Myth: Trust is earned.
Truth: Trust is not earned. Trust is granted.
If I can earn your trust, then you have given away power to me. If I can earn your trust, then trust is something that can be quantified, and all I have to do is reach a goal, a standard, a 100% of something that necessarily releases what you have. Trust doesn’t work that way.
Trust is something that you grant. You can give it or not give it. Trust is in your control, an expression of your power and will.
If someone failed you, and then asked, “What can I do to get your trust back,” I doubt you gave them a clear list of tasks to complete.
Trust is an opportunity you extend for someone to act in your best interest. Trust is a bridge you are willing to cross with another from the known to the unknown. When you get on an airplane, you trust the pilot to get you there safely, and to get you to a place in a way you could not on your own.
Do-It-Yourself industries rely on undermining the trust you put in professionals. Where you once relied on someone to act in your best interest and to do so with a knowledge you did not possess, DIY now gives you the knowledge you need to act in your own interest (while trusting that the knowledge they provide is accurate). It’s not that professionals are bad; some just aren’t needed like they once were. Trust is rooted in need.
Consumers are moving their trust away from institutions and toward individuals. It is a major shift. Before, we relied on the good name of companies. Now, corporate reputation as a whole is suspect. Consumers either rely on individuals directly (e.g. Airbnb, which averages 5 email exchanges before booking, vs. hotels) or indirectly (hence, the rise of peer reviews).
Trust cannot be earned, but it can be triggered. How do companies today trigger the trust of the public?
1. Don’t try to build trust. Trigger trust.
Building trust is an exercise of persuasion. Being trustworthy is an expression of character. Persuasion seeks to have you act in another’s best interest. Character will act in our best interest.
Trust is triggered by four trustworthy character-istics. Not any one of these is a magic bucket that, once filled, requires the trust of another. Each one of these is a signal, for reasons you cannot predict, to another’s mind and emotion that they can grant something of their self to you.
Competence: Do you have what it takes to act in my interest or get me to a place in a way that I cannot?
Consistency: Will you be responsive to me and act in a way that I can count on you?
Care: Are you really driven to meet my need or is your service just a camouflage for your own profit?
Congruence: Does your behavior match your stated intentions?
Trust is not necessarily revoked because of failure. Studies have shown that loyalty to a company is highest not among those who never had a problem with a company, but with those who had an issue rightly resolved. Why? Because competence is but one of four triggers, and if, when you fail, you are responsive, genuinely caring, and living up to what you project, then trust might remain in place.
2. Technology that triggers trust amplifies decisions rather than dictates decisions.
Technology does things for people, and it has a growing role in deciding things for people (algorithms). Your company will be more human when it chooses to enhance decision-making (honoring a trust to be granted) rather than to impose a decision (trying to require trust).
Customer knowledge (which informs what you offer) plus multiple options (which maintains your customer’s power of choice) is the equation for relational business versus transactional business. And the more you seem human (relational), the more you will trigger trust.
Your company’s technology serves the triggers. Technology is not only about you being more efficient; technology empowers your ability to be trustworthy. IT must do both – serve you, and strengthen your competence, consistency, care and congruence.
Failure to utilize technology to both serve you and strengthen you will cause consumers to entrust their needs elsewhere, and neither one of you may be able to articulate why – and that’s because trust is not a commodity a company can measure and attain, but a part of a consumer that they willingly, if not consciously, give.
In a recent article, Techie to Tech Lead, Peter Gillard-Moss confessed to the five biggest mistakes he made when assuming a lead role from his previous tech role. It’s a great article, written from lessons learned the hard way. As I analyzed the article, I found myself framing his lessons proactively:
What makes a leader effective who has been promoted based on technical competence?
It feels good to work in the field, to plunge into the familiar, and to bolster one’s ego by producing great product. But leadership is always about someone else and their competence in cooperation with their peers. Leaders aren’t building stars; leaders are bringing stars into alignment. Leaders orchestrate by bringing the pieces together to perform as a whole.
IT leaders experiencing promotion lose sight of this if they focus first on their own reputation, or if they believe they must be the best skilled among the team. Some of sport’s best coaches were nominal players, but they understood the game better than most. In understanding the game, they know how the system best works and how to bring out the best in a player in a team capacity.
