Blog | Smeester & Associates :: Denver, Colorado USA Denver Cyber Security Engineering :: Smeester & Associates

Six Major IT Functions You Cannot Do Without and Must Perform At Optimal Level

Your body is amazing.

It is comprised of six major systems in which all functions interact with each other. Not one survives without the other. Remove one from your body? You die.

(Just in case you were wondering: Skeletal, Muscular, Nervous, Digestive, Respiratory and Circulatory).

IT management also consists of six major functions that interact with each other. Failure to develop and maintain health in these, and you invite serious dysfunction; weak in one weakens all.

Communication

How does your IT leader communicate with peers and executives?

How do you coordinate when IT cannot make a decision alone?

How does IT partner with senior managers in strategic development and complementary focal points?

How does the Board understand IT issues and what must they know to make appropriate decisions?

People

How do you ensure that you hire, develop and retain the best talent?

How do you manage the gap of knowledge between managers and tech specialists?

How do you navigate leadership of highly smart and variously motivated employees?

How do you know what your talented people can or cannot do?

Cost and Accounting

How do you get the right people in decisions and safeguard what is in the interest of the company and not just a particular department?

What determines value for IT and where to invest for maximum return?

How do you know what projects to invest in and what determines there priority?

Project

When do you know to expand the scope of a project or not?

How will you budget while allowing for uncertainty in project time and cost?

What budget considerations do you make for the need to learn during the course of a project?

What is the chain of communication for when problems arise?

Partner and Services

What is essential in the agreements you structure with outside partners and vendors?

What is the selection process?

How do you know what must stay within the company’s walls and what need not be?

Who will we use for outside eyes?

Infrastructure

How much do you invest in maintenance versus new capabilities, and how do you know when new is needed?

What is your Business Continuity and Disaster Recovery Plan?

How much will you invest in redundancy?

How do you identify emerging threats and opportunities?

How does emerging technology integrate into your strategic plans?

In coming weeks, I will address each of these. But a major takeaway for today is, every company needs to bring in outside eyes to evaluate each of these functions: We don’t ignore our body’s systems, and we don’t ignore our company’s IT systems. The last thing you want is an IT emergency that could have been avoided.

See if IT is about to become a career killer.

Take our 2 minute, anonymous C-level IT Quiz to see where you rate as a steward of your IT people / department:

► Security
► Strategy

► Performance
► Profitability

► Business continuity
► Resources

Go here to take a 2 minute completely anonymous C-level IT Quiz:
https://smeester.com/c-level-it-quiz/

The Dirty Dozen: What every Disaster Recovery Plan must have in place.

Last week, I wrote “Disaster Recovery is about the information or technology systems that support business functions. It is a component of Business Continuity (BC), which plans to keep all aspects of business functioning during disruptive events.” We also learned together the critical need for DR.

But what really needs to be in the plan? Twelve questions begging to be answered:

1. What are the potential interruptions?

The key is to list all the ways in which business function could lose support, prioritize the likeliest, and address each with a plan. Today, cyber-attack is an increasing threat, and should be in the top of your list.

2. What are all the possible impacts?

A Business Impact Analysis (BIA) evaluates financial, safety, legal and public relations effects, and addresses to ensure the maintenance of confidentiality, integrity and availability.

3. Who calls for the DR to be enacted, and who is called when it is enacted?

A DR Plan spells out expectations of the roles and responsibilities for C-Suite Executives and the employee chain in the event of disruption. The chain of communication must be established as to who calls for DR enactment, and then who is called: What employees must come in and how they are to be contacted, with all contact information at hand.

4. Who updates the DR Plan?

Technology change, systems change and application changes, which are frequent, may all affect the effectiveness of the DR Plan. Who communicates the updates? Who adjusts the DR Plan and communicates the changes?

5. How often will you test the DR Plan and run drills?

Data breaches happen. It’s rare that a job will be lost over it, or a company’s reputation hurt over it. The damage is done on how well the company responded to it. Failure to respond properly leads to loss of employment and reputation. The only way to respond professionally is to have an exhaustive plan and to ensure that it works!

6. Who is responsible for hardware and software inventory?

Make sure the vendor technical support, contract and contact information is readily accessible in the event of a disruption.

7. What is your Recovery Point Objective (RPO) and your Recovery Time Objective (RTO)?

RPO is the maximum period in which data might be lost from an IT service. It answers the question, “How much time can we tolerate having to recover or rewrite lost content?” That determines your backup frequency. RTO addresses the target time to recover IT and business activity.

