2019 | Education
For several years now, sporadic attacks that interrupt major networks’ daily programming have been occurring around the world as hackers try to break in and succeed at their digital violence.
In April 2019, the victim was The Weather Channel. The network found itself having to broadcast pre-recorded material while an internal plan to regain channel access was quickly developed and put into place. Because this happened during some peak air morning air time—between 6 A.M. and 7:40 A.M. EDT—a significant number of viewers were affected. Aside from money the network needed to spend on emergency tech measures to get their channel back and rebuild it to a more secure form for the future, this event must have cost them reputation points as it likely didn’t sit well with advertisers.
While the network publicly announced that malware was at play in the attack, there has been speculation about whether this was the result of ransomware. With ransomware, the disruptive effects of malicious software persist until a specified amount of money has been paid. And although the malware attack itself may seem senseless, this stands as a good opportunity for your business to take some precautions to protect itself.
Back-up your machines and networks. Having multiple layers of back-ups in place—both locally as well as in the cloud—can help easily restore your systems should a ransomware attack strike. Part of this also includes making sure you set back-ups to happen regularly; this ensures that you have fixed and reasonably recent recovery points to draw upon in the event of an emergency.
Break up network access by different machines and user groups. Odds are that very few users if any need to have access to everything in the business; why leave full access open to anyone? They’d be a source of major vulnerability since, should a hacker gain access to their account, everything would be up-for-grabs. Leveraging the limited access of specific user groups or permissions helps contain an attack should one arise, and prevent damage from spreading business-wide. You and anyone on your team might be the exception to this in that you all need total access to be possible somehow. Fortunately, you can always construct a solution, such as several different administrative users with limited permissions, to give you the tools you need for your job while still maintaining high security.
Train employees and enforce best practices. Make sure that everyone working at your business understands what steps they can take to protect their computers from hackers as well as how some of the most common types of threats work. Empower your people to set up strong passwords and to know when to trust an attachment or link. Make sure they follow through on some of these precautions by requiring them to take measures such as setting up multi-factor authentication on their accounts. Don’t let weak security be a possibility!
Install software to secure your machines and scan for attacks—and make sure you keep it up-to-date. First off, you want to try to make sure your machines and networks are fortified against attacks. Use a well-constructed firewall as a central part of your protection plan. But don’t rely entirely on a strong structure to protect your business, particularly given how rapidly tech evolves. Make sure you have systems in place that anticipate vulnerabilities and keep an eye out for attacks. Some businesses even opt for honeypots, which are like dummy vulnerabilities to bait potential attackers and keep a digital weathervane in place to tell if hackers are likely to try something. Regularly update these scanning tools to ensure they are up-to-speed with the latest hacker trends and potential aggressors.
Malware attacks cost businesses large amounts of money, accounting for as much as about one-third of global cyber attack costs in recent years. In fact, cybercrime in the United States is estimated to cost enterprise companies an average of $27.4 million per year, a number that is only continuing to climb over time. If you’ve been fortunate enough to not experience any recent spikes in malware attack attempts, don’t let that lull your business into a false sense of security. After all, 85% of companies polled had experienced a social engineering or phishing attack in the past year, while 75% had at least one web-based attack. Regardless of your company’s size, remaining vigilant for possible threats and attacks is important to ensure that daily business operations can continue to flow as usual, uninterrupted and uncompromised.
by Felicien | Apr 29, 2019 | Education
As your business operations evolve and expand, you’ll likely reach a critical point in your company’s growth where the tasks required will outnumber the staff you have available. Deciding to outsource work might be a difficult decision, partly because of budgeting and partly because onboarding new parties to your business’ processes is daunting—especially if you’re already stretched too thin. But as CEOs recently interviewed by McKinsey pointed out, “If you don’t [prioritize], you’ll sit in your office all day, read lots of reports, and end up being completely confused.”
In such situations, many CEOs choose to work with a managed service provider (MSP). Particularly for IT services, a managed provider can be a highly sensible solution.
What is a managed service provider?
A managed service provider, or MSP, is a company that remotely handles a specific set of processes for another company. At the center of this working relationship is the contract set between the two companies, which tends to be very strictly enforced to map out exactly what services the MSP will provide.
Why should my business hire a managed service provider?
