IT Best Practices | Smeester & Associates

Category Archives for IT Best Practices

Five Skills IT People Must Have Before Being Considered for Promotion

In a recent article, Techie to Tech Lead, Peter Gillard-Moss confessed to the five biggest mistakes he made when assuming a lead role from his previous tech role. It’s a great article, written from lessons learned the hard way. As I analyzed the article, I found myself framing his lessons proactively:

What makes a leader effective who has been promoted based on technical competence?

1. Leadership is not about the leader’s competence but the team’s competence.

It feels good to work in the field, to plunge into the familiar, and to bolster one’s ego by producing great product. But leadership is always about someone else and their competence in cooperation with their peers. Leaders aren’t building stars; leaders are bringing stars into alignment. Leaders orchestrate by bringing the pieces together to perform as a whole.

IT leaders experiencing promotion lose sight of this if they focus first on their own reputation, or if they believe they must be the best skilled among the team. Some of sport’s best coaches were nominal players, but they understood the game better than most. In understanding the game, they know how the system best works and how to bring out the best in a player in a team capacity.

In order to be about team, and in order for a leader to keep his or her own ego checked, the measure of success must be stated in terms of team accomplishment and team play, not technical or personal expertise. How do you define success as a leader? Define it in terms of overall objectives, objectives that can only be met by the whole of who you work with.

The moment you assume the mantle of a leader, you redefined success in terms of how you bring out the best in others, and how you multiply your skills to the point that others surpass them. Leaders are not threatened by any one individual’s success, because the leader is measured differently than those they lead. A leader is not evaluated by the same standards as when they were a tech genius. So don’t allow a former standard to drive what you do in a given day.

2. Leaders focus on their strengths but expand their competence.

The Strengths Movement has taught us that to focus on weakness and seek to improve it is counter-productive: Know your strengths and build on them. As true as that is, leadership comes with increased responsibilities, and those are characterized by skills that can be learned. For example, one may not be the most administratively detailed person, but they can still learn the skills of time and project management. One may not lean toward being a people person, but people skills, such as listening, asking questions, and giving proper direction can be acquired.

Think of it this way: If you are being asked to learn something that applies to other areas of your life, it’s a competence you can grow in (being on time and listening improve a lot more than your job). If you are trying to become someone you are not, then you may be seeking to over-reach. For example, if you are strategic (strong in ideas and plans), being asked to be deliberate (focused only on tasks at hand), you will find yourself climbing the wall in order to see the big picture.

As an IT leader experiencing promotion, the critical essential to expanding your competence is to beware of the source. That’s why outside eyes serve you well: People who have history and connections in the areas you are seeking to improve upon can lead you to credible sources so that you are maximizing effort and not wasting time.

3. Leaders guard values and facilitate action.

As a technology expert, your primary responsibility was to get your job done, and if possible, to play nice doing so. Your biggest obstacles were obstacles that got in your way, not necessarily the way of others. As an IT leader who wants to maximize your promotion, you are responsible to make sure that all of your team can get the work done, and so you are aware of all the obstacles that can come into play. You must be proactive more than reactive as before.

Obstacles are either internal to your team or external upon your team. As a leader, you must be aware of what is happening company wide, anticipating how decisions will affect the work of your team, and articulating to others what your team absolutely needs.

As a techie, you could ask, “Who let in the wolf?” As a leader, you look out for the wolves in the first place.

Also, before your promotion, you contributed to the culture. As an IT leader, you shape and defend the culture.

4. Leaders cannot afford to control every aspect of how the work is done; but they must continually move the work toward the right outcome.

Doing things right (as determined by you) now gives way to doing the right thing (as determined for everyone). A leader is still aware of wrong, and is quick to correct; but a leader gives much more allowance to the various right ways of accomplishing tasks and purpose.

5. Leaders are more person-sensitive than product focused.

Before your promotion, your aim was to produce that best product possible. The IT leader builds the best team possible. Part of building people is being aware of all that is in play for them in a given day: life circumstances, distractions, insecurities, personal liabilities. How to identify issues and engage in helpful conversations about those issues are skills to be learned. They are essential skills for those who sit upon the summit of leadership.

