C-Suite Network™

Menu

Month: October 2017

Categories
Marketing Personal Development Technology

Are You Missing the Third Kind of Search Marketing?

Most marketing teams know about Search Engine Optimization (SEO) and Pay-Per-Click (PPC). You have teams devoted to getting searchers to your site from Google and other search engines. But what happens after they get there? Do you focus just as strongly at getting them to convert? Do you focus on the third kind of search marketing–site search?

Site search–that box in the upper corner of your website–finds pages on your own site. It’s a critical way to convert those searchers who find your site into customers. Here’s why–the folks who search on your site are your most qualified visitors. Think about it. If you land on a website and don’t find what you are looking for, you probably bounce back to Google and search again. But what if you really want to buy from that company? What if you really think that company has what you are looking for? You stick around and perform a site search.

That’s why reports show that site searchers have conversion rates anywhere between 43% and 600% more than other site visitors. So, the question becomes, “What would they find with your site search?” Would they find their answer? If you’ve been ignoring site search, probably not.

If you’re spending precious resources on attracting searchers to your site because you know your customers use search, why would you ignore site search once they get to your site? But most companies do.

Get ahead of your competition by focusing on the third kind of search marketing, site search. Instead of just attracting searchers to your site, you will turn searchers into customers.

 

Categories
Growth Human Resources Leadership Personal Development

Is It Appropriate to Behave Like a Child at Work?

Recently, an employee at one of my clients suddenly quit his job and provided no notice or grace period. He claimed his supervisor was behaving like a bully toward him.  In my discussions with him it became clear that he was overly sensitive to any kind of conflict.  He couldn’t handle change well and he tended to over-react to challenges including any kind of unexpected change in the schedule, responsibility and/or task.

In my opinion, this employee was emotionally unintelligent and therefore behaved like a childish victim.

There are two major types of childish behavior we see from employees.  The first type of childish behavior is very useful.  Employees who are playful like children can be innovative problem solvers.  Innovative childlike behavior can offer a big advantage because employees can see things from a completely unique perspective.  They are open to innovative ideas.  They are playful and enthusiastic about simple things.  They are fun to be around. We feel young and energetic around them.  This is the playful innovative child.  This is the kind of childish behavior we want from our employees.

The second type of childish behavior is damaging.  This is the type of behavior that caused the Human Resources people to shake their heads like bobble head dolls.  This is when employees behave like immature victims.  They avoid responsibility and blame others for their problems.  They fail to act to solve problems unless they are told to do so.  When they do act, it is usually incomplete or of inferior quality and they rarely, if ever, will be proactive to avoid problems.  Their best excuse is “It’s not my job.” Or, “He is attacking me.” Or, “I can’t do that.”

Virtually every Human Resources person I have spoken to in the past 20 years vigorously shakes his/her head up and down whenever I ask if they regularly see employees behave like children.  Why is it that adults behave like children at work?

It’s ironic, when we treat employees like adults they have a much higher probability of behaving like playful innovative children.  When we treat them like children they act like childish victims.  Here are three major reasons why employees behave like childish victims.

We have policies that scream ‘I don’t trust you’

85-90% of organizations conduct performance reviews and that policy sends a clear message, “I don’t trust you.”   Performance reviews rate employee performance. It is like giving the employee a grade.  Pay for performance policies attempt to control employee behaviors by making them focus on specific goal achievement.  Both policies send a subliminal message that “We can’t trust you to do the right things and so we must control your behaviors.”

We teach what we allow

One thing that drives Human Resources professionals crazy is the unwillingness or inability of managers to discuss difficult performance issues with employees.   Many managers avoid these confrontational discussions.  A manager’s unwillingness to confront bad behaviors teaches employees that it is OK for them to behave like childish victims.  Without feedback the “children” will repeat the behaviors.  Furthermore, these same employees often encourage others to behave badly and/or become disengaged. We need to give managers better tools to have these discussions immediately.  We need to shift the conversation from negative confrontation to trust building and learning.