In order to be about team, and in order for a leader to keep his or her own ego checked, the measure of success must be stated in terms of team accomplishment and team play, not technical or personal expertise. How do you define success as a leader? Define it in terms of overall objectives, objectives that can only be met by the whole of who you work with.
The moment you assume the mantle of a leader, you redefined success in terms of how you bring out the best in others, and how you multiply your skills to the point that others surpass them. Leaders are not threatened by any one individual’s success, because the leader is measured differently than those they lead. A leader is not evaluated by the same standards as when they were a tech genius. So don’t allow a former standard to drive what you do in a given day.
The Strengths Movement has taught us that to focus on weakness and seek to improve it is counter-productive: Know your strengths and build on them. As true as that is, leadership comes with increased responsibilities, and those are characterized by skills that can be learned. For example, one may not be the most administratively detailed person, but they can still learn the skills of time and project management. One may not lean toward being a people person, but people skills, such as listening, asking questions, and giving proper direction can be acquired.
Think of it this way: If you are being asked to learn something that applies to other areas of your life, it’s a competence you can grow in (being on time and listening improve a lot more than your job). If you are trying to become someone you are not, then you may be seeking to over-reach. For example, if you are strategic (strong in ideas and plans), being asked to be deliberate (focused only on tasks at hand), you will find yourself climbing the wall in order to see the big picture.
As an IT leader experiencing promotion, the critical essential to expanding your competence is to beware of the source. That’s why outside eyes serve you well: People who have history and connections in the areas you are seeking to improve upon can lead you to credible sources so that you are maximizing effort and not wasting time.
As a technology expert, your primary responsibility was to get your job done, and if possible, to play nice doing so. Your biggest obstacles were obstacles that got in your way, not necessarily the way of others. As an IT leader who wants to maximize your promotion, you are responsible to make sure that all of your team can get the work done, and so you are aware of all the obstacles that can come into play. You must be proactive more than reactive as before.
Obstacles are either internal to your team or external upon your team. As a leader, you must be aware of what is happening company wide, anticipating how decisions will affect the work of your team, and articulating to others what your team absolutely needs.
As a techie, you could ask, “Who let in the wolf?” As a leader, you look out for the wolves in the first place.
Also, before your promotion, you contributed to the culture. As an IT leader, you shape and defend the culture.
Doing things right (as determined by you) now gives way to doing the right thing (as determined for everyone). A leader is still aware of wrong, and is quick to correct; but a leader gives much more allowance to the various right ways of accomplishing tasks and purpose.
Before your promotion, your aim was to produce that best product possible. The IT leader builds the best team possible. Part of building people is being aware of all that is in play for them in a given day: life circumstances, distractions, insecurities, personal liabilities. How to identify issues and engage in helpful conversations about those issues are skills to be learned. They are essential skills for those who sit upon the summit of leadership.
Consistent to each of these five realities: Leaders have a broader perspective. You must take far more into account than ever before. More things shift, and leaders live in the paradox that they must be more proactive than ever before, and they must be more agile in being reactive than ever before. Simply, more is at stake: People.
Cyber crime costs to the world will double in a six year period ending in 2021.
More reports of attacks give rise to a gnawing sense of inevitability. As leaders in the fight, there is only one strategy that safeguards our companies. Inevitability must promote “Response-ability.”
The Biggest Catalyst to Response-ability is Compliance.
Internal compliance drives adherence to the practices, rules and regulations set forth by internal policies. External compliance follows the laws, regulations and guidelines imposed by governments and agencies.
Compliance requirements are numerous, and the legal team and C-Suite Executives are responsible to determine the scope of compliance. Compliance officers and staff are a growing requirement. Technical, procedural and strategic frameworks must be built to assure your company’s integrity.
Behind the pressures, costs and potential fines that surround your compliance, the public is demanding more of you as the steward of their information. 6 of 10 people would blame you, not the hacker, for lost data. 7 of 10 people said they would boycott a company that appeared negligent in protecting their data.
Here are a few pressing challenges to compliance:
Companies now must have strong policies and technical controls in place, such as mobile device management protocols that exist, and by enforcing device lock passwords and time-based, one-time based passwords. Employees with laptops and devices should be provided security policies and prevention mechanisms, as well as secure access to corporate data.