Consistent to each of these five realities: Leaders have a broader perspective. You must take far more into account than ever before. More things shift, and leaders live in the paradox that they must be more proactive than ever before, and they must be more agile in being reactive than ever before. Simply, more is at stake: People.

See if IT is about to become a career killer.

Take our 2 minute, anonymous C-level IT Quiz to see where you rate as a steward of your IT people / department:

► Security
► Strategy

► Performance
► Profitability

► Business continuity
► Resources

Go here to take a 2 minute completely anonymous C-level IT Quiz:
https://smeester.com/c-level-it-quiz/

3 Top Responses of C-Level Execs To The Inevitability Of Cyber Crime

Cyber crime costs to the world will double in a six year period ending in 2021.

More reports of attacks give rise to a gnawing sense of inevitability. As leaders in the fight, there is only one strategy that safeguards our companies. Inevitability must promote “Response-ability.”

The Biggest Catalyst to Response-ability is Compliance.

Internal compliance drives adherence to the practices, rules and regulations set forth by internal policies. External compliance follows the laws, regulations and guidelines imposed by governments and agencies.

Compliance requirements are numerous, and the legal team and C-Suite Executives are responsible to determine the scope of compliance. Compliance officers and staff are a growing requirement. Technical, procedural and strategic frameworks must be built to assure your company’s integrity.

Behind the pressures, costs and potential fines that surround your compliance, the public is demanding more of you as the steward of their information. 6 of 10 people would blame you, not the hacker, for lost data. 7 of 10 people said they would boycott a company that appeared negligent in protecting their data.

Here are a few pressing challenges to compliance:

  • Use of Personal Devices

Companies now must have strong policies and technical controls in place, such as mobile device management protocols that exist, and by enforcing device lock passwords and time-based, one-time based passwords. Employees with laptops and devices should be provided security policies and prevention mechanisms, as well as secure access to corporate data.

  • Updates and Patches

IT Managers must ensure that your organization is current with software updates and that they immediately patch known vulnerabilities. Last year alone, the number of third party vulnerabilities doubled.

  • Third Party Vendors

Also last year, 63% of data breaches originated directly or indirectly from third-party vendors. Managing vendor information security and vendor compliance with privacy laws is a major and essential undertaking.

Cyber Insurance is Response-able.

And it’s being responsible in advance of the need. Cyber insurance not only covers legal fees, but typically expenses associated with notifying customers of a data breach, restoring personal identities of customers, recovering compromised data and repairing damaged systems.

Purple is Response-able.

Borrowed from military language, Red Teams exist to attack your cyber-security systems and to expose points of weakness. Blue Teams defend, enforcing the security measures you have in place. The buzz of the day is the Purple Team. The Purple is either a make-up of both Red and Blue teams in which participants form a learning community for the sake of the other, or an outside group brought in to examine the tactics of both teams and make recommendations. Ideally, Red and Blue Teams exist not in competition to the other but as complement, holding the security objectives of the company as the standard of each team’s success.

The greatest detriment to your response-ability is lack of clarity on what you need or don’t need. Outside eyes continue to be the best check and balance for CIO’s. Without third-party, unbiased expertise, you will not possess the confidence you need that the compliance, policies, insurance and Purple evaluations are sufficient and efficient for your situation.

See if IT is about to become a career killer.

Take our 2 minute, anonymous C-level IT Quiz to see where you rate as a steward of your IT people / department:

► Security
► Strategy

► Performance
► Profitability

► Business continuity
► Resources

Go here to take a 2 minute completely anonymous C-level IT Quiz:
https://smeester.com/c-level-it-quiz/

3 Building Blocks That Keep Your Board On Solid Footing And Grateful For You

Board members are becoming increasingly aware of their own accountability and risk in the event of a cybersecurity breach. By 2020, 100% of large companies will be asked by the Board to report on cybersecurity, an increase of 60% in four years.

What boards are not asking for is a lot of detail they will not understand and that will just cloud their ability to make good decisions on your behalf. Instead, I recommend shaping the board around three important mindsets which I treat as building blocks.

Building Block 1: Cybersecurity is about Risk

The risk is no longer just an IT issue, but an enterprise issue with costs and penalties at every level, from company mission and profit, to employment, and to financial and legal consequences.

