IT Best Practices | Smeester & Associates

Category Archives for IT Best Practices

How C-Suite Executives Lead Digital Transformation and Avoid Stall Or Failure, Part 2

The Birmingham Sunday Mercury reported in December 2000:

Bosses of a publishing firm are trying to work out why no one noticed that one of their employees had been sitting dead at his desk for five days before anyone asked if he was feeling OK.

 

George Turklebaum, 51, who had been employed as a proofreader at a New York firm for 30 years, had a heart attack in the open-plan office he shared with 23 other workers.

He quietly passed away on Monday but nobody noticed until Saturday morning when an office cleaner asked him why he was still working during the weekend.

How do you walk past a dead guy?

In his book, Necessary Endings, Dr. Henry Cloud writes about the importance of pruning. He teaches that a gardener cuts off branches and buds that are healthy but not the best or sick but not going to get well or dead and taking up space needed for healthy ones to survive. He then writes, “(1) If an initiative is siphoning off resources that could go to something with more promise, it is pruned. (2) If an endeavor is sick and is not going to get well, it is pruned. (3) If it’s clear that something is already dead, it is pruned.

How do you walk past a dead initiative?

Companies get so buried in daily responsibilities they overlook what really matters. Digital Transformation matters, and the effort it takes to rally, craft and drive that initiative matters. In Part 1, we talked about rallying change through how you motivate, relate and connect.

Part 2 addresses how change needs to be crafted.

Establishing pace is essential. Pace deals with size and seasons. Leaders manage Digital Transformation so that reasonable benchmarks are reached in rational time.

Pace is critical. Michael Easter was the number one cyclist in California. During one race he cramped up and could not finish. He commented later, “All the skill and all the will can’t overcome dehydration.”

Chip and Dan Heath, in their book Shift add, “Self-control is an exhaustible resource. The bigger the change the more it saps self-control. When people exhaust self-control, they exhaust the mental muscles needed to think creatively, to focus, to inhibit impulse, to persist in the face of frustration…Change is hard because people wear themselves out. What looks like laziness is often exhaustion.”

Three types of changes determine the size and seasons of changes.

1.   Immediate Changes

  • What will we do to demonstrate that things are happening.
  • What small wins will validate the sacrifice people make?
  • What do people need to hear, to see or to experience that communicates this is change toward progress?

Chip and Dan Heath reinforce this, “Change feeds on itself. Small change snowballs to big change.”

Immediate changes must result in positive experiences and allow leaders to reinforce the behavior they want to see. Group perception begins to shift. People do what others are doing. You’ve established an environment that fosters the new.

2.   Incremental Changes

Long term vision; short term views. Incremental changes understand the impact of change and gives time for employees to understand and utilize new systems, processes and components.

  • Where immediate changes inspire, incremental changes anchor.
  • If X is implemented, what, if anything, might be unattended that is still a critical function to us?
  • If X is implemented, what, if anything, could be more than people can handle?
  • Time invested in one function means time may not be invested in another: When can we let go of something and not be impacted negatively?
  • How is the energy level? Do we need a celebration or a rest?
  • Do we have the right people in place to keep moving the right things forward?
  • Are the financial resources still in place for the next piece?

3.   Ideological Change

Seth Godin in Tribes writes, “Ideas that spread, win…Do what you believe in. Paint a picture. Go there…The very nature of leadership is that you’re not doing what’s been done before. If you were, you’d be following, not leading.”

Ideology is belief that moves forward; it is vision turned into identity, capacity and destiny. Ideology clarifies, multiplies and solidifies.

  • You are immersed into Digital Transformation for a reason. How will people know, always, how these changes more firmly define them?
  • How will people experience greater growth themselves and, therefore, a sense of greater contribution than they have made before?

How do your ideas fulfill what your employees always hoped would be true of your company or of their talent?

Leaders craft change. They prune. They pace. They purposefully implement what is new.