IT Managers must ensure that your organization is current with software updates and that they immediately patch known vulnerabilities. Last year alone, the number of third party vulnerabilities doubled.
Also last year, 63% of data breaches originated directly or indirectly from third-party vendors. Managing vendor information security and vendor compliance with privacy laws is a major and essential undertaking.
Cyber Insurance is Response-able.
And it’s being responsible in advance of the need. Cyber insurance not only covers legal fees, but typically expenses associated with notifying customers of a data breach, restoring personal identities of customers, recovering compromised data and repairing damaged systems.
Purple is Response-able.
Borrowed from military language, Red Teams exist to attack your cyber-security systems and to expose points of weakness. Blue Teams defend, enforcing the security measures you have in place. The buzz of the day is the Purple Team. The Purple is either a make-up of both Red and Blue teams in which participants form a learning community for the sake of the other, or an outside group brought in to examine the tactics of both teams and make recommendations. Ideally, Red and Blue Teams exist not in competition to the other but as complement, holding the security objectives of the company as the standard of each team’s success.
The greatest detriment to your response-ability is lack of clarity on what you need or don’t need. Outside eyes continue to be the best check and balance for CIO’s. Without third-party, unbiased expertise, you will not possess the confidence you need that the compliance, policies, insurance and Purple evaluations are sufficient and efficient for your situation.
Your body is amazing.
It is comprised of six major systems in which all functions interact with each other. Not one survives without the other. Remove one from your body? You die.
(Just in case you were wondering: Skeletal, Muscular, Nervous, Digestive, Respiratory and Circulatory).
IT management also consists of six major functions that interact with each other. Failure to develop and maintain health in these, and you invite serious dysfunction; weak in one weakens all.
How does your IT leader communicate with peers and executives?
How do you coordinate when IT cannot make a decision alone?
How does IT partner with senior managers in strategic development and complementary focal points?
How does the Board understand IT issues and what must they know to make appropriate decisions?
How do you ensure that you hire, develop and retain the best talent?
How do you manage the gap of knowledge between managers and tech specialists?
How do you navigate leadership of highly smart and variously motivated employees?
How do you know what your talented people can or cannot do?
Cost and Accounting
How do you get the right people in decisions and safeguard what is in the interest of the company and not just a particular department?
What determines value for IT and where to invest for maximum return?
How do you know what projects to invest in and what determines there priority?
When do you know to expand the scope of a project or not?
How will you budget while allowing for uncertainty in project time and cost?
What budget considerations do you make for the need to learn during the course of a project?
What is the chain of communication for when problems arise?
Partner and Services
What is essential in the agreements you structure with outside partners and vendors?
What is the selection process?
How do you know what must stay within the company’s walls and what need not be?
Who will we use for outside eyes?
How much do you invest in maintenance versus new capabilities, and how do you know when new is needed?
What is your Business Continuity and Disaster Recovery Plan?
How much will you invest in redundancy?
How do you identify emerging threats and opportunities?
How does emerging technology integrate into your strategic plans?
In coming weeks, I will address each of these. But a major takeaway for today is, every company needs to bring in outside eyes to evaluate each of these functions: We don’t ignore our body’s systems, and we don’t ignore our company’s IT systems. The last thing you want is an IT emergency that could have been avoided.
Thomas Sowell said, “People who enjoy meetings should not be in charge of anything.” I laugh, because I get it. Like you, I’ve been the victim of life-sucking meetings. Remember the scene in the original Star Wars movie where the walls are closing in on Solo and Luke, being crushed a near certainty – meetings have been like that. Yet, I disagree with Sowell.
The contrast is given by Patrick Lencioni, “The majority of meetings should be discussion that lead to decisions.” I like progress and goals reached. So do Geeks (I am one).
Over the years, I have found 5 components of meetings that bring out the best in your Geeks.
Cross-functional meetings bring out the best in Geeks for your company. With key areas of a company represented, Geeks are able to get a comprehensive picture of whatis happening in the company and how they affect it. Even more, Geeks are natural problem-solvers, and once they understand what other functions are trying to accomplish, they often bring a perspective no one else has.