Prioritize plans based on what needs immediate recovery, what is acceptable to be recovered within a business day and what can be recovered within a few days.

8. What is your communication plan?

In the event of a disruption, Who needs to know What by When and by Whom? This also includes a statement prepared that will be accessible on your public platforms, and a plan on how and when customers receive initial communications and updates.

9. Where do you go if you can’t go to the office (or usual place of business)?

The DR Plan should address alternative worksite options, including telecommuting. Employees will need to know how to access systems from the alternative sites, and IT will need to ensure that compliance requirements are being observed.

10. Are all your vendors and contractors prepared to help?

The DR Plan must ensure that Service Level Agreements are in place, addressing how vendors and contractors are to help and the timeliness by which they are committed to respond.

11. Do you have operations and procedures in place to protect and access sensitive information?

12. Who is in Second Chair?

If a key employee is not available during a disruption, who knows what they do in order to perform their responsibilities in a crisis?

I hope you never have to enact your DR Plan. But I am available to make sure you have addressed all the key components for your business, and that you not only have a plan, but that it works and that you know how to use it.

What other questions do you have about DR Plans that I can help you with? Please comment below so that others can learn with you.

See if IT is about to become a career killer.

Take our 2 minute, anonymous C-level IT Quiz to see where you rate as a steward of your IT people / department:

► Security
► Strategy

► Performance
► Profitability

► Business continuity
► Resources

Go here to take a 2 minute completely anonymous C-level IT Quiz:
https://smeester.com/c-level-it-quiz/

Why The Odds Are Against You In Disaster Recovery

Let’s walk down a neighborhood, but it’s not your typical neighborhood. Instead of houses, it’s lined with businesses much like your own. Let’s put yours in the middle, and you have businesses down either side of you, ten total.

One bright morning, you wake up, throw on a robe, and step outside to drink coffee on your front porch. You can know that on any morning:

  • 4 of the 10 small businesses on your street will have suffered a cyber attack.
  • 6 of the 10 businesses that suffer a cyber attack will be out of business within six months. Your street will have six empty lots where once there was a structure (like a bomb went off or a tornado swept through).
  • 9 of the 10 employ different backup and recovery tools. 7 of those 9 will have overlapping capabilities, and of those 7, 6 will experience problems because they use a variety of tools requiring different learning systems and added costs.
  • The 5 businesses to your right and the 4 to your left experienced a major outage in the last 24 months (do you feel the walls closing in).
  • Your neighbor to the right is the only one who said they could respond and recover from a similar disaster within two hours.

Welcome to the neighborhood of Disaster Recovery (DR).

Disaster Recovery is about the information or technology systems that support business functions. It is a component of Business Continuity (BC), which plans to keep all aspects of business functioning during disruptive events.

7 of your neighbors experienced downtime due to human error or hardware failure or power outage. It took them between one to nine hours to recover, at costs ranging up to $700,000.00 per hour. Most of your neighbors, say the four on your right and the three on your left, spent one million dollars each to restore their business to normal.

It’s only a matter of time before one of your neighbors steps out for her morning coffee, and you are the statistic.

As a matter of fact, 7 of your 10 C-Suite Executive neighbors said they are very prepared for Disaster Recovery. But not even 5 of their IT leads agree. You have some domestic disputes in your neighborhood.

Plus, some of your neighbors are being stingy: Not even 5 of them allocate budget for risk-mitigation.

What’s happening in your neighborhood? Fear is rampant. Your neighbors distrust new technology. Ignorance browns the yards; the guys next door lack the expertise to build and test a plan. Money fell from the trees and has been raked away into other expenditures, leaving little behind for essential protection.

The 5 businesses to your right and the 4 to your left experienced a major outage in the last 24 months.

3 of your neighbors have no Disaster Recovery plan in place. If it was a house, it would be uninsured. All three of those neighbors will fail if their business is seriously disrupted.

If you called a meeting of your neighbors, you would discover that if they have a plan, it is likely incorrect. If their plan was a garage, and you opened the door, you would find unnecessary technology overwhelming the space. Only one of the business on the block tests their plan monthly (that would be you, right?) Three of your neighbors will make the effort to test it two or three times a year. The guy right next door: He never tests his plan.

Your neighborhood needs a better watch program. Not only are you vulnerable to intruders, regulators will be up in arms over the insufficient information management they will find.

