Comment

Sound Business Practices + Cybersecurity = Company Bliss

These two measures are at the heartbeat of any organization. You’ve worked hard to grow your business and keep it profitable. Something is missing. That something is cybersecurity in which every employee is aware and involved. Having the right cybersecurity talent, processes and procedures in place before your business goes off the rails is vital to ensure everything you spent the last several years building up, doesn’t crumble before your eyes.

If you know how to recover from cybersecurity attacks and you’re sure you can recover all of your data and pick where you left off before the attack, and your employees are trained, then no need to read any further! Reality is there are so many ways of an attack that no one is an expert in recovering. Even the best preparation for an attack may be challenged, but experts will tell you the best-known preparation is prevention and avoidance. An attack could result in a very daunting and tireless effort with unknown results. According to the National Cyber Security Alliance, 60% of small and midsized businesses that are hacked go out of business within 6 months.

Let’s take an in-depth look at both and how they intersect.

 

First: Start with Your Business Processes

At the heart of every business, there are things you must do to bring in revenue. You put in place procedures for two reasons: Accountability and Scalability. Focusing exclusively on growth (i.e., sales targets, opening in new markets) can be difficult without a clearly defined plan.

It’s important to take a holistic approach to avoid cybersecurity vulnerabilities. Map out every process and look for weaknesses, especially where sensitive data can be exposed if it falls into the wrong hands.

This audit requires the following:

  • Document when each activity starts and ends

  • What the outcomes are

  • When and who makes the decisions

Ideally, this process will identify areas where things are either paper or process intensive. However, before you automate or streamline anything, you must define the cybersecurity risks.

Second: Inventory BYODs and Beware of Shadow IT

Employees are putting increasing pressure on their employers to allow them to use their own devices when accessing company applications and data. In areas where the CIO or department haven’t approved BYODs, it may be happening despite mandates that state otherwise. Shadow IT is the use of devices, software, and applications without explicit IT department approval. It has grown exponentially in recent years with the adoption of the cloud. From these devices, some data breaches have occurred.

Third: Implement a Good Cybersecurity Strategy

According to Hiscox, a cybersecurity insurance company, roughly 47% of U.S. small businesses had at least one cyber attack last year, and 44% had two to four attacks.

To prevent one from happening to your organization, we recommend the following:

  1. Make sure all software, antivirus software, and firewalls are up to date. Outdated software, including and especially Windows 7 (no longer supported January 2020), will leave the door wide open for data vulnerabilities.

  2. Establish a password policy. Strong passwords that are at least ten characters long with upper and lower case, special characters and numbers, are the best.

  3. Train employees about phishing scams. Don’t do this once – it must be an ongoing process as hackers find new ways to clickbait your staff.

  4. Hire an outside firm to: Hacking needs to be performed from the outside by security experts to be sure no vulnerabilities are present in hardware, software, and policies. Don’t leave your business in the hands of “I would have never thought of that”. A hacker lives and breathes hacking – you don’t.

    1. Complete a vulnerability assessment. This assessment should include all threats in the cloud, with mobile devices, and your data.

    2. Conduct ongoing employee training. It must include BYOD policies, password guidelines, phishing and consequences of violating policies.

  5. Remember, cybersecurity isn’t one and done.
    Consider hiring one or more contract consultants to keep up on assessments, audits, testing, and regulations. This person can be onsite as a contract employee or manage your account as part of our managed services offering.

EIS can provide you with the proper technology solutions, recommend colleagues that can write your policies, and map out plans for continuous improvement.

 

Conclusion

Business process and cybersecurity go hand-in-hand. Understand your processes first, make sure you have a clear path to automation, and use policies, procedures and outside help to ensure your data is secure.  

 

Exodus Integrity Services Has An Unique Advantage

Our IT Consulting Team  is well versed in IT infrastructure, software development, and cybersecurity at the forefront of industry trends and state/federal regulations.

Contact us today to speak with one of our experienced IT consultants. ConsultEIS@gotoeis.com

 

Comment

Comment

How to predict the lifespan of a company in one simple measure

By Dave West February 14, 2017 Business 

In his book “Creative Destruction”, Richard N. Foster revealed that the rate that companies fall off of the S&P 500 – the 500 most valuable companies traded on the U.S. stock market – is accelerating. In 1958, the lifespan for a company on the list was roughly 61 years. Today, the average is just 18 years. At this rate, 75 per cent of the S&P 500 will be replaced by 2027. The reasons behind this shift are many, but in recent years, the advent of the Internet and cloud has reshaped how, when and where we do business. In the current economy, businesses and investors alike are all asking themselves what determines the healthy lifespan of a company? In an age of unicorns, where are the cockroaches that will outlast them all? 