But they must drive what has been designed. And that is Part 3.

The Myth of Trust, The Must of Trust and the Role of Technology

Myth: Trust is earned.

Truth: Trust is not earned. Trust is granted.

If I can earn your trust, then you have given away power to me. If I can earn your trust, then trust is something that can be quantified, and all I have to do is reach a goal, a standard, a 100% of something that necessarily releases what you have. Trust doesn’t work that way.

Trust is something that you grant. You can give it or not give it. Trust is in your control, an expression of your power and will.

If someone failed you, and then asked, “What can I do to get your trust back,” I doubt you gave them a clear list of tasks to complete.

Trust is an opportunity you extend for someone to act in your best interest. Trust is a bridge you are willing to cross with another from the known to the unknown. When you get on an airplane, you trust the pilot to get you there safely, and to get you to a place in a way you could not on your own.

Do-It-Yourself industries rely on undermining the trust you put in professionals. Where you once relied on someone to act in your best interest and to do so with a knowledge you did not possess, DIY now gives you the knowledge you need to act in your own interest (while trusting that the knowledge they provide is accurate). It’s not that professionals are bad; some just aren’t needed like they once were. Trust is rooted in need.

Consumers are moving their trust away from institutions and toward individuals. It is a major shift. Before, we relied on the good name of companies. Now, corporate reputation as a whole is suspect. Consumers either rely on individuals directly (e.g. Airbnb, which averages 5 email exchanges before booking, vs. hotels) or indirectly (hence, the rise of peer reviews).

Trust cannot be earned, but it can be triggered. How do companies today trigger the trust of the public?

The Musts of Trust

1.    Don’t try to build trust. Trigger trust.

Building trust is an exercise of persuasion. Being trustworthy is an expression of character. Persuasion seeks to have you act in another’s best interest. Character will act in our best interest.

Trust is triggered by four trustworthy character-istics. Not any one of these is a magic bucket that, once filled, requires the trust of another. Each one of these is a signal, for reasons you cannot predict, to another’s mind and emotion that they can grant something of their self to you.

Competence: Do you have what it takes to act in my interest or get me to a place in a way that I cannot?

Consistency: Will you be responsive to me and act in a way that I can count on you?

Care: Are you really driven to meet my need or is your service just a camouflage for your own profit?

Congruence: Does your behavior match your stated intentions?

Trust is not necessarily revoked because of failure. Studies have shown that loyalty to a company is highest not among those who never had a problem with a company, but with those who had an issue rightly resolved. Why? Because competence is but one of four triggers, and if, when you fail, you are responsive, genuinely caring, and living up to what you project, then trust might remain in place.

2.    Technology that triggers trust amplifies decisions rather than dictates decisions.

Technology does things for people, and it has a growing role in deciding things for people (algorithms). Your company will be more human when it chooses to enhance decision-making (honoring a trust to be granted) rather than to impose a decision (trying to require trust).

Customer knowledge (which informs what you offer) plus multiple options (which maintains your customer’s power of choice) is the equation for relational business versus transactional business. And the more you seem human (relational), the more you will trigger trust.

The Role of Technology

Your company’s technology serves the triggers. Technology is not only about you being more efficient; technology empowers your ability to be trustworthy. IT must do both – serve you, and strengthen your competence, consistency, care and congruence.

Failure to utilize technology to both serve you and strengthen you will cause consumers to entrust their needs elsewhere, and neither one of you may be able to articulate why – and that’s because trust is not a commodity a company can measure and attain, but a part of a consumer that they willingly, if not consciously, give.

Five Skills IT People Must Have Before Being Considered for Promotion

In a recent article, Techie to Tech Lead, Peter Gillard-Moss confessed to the five biggest mistakes he made when assuming a lead role from his previous tech role. It’s a great article, written from lessons learned the hard way. As I analyzed the article, I found myself framing his lessons proactively:

What makes a leader effective who has been promoted based on technical competence?