Risks are proportionate to threats, vulnerabilities and consequences.

Therefore, boards need to be informed about

  • Evolving threats
  • Changes in business needs and their association to new security risks
  • Increasing regulations
  • Policy updates
  • Geographic changes in which services have been moved to outsider or cloud applications

Building Block 2: Cybersecurity is about Risk Mitigation

Mitigation is about reducing the threats, vulnerabilities and consequences your company faces.

And it starts with the Board. Often overlooked is their own vulnerability. The Board is privy to a lot of information, much of it confidential, and much of it being communicated on their own devices. Security measures need to be in place for them that reflect the policies and procedures of the company.

By extension the Board needs to be aware of how training and education is implemented and practiced among all employees.

Building Block 3: Cybersecurity is about Risk Mitigation Strategy

A number of boards are now discussing the value of having a cybersecurity specialist on the board in order to bridge the gap between the board’s lack of knowledge and the increasing expertise they must have in front of them. In the least, they must address who in the company reports to them. Ideally, it is the same person each time. Boards are increasingly aware of the time they must now give to cybersecurity issues in their meetings, and to being able to understand these essentials:

  • Is our budget congruent with our security need?
  • Are we in compliance?
  • Is the Business Continuity Plan and Disaster Recovery Plan in place and what are the results of the tests of it?
  • What risks must we avoid, what risks are we willing to accept, and what risks must we transfer through insurance?
  • Are the right people in the right places?

The CIO that builds these into the working knowledge of the Board will find a Board and CEO ready to build back into them and the IT needs the CIO represents.

Which of these has been most critical in your own work with boards? Tell us below.

Are you a C-level IT CHUMP or CHAMP?

Take our 2 minute, anonymous C-level IT Quiz to see where you rate as a steward of your IT people / department:

► Security
► Strategy

► Performance
► Profitability

► Business continuity
► Resources

Go here to take a 2 minute completely anonymous C-level IT Quiz:
https://smeester.com/c-level-it-quiz/

Six Major IT Functions You Cannot Do Without and Must Perform At Optimal Level

Your body is amazing.

It is comprised of six major systems in which all functions interact with each other. Not one survives without the other. Remove one from your body? You die.

(Just in case you were wondering: Skeletal, Muscular, Nervous, Digestive, Respiratory and Circulatory).

IT management also consists of six major functions that interact with each other. Failure to develop and maintain health in these, and you invite serious dysfunction; weak in one weakens all.

Communication

How does your IT leader communicate with peers and executives?

How do you coordinate when IT cannot make a decision alone?

How does IT partner with senior managers in strategic development and complementary focal points?

How does the Board understand IT issues and what must they know to make appropriate decisions?

People

How do you ensure that you hire, develop and retain the best talent?

How do you manage the gap of knowledge between managers and tech specialists?

How do you navigate leadership of highly smart and variously motivated employees?

How do you know what your talented people can or cannot do?

Cost and Accounting

How do you get the right people in decisions and safeguard what is in the interest of the company and not just a particular department?

What determines value for IT and where to invest for maximum return?

How do you know what projects to invest in and what determines there priority?

Project

When do you know to expand the scope of a project or not?

How will you budget while allowing for uncertainty in project time and cost?

What budget considerations do you make for the need to learn during the course of a project?

What is the chain of communication for when problems arise?

Partner and Services

What is essential in the agreements you structure with outside partners and vendors?

What is the selection process?

How do you know what must stay within the company’s walls and what need not be?

Who will we use for outside eyes?

Infrastructure

How much do you invest in maintenance versus new capabilities, and how do you know when new is needed?

What is your Business Continuity and Disaster Recovery Plan?

How much will you invest in redundancy?

How do you identify emerging threats and opportunities?

How does emerging technology integrate into your strategic plans?

In coming weeks, I will address each of these. But a major takeaway for today is, every company needs to bring in outside eyes to evaluate each of these functions: We don’t ignore our body’s systems, and we don’t ignore our company’s IT systems. The last thing you want is an IT emergency that could have been avoided.

See if IT is about to become a career killer.