Hiring an MSP translates into having a specialized agency handling your networks and users, in a way that not only aligns with your company’s processes but also optimizes security, efficiency, and industry best practices. As part of this, there are four key benefits to hiring an MSP as opposed to hiring employees to manage these tasks:
A managed service provider can do a better quality job. An MSP is dedicated to handling the processes it offers. It carries out its specialized offerings repeatedly and consistently for its clients. Its people are well-trained, highly skilled, and experienced at delivering the specific services outlined in its contracts because those tasks are at the core of its operation. An MSP has to invest in the best tools and processes in order to remain competitive, and so it is intrinsically driven to streamline its efforts in order to protect its bottom line. With such a strong focus and so many reasons to push for excellence, an MSP can sustainably deliver its services, stay on top of industry trends, and build sharp solutions that anticipate any potential issues and get ahead of them, all as part of its ongoing services—without requiring any additional input or cost from you.
A managed service provider guarantees their work. If an employee’s work is inadequate—so, for example, if your IT person fails to deliver a secure solution and your network is compromised—your main form of recourse is to fire them. That doesn’t bring you closer to completing the work you need, and it doesn’t account for any of the resources you lost as a result; any next steps you take will involve spending more in order to address the problem, and then to prevent it from reoccurring in the future. Given IT’s security implications, it’s also critical that whoever is handling it for you minimizes risks and addresses vulnerabilities long before anything can go wrong. As CEO of McAfee Chris Young reminds us: “… From the earliest stages of product design, to selecting vendor partners to writing job descriptions — security needs to be top of mind for every critical decision, every new process, every rule.”In some industries such as health, legal, and finance, there are additional considerations such as confidentiality and government regulations for which your business is ultimately liable. Not only are managed service providers up-to-date on emerging threats and the latest regulation, but they guarantee their services. This delivers higher quality results to you and also protects your investment—and your business—when purchasing their services.
A managed service provide can save your business money. The typical MSP pricing structure involves an upfront fee and then an ongoing monthly retainer for recurring tasks. Here’s what you don’t have to pay for: recruiting and onboarding costs to hire dedicated personnel; technology and tools for these new employees; training and continuing education to make sure they stay up-to-date on industry developments; overtime costs that result from these employees having to juggle their regular duties with troubleshooting; and more. It’s not just money that you’re saving. Your team already doesn’t have the time to address the concerns for which you’re trying to hire or outsource; don’t replace one problem (managing IT) with another (managing those who manage your IT).
A managed service provider is always there. What happens if the employee you hired calls in sick, or if your internal IT team finds itself short-staffed for any measure of time? Something will have to get dropped as your people scramble to fill the gaps and keep critical processes going. Contrast this situation with having an MSP, which is built to accommodate fluctuations of internal team availability. The staffing at MSPs is built to overlap capabilities, and both internal documentation and communications protocols are constructed for maximum flexibility and accountability. This keeps your IT processes flowing, uninterrupted.
This is a high-level survey of ways in which MSPs commonly help businesses. Your specific industry, niche, and offering will likely benefit in additional ways that are not addressed here, and that are also affected by the specific options you choose from your MSP.
by Felicien | Apr 29, 2019 | Education
The Power to Conference & Collaborate Better Can Be Yours
Microsoft has just announced the June 2019 release of its Surface Hub 2, a tool for conferencing and collaboration among teams. This is the Surface Hub’s successor, and it boasts improvements to the responsiveness of its active touch screens, snazzy 4K displays for crystal clear display capabilities, a battery pack option for smoother conference mobility, and streamlined integration with both Teams and Office.
Do you need to spring for this device? What considerations do you need to keep in mind as you build out your business’ conferencing capabilities? What tools do your employees need to do their jobs well, and what features are your clients going to respond to the most favorably?
What sorts of collaborative needs do your teams have? Depending on the type of work being performed, this can range. Perhaps you need to have streaming media transmitted smoothly, or the ability for multiple parties to directly mark-up input on a particular object. Maybe you need this primarily for sales, and so crisp screenshares and crystal-clear camera video and audio are vital for customer conversion. Gaining clarity on these values upfront will allow you to make the right decision regarding which tool to purchase.
How well does the conferencing tool integrate with your existing computer and security infrastructure? One key aspect of this is to make sure that both your firewall as well as your primary operating system are compatible with your conferencing solution. Failure to research this in advance most commonly results in being unable to use many of the advanced features of the purchased solution.
How much support do you anticipate needing for your team? Errors and glitches will always arise in software and hardware alike. Your employees need to be well-supported in resolving any issues that come up. Do you have a dedicated internal IT team that can assist with this, or do you need to have support on-hand from the solution’s manufacturer? If you have global teams using this platform, consider factoring in the availability of support for them—in their languages and/or time zones—as well.
Do you need to purchase additional hardware, or can a software solution suffice? Particularly if your employees are using laptops to get their work done, they likely already have cameras built-in to what they use. Combined with network connectivity, they have the raw potential to conference already. All that is needed is to select a video conferencing platform. Larger teams utilizing conference rooms and more elaborate computing set-ups may benefit from outfitting their spaces with new conferencing hardware.
