How Valuable a Target is My Company to Cybercriminals?

By  Bryce Austin

Cybersecurity breaches are frequent, frustrating and becoming more massive with each new headline. The worst data breach in healthcare history was the Anthem breach of February 2015. More than 78.8 million records were stolen by a foreign government that does not have strong diplomatic relations with the USA. Those records included the names, birth dates, Social Security numbers, and home addresses of the individuals that ever did business with Anthem—or even applied for a policy. The more recent Equifax breach has dwarfed that number, with 145.5 million people impacted.

Some companies know they are in the crosshairs of the best cybercriminals in the world.

  • Do you have a database of HIPAA data that would be valuable on the black market?
  • Do you process over one million credit card transactions per year?
  • Are you in the payroll or money-transfer business?
  • Are you developing a technology that foreign governments would be interested in?
  • Are you in a business that a hacktivist group or Nation State may find ethically questionable?

If you can answer yes to any of the above questions, congratulations, you are in the highest-risk group. Most companies are not in the highest-risk category. The remaining companies fall into three large groups, including those that have:

  • A significant regulatory environment to operate within (healthcare, banking, insurance, etc.).
  • Data that others could monetize (trade secrets, credit card numbers, Personally Identifiable Information (PII), data on publicly traded companies that has not yet been made public, etc.).
  • Data that is important and necessary for the company to operate.

Before the proliferation of ransomware, the third category would not have been included. Many in the cybersecurity field used to lambast salespeople selling cybersecurity tools that said, “Everyone is a target.” The problem is that cyber criminals have figured out an important new angle to their business model: companies that don’t have information that is valuable on the black market still have information that’s valuable to the company itself. The bad guys are finding a way into a company, encrypting as much data as possible, and then extorting money from you to get your own data back.

In today’s world, everyone is a target. From hospitals that need their Enterprise Resource Planning (ERP) system to treat patients, to accounting firms needing tax engine software to process their clients’ tax returns, every company wants to prevent business disruptions. Ransomware attacks are designed to disrupt your company’s ability to do business until you pay up.

That begs a common question, “How can I assess my actual cybersecurity risk?” The truth is that you can’t. This is similar to assessing your risk of contracting a certain disease or of having a tornado damage your home. These things happen infrequently, and as such, it’s impossible to say that a given company will experience a cybersecurity incident of X dollars in total damage every Y years. A better plan of attack is the following:Regardless of size, reach, and financial level, your company is a target for cybercrime. Click To Tweet

  1. Accept that your company is a target of cybercriminals that would hope to profit from your success, either by stealing your valuable information, or by encrypting your valuable information and ransoming it back to you.
  2. Assess your relative risk. The areas to take into account include company size, your industry, the number of countries you do business in (especially those known to support government-sponsored hacking), and the strength of your cybersecurity defenses.
  3. Assess your own risk tolerance, assess the potential damage to your company that a hacker could inflict, and assess what cybersecurity countermeasures you currently have employed. If you employ strong countermeasures, your risk will be far lower than many of your competitors, even if putting an actual number on it is challenging.

One of the best ways to quantify your cybersecurity risk is to get quotes for cybersecurity insurance. For example, if your building’s fire insurance policy costs 10,000 dollars per year for 1 million dollars  in coverage, then the insurance company thinks you will have a large claim on that policy less than once every 100 years. Otherwise they would lose money selling you the policy. In fact, they are probably guessing that you will have a large fire once every 500 years so that they make a good profit on the policy. If it costs 250,000 dollars for the same coverage, your risk of having a fire is much higher than that. The cost of a cybersecurity insurance policy will help you determine the relative risk of a cyber incident in comparison to another type of business incident, such as a building issue (fire/flood), an operational issue (the loss of a key executive in your company), or a liability issue of some sort.

It’s imperative to realize that regardless of size, reach, and financial level, your company is a target for cybercrime. All that really matters is if a criminal feels there is a good return to be had on their investment of time and money. If your defenses are poor, then their effort level is low. If you have strong defenses, then the return must be high for the adversary to expend significant effort to breach your systems. Many attacks are non-specific. They search for a particular vulnerability across many companies and report back success. If you are found to be vulnerable, you will probably be attacked. Criminals will try to monetize their efforts in many ways. Your data is valuable to you, and they can monetize this via ransomware.