Take our 2 minute, anonymous C-level IT Quiz to see where you rate as a steward of your IT people / department:

► Security
► Strategy

► Performance
► Profitability

► Business continuity
► Resources

Go here to take a 2 minute completely anonymous C-level IT Quiz:
https://smeester.com/c-level-it-quiz/

The Dirty Dozen: What every Disaster Recovery Plan must have in place.

Last week, I wrote “Disaster Recovery is about the information or technology systems that support business functions. It is a component of Business Continuity (BC), which plans to keep all aspects of business functioning during disruptive events.” We also learned together the critical need for DR.

But what really needs to be in the plan? Twelve questions begging to be answered:

1. What are the potential interruptions?

The key is to list all the ways in which business function could lose support, prioritize the likeliest, and address each with a plan. Today, cyber-attack is an increasing threat, and should be in the top of your list.

2. What are all the possible impacts?

A Business Impact Analysis (BIA) evaluates financial, safety, legal and public relations effects, and addresses to ensure the maintenance of confidentiality, integrity and availability.

3. Who calls for the DR to be enacted, and who is called when it is enacted?

A DR Plan spells out expectations of the roles and responsibilities for C-Suite Executives and the employee chain in the event of disruption. The chain of communication must be established as to who calls for DR enactment, and then who is called: What employees must come in and how they are to be contacted, with all contact information at hand.

4. Who updates the DR Plan?

Technology change, systems change and application changes, which are frequent, may all affect the effectiveness of the DR Plan. Who communicates the updates? Who adjusts the DR Plan and communicates the changes?

5. How often will you test the DR Plan and run drills?

Data breaches happen. It’s rare that a job will be lost over it, or a company’s reputation hurt over it. The damage is done on how well the company responded to it. Failure to respond properly leads to loss of employment and reputation. The only way to respond professionally is to have an exhaustive plan and to ensure that it works!

6. Who is responsible for hardware and software inventory?

Make sure the vendor technical support, contract and contact information is readily accessible in the event of a disruption.

7. What is your Recovery Point Objective (RPO) and your Recovery Time Objective (RTO)?

RPO is the maximum period in which data might be lost from an IT service. It answers the question, “How much time can we tolerate having to recover or rewrite lost content?” That determines your backup frequency. RTO addresses the target time to recover IT and business activity.

Prioritize plans based on what needs immediate recovery, what is acceptable to be recovered within a business day and what can be recovered within a few days.

8. What is your communication plan?

In the event of a disruption, Who needs to know What by When and by Whom? This also includes a statement prepared that will be accessible on your public platforms, and a plan on how and when customers receive initial communications and updates.

9. Where do you go if you can’t go to the office (or usual place of business)?

The DR Plan should address alternative worksite options, including telecommuting. Employees will need to know how to access systems from the alternative sites, and IT will need to ensure that compliance requirements are being observed.

10. Are all your vendors and contractors prepared to help?

The DR Plan must ensure that Service Level Agreements are in place, addressing how vendors and contractors are to help and the timeliness by which they are committed to respond.

11. Do you have operations and procedures in place to protect and access sensitive information?

12. Who is in Second Chair?

If a key employee is not available during a disruption, who knows what they do in order to perform their responsibilities in a crisis?

I hope you never have to enact your DR Plan. But I am available to make sure you have addressed all the key components for your business, and that you not only have a plan, but that it works and that you know how to use it.

What other questions do you have about DR Plans that I can help you with? Please comment below so that others can learn with you.

See if IT is about to become a career killer.

Take our 2 minute, anonymous C-level IT Quiz to see where you rate as a steward of your IT people / department:

► Security
► Strategy

► Performance
► Profitability

► Business continuity
► Resources

Go here to take a 2 minute completely anonymous C-level IT Quiz:
https://smeester.com/c-level-it-quiz/

5 Qualities of Meetings Geeks Thrive In and Your Company Benefits From

Thomas Sowell said, “People who enjoy meetings should not be in charge of anything.” I laugh, because I get it. Like you, I’ve been the victim of life-sucking meetings. Remember the scene in the original Star Wars movie where the walls are closing in on Solo and Luke, being crushed a near certainty – meetings have been like that. Yet, I disagree with Sowell.