Always open a meeting by clearly stating the problem. This is different than a clearly stated purpose. Old school held meetings with a purpose that might be “for each division to understand what the other is doing.” Though that might comprise a part of the meeting, it is not compelling. A clearly stated problem may be, “How do we reduce cost overruns across the board by increasing efficiency in each department?” That leads to discussion that both inform what departments are doing and will have a technological solution to it.
Geeks often bring a perspective no one else has…
Once a problem is clearly stated, get to it. Geeks don’t need a lot of preamble.
If we believe that an efficient meeting is free of tangents, we overlook the value of spontaneous creativity. Though tangents still need to be managed, seemingly off-point discussions can lead to valuable input. Geeks, especially, know how to process vast amounts of input and connect dots that are seemingly unrelated.
When you next observe a tangent conversation, watch to see if your Geeks are mentally processing what they are hearing, and feel free to ask them what their thoughts are “on what you are hearing or on the problem we proposed.”
Meetings become lively when a thesis is put forward and challenge is invited. Antithesis leads to synthesis. Geeks value what is right, and mental challenge is the venue in which right applications are discovered and made.
Geeks, especially, know how to process vast amounts of input and connect dots that are seemingly unrelated…
The contrast, of course, is a poorly constructed opinion. “What do you think” is a poor question. “Who has given this some thought” is a better question. Geeks have little tolerance for opinions without basis; too much of their work depends on embarking on the right trail in the first place.
Geeks are truthful and seek to be impactful. Meetings must embody both: Facts and honest insight given; opportunity to make a difference real. Geeks are already used to collaboration. Geeks have tribes, and tribes interact, because each is dependent on the other. If they walk into a cross-functional meeting that isn’t after truth and impact, they will judge the rest of the company to be illusive and want nothing more than to stick within their tribal practices that actually gets things done.
Comedian Dave Barry said, “If you had to identify in one word, the reason the human race has not achieved, and never will achieve, its full potential, that word would be ‘meetings.’”
You have an opportunity to turn that quote on its head: The reason your company will achieve full potential is that you learned how to bring all the part into a whole, meetings being the engine that drives the cohesion.
The IT team at your company has a very busy job to do, and sometimes, it seems like their work never ends. This is why many companies solicit the help of a CIO, who can work with IT to manage the network and keep an eye on any risk factors. Since there always seems to be a lot of buzz coming from the IT room, it can be difficult for a company leader to determine if there’s a real issue going on, or that’s just a normal day-to-day situation. So, how will you know when the silence or the chatter actually means something?
C-level leaders need to be able to rely on their teams to recognize when the company may be on the verge of an IT nightmare. While it’s not always entirely clear, there are some key signs you can look out for to prepare yourself for what’s coming, and hopefully stop whatever it is in its path.
If you used to be copied on all the correspondence going on between your IT team, your CIO, and other employees working with your company, but now your inbox is empty, this could be bad news. While it could just be a glitch in the system (which, isn’t a good thing, either), if your staff has stopped reaching out to you about problems, then the problem may be much bigger.
As a C-level leader, it’s important to be wrapped up in the conversation, even though you may not have time to worry about it. You can’t be responsible for anything if the information isn’t getting to you quickly enough.
All of a sudden, there are people in the office you don’t recognize or vendors on the other end of the phone that you’ve never worked with before. A few employees that you know well have given in their notice and new employees with seemingly less experience have been hired. Hopefully, you’ve been made aware of the changes, but ultimately, too many turnovers can be detrimental to IT. Or, the problems with IT are so severe, that it’s caused people to move onto something different.
There are many reasons why turnovers are indicative of a bigger problem. But, overall, having new employees or contractors join the team constantly, can let a breach inside that much easier. This is especially more likely with the constant onboarding and off boarding of new staff members as it’s difficult to manage so many new network identities.
Sometimes, there isn’t enough work to do, and other times, it’s like the work never ends. If customers are continuing to call in or email their IT problems and your team can’t keep up, that’s an IT disaster waiting to happen. This doesn’t mean you need to hire more people, but instead, you have to find a solution to these consistent problems that are distracting IT away from what’s critical.