Thankfully, ransomware and the cyber criminals who use it can be stopped. They are looking for easy targets. All companies are susceptible, but with the right cybersecurity defenses, such as multi-factor authentication, a strong antivirus package, and a solid data backup routine, cybercriminals will deem your company too much effort to hack. This is your opportunity to make cybersecurity a competitive advantage for your company!

Bryce Austin is the CEO of TCE Strategy, an internationally-recognized speaker on emerging technology and cybersecurity issues, and author of Secure Enough? 20 Questions on Cybersecurity for Business Owners and Executives. With over ten years of experience as a Chief Information Officer and Chief Information Security Officer, Bryce actively advises companies across a wide variety of industries on effective methods to mitigate cyber threats. For more information on Bryce Austin, please visit www.BryceAustin.com.

Maintaining Business Stability Amid Political Turbulence

By Jeff Bush

Have there been times during your career where you felt like you lost focus in your business? Outside influences may have affected the course you had set, tossing your business plan into a turbulent storm of chaos. Perhaps these powers emanating from Washington D.C. left you scratching your head as to directional control of your business. You may have been elated during a recent election, or perhaps dismayed.

Tax reform, healthcare, immigration, and trade are all major issues as the new administration tries to find its governing legs. These pending shifts in policy can cause headaches for business owners.

Many employees, customers, and suppliers look to their manager as that grey-haired, seasoned hand at the controls, steady as she goes leader to guide them safely through the unsettled air. What happens when all you see around you are ominous clouds of change with no clear path to predictability? Uncertainty is where many leaders have been flying at one point or another. Optimistic they are heading towards a destination, but not seeing the safest route to follow.

Envision yourself as a pilot, navigating your plane through some particularly rough weather. You’re at 10,000 feet, making moment-to-moment decisions. You’re maintaining all of the proper protocols, minding all of the necessary instrumentation—when suddenly your panel lights up like a Christmas tree and gauges start fluttering wildly. Alerts begin to chirp throughout the cabin. There’s a problem—and it’s up to you to rectify it, or mitigate the issue as best you can to ensure a safe landing. It is your preparation, experience, and trust in your training that will see you through. Click To Tweet

After some clear-headed evaluation under pressure—and following what you’ve been taught—you identify the source of the problem and make the educated decision to continue your flight until its final destination. You land safely, a bit shaken but relieved that proper training allowed you to make the right decisions to ensure the safety of those aboard.

Leading a business through a turbulent political climate can feel a bit like a pilot making snap decisions when the norms go awry. It’s important to know that there will be confusion and challenges, and it is your preparation, experience, and trust in your training that will see you through. These four action steps can keep your company flying high and stable when the political winds begin to shift.

1. In your businesses, you have to do the most important things first and keep doing them while dealing with problems that will inevitably arise. So what are your business’s core elements for success? Can your employees list them? Many business owners or leaders would report that “customer service” is one of their core elements. But what are the three most impactful drivers of excellent customer service unique to your business? Ask yourself, and your team, to excel at those three things. If you don’t know what your essential elements of success are, you better figure them out quickly. The turbulent times start when clients go looking.

2. Not unlike identifying where you are going to execute an off-airport landing, you need to have an honest discussion with yourself about the situation and your capabilities. In the context of business, you need to be honest with yourself about what you’re struggling with and find a better way of getting the job done. Perhaps in your business, it means outsourcing HR to an employment agency, switching suppliers or firing a problem client. But be honest with yourself about the weaknesses in your operation and commit to addressing them.

3. Are you communicating with everyone vital in your business success, from customers to suppliers, vendors, and financial advisors? Do you have a communication plan for each of these critical constituents and who owns that plan? To whom is the plan owner accountable?

Sit down with a blank piece of paper. Draw a circle in the middle and, inside the circle, write the name of your business. Take ten minutes of uninterrupted time to write down all the key connections/relationships you need to maintain your business’s success. Next, write down who in your organization should own that relationship. Meet with those persons and be clear as to the importance of that responsibility.

4. Finally: work the problems. How many times have you seen people work hard without ever really taking on the core issue? You are the pilot of your business. It is up to you to take control and keep your team focused. Many companies have vast institutional knowledge within the organization. Trust that experience to solve the problems. If they know what’s core to your business success, they will likely solve the problem with little input needed from you.