The contrast is given by Patrick Lencioni, “The majority of meetings should be discussion that lead to decisions.” I like progress and goals reached. So do Geeks (I am one).

Over the years, I have found 5 components of meetings that bring out the best in your Geeks.

1. Common Ground and Honor

Cross-functional meetings bring out the best in Geeks for your company. With key areas of a company represented, Geeks are able to get a comprehensive picture of whatis happening in the company and how they affect it. Even more, Geeks are natural problem-solvers, and once they understand what other functions are trying to accomplish, they often bring a perspective no one else has.

2. Solution-Oriented

Geeks often bring a perspective no one else has…

Always open a meeting by clearly stating the problem. This is different than a clearly stated purpose. Old school held meetings with a purpose that might be “for each division to understand what the other is doing.” Though that might comprise a part of the meeting, it is not compelling. A clearly stated problem may be, “How do we reduce cost overruns across the board by increasing efficiency in each department?” That leads to discussion that both inform what departments are doing and will have a technological solution to it.

Once a problem is clearly stated, get to it. Geeks don’t need a lot of preamble.

3. Ride the tangents into “what if” conversations

If we believe that an efficient meeting is free of tangents, we overlook the value of spontaneous creativity. Though tangents still need to be managed, seemingly off-point discussions can lead to valuable input. Geeks, especially, know how to process vast amounts of input and connect dots that are seemingly unrelated.

When you next observe a tangent conversation, watch to see if your Geeks are mentally processing what they are hearing, and feel free to ask them what their thoughts are “on what you are hearing or on the problem we proposed.”

4. Encourage thought-out opinions.

Geeks, especially, know how to process vast amounts of input and connect dots that are seemingly unrelated…

Meetings become lively when a thesis is put forward and challenge is invited. Antithesis leads to synthesis. Geeks value what is right, and mental challenge is the venue in which right applications are discovered and made.

The contrast, of course, is a poorly constructed opinion. “What do you think” is a poor question. “Who has given this some thought” is a better question. Geeks have little tolerance for opinions without basis; too much of their work depends on embarking on the right trail in the first place.

5. Truthful and Impactful

Geeks are truthful and seek to be impactful. Meetings must embody both: Facts and honest insight given; opportunity to make a difference real. Geeks are already used to collaboration. Geeks have tribes, and tribes interact, because each is dependent on the other. If they walk into a cross-functional meeting that isn’t after truth and impact, they will judge the rest of the company to be illusive and want nothing more than to stick within their tribal practices that actually gets things done.

Comedian Dave Barry said, “If you had to identify in one word, the reason the human race has not achieved, and never will achieve, its full potential, that word would be ‘meetings.’”

You have an opportunity to turn that quote on its head: The reason your company will achieve full potential is that you learned how to bring all the part into a whole, meetings being the engine that drives the cohesion.

Are you a C-level IT CHUMP or CHAMP?

Take our 2 minute, anonymous C-level IT Quiz to see where you rate as a steward of your IT people / department:

► Security
► Strategy

► Performance
► Profitability

► Business continuity
► Resources

Go here to take a 2 minute completely anonymous C-level IT Quiz:
https://smeester.com/c-level-it-quiz/

5 Indications You’re On the Verge of an IT Nightmare

The IT team at your company has a very busy job to do, and sometimes, it seems like their work never ends. This is why many companies solicit the help of a CIO, who can work with IT to manage the network and keep an eye on any risk factors. Since there always seems to be a lot of buzz coming from the IT room, it can be difficult for a company leader to determine if there’s a real issue going on, or that’s just a normal day-to-day situation. So, how will you know when the silence or the chatter actually means something?

C-level leaders need to be able to rely on their teams to recognize when the company may be on the verge of an IT nightmare. While it’s not always entirely clear, there are some key signs you can look out for to prepare yourself for what’s coming, and hopefully stop whatever it is in its path.

1) You Seem to Be Left Out of the Conversation

If you used to be copied on all the correspondence going on between your IT team, your CIO, and other employees working with your company, but now your inbox is empty, this could be bad news. While it could just be a glitch in the system (which, isn’t a good thing, either), if your staff has stopped reaching out to you about problems, then the problem may be much bigger.