1. Leadership is not about the leader’s competence but the team’s competence.

It feels good to work in the field, to plunge into the familiar, and to bolster one’s ego by producing great product. But leadership is always about someone else and their competence in cooperation with their peers. Leaders aren’t building stars; leaders are bringing stars into alignment. Leaders orchestrate by bringing the pieces together to perform as a whole.

IT leaders experiencing promotion lose sight of this if they focus first on their own reputation, or if they believe they must be the best skilled among the team. Some of sport’s best coaches were nominal players, but they understood the game better than most. In understanding the game, they know how the system best works and how to bring out the best in a player in a team capacity.

In order to be about team, and in order for a leader to keep his or her own ego checked, the measure of success must be stated in terms of team accomplishment and team play, not technical or personal expertise. How do you define success as a leader? Define it in terms of overall objectives, objectives that can only be met by the whole of who you work with.

The moment you assume the mantle of a leader, you redefined success in terms of how you bring out the best in others, and how you multiply your skills to the point that others surpass them. Leaders are not threatened by any one individual’s success, because the leader is measured differently than those they lead. A leader is not evaluated by the same standards as when they were a tech genius. So don’t allow a former standard to drive what you do in a given day.

2. Leaders focus on their strengths but expand their competence.

The Strengths Movement has taught us that to focus on weakness and seek to improve it is counter-productive: Know your strengths and build on them. As true as that is, leadership comes with increased responsibilities, and those are characterized by skills that can be learned. For example, one may not be the most administratively detailed person, but they can still learn the skills of time and project management. One may not lean toward being a people person, but people skills, such as listening, asking questions, and giving proper direction can be acquired.

Think of it this way: If you are being asked to learn something that applies to other areas of your life, it’s a competence you can grow in (being on time and listening improve a lot more than your job). If you are trying to become someone you are not, then you may be seeking to over-reach. For example, if you are strategic (strong in ideas and plans), being asked to be deliberate (focused only on tasks at hand), you will find yourself climbing the wall in order to see the big picture.

As an IT leader experiencing promotion, the critical essential to expanding your competence is to beware of the source. That’s why outside eyes serve you well: People who have history and connections in the areas you are seeking to improve upon can lead you to credible sources so that you are maximizing effort and not wasting time.

3. Leaders guard values and facilitate action.

As a technology expert, your primary responsibility was to get your job done, and if possible, to play nice doing so. Your biggest obstacles were obstacles that got in your way, not necessarily the way of others. As an IT leader who wants to maximize your promotion, you are responsible to make sure that all of your team can get the work done, and so you are aware of all the obstacles that can come into play. You must be proactive more than reactive as before.

Obstacles are either internal to your team or external upon your team. As a leader, you must be aware of what is happening company wide, anticipating how decisions will affect the work of your team, and articulating to others what your team absolutely needs.

As a techie, you could ask, “Who let in the wolf?” As a leader, you look out for the wolves in the first place.

Also, before your promotion, you contributed to the culture. As an IT leader, you shape and defend the culture.

4. Leaders cannot afford to control every aspect of how the work is done; but they must continually move the work toward the right outcome.

Doing things right (as determined by you) now gives way to doing the right thing (as determined for everyone). A leader is still aware of wrong, and is quick to correct; but a leader gives much more allowance to the various right ways of accomplishing tasks and purpose.

5. Leaders are more person-sensitive than product focused.

Before your promotion, your aim was to produce that best product possible. The IT leader builds the best team possible. Part of building people is being aware of all that is in play for them in a given day: life circumstances, distractions, insecurities, personal liabilities. How to identify issues and engage in helpful conversations about those issues are skills to be learned. They are essential skills for those who sit upon the summit of leadership.

Consistent to each of these five realities: Leaders have a broader perspective. You must take far more into account than ever before. More things shift, and leaders live in the paradox that they must be more proactive than ever before, and they must be more agile in being reactive than ever before. Simply, more is at stake: People.