Good times are just that, easy. It’s the challenging times where you need to expand your confidence and wisdom. Confidence and wisdom that you will need as we receive additional details on the political issues that impact every business, such as tax reform, healthcare options, or any changes in US trade policy. The business climate may be turbulent, but if you follow your training, trust your experience and decision-making ability, your steady hand at the helm can guide your team through the most adverse landscapes.

 Jeff Bush, Wall’s Street Washington Insider, is a dynamic and insightful speaker on tax and fiscal topics, and the author of American Cornerstones: History’s Insights on Today’s Issues. A 28-year veteran of the financial industry, Jeff works with executive teams, business owners, and high income individuals to proactively prepare their organizations to succeed in an ever evolving-market place. For more information on Jeff Bush, please visit www.JeffBush.net.

Enduring Enterprises

Eight Essential Strategies for Achieving Business Longevity

By Jill Johnson

Everyone who starts or leads a business dreams of passing it along to the next generation. But few are successful in making it happen. Every year, countless businesses and organizations fail. Excuses are made and fingers are pointed. Long-term success takes more than hard work and a little luck. Leaders and entrepreneurs who achieve exceptional business longevity share seven business practices that move them to long-term success. They think differently. They operate differently. And they lead differently

1) Engage in Ongoing Planning with a Realistic Vision: Successful executives and entrepreneurs prepare for success on an ongoing basis, not just when they are in start-up mode. They move beyond their initial business plan to augment their success by leveraging new opportunities and seeking ideas to enhance operations and profitability. They are disciplined in writing down their plans, reviewing them and sharing with their key employees and advisors. They know on-going planning keeps them focused and moving forward. These leaders continually, and formally evaluate, what is working and what needs changing. Lasting business leaders also match their vision to their abilities. Click To Tweet

2) Establish a Realistic Vision for the Future: Lasting business leaders also match their vision to their abilities. They leverage one success into another rather than rapidly making huge leaps beyond their capabilities. Those who don’t have a realistic vision risk everything because they reach too high before their cash, talent or operational capability is ready for higher levels of success. Enduring leaders actively and effectively manage their transitions and hire sophisticated talent to match their future needs. Their success is sustainable because they build it on a viable foundation that is based in reality not on wishful thinking.

3) Use Disciplined Approaches to Developing Leadership and Executive Skills: Leaders who operate enduring enterprises understand experience is critical; not just with the operational or technical expertise, but also with the ability to lead, manage and weather the daily challenges of not having someone tell you what to do. These leaders understand they need to continue cultivating their ability to manage and create strategies. Those with enduring success continue developing and enhancing their skills to build their business arsenal. They read. They hire the consulting and professional talent they need to augment their internal expertise.

4) Implement Sound Fiscal Management: Fiscal discipline is fundamental to long-term business or enterprise success. Yet few leaders have the self-discipline to manage their cash flow for the inevitable peaks and valleys. They respond to immediate pressures and spend money they don’t have. Too many leaders spend money on the flash and glitz trying to impress people. They never prepare for the future because they’re focused on living in the moment. Some make ill-advised decisions that create financial crises rather than making prudent commitments they can realistically handle. Successful leaders of enduring enterprises focus on building real net worth by being masters at financial discipline and tightly controlling what they spend.

5) Adapt to Changing Circumstances: Markets change and technology advances. Those who are successful over the long-term understand and adapt to change. They invest in people and technology to enhance productivity. They stay on top of competitors and respond as necessary. By continually adapting, they are able to leverage the evolving trends that are fundamentally transforming their industries. Enduring leaders create enterprises that last well beyond their tenure, always looking ahead to identify tools, resources, ideas and technology that can enhance their organizational success.

6) Build Substance into the Enterprise: Businesses and organizations have come and gone over the decades. Some succeeded brilliantly, but most failed to meet the expectations hyped by their founders and owners. The primary reason is lack of substance to the enterprise; most of what was promoted was smoke and mirrors. Sustainable enterprises have substance. They deliver on their promises. Clients, vendors and employees can count on them. These enterprises demonstrate a consistency of product and service quality that can be trusted over time. An on-going reputation for dependability is often a real predictor of long-term enterprise success.