As a C-level leader, it’s important to be wrapped up in the conversation, even though you may not have time to worry about it. You can’t be responsible for anything if the information isn’t getting to you quickly enough.

2) There’s A Lot of Turnover

All of a sudden, there are people in the office you don’t recognize or vendors on the other end of the phone that you’ve never worked with before. A few employees that you know well have given in their notice and new employees with seemingly less experience have been hired. Hopefully, you’ve been made aware of the changes, but ultimately, too many turnovers can be detrimental to IT. Or, the problems with IT are so severe, that it’s caused people to move onto something different.

There are many reasons why turnovers are indicative of a bigger problem. But, overall, having new employees or contractors join the team constantly, can let a breach inside that much easier. This is especially more likely with the constant onboarding and off boarding of new staff members as it’s difficult to manage so many new network identities.

3) The Alerts Never Stop

Sometimes, there isn’t enough work to do, and other times, it’s like the work never ends. If customers are continuing to call in or email their IT problems and your team can’t keep up, that’s an IT disaster waiting to happen. This doesn’t mean you need to hire more people, but instead, you have to find a solution to these consistent problems that are distracting IT away from what’s critical.

4) There’s a Lack of Innovation

Technology is constantly improving each and every day and IT teams should always be striving to find better solutions to new and old problems. There should be frequent meetings about what IT is currently up to, what new data breaches or Malware cases have been reported, or what changes are being made to streamline processes throughout the company.

At these meetings (or e-mail correspondences) it should be evident that IT and other C-level leaders are constantly searching for new ideas. There should always be new proposals circulating, and if there aren’t, that could mean that there’s a problem somewhere.

5) Auditors are Making Frequent Appearances

If there’s any indication that you’re about to wake up to an IT nightmare, it’s that auditors are showing up at your office, and your compliance check already passed months ago. There’s no reason auditors should be interested in your company unless something is seriously astray. If this is happening, then don’t waste any time; figure out what’s going on, now.

These are just a few indicators that something’s not right in the IT department. If you’re noticing any of these signs, then it’s time to take a closer look at the inner-workings of your company and fix the problems ASAP. If you’re not sure where to start, a CIO can help you rewind, discover the problems, and assign solutions and strategies that will be effective long-term.

Are you a C-level IT CHUMP or CHAMP?

Take our 2 minute, anonymous C-level IT Quiz to see where you rate as a steward of your IT people / department:

► Security
► Strategy

► Performance
► Profitability

► Business continuity
► Resources

Go here to take a 2 minute completely anonymous C-level IT Quiz:
https://smeester.com/c-level-it-quiz/

Can You Trust Someone to “Vouch” for Your Company?

Can you really have faith in everything that’s on the internet? Of course, not. But, that being said, company leaders need to put an awful lot of trust in their employees, the people they’ve hired to manage their network, and the infrastructure and reliability of the network itself. But, if you’re expected to trust so many different factors revolving around your business, while also being told not to be too careful to trust everything else — like WiFi connections or suspicious emails — then how can you navigate your way around all this?

These days, having someone to vouch for you, or having someone vouch for the people you’ll be working with, is one of the oldest, yet most reliable ways to secure your network and your company. Going off of that, it’s equally important to have extra eyes helping to look out for your company at all times.

If the Dark Web does it, so can you?

If you’re familiar with the Dark Web, “trustworthy” wouldn’t necessarily be the first term you would use to describe it. But, believe it or not, sellers on Tor need to be verified for the authenticity of their products as well as themselves as users before being able to complete a transaction. This is done by having current members introduce new members through a system of vouching. Without this, you can’t get onto the site.

So, if the Dark Web relies on some form of vouching in order to be able to trust their users, then surely large companies should be doing something similar. It’s not enough to just have certain cybersecurity protocols in place — although, those are important as well. If you can incorporate a system of vouching along with placing outside eyes wherever you can, then you’ll be protected in ways that machines can’t protect you.

Apply this system to vendors and employees

Of course, companies find ways to vouch for people, too, similar to how it’s done on the Dark Web. When we hire someone, HR usually asks for references, recommendations, and will maybe even do some snooping around on social media to get to know more about this person. The same goes if you’re working with third-party vendors or onboarding and offboarding part-time employees. You need to know who you’re going to be working with. You can go this route, but you can also ask around to see who else has worked with the people you’re planning to work with. These days, it’s very easy to check a person’s or a company’s reputation online, so you can take advantage of this.