Some of your neighbors have listened. Over two of you use the cloud as a DR strategy, which is an increase of 10% in the last four years. One of you is using Disaster Recovery as a Service.

What should you do?

I will address more of these issues in upcoming articles, but no matter how much you read, you need outside eyes to ensure your maximum protection. It is my pleasure to help so that you feel safe at home.

3 of your neighbors have no Disaster Recovery plan in place. Are you your neighbor? Do you know or not know?

See if IT is about to become a career killer.

Take our 2 minute, anonymous C-level IT Quiz to see where you rate as a steward of your IT people / department:

► Security
► Strategy

► Performance
► Profitability

► Business continuity
► Resources

Go here to take a 2 minute completely anonymous C-level IT Quiz:
https://smeester.com/c-level-it-quiz/

5 Qualities of Meetings Geeks Thrive In and Your Company Benefits From

Thomas Sowell said, “People who enjoy meetings should not be in charge of anything.” I laugh, because I get it. Like you, I’ve been the victim of life-sucking meetings. Remember the scene in the original Star Wars movie where the walls are closing in on Solo and Luke, being crushed a near certainty – meetings have been like that. Yet, I disagree with Sowell.

The contrast is given by Patrick Lencioni, “The majority of meetings should be discussion that lead to decisions.” I like progress and goals reached. So do Geeks (I am one).

Over the years, I have found 5 components of meetings that bring out the best in your Geeks.

1. Common Ground and Honor

Cross-functional meetings bring out the best in Geeks for your company. With key areas of a company represented, Geeks are able to get a comprehensive picture of whatis happening in the company and how they affect it. Even more, Geeks are natural problem-solvers, and once they understand what other functions are trying to accomplish, they often bring a perspective no one else has.

2. Solution-Oriented

Geeks often bring a perspective no one else has…

Always open a meeting by clearly stating the problem. This is different than a clearly stated purpose. Old school held meetings with a purpose that might be “for each division to understand what the other is doing.” Though that might comprise a part of the meeting, it is not compelling. A clearly stated problem may be, “How do we reduce cost overruns across the board by increasing efficiency in each department?” That leads to discussion that both inform what departments are doing and will have a technological solution to it.

Once a problem is clearly stated, get to it. Geeks don’t need a lot of preamble.

3. Ride the tangents into “what if” conversations

If we believe that an efficient meeting is free of tangents, we overlook the value of spontaneous creativity. Though tangents still need to be managed, seemingly off-point discussions can lead to valuable input. Geeks, especially, know how to process vast amounts of input and connect dots that are seemingly unrelated.

When you next observe a tangent conversation, watch to see if your Geeks are mentally processing what they are hearing, and feel free to ask them what their thoughts are “on what you are hearing or on the problem we proposed.”

4. Encourage thought-out opinions.

Geeks, especially, know how to process vast amounts of input and connect dots that are seemingly unrelated…

Meetings become lively when a thesis is put forward and challenge is invited. Antithesis leads to synthesis. Geeks value what is right, and mental challenge is the venue in which right applications are discovered and made.

The contrast, of course, is a poorly constructed opinion. “What do you think” is a poor question. “Who has given this some thought” is a better question. Geeks have little tolerance for opinions without basis; too much of their work depends on embarking on the right trail in the first place.

5. Truthful and Impactful

Geeks are truthful and seek to be impactful. Meetings must embody both: Facts and honest insight given; opportunity to make a difference real. Geeks are already used to collaboration. Geeks have tribes, and tribes interact, because each is dependent on the other. If they walk into a cross-functional meeting that isn’t after truth and impact, they will judge the rest of the company to be illusive and want nothing more than to stick within their tribal practices that actually gets things done.

Comedian Dave Barry said, “If you had to identify in one word, the reason the human race has not achieved, and never will achieve, its full potential, that word would be ‘meetings.’”

You have an opportunity to turn that quote on its head: The reason your company will achieve full potential is that you learned how to bring all the part into a whole, meetings being the engine that drives the cohesion.

Are you a C-level IT CHUMP or CHAMP?

Take our 2 minute, anonymous C-level IT Quiz to see where you rate as a steward of your IT people / department:

► Security
► Strategy

► Performance
► Profitability

► Business continuity
► Resources

Go here to take a 2 minute completely anonymous C-level IT Quiz:
https://smeester.com/c-level-it-quiz/

How To Lead Geeks The Way Geeks Want To Be Led

In 1964, Supreme Court Justice Potter Stewart issued one of the most heralded quotes in Court history, when he stated he would not attempt to further define obscenity, and said, “But I know it when I see it.”