What specific features do you need from your conferencing platform? Consider the size of the meetings your business usually holds and how many seats you need to have available when people convene. Do you need to be able to record these meetings? What sort of invite and even follow-up capabilities do you want? What integrations do you need—for example, do you need to be able to use Salesforce to account for contacts, or integrate with Office?
Although Microsoft is a leader in computing solutions, they are not the only players available on the market offering up collaborative conferencing tools. Careful consideration of your business’ needs combined with research into the different hardware and software options that are available are critical steps toward making sure you get the most out of whatever platform you choose.
by Felicien | Apr 29, 2019 | Education
Cybercriminals have started 2019 off by stealing more than 1.7 billion records. They look for data that is profitable in some way, whether they sell it directly or use it as part of another attack. A successful intrusion attempt comes from various factors, such as an employee downloading a malicious file or the business failing to follow IT security best practices. Here are 10 ways that hackers find a way to get into business networks
Tricking Employees into Opening Malicious Files
Phishing accounts for 91 percent of successful network intrusions. Employees see an email that looks authentic. The hacker makes it appear like it comes from someone in leadership, an external partner or another significant entity in the organization. The email has a file attached or a link included in the body of the email. If the employee opens the file, it loads malware onto that system or directly to the network. The phishing emails with links work by taking the user to a fake login page or another screen that requests username and password information. The hacker uses this to get into sensitive systems. The URL could also lead directly to malware.
Visiting Unsafe Websites
You can block suspicious websites and downloads for equipment that connects through your business network, but if someone uses a personal device, they don’t have the same level of protection. The next time they get on the network with the compromised device, the malware has a way to get on your systems and spread throughout your organization.
Lack of Control Over Personal Devices
If your company doesn’t have “Bring Your Own Device” policies in place, then you could end up with unapproved personal devices using your resources. IT doesn’t have any oversight on these unauthorized devices, so they represent a significant threat.
Lack of Cyber Security Awareness
IT security measures can only accomplish so much. Cybercriminals know that organizations have people of varying technical proficiencies. When an end user doesn’t have sufficient cybersecurity awareness, they fall victim to phishing and other attacks. Employees need to understand the steps they can take to protect against hackers, and get the training to learn about IT security best practices.
Poor Password Management
Employees may have weak passwords for their work accounts. In some cases, they may opt for no passwords. Data breaches at other companies could expose common username and password combinations that end up being in place at your business. Password cracking software makes figuring out this information trivial.
Insufficient Backups
Data backups are critical to helping your business recover from a cyber attack or another disaster. If the backup solution doesn’t work correctly or it fails at creating a complete backup, you could face losing months or years of work. The financial loss would be enormous and puts you in a situation that’s difficult to recover from.
Failure to Proactively Monitor and Maintain Infrastructure
Hackers look for vulnerabilities in your network that would allow them to launch a successful attack. If you don’t have IT security professionals monitoring your infrastructure and keeping hardware and software up to date, then you’re creating an environment that’s ripe for a data breach.
Lack of Cyber Security Measures
A failure to follow IT security best practices can lead to a workplace that doesn’t have enough cybersecurity measures in place. Some companies may be misinformed that all they need is perimeter defense to keep hackers out. You may be vulnerable to an intentional or unintentional breach by an internal actor, or be unable to defend against a sophisticated attack.
Unprotected Wireless Networks
Public wireless networks may be convenient for employees, but anyone within range can connect to them. A hacker can intercept the data traveling on the public Wi-Fi and use that information to get into company resources.
Sophisticated Social Engineering Efforts
Some hackers have attacks that involve a lot of social engineering. They may be trying to get into the financial accounts of upper management or accounting, or they could want to access trade secrets and insider information. They act like they’re an authorized person with a legitimate need to have the data or access that they’re requesting. Cybercriminals can be very convincing, especially when they have well-funded operations. If your company has a lot of turnover, or departments that don’t interact with each other, it’s difficult for employees to keep track of who actually works there.
Lack of Physical Access Control
One area that gets overlooked in a cybersecurity strategy is physical access control to data centers and other rooms that contain servers with sensitive data. A hacker could download that data directly from your systems or take the opportunity to load malware onto your infrastructure. If employees write down their account information and post it on their workstations, the hacker could save this information for later use.
Hackers have many ways to break into your business infrastructure and compromise your systems. Intrusions can lead to long-term consequences, such as major financial losses and damage to your reputation. Protecting against these common attack methods puts your company in a better position to limit your cybersecurity risk.