There’s one key measure that may help predict whether or not a company will have staying power and it has nothing to do with revenue, acquisitions or celebrity endorsements. In fact, you need only look back to the story of Thomas Edison, who – in addition to inventing one of the most remarkable innovations in human history – famously failed “10,000 times”. In the face of failure, Edison never stopped innovating, again and again. This is the special sauce to success: speed and frequency of innovation delivery to market. 

Research from Forrester has found that more than one third of banks and insurance companies surveyed delivered new software releases quarterly or less. For an 18 -year old company – assuming that software is part of their innovation – that would equal about 72 releases over the organisations lifetime, as most companies release on a quarterly basis. That sounds like a lot, but for a startup today, that means they have between 10 and 72 times to get it right.

Driven to innovate

Lean startups have removed perfection from their criteria for release. These small organisations are driven to innovate in order to stay alive, but often fall into technological debt as a result. Older, more established businesses less reliant on innovation aren’t in a position to take the chance of imperfection, so they stagger releases, leaving time for trial-and-error before going to market, which typically means three-to-four months between deliveries. This old-guard delivery may have worked in the past, but in today’s world of continuously cloud delivery, that just won’t cut it.

This is where an agile approach to technology innovation can help to speed organisations from idea to delivery. Scrum is an agile approach to software development and delivery that is particularly effective at creating a culture of constant delivery by completing work in regular sprints that focus on clear business outcomes. Each sprint provides a way for the business to inspect and adapt to outcomes, throwing out the bad and concentrating on the good. Some of the most successful companies push innovation delivery regularly – just look at the frequency of app updates to Uber, Facebook and Instagram. 

Not all businesses that employ this approach deal exclusively with software. Capital One is a great example of a business that applied an agile framework to its business operations. In 2011, the company began rolling out agile development, accounting for about one per cent of software.  

Today, agile delivers approximately 85 per cent of software at a rate of roughly 400 product releases per month, with 95 per cent of products meeting expectations on the first release. By opening lines of communication between business partners and development teams, the company makes delivery a business goal, rather than keeping it in an IT silo. Another financial organisation who has made agile their main approach to innovation is BBVA Compass, which is committed to the agile approach and has gone so far as to move many of its developers into a startup incubator and plans to open its programs up to startups to further foster innovation. 

Secret ingredient to disruption

It’s not just the financial industry that benefits from an agile approach – Spotify is a poster child for agile, having originally employed Scrum and then, as the company grew, actually developed their own methodology for agile, which they continue to use today. Agile in the big leagues include the likes of Uber and Airbnb, multi-billion dollar companies that retained the speed, responsiveness and flexibility associated with lean startups. Beyond the on-demand economy, less assuming companies that utilise an agile approach include John Deere, which simultaneously moved 800 software developers into an agile development process in 2011 and saw measurable results including a 42 per cent reduction in time to field issue resolution and faster time to market.  

Agile is also a main ingredient in the secret sauce of disruptors. SpaceX is completely reshaping the space travel industry, with its high rate of software deployment via Continuous Integration and agile approach, where historically innovation has moved at a snail’s pace. From a strictly software perspective, Atlassian has embraced agile to the point of creating an agile resource for customers on the basis of the framework, so that they too can embrace an agile approach that fosters innovation and speeds delivery. 

If you’re curious what happens to companies who fail to adopt this framework, consider the cautionary tale of Circuit City. Once beloved for all things personally electronic, the company was blown out of the water by agile-loving Best Buy. With dedicated “geeks” around the store to help with product-specific inquires and a robust, easy-to-navigate ecommerce site, customers were able to choose whether or not to interact with a salesperson, unlike the Circuit City counter-purchase approach. What Best Buy did was apply agile to the retail store ecosystem which not only improved the speed and quality of customer service, but has allowed the company to remain flexible in the rapidly changing demands of customers. Today, a similar saga is playing out at the Sports Authority, which is struggling to remain relevant in a retail market now dominated by online sales.  

If any of these examples should stand for anything, it should be that speed does not mean the abandonment of quality but that speed via an agile approach has proven to drive innovation for companies new and established alike, who will enjoy a long and fruitful lifespan as long as they continue to innovate at the pace of market demand. For those who resist the agile approach, take comfort in the words of Edison: “I have not failed 10,000 times. I’ve successfully found 10,000 ways that will not work.” 

Dave West, product owner, CEO, Scrum.org
Image Credit: rawpixel.com

 

Comment

Comment

Exciting News!

We have some great new things going on at EIS. Stay tuned for our new blog posts coming soon! Great content on its’ way.

Comment