I feel that way about defining Geeks. Definitions vary and stereotypes abound: smart, egocentric, socially awkward, victim prone, strong-headed – basically the TV show Big Bang Theory.

People feel as if they cannot define a Geek (and how they are different from a Nerd), but we know them when we see them. Or do we?

Before I share some traits to keep in mind, and best practices for managing Geeks, we must remember a vital aspect of the Geek tribe: they are people, which means they share the same common personality traits as those outside their tribe. Whatever personality test you prefer, they score on them too. Geeks aren’t like vampires who cannot be photographed; they fall into the same certain psychological snapshots as any. However, they often function differently than other smart, creative, ego-driven people and professions. I would know, because I am one. Here are some things to keep in mind.

I’m a Geek, not a freak

  1. Geeks are logical. Analytical thinkers thrive on knowledge. The upside is that they are motivated by problem solving, and the technology and toys that leverage their abilities. Yes, they want money as every other employee, but they are driven to solve stuff. The downside is that Geeks will use knowledge as a defense mechanism. In order to prove their worth, they will often give more detail than is needed; in order to assert themselves, they will use acronyms or technical language to gain neglected attention or ward off premature inspection.
  2. Geeks value respect. The respect they value is directly tied to their work. They will organize around the knowledge that advances their project. “Right” is a premium, because it saves time, energy and money. Wrong is evil, a chaos monster that creates messes Geeks need to fix. Geeks did not come through educational processes that trained much on dealing with people. As a result, they are often seen as candid to a fault, because they quickly assess if someone they are dealing with is helpful or harmful toward the solution they seek. As well, Geeks appreciate recognition, but are not the credit-hounds they are often made out to be. The exception is if credit is given to someone who is actually detrimental to the process. Then Geeks arise, not out of protest so much as protection to the integrity of what is “right,” effective and efficient.
  3. Geeks do communicate. But, Geeks prefer forms of communication that allow them to focus rather than suffer disruption. Phone calls, meetings and drop-in visits are curses on their work-flow. Because focus is so important, it’s also why Geeks, more than other professional tribes, do better with flexible schedules that honor their creative flow, and do better with devices. Whereas devices for others can be a distraction, devices for Geeks are friends and stimulants. Geeks have a way of being quick to say “no.” Requests can be judged as threats to their focus and current project. But give them time; the challenge to problem solve often means they will come back to you with a solution.

How Not To Be Weak With a Geek

  1. Encourage collaboration. Besides the fact that good code and stable networks require collaboration, Geeks more than others self-organize, self-assess and self-correct. Geeks require ideas of knowledgeable others.
  2. Bring Geeks to the larger, round table. Geeks love knowledge, which means they are interested in understanding more of the business. That understanding serves their problem-solving away from the table. Plus, every decision made that affects IT is a technical decision, inseparable from business decisions. So it pays to have IT knowledge in on decision-making.
  3. Bring in outside eyes. The IT team knows that the executive who depends on expert advice from the IT leader doesn’t know if he is getting it. And if there is a gulf between the leader and his team, morale and best solutions will erode. Your IT personnel want a skilled leader with technical competence. They need the sounding board.
  4. Train. Your IT team doesn’t want to be told to figure it out. The knowledge of the field is so expansive and changing, that months, not years, is the difference between effective or irrelevant. Do train on people-skills, but especially against the backdrop of the larger mission. Dealing with people is “problem-solving.”
  5. Ask. No IT person wants to rehearse Tech 101 with every employee. But they do expect their leaders to want to be informed, and they are usually more than happy to demonstrate their knowledge. Get deep into questions and encourage them to define their terms. They don’t expect you to keep up with them, but they do want you to understand what you need to know (especially what you need to know to further their work and not hinder it).
  6. No matter your review process, make sure your IT department is engaging in 360 review. They depend on each other to be at their best for the team to produce the best.

Are you a C-level IT CHUMP or CHAMP?