7) Control Growth: Those who survive long-term carefully and deliberately manage the size and growth of their enterprises. Those who focus on growth ensure they have adequate finances, equipment and staff to meet their evolving needs. Those who maintain a smaller size often find they can better manage the stability of their overhead and fixed costs. Maintenance-oriented enterprises may even make more money and have less stress than their growth-oriented peers. Both growth and maintenance oriented leaders who succeed over the long-term effectively manage their appetite for risk and keep business scope within their comfort zone. They maintain leadership enthusiasm through controlled growth or by achieving sustained financial success.

8) Maintain Motivation: Staying motivated is tough in any enterprise after the euphoria of taking over or starting up dies down. Once the day-to-day activities begin to become routine, most people lose their enthusiasm. Even harder is dealing with the real stresses of leadership. Boredom is often a leader’s worst enemy. Leaders of enduring enterprises motivate themselves and their employees by continuing to look for new opportunities to better meet client needs. This provides at atmosphere of innovation and ongoing success measured in revenues, customer satisfaction and employee retention.

Final Thoughts: Leaders who enjoy enduring business success have learned to constantly adapt and evolve. They respond to continuing competitive pressures by finding ways to meet evolving client needs. The secret to long-term sustainable success is doing things with discipline and excellence. Leaders of enduring enterprises both big and small do more than just dream of success. They make their success a reality by taking the actions necessary to achieve it. And make it last.

Are you ready to become a leader of an enduring enterprise? If so, what is the first strategy you need to begin to implement?

Jill Johnson is the President and Founder of Johnson Consulting services, a highly accomplished speaker, an award-winning management consultant, and author of the forthcoming Bold Questions series. Jill helps her clients make critical business decisions and develop market-based strategic plans for turnarounds or growth. Her consulting work has impacted nearly $4 billion worth of decisions. She has a proven track record of dealing with complex business issues and getting results. For more information on Jill Johnson, please visit www.jcs-usa.com

Protect Your Company From Bad Employees

By Mike Campion

How much of a negative impact can the bad apples in your organization have? Are having no bad employees a realistic goal? First things first: What is a bad employee?

  • Is it just someone who is bad at their job?
  • Takes too much time off?
  • Has a penchant for punching other employees?

While none of those are ideal, they all focus on actions and results instead of the root cause.

Instead of trying to create a comprehensive list of “do’s and don’ts” for your employees to ignore, start at the foundation: Your Core Values.

A bad employee is anyone who does not love and live your company’s core values.

Discovering your core values is an action in—and—of itself, but when you have a set of “rules” to run your company with, you will find that the people who line up with those rules, don’t tend to violate the “dos and don’ts” of your company.

Luckily, you have the keys to the happy employee kingdom. Get ready to discover the three steps to protect your organization from the wrong employees:  Hire for attitude, train for skill. Click To Tweet

Step 1—Stop Bad Employees From Showing Up: Pre-framing is extremely important when weeding out potential problem employees. How an employee is first exposed to your company is key. Consider the following two examples:

  1. A current employee tells his friend, a prospective employee, “You should apply at my job; the place is so disorganized, we could get away with anything.”
  2. A prospective employee comes across your website and thinks, “These are my people! I love what they are all about, I wonder if they are hiring…”

When you feature enough of your core values on your website, in your hiring ads, phone systems and your current employees become evangelists for your mission, you position your company as the right place for the right employee. Whenever, however a prospective employee becomes aware of your company they feel like they have finally found their tribe. This alone will dramatically increase the quality of your applicant pool. Which brings us to…

Step 2—Stop the Wrong Employees From Getting In: Once you have laid the foundation in step one, the job of keeping bad employees from infiltrating your organization is half done. All you have to do is make sure that your company is actually living and breathing the core values that brought prospective employees to you in the first place.

So many employers focus on job history and/or technical ability. Both offer good insight, but are only relevant with employees who have the same core beliefs as you do. Hire for attitude, train for skill.

If your company is passionate about outstanding customer service, it is eminently possible to teach an employee how to serve a customer. It is a fool’s errand to teach him to be enthusiastic about customer service. Your life and profitability will improve exponentially when you are in the business of stoking your employees’ passions and values. You are not in the business of convincing people to do something they don’t want to do or believe something they don’t want to believe.