3 Top Responses of C-Level Execs To The Inevitability Of Cyber Crime

Cyber crime costs to the world will double in a six year period ending in 2021.

More reports of attacks give rise to a gnawing sense of inevitability. As leaders in the fight, there is only one strategy that safeguards our companies. Inevitability must promote “Response-ability.”

The Biggest Catalyst to Response-ability is Compliance.

Internal compliance drives adherence to the practices, rules and regulations set forth by internal policies. External compliance follows the laws, regulations and guidelines imposed by governments and agencies.

Compliance requirements are numerous, and the legal team and C-Suite Executives are responsible to determine the scope of compliance. Compliance officers and staff are a growing requirement. Technical, procedural and strategic frameworks must be built to assure your company’s integrity.

Behind the pressures, costs and potential fines that surround your compliance, the public is demanding more of you as the steward of their information. 6 of 10 people would blame you, not the hacker, for lost data. 7 of 10 people said they would boycott a company that appeared negligent in protecting their data.

Here are a few pressing challenges to compliance:

  • Use of Personal Devices

Companies now must have strong policies and technical controls in place, such as mobile device management protocols that exist, and by enforcing device lock passwords and time-based, one-time based passwords. Employees with laptops and devices should be provided security policies and prevention mechanisms, as well as secure access to corporate data.

  • Updates and Patches

IT Managers must ensure that your organization is current with software updates and that they immediately patch known vulnerabilities. Last year alone, the number of third party vulnerabilities doubled.

  • Third Party Vendors

Also last year, 63% of data breaches originated directly or indirectly from third-party vendors. Managing vendor information security and vendor compliance with privacy laws is a major and essential undertaking.

Cyber Insurance is Response-able.

And it’s being responsible in advance of the need. Cyber insurance not only covers legal fees, but typically expenses associated with notifying customers of a data breach, restoring personal identities of customers, recovering compromised data and repairing damaged systems.

Purple is Response-able.

Borrowed from military language, Red Teams exist to attack your cyber-security systems and to expose points of weakness. Blue Teams defend, enforcing the security measures you have in place. The buzz of the day is the Purple Team. The Purple is either a make-up of both Red and Blue teams in which participants form a learning community for the sake of the other, or an outside group brought in to examine the tactics of both teams and make recommendations. Ideally, Red and Blue Teams exist not in competition to the other but as complement, holding the security objectives of the company as the standard of each team’s success.

The greatest detriment to your response-ability is lack of clarity on what you need or don’t need. Outside eyes continue to be the best check and balance for CIO’s. Without third-party, unbiased expertise, you will not possess the confidence you need that the compliance, policies, insurance and Purple evaluations are sufficient and efficient for your situation.

3 Building Blocks That Keep Your Board On Solid Footing And Grateful For You

Board members are becoming increasingly aware of their own accountability and risk in the event of a cybersecurity breach. By 2020, 100% of large companies will be asked by the Board to report on cybersecurity, an increase of 60% in four years.

What boards are not asking for is a lot of detail they will not understand and that will just cloud their ability to make good decisions on your behalf. Instead, I recommend shaping the board around three important mindsets which I treat as building blocks.

Building Block 1: Cybersecurity is about Risk

The risk is no longer just an IT issue, but an enterprise issue with costs and penalties at every level, from company mission and profit, to employment, and to financial and legal consequences.

Risks are proportionate to threats, vulnerabilities and consequences.

Therefore, boards need to be informed about

  • Evolving threats
  • Changes in business needs and their association to new security risks
  • Increasing regulations
  • Policy updates
  • Geographic changes in which services have been moved to outsider or cloud applications

Building Block 2: Cybersecurity is about Risk Mitigation

Mitigation is about reducing the threats, vulnerabilities and consequences your company faces.