Technology is constantly improving each and every day and IT teams should always be striving to find better solutions to new and old problems. There should be frequent meetings about what IT is currently up to, what new data breaches or Malware cases have been reported, or what changes are being made to streamline processes throughout the company.
At these meetings (or e-mail correspondences) it should be evident that IT and other C-level leaders are constantly searching for new ideas. There should always be new proposals circulating, and if there aren’t, that could mean that there’s a problem somewhere.
If there’s any indication that you’re about to wake up to an IT nightmare, it’s that auditors are showing up at your office, and your compliance check already passed months ago. There’s no reason auditors should be interested in your company unless something is seriously astray. If this is happening, then don’t waste any time; figure out what’s going on, now.
These are just a few indicators that something’s not right in the IT department. If you’re noticing any of these signs, then it’s time to take a closer look at the inner-workings of your company and fix the problems ASAP. If you’re not sure where to start, a CIO can help you rewind, discover the problems, and assign solutions and strategies that will be effective long-term.
When it comes to managing a company’s network, data issues, or IT concerns, there are a lot of people that work together to make sure everything runs smoothly. One task may finally be complete only after various members from different departments come together. People from HR, IT, as well as C-level leaders may all be assigned various roles in order to implement security standards, backup protocol, or onboard contractors.
But, despite the fact that security and network maintenance is a team effort, who has the ultimate say in what goes on? Who is in charge – the one running the show to make sure everyone else does their job? There’s a lot of conversation surrounding this idea that IT shouldn’t be situated in a hierarchy model. However, others disagree and believe that in order for things to really go well, someone needs to take the lead.
The best option?
Let’s find out.
Human resources hires a CIO. A CIO then advises the IT team on what needs to be done in order to create a disaster recovery program or help mitigate security risks. IT understands the task at hand and works with the administration on a devising a new budget regarding the systems they’ll need to implement. HR then tells IT that new, outside contractors are being hired, and therefore, those security protocols are absolutely necessary and need to be implemented sooner than later. But, the CIO and other C-level leaders can’t seem to be convinced about whether or not the budget has room for what the others are proposing.
Does something like this sound familiar?
According to a study conducted by Nintex titled the Definitive Guide to America’s Most Broken Processes, it was found that 62% of respondents said their company has broken processes when it comes to IT. While it might seem like the office has a system to cope with all these roles, responsibilities, and requests, it can be a bit convoluted. And, especially when each role is so different, it’s difficult to determine who should really be answering to whom. Does IT work under HR when they can control HR’s access to the system? Then, does the CHRO answer to the CIO, or does the CIO answer to the CHRO depending on the situation? Experts believe these roles should be interchangeable in order to avoid conflict and miscommunication in business.
But, that still leaves the role of “leader” unfulfilled, which can be hard when a company’s decision on an important matter cannot be agreed upon. Someone, eventually, must have the final say.
Let’s say the whole “teamwork” thing is working well for everyone involved. Then, one day, a data breach occurs, or the network shuts down. One of the biggest causes of something like this, specifically the data breach, is human error. If this happens, the blame needs to put somewhere, even if the company leaders will still need to take responsibility for the entire breach.
Going with the idea that “two heads are better than one”, there are certainly a lot of things a team can accomplish versus a single person when it comes to mitigating risks across the company. That being said, there is also an equal number of things that can go wrong- more things that aren’t being handled appropriately, or miscommunications that can occur – when there isn’t a hierarchy in place to check for errors internally.
Many companies still hire in-house CIOs, which may be good for the moment, but may not make a difference if there’s a crisis. In any situation where it’s difficult to determine who is in charge, it’s necessary that companies consider hiring an outsourced CIO to make appropriate calls in the best interest of the company, and without employees being personally invested in what’s going on.
An outsourced CIO can easily determine what’s at risk for the company and can clear those up through a process in which everyone works together – a process in which they oversee everything, and assign roles to those who can handle it. They can check for consistent gaps in the system, make sure employees are given the appropriate access to the network based on their position at the company, and work with other C-Level leaders to determine whether or not things like a BYOD policy are safe for everyone involved.
Remember, an outsourced CIO doesn’t have any emotional investment in the company. They are completely unbiased and can, therefore, make decisions that other team members may not be in a position to make themselves or don’t feel comfortable making. While it’s understandable that working as a team can be effective, there are times when something just calls for a professional leader’s decision on the matter.