Take our 2 minute, anonymous C-level IT Quiz to see where you rate as a steward of your IT people / department:

► Security
► Strategy

► Performance
► Profitability

► Business continuity
► Resources

Go here to take a 2 minute completely anonymous C-level IT Quiz:
https://smeester.com/c-level-it-quiz/

5 Indications You’re On the Verge of an IT Nightmare

The IT team at your company has a very busy job to do, and sometimes, it seems like their work never ends. This is why many companies solicit the help of a CIO, who can work with IT to manage the network and keep an eye on any risk factors. Since there always seems to be a lot of buzz coming from the IT room, it can be difficult for a company leader to determine if there’s a real issue going on, or that’s just a normal day-to-day situation. So, how will you know when the silence or the chatter actually means something?

C-level leaders need to be able to rely on their teams to recognize when the company may be on the verge of an IT nightmare. While it’s not always entirely clear, there are some key signs you can look out for to prepare yourself for what’s coming, and hopefully stop whatever it is in its path.

1) You Seem to Be Left Out of the Conversation

If you used to be copied on all the correspondence going on between your IT team, your CIO, and other employees working with your company, but now your inbox is empty, this could be bad news. While it could just be a glitch in the system (which, isn’t a good thing, either), if your staff has stopped reaching out to you about problems, then the problem may be much bigger.

As a C-level leader, it’s important to be wrapped up in the conversation, even though you may not have time to worry about it. You can’t be responsible for anything if the information isn’t getting to you quickly enough.

2) There’s A Lot of Turnover

All of a sudden, there are people in the office you don’t recognize or vendors on the other end of the phone that you’ve never worked with before. A few employees that you know well have given in their notice and new employees with seemingly less experience have been hired. Hopefully, you’ve been made aware of the changes, but ultimately, too many turnovers can be detrimental to IT. Or, the problems with IT are so severe, that it’s caused people to move onto something different.

There are many reasons why turnovers are indicative of a bigger problem. But, overall, having new employees or contractors join the team constantly, can let a breach inside that much easier. This is especially more likely with the constant onboarding and off boarding of new staff members as it’s difficult to manage so many new network identities.

3) The Alerts Never Stop

Sometimes, there isn’t enough work to do, and other times, it’s like the work never ends. If customers are continuing to call in or email their IT problems and your team can’t keep up, that’s an IT disaster waiting to happen. This doesn’t mean you need to hire more people, but instead, you have to find a solution to these consistent problems that are distracting IT away from what’s critical.

4) There’s a Lack of Innovation

Technology is constantly improving each and every day and IT teams should always be striving to find better solutions to new and old problems. There should be frequent meetings about what IT is currently up to, what new data breaches or Malware cases have been reported, or what changes are being made to streamline processes throughout the company.

At these meetings (or e-mail correspondences) it should be evident that IT and other C-level leaders are constantly searching for new ideas. There should always be new proposals circulating, and if there aren’t, that could mean that there’s a problem somewhere.

5) Auditors are Making Frequent Appearances

If there’s any indication that you’re about to wake up to an IT nightmare, it’s that auditors are showing up at your office, and your compliance check already passed months ago. There’s no reason auditors should be interested in your company unless something is seriously astray. If this is happening, then don’t waste any time; figure out what’s going on, now.

These are just a few indicators that something’s not right in the IT department. If you’re noticing any of these signs, then it’s time to take a closer look at the inner-workings of your company and fix the problems ASAP. If you’re not sure where to start, a CIO can help you rewind, discover the problems, and assign solutions and strategies that will be effective long-term.

Are you a C-level IT CHUMP or CHAMP?

Take our 2 minute, anonymous C-level IT Quiz to see where you rate as a steward of your IT people / department:

► Security
► Strategy

► Performance
► Profitability

► Business continuity
► Resources

Go here to take a 2 minute completely anonymous C-level IT Quiz:
https://smeester.com/c-level-it-quiz/

Can You Trust Someone to “Vouch” for Your Company?

Can you really have faith in everything that’s on the internet? Of course, not. But, that being said, company leaders need to put an awful lot of trust in their employees, the people they’ve hired to manage their network, and the infrastructure and reliability of the network itself. But, if you’re expected to trust so many different factors revolving around your business, while also being told not to be too careful to trust everything else — like WiFi connections or suspicious emails — then how can you navigate your way around all this?

These days, having someone to vouch for you, or having someone vouch for the people you’ll be working with, is one of the oldest, yet most reliable ways to secure your network and your company. Going off of that, it’s equally important to have extra eyes helping to look out for your company at all times.

If the Dark Web does it, so can you?