And it starts with the Board. Often overlooked is their own vulnerability. The Board is privy to a lot of information, much of it confidential, and much of it being communicated on their own devices. Security measures need to be in place for them that reflect the policies and procedures of the company.

By extension the Board needs to be aware of how training and education is implemented and practiced among all employees.

Building Block 3: Cybersecurity is about Risk Mitigation Strategy

A number of boards are now discussing the value of having a cybersecurity specialist on the board in order to bridge the gap between the board’s lack of knowledge and the increasing expertise they must have in front of them. In the least, they must address who in the company reports to them. Ideally, it is the same person each time. Boards are increasingly aware of the time they must now give to cybersecurity issues in their meetings, and to being able to understand these essentials:

  • Is our budget congruent with our security need?
  • Are we in compliance?
  • Is the Business Continuity Plan and Disaster Recovery Plan in place and what are the results of the tests of it?
  • What risks must we avoid, what risks are we willing to accept, and what risks must we transfer through insurance?
  • Are the right people in the right places?

The CIO that builds these into the working knowledge of the Board will find a Board and CEO ready to build back into them and the IT needs the CIO represents.

Which of these has been most critical in your own work with boards? Tell us below.

Six Major IT Functions You Cannot Do Without and Must Perform At Optimal Level

Your body is amazing.

It is comprised of six major systems in which all functions interact with each other. Not one survives without the other. Remove one from your body? You die.

(Just in case you were wondering: Skeletal, Muscular, Nervous, Digestive, Respiratory and Circulatory).

IT management also consists of six major functions that interact with each other. Failure to develop and maintain health in these, and you invite serious dysfunction; weak in one weakens all.

Communication

How does your IT leader communicate with peers and executives?

How do you coordinate when IT cannot make a decision alone?

How does IT partner with senior managers in strategic development and complementary focal points?

How does the Board understand IT issues and what must they know to make appropriate decisions?

People

How do you ensure that you hire, develop and retain the best talent?

How do you manage the gap of knowledge between managers and tech specialists?

How do you navigate leadership of highly smart and variously motivated employees?

How do you know what your talented people can or cannot do?

Cost and Accounting

How do you get the right people in decisions and safeguard what is in the interest of the company and not just a particular department?

What determines value for IT and where to invest for maximum return?

How do you know what projects to invest in and what determines there priority?

Project

When do you know to expand the scope of a project or not?

How will you budget while allowing for uncertainty in project time and cost?

What budget considerations do you make for the need to learn during the course of a project?

What is the chain of communication for when problems arise?

Partner and Services

What is essential in the agreements you structure with outside partners and vendors?

What is the selection process?

How do you know what must stay within the company’s walls and what need not be?

Who will we use for outside eyes?

Infrastructure

How much do you invest in maintenance versus new capabilities, and how do you know when new is needed?

What is your Business Continuity and Disaster Recovery Plan?

How much will you invest in redundancy?

How do you identify emerging threats and opportunities?

How does emerging technology integrate into your strategic plans?

In coming weeks, I will address each of these. But a major takeaway for today is, every company needs to bring in outside eyes to evaluate each of these functions: We don’t ignore our body’s systems, and we don’t ignore our company’s IT systems. The last thing you want is an IT emergency that could have been avoided.

The Dirty Dozen: What every Disaster Recovery Plan must have in place.

Last week, I wrote “Disaster Recovery is about the information or technology systems that support business functions. It is a component of Business Continuity (BC), which plans to keep all aspects of business functioning during disruptive events.” We also learned together the critical need for DR.

But what really needs to be in the plan? Twelve questions begging to be answered:

1. What are the potential interruptions?

The key is to list all the ways in which business function could lose support, prioritize the likeliest, and address each with a plan. Today, cyber-attack is an increasing threat, and should be in the top of your list.

2. What are all the possible impacts?

A Business Impact Analysis (BIA) evaluates financial, safety, legal and public relations effects, and addresses to ensure the maintenance of confidentiality, integrity and availability.