So, for those that say that there shouldn’t be a hierarchy in IT, maybe they should reconsider before jumping to any conclusions.
Many of us like to think of data as bits of information floating around in the cloud — after all, what other way is there to envision something that’s more or less invisible to the naked eye? Well, if that’s how you refer to the data in your network, then it’s likely you’re treating it as such, too. The problem with this is that data deserves more respect than it’s getting. When companies make big decisions based on what they consider a ‘single-entity of data,’ they might be missing a lot of worthy information and could end up making a costly choice because of that.
There are currently a lot of trends surrounding data, but sometimes it’s not about the data itself — it’s about how you’re managing it. Because data is so fundamental to business operations, it’s time that we start treating data as a valuable asset to the company. Whether you need to imagine data wearing a suit and tie to work every day or that it’s sitting in the conference room at a team meeting, that’s fine. But, if you don’t, there may as well be big consequences for your company.
Unfortunately, it’s not so easy. The problem is, data is just too big. When it comes to gaining real value from interpreting data, it’s impossible to know where to begin. This is why companies are starting to look at data lakes and other solutions to help find what’s valuable, without wasting time on shuffling through data that might not serve a purpose. While data lakes might be out of the question for your business, there is a lot you can do on your own, first.
Just as you would set certain protocols and management tasks as a company leader, data shouldn’t be left out from this. Remember, data in many ways is an enterprise. Therefore, those same protocols and principles you assign to anything else in your company should also be assigned to data. Just as you would measure an employee’s performance, calculate your sales, or monitor your network’s security, you should monetize, measure, and manage your data the same way. This way, you can be sure that the information you gain from this data is truly meaningful, without any part of it being overlooked.
How would you really internalize potentially imperative information at your company?
You would analyze it.
So, data needs to be analyzed, too, in the appropriate manner — just as you would apply analytics to any other aspect of your business. If you want real ROI, then it’s absolutely necessary to put data under the microscope. This can be hard when there is just a plethora of data out there, waiting to be sorted. Therefore, data needs to be evaluated while being combined with the analyses done on sales, marketing, and feedback.
If you’re not quite sure how to go about this, keep in mind that there are several lenses with which to look at data. According to James Burke, director at ISG, you can proceed this way:
Today, there are many resources companies can utilize to help analyze their data correctly and treat that information as an asset. When done consistently, companies will see positive results.
The right data can tell us about our business. If your company is eager to find strategies to grow, then it’s worth looking at that data to see if it holds any clues. Likewise, companies don’t want to spend money on resources they don’t need, especially if that budget is needed elsewhere. When treated as an asset, data can be very valuable in terms of understanding your business because it can give companies a better visual of what’s really necessary. But, this is difficult for companies to do on their own.
Outsourcing your CIO — a professional who knows how to do all of this. They know what to look for, how to analyze it, and how to apply it to future decisions. They know what to take from a large amount of data, putting it under the microscope to find what’s valuable. They know what they are doing and how to help you. Investing in a CIO, then, will save your company a lot of time and money in the long run.
When it comes to managing your company’s data and cybersecurity, there are a lot of different people involved. Whether your outsourced CIO is making the decisions or your company leader is calling the shots, the IT team needs to be in the loop of what’s going on. And, although your IT team should never be substituted for an unbiased, outsourced professional, they are the ones staying on top of the systems from day to day so that business can run smoothly.
Therefore, if your IT team isn’t prepared for a disaster if and when it strikes, your business is going to suffer. If you want to make sure they’re ready, then hold a meeting and ask these questions:
As a business, every single piece of data you have now or have collected over the years has played an important role in the growth of your business. It could be archives of your various web designs or brand logos, an extensive email list of your customers and leads, or even the sensitive information belonging to your clients.
So, with all that in mind, where is this information being stored? Can your IT team tell you exactly where it is on your network? How secure it is? Is it encrypted? Who has access? Where the servers are located, etc.?