Hire someone to look out for you

If your Facebook account gets hacked and your friends find out because they are getting spam messages from you, it’s likely that one of those friends will notify you of this so that you are aware. In a sense, this is a form of informal (and free) cybersecurity. You’re too busy running things at the company to be concerned with staying on top of security, employees, networks, risks, etc. Therefore, hiring managed services to help you keep an eye on things internally and externally can help ensure that nothing fishy comes up.

Down to checks and balances

This idea of vouching further enforces the notion of checks and balances in a company who cares about its cybersecurity. A managed service provider checks the IT team, the IT team checks HR, the company checks the employees, and vigilant, trustworthy employees can keep their eyes out for the company. While a professional certainly helps handle this process at the expert level, it never hurts to rely on people you trust to keep things in balance.

Are you a C-level IT CHUMP or CHAMP?

Take our 2 minute, anonymous C-level IT Quiz to see where you rate as a steward of your IT people / department:

► Security
► Strategy

► Performance
► Profitability

► Business continuity
► Resources

Go here to take a 2 minute completely anonymous C-level IT Quiz:
https://smeester.com/c-level-it-quiz/

5 Reasons to Hire a CIO Before Hiring an IT Team

Whether you’re starting a business from scratch or finally making investments to grow your business, one thing you’re probably thinking about is hiring people to help. Any time you can bring people on board to help you with business tasks, it’s evident that you’re thinking about long-term strategies, and that’s great. But, before you start doing what it seems like everyone else is doing to be successful (in this case, hiring an IT team to help with tasks you don’t know how to do), hold off for just a second. While there’s no doubt that an IT team is instrumental in any company these days, it’s actually much more important to hire a CIO before anything else.

Here’s why:

1) You Should Know What Kind of Talent to Look For

It may seem as though all IT experts can be thrown in the same category. They all went to school for computer engineering, they are all smart in their own way, and most importantly, they seem to know a lot more about information technology than you do. But, the thing is, many business leaders don’t know what they don’t know when it comes to this stuff.

Any IT person possesses a unique skill asset which can either make them a great fit for your company or not at all. A CIO can determine what talent is ideal for your company, so you know what kind of skills and abilities you’re looking for in a person, before making any decisions.

2) You Don’t Want to Spend Money Unnecessarily

Do you need one IT person, or do you need a team? Or, can the jobs you need to be taken care of right now be handled by the CIO? Before you start to spend money on resources that you don’t currently need, let your CIO determine exactly what it is and who it is you should be investing your hard-earned money in.

3) Don’t Leave Out the Need for External Vendors

It’s not just an in-house IT team that needs proper vetting before being hired. It’s also – if not, more – the external vendors you might be working with. There’s a whole process of identity management and onboarding and offboarding that needs to happen in order to protect a company from an unintentional (or sometimes, intentional) data breach of any kind. A CIO can determine what strategies should be in place prior to hiring external vendors.

4) Perhaps Your Network Needs a Change

Just as a CIO would help you hire an IT expert that has the appropriate skill set for your network, they can also determine if you’re using the right technology, software, cloud infrastructure, etc. Before making any employment decisions, it’s a good idea to make sure you don’t need to change anything about your network, first. After all, it would be frustrating for an IT person to get familiar with your system, just to have to learn something else.

5) You Need an Unbiased Assessment Before Deploying Resources

Hiring a CIO before hiring an IT team is like going to your general practitioner before seeing a specialist. While it might seem that going to a specialist straight away would make sense time-wise and financially, there may not be anything you need to worry about in the first place. This can be true of your company, too. Don’t jump to any conclusions and don’t spend money on resources you may not need, whether that be an IT person or a certain piece of technology. Instead, hire a CIO and have them assess your network before hiring or deploying any resources.

But, What If I Already Have an IT Team?

If you’ve already hired an IT team, don’t worry. You don’t need to let anybody go. But, you can and should still hire a CIO to help serve as the liaison between you as the company leader and your IT squad. It’s never too late to have an unbiased expert hop on board and take a look at everything. This way, there can be a system of checks and balances to ensure your business is being run as efficiently as possible, while every team member truly feels as though his or her role is vital in the success of the company.