3. Who calls for the DR to be enacted, and who is called when it is enacted?

A DR Plan spells out expectations of the roles and responsibilities for C-Suite Executives and the employee chain in the event of disruption. The chain of communication must be established as to who calls for DR enactment, and then who is called: What employees must come in and how they are to be contacted, with all contact information at hand.

4. Who updates the DR Plan?

Technology change, systems change and application changes, which are frequent, may all affect the effectiveness of the DR Plan. Who communicates the updates? Who adjusts the DR Plan and communicates the changes?

5. How often will you test the DR Plan and run drills?

Data breaches happen. It’s rare that a job will be lost over it, or a company’s reputation hurt over it. The damage is done on how well the company responded to it. Failure to respond properly leads to loss of employment and reputation. The only way to respond professionally is to have an exhaustive plan and to ensure that it works!

6. Who is responsible for hardware and software inventory?

Make sure the vendor technical support, contract and contact information is readily accessible in the event of a disruption.

7. What is your Recovery Point Objective (RPO) and your Recovery Time Objective (RTO)?

RPO is the maximum period in which data might be lost from an IT service. It answers the question, “How much time can we tolerate having to recover or rewrite lost content?” That determines your backup frequency. RTO addresses the target time to recover IT and business activity.

Prioritize plans based on what needs immediate recovery, what is acceptable to be recovered within a business day and what can be recovered within a few days.

8. What is your communication plan?

In the event of a disruption, Who needs to know What by When and by Whom? This also includes a statement prepared that will be accessible on your public platforms, and a plan on how and when customers receive initial communications and updates.

9. Where do you go if you can’t go to the office (or usual place of business)?

The DR Plan should address alternative worksite options, including telecommuting. Employees will need to know how to access systems from the alternative sites, and IT will need to ensure that compliance requirements are being observed.

10. Are all your vendors and contractors prepared to help?

The DR Plan must ensure that Service Level Agreements are in place, addressing how vendors and contractors are to help and the timeliness by which they are committed to respond.

11. Do you have operations and procedures in place to protect and access sensitive information?

12. Who is in Second Chair?

If a key employee is not available during a disruption, who knows what they do in order to perform their responsibilities in a crisis?

I hope you never have to enact your DR Plan. But I am available to make sure you have addressed all the key components for your business, and that you not only have a plan, but that it works and that you know how to use it.

What other questions do you have about DR Plans that I can help you with? Please comment below so that others can learn with you.

5 Qualities of Meetings Geeks Thrive In and Your Company Benefits From

Thomas Sowell said, “People who enjoy meetings should not be in charge of anything.” I laugh, because I get it. Like you, I’ve been the victim of life-sucking meetings. Remember the scene in the original Star Wars movie where the walls are closing in on Solo and Luke, being crushed a near certainty – meetings have been like that. Yet, I disagree with Sowell.

The contrast is given by Patrick Lencioni, “The majority of meetings should be discussion that lead to decisions.” I like progress and goals reached. So do Geeks (I am one).

Over the years, I have found 5 components of meetings that bring out the best in your Geeks.

1. Common Ground and Honor

Cross-functional meetings bring out the best in Geeks for your company. With key areas of a company represented, Geeks are able to get a comprehensive picture of whatis happening in the company and how they affect it. Even more, Geeks are natural problem-solvers, and once they understand what other functions are trying to accomplish, they often bring a perspective no one else has.

2. Solution-Oriented

Geeks often bring a perspective no one else has…

Always open a meeting by clearly stating the problem. This is different than a clearly stated purpose. Old school held meetings with a purpose that might be “for each division to understand what the other is doing.” Though that might comprise a part of the meeting, it is not compelling. A clearly stated problem may be, “How do we reduce cost overruns across the board by increasing efficiency in each department?” That leads to discussion that both inform what departments are doing and will have a technological solution to it.