If you’re familiar with the Dark Web, “trustworthy” wouldn’t necessarily be the first term you would use to describe it. But, believe it or not, sellers on Tor need to be verified for the authenticity of their products as well as themselves as users before being able to complete a transaction. This is done by having current members introduce new members through a system of vouching. Without this, you can’t get onto the site.

So, if the Dark Web relies on some form of vouching in order to be able to trust their users, then surely large companies should be doing something similar. It’s not enough to just have certain cybersecurity protocols in place — although, those are important as well. If you can incorporate a system of vouching along with placing outside eyes wherever you can, then you’ll be protected in ways that machines can’t protect you.

Apply this system to vendors and employees

Of course, companies find ways to vouch for people, too, similar to how it’s done on the Dark Web. When we hire someone, HR usually asks for references, recommendations, and will maybe even do some snooping around on social media to get to know more about this person. The same goes if you’re working with third-party vendors or onboarding and offboarding part-time employees. You need to know who you’re going to be working with. You can go this route, but you can also ask around to see who else has worked with the people you’re planning to work with. These days, it’s very easy to check a person’s or a company’s reputation online, so you can take advantage of this.

Hire someone to look out for you

If your Facebook account gets hacked and your friends find out because they are getting spam messages from you, it’s likely that one of those friends will notify you of this so that you are aware. In a sense, this is a form of informal (and free) cybersecurity. You’re too busy running things at the company to be concerned with staying on top of security, employees, networks, risks, etc. Therefore, hiring managed services to help you keep an eye on things internally and externally can help ensure that nothing fishy comes up.

Down to checks and balances

This idea of vouching further enforces the notion of checks and balances in a company who cares about its cybersecurity. A managed service provider checks the IT team, the IT team checks HR, the company checks the employees, and vigilant, trustworthy employees can keep their eyes out for the company. While a professional certainly helps handle this process at the expert level, it never hurts to rely on people you trust to keep things in balance.

Are you a C-level IT CHUMP or CHAMP?

Take our 2 minute, anonymous C-level IT Quiz to see where you rate as a steward of your IT people / department:

► Security
► Strategy

► Performance
► Profitability

► Business continuity
► Resources

Go here to take a 2 minute completely anonymous C-level IT Quiz:
https://smeester.com/c-level-it-quiz/

5 Reasons to Hire a CIO Before Hiring an IT Team

Whether you’re starting a business from scratch or finally making investments to grow your business, one thing you’re probably thinking about is hiring people to help. Any time you can bring people on board to help you with business tasks, it’s evident that you’re thinking about long-term strategies, and that’s great. But, before you start doing what it seems like everyone else is doing to be successful (in this case, hiring an IT team to help with tasks you don’t know how to do), hold off for just a second. While there’s no doubt that an IT team is instrumental in any company these days, it’s actually much more important to hire a CIO before anything else.

Here’s why:

1) You Should Know What Kind of Talent to Look For

It may seem as though all IT experts can be thrown in the same category. They all went to school for computer engineering, they are all smart in their own way, and most importantly, they seem to know a lot more about information technology than you do. But, the thing is, many business leaders don’t know what they don’t know when it comes to this stuff.

Any IT person possesses a unique skill asset which can either make them a great fit for your company or not at all. A CIO can determine what talent is ideal for your company, so you know what kind of skills and abilities you’re looking for in a person, before making any decisions.

2) You Don’t Want to Spend Money Unnecessarily

Do you need one IT person, or do you need a team? Or, can the jobs you need to be taken care of right now be handled by the CIO? Before you start to spend money on resources that you don’t currently need, let your CIO determine exactly what it is and who it is you should be investing your hard-earned money in.

3) Don’t Leave Out the Need for External Vendors

It’s not just an in-house IT team that needs proper vetting before being hired. It’s also – if not, more – the external vendors you might be working with. There’s a whole process of identity management and onboarding and offboarding that needs to happen in order to protect a company from an unintentional (or sometimes, intentional) data breach of any kind. A CIO can determine what strategies should be in place prior to hiring external vendors.

4) Perhaps Your Network Needs a Change

Just as a CIO would help you hire an IT expert that has the appropriate skill set for your network, they can also determine if you’re using the right technology, software, cloud infrastructure, etc. Before making any employment decisions, it’s a good idea to make sure you don’t need to change anything about your network, first. After all, it would be frustrating for an IT person to get familiar with your system, just to have to learn something else.