Craft your interview process around the values that attracted your prospective employees. Once that is a match, job history and ability to do the job at-hand come into play. An unintended consequence of passionately living your organization’s core values is an extremely attractive community. This can make employees that aren’t a good fit work even harder to get in, even when your pre-framing and interview process is core valuesbased. Time for the big guns…

Step 3—Get ‘Em Out: Creating a core valuesdriven culture not only naturally repels the wrong employees; it strongly attracts the right employees. They feel “at home,” like they have finally found something special. They don’t want to leave. They stay longer, work harder and enjoy their jobs more.

The flip side is that people who are not a core value fit feel out of place. They don’t fit in. They don’t understand why everyone acts so differently. They discover that the amazing community that attracted them to your company isn’t for them. More often than not, they wander off into the night on their own free will.

When you do have someone that doesn’t get the memo, and needs a little help recognizing they aren’t a fit, you will weed them out by systematic recognition and application of your core values. Examples of core values being either applied properly or ignored or mishandled are common topics. Decision making conversations regularly start and end with your core values.

Those who don’t “get” your values will stick out like a sore thumb. When you see that is the case, have a conversation. Refer back to your hiring process. Verify they share your company’s values. If they do, their behavior will follow and all is well. If they don’t, it’s time to help them transition into a company that is a better fit.

It can sound like an overwhelming prospect, but integrating your core values into your company is like pushing a flywheel. It takes a lot of energy at the beginning, but when it gets spinning, it creates a tremendous amount of power on its own. Not only will keeping bad employees out of your company help your bottom lineit will make your life and your employees lives far better.

Mike Campion is a celebrated speaker, entrepreneur and author of I’m a Freaking Genius, Why is This Business So Hard?. A small business expert, Mike has built several multi-million dollar businesses, the most recent achieving $4.3 million in sales in the first 18 months. As the host of the “Conversations with a Genius” podcast, Mike imparts his business wisdom on his listeners. For more information about bringing in Mike Campion for your next event, please visit www.mikecampion.com.

Save

It’s 3 AM – Do You Know Where Your Data Is?

By Peter DeHaan

Author Peter DeHaanIt doesn’t matter what type of company you run, your operation amasses a great deal of valuable data. You have a treasure trove of customer information, including phone numbers, mailing addresses, email addresses, billing histories, demographic profiles, social security numbers, bank account numbers, and credit card numbers. You purchased some of this data, while you garnered the rest over time, using meticulous recording keeping.

Even the smallest of businesses possess an extraordinary amount of priceless information, while larger organizations store millions or billions of data points — all nicely organized, painstakingly verified, carefully stored, and dutifully backed up.

You have all that information, but what are you doing with it? No, I’m not talking about harnessing metadata to produce a competitive advantage or turning raw information into a core distinctive (think of how Google astutely exploits the vast minutia of data they have accumulated). I’m sure you know you must do these things and are diligently working on them. What I am referring to is protecting your immense information stash from the nefarious reach of notorious hackers, cyberspace’s criminal elite — hard to catch and harder still to prosecute.

With the theft of personal information steadily increasing — due to an insatiable demand and relatively low risk — there is a greater likelihood your business could soon be a victim. So I will implore you to protect one of your organization’s most valuable assets.

First, you need someone with the knowledge and experience to be in charge of securing your computers, network, intranet, and Internet access points.

Then, give them the resources needed to do the job. I’m not suggesting you provide an unlimited budget or give them a blank check, but when they say it will cost X dollars to do the job, don’t provide half that amount and expect full results. If you cut the funds, some items will remain insecure or be only partially secure. That would be akin to locking the doors of your office, but leaving the windows open — or installing a building security system, but never connecting it to the monitoring station. Don’t handcuff the crime stoppers.

Next, know that many security breaches are inside jobs. Yes, I realize you carefully screen new hires and trust your employees to not steal from you. I’d be disappointed if you didn’t hold your staff in high esteem. However, the reality is that many cases of data theft involve an insider, be it complicit or innocently duped.

To address the people side of the equation, you need your human resources department involved, along with IT and your security officer. Together they can put safeguards in place to restrict access, limit the scope of information available, and provide an electronic log of activity. Additionally provide training on what information staff can give out and under what conditions.

Your data — and your company’s future — is on the line. Make sure it’s a secure one.

Peter DeHaan is a magazine publisher by day and a writer by night. Visit www.peterdehaan.com to receive his newsletter, read his blog, or connect on social media.

Save

Save