Once a problem is clearly stated, get to it. Geeks don’t need a lot of preamble.

3. Ride the tangents into “what if” conversations

If we believe that an efficient meeting is free of tangents, we overlook the value of spontaneous creativity. Though tangents still need to be managed, seemingly off-point discussions can lead to valuable input. Geeks, especially, know how to process vast amounts of input and connect dots that are seemingly unrelated.

When you next observe a tangent conversation, watch to see if your Geeks are mentally processing what they are hearing, and feel free to ask them what their thoughts are “on what you are hearing or on the problem we proposed.”

4. Encourage thought-out opinions.

Geeks, especially, know how to process vast amounts of input and connect dots that are seemingly unrelated…

Meetings become lively when a thesis is put forward and challenge is invited. Antithesis leads to synthesis. Geeks value what is right, and mental challenge is the venue in which right applications are discovered and made.

The contrast, of course, is a poorly constructed opinion. “What do you think” is a poor question. “Who has given this some thought” is a better question. Geeks have little tolerance for opinions without basis; too much of their work depends on embarking on the right trail in the first place.

5. Truthful and Impactful

Geeks are truthful and seek to be impactful. Meetings must embody both: Facts and honest insight given; opportunity to make a difference real. Geeks are already used to collaboration. Geeks have tribes, and tribes interact, because each is dependent on the other. If they walk into a cross-functional meeting that isn’t after truth and impact, they will judge the rest of the company to be illusive and want nothing more than to stick within their tribal practices that actually gets things done.

Comedian Dave Barry said, “If you had to identify in one word, the reason the human race has not achieved, and never will achieve, its full potential, that word would be ‘meetings.’”

You have an opportunity to turn that quote on its head: The reason your company will achieve full potential is that you learned how to bring all the part into a whole, meetings being the engine that drives the cohesion.

5 Indications You’re On the Verge of an IT Nightmare

The IT team at your company has a very busy job to do, and sometimes, it seems like their work never ends. This is why many companies solicit the help of a CIO, who can work with IT to manage the network and keep an eye on any risk factors. Since there always seems to be a lot of buzz coming from the IT room, it can be difficult for a company leader to determine if there’s a real issue going on, or that’s just a normal day-to-day situation. So, how will you know when the silence or the chatter actually means something?

C-level leaders need to be able to rely on their teams to recognize when the company may be on the verge of an IT nightmare. While it’s not always entirely clear, there are some key signs you can look out for to prepare yourself for what’s coming, and hopefully stop whatever it is in its path.

1) You Seem to Be Left Out of the Conversation

If you used to be copied on all the correspondence going on between your IT team, your CIO, and other employees working with your company, but now your inbox is empty, this could be bad news. While it could just be a glitch in the system (which, isn’t a good thing, either), if your staff has stopped reaching out to you about problems, then the problem may be much bigger.

As a C-level leader, it’s important to be wrapped up in the conversation, even though you may not have time to worry about it. You can’t be responsible for anything if the information isn’t getting to you quickly enough.

2) There’s A Lot of Turnover

All of a sudden, there are people in the office you don’t recognize or vendors on the other end of the phone that you’ve never worked with before. A few employees that you know well have given in their notice and new employees with seemingly less experience have been hired. Hopefully, you’ve been made aware of the changes, but ultimately, too many turnovers can be detrimental to IT. Or, the problems with IT are so severe, that it’s caused people to move onto something different.

There are many reasons why turnovers are indicative of a bigger problem. But, overall, having new employees or contractors join the team constantly, can let a breach inside that much easier. This is especially more likely with the constant onboarding and off boarding of new staff members as it’s difficult to manage so many new network identities.

3) The Alerts Never Stop

Sometimes, there isn’t enough work to do, and other times, it’s like the work never ends. If customers are continuing to call in or email their IT problems and your team can’t keep up, that’s an IT disaster waiting to happen. This doesn’t mean you need to hire more people, but instead, you have to find a solution to these consistent problems that are distracting IT away from what’s critical.