5) You Need an Unbiased Assessment Before Deploying Resources

Hiring a CIO before hiring an IT team is like going to your general practitioner before seeing a specialist. While it might seem that going to a specialist straight away would make sense time-wise and financially, there may not be anything you need to worry about in the first place. This can be true of your company, too. Don’t jump to any conclusions and don’t spend money on resources you may not need, whether that be an IT person or a certain piece of technology. Instead, hire a CIO and have them assess your network before hiring or deploying any resources.

But, What If I Already Have an IT Team?

If you’ve already hired an IT team, don’t worry. You don’t need to let anybody go. But, you can and should still hire a CIO to help serve as the liaison between you as the company leader and your IT squad. It’s never too late to have an unbiased expert hop on board and take a look at everything. This way, there can be a system of checks and balances to ensure your business is being run as efficiently as possible, while every team member truly feels as though his or her role is vital in the success of the company.

That being said, if possible, reaching out to a knowledgeable CIO should be the first step, not the last. A CIO can help manage your network in a way that nobody else can. And, not just in terms of hiring decisions, but security, backup, disaster recovery, and everything in between.

Are you a C-level IT CHUMP or CHAMP?

Take our 2 minute, anonymous C-level IT Quiz to see where you rate as a steward of your IT people / department:

► Security
► Strategy

► Performance
► Profitability

► Business continuity
► Resources

Go here to take a 2 minute completely anonymous C-level IT Quiz:
https://smeester.com/c-level-it-quiz/

Why Healthcare Industries Are Seeing More Data Breaches

No company is immune to a data breach. These days, no matter what industry a company falls under, there is always the risk of something happening. If companies aren’t taking the proper measures to manage their networks, a data breach can really set a company back, if not taking it off the market completely. Because of this, more and more companies have realized the importance of investing in an outsourced CIO to help prevent problems from occurring. Why, is it then, that we are seeing continuous data breaches in the healthcare industry, and why are the problems not being solved?

Well, it’s not so simple, and there may be several reasons as to why the healthcare industry is experiencing more data breaches than ever before.

Data Breach Statistics

In order to really understand how data breaches are impacting the healthcare industry, one would need to look at the actual numbers. According to the annual HIMMS Cybersecurity Survey, 75% of the 239 healthcare respondents surveyed reported that their organization experienced a “significant security incident in the past 12 months.” What’s interesting is that 96% of those respondents said that the organizations were able to identify the threat actor. But, as more than half of these respondents reported that their organization has a clearly defined budget that is allocated to cybersecurity and are seemingly on top of their network, it makes people wonder why these data breaches are continuing to happen at such high rates.

Healthcare Industry as a Target

Despite the fact HIPAA laws are in place to protect patients and healthcare employees, it’s been proven that there’s only so much that can be done in order to protect hospitals and doctors’ offices against data breaches. Hackers may have certain inclinations in mind when it comes to installing Ransomware or Malware on a medical facility’s network, and you can’t really blame them. Because a patient’s data is so sensitive, and because almost all records are now kept digitally, these hackers have a lot of leverage when it comes to getting what they want. If hospitals don’t have a way of backing up this information, or they are afraid of it getting into the wrong hands (one of the biggest concerns), they will certainly feel the pressure to pay up.

Of course, as we know, it’s not only hackers that are to blame for data breaches. According to this HIMMS Cybersecurity Survey, 20% of the respondents said the attack came from a negligent insider.

The Problem

So, what’s the deal? If healthcare industries know that they are a target, and they know that healthcare data breaches are one of the main threats we are seeing today among relevant industries, then what’s going wrong? Why can’t something change in order to put a stop to all of this?

Well, according to HealthIT Security, the problem is that there isn’t a standard cybersecurity framework that’s being utilized across the board. When these healthcare industries aren’t on the same page regarding this issue, then it makes sense that more breaches continue to occur.

How to Protect Healthcare Industries

Unfortunately, just talking about what needs to be done isn’t going to help the thousands of healthcare facilities that are experiencing data breaches this year or even this month, especially when many hospitals, insurance companies, and doctor’s offices are still each using their own software and computer systems.

At this moment, healthcare companies should be doing everything in their power to keep their own network secure. While one way to do this is, of course, by implementing a solid network management plan, the absolute best way to go about this is through hiring an outsourced CIO. This will not only help to prevent data breaches coming from the outside, but it can also help stop data breaches that happen internally. Additionally, a CIO can help implement a reliable backup and disaster recovery system to protect the patients’ information as well as protect the medical facility from risk.