That being said, if possible, reaching out to a knowledgeable CIO should be the first step, not the last. A CIO can help manage your network in a way that nobody else can. And, not just in terms of hiring decisions, but security, backup, disaster recovery, and everything in between.

Are you a C-level IT CHUMP or CHAMP?

Take our 2 minute, anonymous C-level IT Quiz to see where you rate as a steward of your IT people / department:

► Security
► Strategy

► Performance
► Profitability

► Business continuity
► Resources

Go here to take a 2 minute completely anonymous C-level IT Quiz:
https://smeester.com/c-level-it-quiz/

Why Healthcare Industries Are Seeing More Data Breaches

No company is immune to a data breach. These days, no matter what industry a company falls under, there is always the risk of something happening. If companies aren’t taking the proper measures to manage their networks, a data breach can really set a company back, if not taking it off the market completely. Because of this, more and more companies have realized the importance of investing in an outsourced CIO to help prevent problems from occurring. Why, is it then, that we are seeing continuous data breaches in the healthcare industry, and why are the problems not being solved?

Well, it’s not so simple, and there may be several reasons as to why the healthcare industry is experiencing more data breaches than ever before.

Data Breach Statistics

In order to really understand how data breaches are impacting the healthcare industry, one would need to look at the actual numbers. According to the annual HIMMS Cybersecurity Survey, 75% of the 239 healthcare respondents surveyed reported that their organization experienced a “significant security incident in the past 12 months.” What’s interesting is that 96% of those respondents said that the organizations were able to identify the threat actor. But, as more than half of these respondents reported that their organization has a clearly defined budget that is allocated to cybersecurity and are seemingly on top of their network, it makes people wonder why these data breaches are continuing to happen at such high rates.

Healthcare Industry as a Target

Despite the fact HIPAA laws are in place to protect patients and healthcare employees, it’s been proven that there’s only so much that can be done in order to protect hospitals and doctors’ offices against data breaches. Hackers may have certain inclinations in mind when it comes to installing Ransomware or Malware on a medical facility’s network, and you can’t really blame them. Because a patient’s data is so sensitive, and because almost all records are now kept digitally, these hackers have a lot of leverage when it comes to getting what they want. If hospitals don’t have a way of backing up this information, or they are afraid of it getting into the wrong hands (one of the biggest concerns), they will certainly feel the pressure to pay up.

Of course, as we know, it’s not only hackers that are to blame for data breaches. According to this HIMMS Cybersecurity Survey, 20% of the respondents said the attack came from a negligent insider.

The Problem

So, what’s the deal? If healthcare industries know that they are a target, and they know that healthcare data breaches are one of the main threats we are seeing today among relevant industries, then what’s going wrong? Why can’t something change in order to put a stop to all of this?

Well, according to HealthIT Security, the problem is that there isn’t a standard cybersecurity framework that’s being utilized across the board. When these healthcare industries aren’t on the same page regarding this issue, then it makes sense that more breaches continue to occur.

How to Protect Healthcare Industries

Unfortunately, just talking about what needs to be done isn’t going to help the thousands of healthcare facilities that are experiencing data breaches this year or even this month, especially when many hospitals, insurance companies, and doctor’s offices are still each using their own software and computer systems.

At this moment, healthcare companies should be doing everything in their power to keep their own network secure. While one way to do this is, of course, by implementing a solid network management plan, the absolute best way to go about this is through hiring an outsourced CIO. This will not only help to prevent data breaches coming from the outside, but it can also help stop data breaches that happen internally. Additionally, a CIO can help implement a reliable backup and disaster recovery system to protect the patients’ information as well as protect the medical facility from risk.

Are you a C-level IT CHUMP or CHAMP?

Take our 2 minute, anonymous C-level IT Quiz to see where you rate as a steward of your IT people / department:

► Security
► Strategy

► Performance
► Profitability

► Business continuity
► Resources

Go here to take a 2 minute completely anonymous C-level IT Quiz:
https://smeester.com/c-level-it-quiz/

 

1 2 3 8