4) There’s a Lack of Innovation

Technology is constantly improving each and every day and IT teams should always be striving to find better solutions to new and old problems. There should be frequent meetings about what IT is currently up to, what new data breaches or Malware cases have been reported, or what changes are being made to streamline processes throughout the company.

At these meetings (or e-mail correspondences) it should be evident that IT and other C-level leaders are constantly searching for new ideas. There should always be new proposals circulating, and if there aren’t, that could mean that there’s a problem somewhere.

5) Auditors are Making Frequent Appearances

If there’s any indication that you’re about to wake up to an IT nightmare, it’s that auditors are showing up at your office, and your compliance check already passed months ago. There’s no reason auditors should be interested in your company unless something is seriously astray. If this is happening, then don’t waste any time; figure out what’s going on, now.

These are just a few indicators that something’s not right in the IT department. If you’re noticing any of these signs, then it’s time to take a closer look at the inner-workings of your company and fix the problems ASAP. If you’re not sure where to start, a CIO can help you rewind, discover the problems, and assign solutions and strategies that will be effective long-term.

Can You Trust Someone to “Vouch” for Your Company?

Can you really have faith in everything that’s on the internet? Of course, not. But, that being said, company leaders need to put an awful lot of trust in their employees, the people they’ve hired to manage their network, and the infrastructure and reliability of the network itself. But, if you’re expected to trust so many different factors revolving around your business, while also being told not to be too careful to trust everything else — like WiFi connections or suspicious emails — then how can you navigate your way around all this?

These days, having someone to vouch for you, or having someone vouch for the people you’ll be working with, is one of the oldest, yet most reliable ways to secure your network and your company. Going off of that, it’s equally important to have extra eyes helping to look out for your company at all times.

If the Dark Web does it, so can you?

If you’re familiar with the Dark Web, “trustworthy” wouldn’t necessarily be the first term you would use to describe it. But, believe it or not, sellers on Tor need to be verified for the authenticity of their products as well as themselves as users before being able to complete a transaction. This is done by having current members introduce new members through a system of vouching. Without this, you can’t get onto the site.

So, if the Dark Web relies on some form of vouching in order to be able to trust their users, then surely large companies should be doing something similar. It’s not enough to just have certain cybersecurity protocols in place — although, those are important as well. If you can incorporate a system of vouching along with placing outside eyes wherever you can, then you’ll be protected in ways that machines can’t protect you.

Apply this system to vendors and employees

Of course, companies find ways to vouch for people, too, similar to how it’s done on the Dark Web. When we hire someone, HR usually asks for references, recommendations, and will maybe even do some snooping around on social media to get to know more about this person. The same goes if you’re working with third-party vendors or onboarding and offboarding part-time employees. You need to know who you’re going to be working with. You can go this route, but you can also ask around to see who else has worked with the people you’re planning to work with. These days, it’s very easy to check a person’s or a company’s reputation online, so you can take advantage of this.

Hire someone to look out for you

If your Facebook account gets hacked and your friends find out because they are getting spam messages from you, it’s likely that one of those friends will notify you of this so that you are aware. In a sense, this is a form of informal (and free) cybersecurity. You’re too busy running things at the company to be concerned with staying on top of security, employees, networks, risks, etc. Therefore, hiring managed services to help you keep an eye on things internally and externally can help ensure that nothing fishy comes up.

Down to checks and balances

This idea of vouching further enforces the notion of checks and balances in a company who cares about its cybersecurity. A managed service provider checks the IT team, the IT team checks HR, the company checks the employees, and vigilant, trustworthy employees can keep their eyes out for the company. While a professional certainly helps handle this process at the expert level, it never hurts to rely on people you trust to keep things in balance.

1 2 3 8