Are you a C-level IT CHUMP or CHAMP?

Take our 2 minute, anonymous C-level IT Quiz to see where you rate as a steward of your IT people / department:

► Security
► Strategy

► Performance
► Profitability

► Business continuity
► Resources

Go here to take a 2 minute completely anonymous C-level IT Quiz:
https://smeester.com/c-level-it-quiz/

 

Should There Be an IT Hierarchy in Companies?

When it comes to managing a company’s network, data issues, or IT concerns, there are a lot of people that work together to make sure everything runs smoothly. One task may finally be complete only after various members from different departments come together. People from HR, IT, as well as C-level leaders may all be assigned various roles in order to implement security standards, backup protocol, or onboard contractors.

But, despite the fact that security and network maintenance is a team effort, who has the ultimate say in what goes on? Who is in charge – the one running the show to make sure everyone else does their job? There’s a lot of conversation surrounding this idea that IT shouldn’t be situated in a hierarchy model. However, others disagree and believe that in order for things to really go well, someone needs to take the lead.

The best option?

Let’s find out.

When Roles Get Confusing

Human resources hires a CIO. A CIO then advises the IT team on what needs to be done in order to create a disaster recovery program or help mitigate security risks. IT understands the task at hand and works with the administration on a devising a new budget regarding the systems they’ll need to implement. HR then tells IT that new, outside contractors are being hired, and therefore, those security protocols are absolutely necessary and need to be implemented sooner than later. But, the CIO and other C-level leaders can’t seem to be convinced about whether or not the budget has room for what the others are proposing.

Does something like this sound familiar?

According to a study conducted by Nintex titled the Definitive Guide to America’s Most Broken Processes, it was found that 62% of respondents said their company has broken processes when it comes to IT. While it might seem like the office has a system to cope with all these roles, responsibilities, and requests, it can be a bit convoluted. And, especially when each role is so different, it’s difficult to determine who should really be answering to whom. Does IT work under HR when they can control HR’s access to the system? Then, does the CHRO answer to the CIO, or does the CIO answer to the CHRO depending on the situation? Experts believe these roles should be interchangeable in order to avoid conflict and miscommunication in business.

But, that still leaves the role of “leader” unfulfilled, which can be hard when a company’s decision on an important matter cannot be agreed upon. Someone, eventually, must have the final say.

The Problems with Teamwork

Let’s say the whole “teamwork” thing is working well for everyone involved. Then, one day, a data breach occurs, or the network shuts down. One of the biggest causes of something like this, specifically the data breach, is human error. If this happens, the blame needs to put somewhere, even if the company leaders will still need to take responsibility for the entire breach.

Going with the idea that “two heads are better than one”, there are certainly a lot of things a team can accomplish versus a single person when it comes to mitigating risks across the company. That being said, there is also an equal number of things that can go wrong- more things that aren’t being handled appropriately, or miscommunications that can occur – when there isn’t a hierarchy in place to check for errors internally.

Put an Outsourced CIO in Charge

Many companies still hire in-house CIOs, which may be good for the moment, but may not make a difference if there’s a crisis. In any situation where it’s difficult to determine who is in charge, it’s necessary that companies consider hiring an outsourced CIO to make appropriate calls in the best interest of the company, and without employees being personally invested in what’s going on.

An outsourced CIO can easily determine what’s at risk for the company and can clear those up through a process in which everyone works together – a process in which they oversee everything, and assign roles to those who can handle it. They can check for consistent gaps in the system, make sure employees are given the appropriate access to the network based on their position at the company, and work with other C-Level leaders to determine whether or not things like a BYOD policy are safe for everyone involved.

Remember, an outsourced CIO doesn’t have any emotional investment in the company. They are completely unbiased and can, therefore, make decisions that other team members may not be in a position to make themselves or don’t feel comfortable making. While it’s understandable that working as a team can be effective, there are times when something just calls for a professional leader’s decision on the matter.

So, for those that say that there shouldn’t be a hierarchy in IT, maybe they should reconsider before jumping to any conclusions.

Are you a C-level IT CHUMP or CHAMP?

Take our 2 minute, anonymous C-level IT Quiz to see where you rate as a steward of your IT people / department:

► Security
► Strategy

► Performance
► Profitability

► Business continuity
► Resources

Go here to take a 2 minute completely anonymous C-level IT Quiz:
https://smeester.com/c-level-it-quiz/

1 2 3 9