Unfortunately, no company is invincible to cyber attacks. They can happen any business, no matter how big or how small. That being said, you shouldn’t have any reason to worry — as long as your whole team has a specific protocol to follow. If a cyber attack or blackout does occur, the entire IT team should have a clear document outlining the process and procedure to reach recovery and get back up and running again, without losing any data. These procedures should be in print, of course, and easily accessible in the case of an emergency. Also, as a C-level leader, it’s important to make sure any new staff you hire is aware of these procedures right from their first day
There’s no question that companies should be backing up their data as frequently as possible. But, don’t assume that just because you think it’s being backed up, it actually is being backed up. Sometimes, there are problems with the hardware or someone just forgets to click a button. Whatever it is, these back-ups need to be checked consistently and disaster recovery restorations need to be tested on a regular basis. IT teams don’t want to catch a mistake in the disaster recovery process in real-time; better to do a few drills and know the system is ready to go.
This is a big question that might not be the first thing C-levels think of. But, here’s why it’s important. In general, we know how to restore important information — or, rather, what we think is important at the time.
Think about it.
If you were asked to pick out the five most crucial pieces of data that if lost, would pose a huge threat to your business, you could probably think of them very quickly. But, if the time actually comes when your company is a victim of a cyber attack or power outage, you might realize right then and there that you forgot to add something to that list. Something so important, but didn’t occur to you because the last time you checked the file was more than a year ago.
You don’t necessarily need to think about those items now. But, what you do need to think about is asking your IT team how far back they can retrieve data if the worst case scenario happens.
And, last but not least, there are disasters that happen and they aren’t due to any hacker or any human errors. It’s simply Mother Nature. The power goes out. A local computer burns out. A snowstorm is coming. Any of these things can happen, and it can sometimes put business to a complete halt. Therefore, you need to know how long it will take your IT team to get things up and running again. And, if it might take a while, be aware of how much each minute down can cost your business.
You have the right to know your IT team is prepared. As long as they can answer these questions without hesitation, your business should be in good shape for a disaster recovery.
These days, companies need to do whatever they can to make sure their business is cyber security compliant. Being compliant means your company is following certain practices to protect your customers, your network, and most importantly, yourself.
A CIO’s main responsibility is to implement the right cyber security measures for your company. But, another part of their job is guiding you to make the right decisions for your company thereafter. So, here’s how we can all do a better job of taking cyber security just another step further:
Compliance is Important, But It’s Not the Only Factor
One of the main reasons businesses invest in the services of a CIO to begin with is because it’s imperative that they are cyber security compliant. However, many CIOs are only keeping this in mind when setting up the right security infrastructure, and unfortunately, that’s not going to help a business in the long run. All security decisions need to be made with the business mindset, because if the actual risk can’t be understood or evaluated from a business point of view, why would any company leader take interest?
Businesses Should Be Involved in Making Cyber Security Decisions from the Start
Although your CIO is the primary decision maker when it comes to cyber security, it’s likely that they are working with many businesses at once. The needs of your business may be very different from the needs of another, and you want to be absolutely sure that your needs are constantly being kept in mind. Therefore, the best way to go about this is by being involved in cyber security decisions from the start. Be proactive in keeping the conversation open and make sure you’re present when those big decisions are being made. Your CIO is allowed to guide you in making these decisions and they should. After all, one of the reasons you’re hiring them in the first place is because you’re not quite equipped to do these things on your own.
There Should Always Be Consistent Measurement and Evaluation by Businesses
Once a decision has been made, it’s important to recognize that it won’t be the last. Cyber security is an ongoing process, and it’s both your job and the CIO’s job to stay involved at all times. And, once a decision is implemented, the impact of that decision should be consistently monitored, measured, and evaluated for future purpose. This is really to say, can you be certain that your cyber security system has worked, or is it time for a new solution?
Make Sure Your CISO Has a Good Reporting Record
It goes without saying that the Chief Information Securiry Officer (CISO) that your company is working with should have a great track record. The IFS, or Information Security Forum, has reported that many of these CIOs aren’t doing their job when it comes to reporting their findings of KPIs (Key Peformance Indicators) and KRIs (Key Risk Indicators) to their clients. This goes back to a previous point: that decisions need to be made from a business — your business’ — point of view. Of all the things to consider when hiring a CIO, this is a question you don’t want to leave out.
There are many steps to making sure your business is paying the utmost attention to its security situation. Is your CIO helping you be part of the process?