We have all been treated like childish victims and so we carry-on the tradition

Our public-school system treats us like children.  One might say, “Of course we treat students like children because they ARE children for much of their schooling.”  But, we limit freedom of choice and that encourages the victim mentality.  Students have little choice in what they study and they often have little understanding about why they are studying it.  Even teachers have limited choices about curriculum or learning outcomes because they are told to teach to specific tests.  This lack of choice has been one factor in the significant weakness in critical thinking skills. (Yanklowitz, 2013)

This lack of freedom creates a feeling of victimhood.    People need and want to have choices.  They want to feel they have control over their own world.  They need to have freedom to act on their own (within boundaries).  Even children need that feeling to boost their innovative playful tendencies.  When we attempt to control behaviors, we damage that innovative playful nature.   When we create the perception of limited control we end up with 35-40% drop out rates or kids pumped up on Ritalin.

We have grown up with these limited choices and, so we perpetuate the culture of control in our organizations because that is usually what we know.

Summary

We must capture the good childish nature of our employees and avoid the childish victim behaviors.  The only way to accomplish this is to treat employee like adults, give them more freedom, and trust them.  We need to rethink our policies that send the wrong message of mistrust and replace them with those that send a message, “I trust you.”

 

Yanklowitz, R. S. (2013, October 15). A Society with Poor Critical Thinking Skills: The Case for ‘Argument’ in Education. Retrieved from www.huffingtonpost.com: http://www.huffingtonpost.com/rabbi-shmuly-yanklowitz/a-society-with-poor-criti_b_3754401.html

 

Categories
Best Practices Growth Management Personal Development Technology

Culture of Security

After a decade as an information security (a.k.a. cybersecurity) consultant, I had seen too many people who were just hanging in there or counting down the days till Friday. I started to take a great interest in company culture and employee engagement and I wanted to figure out how to solve this problem, especially as it related to the security professional.

Just like company culture and employee engagement can make or break an organization, as in, are employees happy to come to work and engaged or are looking for their next opportunity, the culture of security or lack thereof can make or break an organization in terms of whether they stay in business or lose everything to a hacker, security breach, or internal error.

One unpatched desktop or one phishing email is all it takes for the hacker to get started in successfully breaching an organization. How easy or difficult this is has to do with the culture of security. The intent of this article is not a scare tactic, it is purely a reminder or maybe a new way to think about the importance of having a culture of security.

There is an old Chinese proverb that I believe really says a lot about culture (of any kind), “the fish rots from the head.” If the top leaders in an organization are not serious about security or do not understand its importance, how can anyone else in the organization take it seriously?

Here are three questions you can start with to determine whether you have a culture of security, if you can answer yes you have started the process towards creating a culture of security and if you say no, well then you know where to start if you want to create this culture.

  1. Have you set and regularly communicate clear expectations that security is a priority and non-negotiable?
  2. Do you expect your executives to stop projects, even the important ones, if security is not implemented?
  3. Do your employees at all levels, know what to do in different scenarios, such as how to recognize a possible breach, attack, or error and how to report it?

I have seen projects implemented without security because the project was a high priority initiative from the C-Suite or the board. I’ve seen the business side win over the security side again and again where the security side had to compromise because the business was not going to budge. The fact that I’m even putting these two groups on sides shows that in many organizations there is no culture of security, because if there were, they would be working together to ensure that the business had what it needed while at the same time doing it in a way that is secure.

Part of a culture of security is having the best team possible, showing the organization that this is important by bringing in the best and not understaffing the department. It is also having a Chief Information Security Officer (CISO) or Chief Security Officer (CSO) that reports to the CEO and not to the Chief Information Officer (CIO).  Too many organizations still have the CISO reporting to the CIO, and if the CISO does not have the same importance as the CIO, what message is that sending? Plus, if the CIO does not like what the CISO is saying because it could negatively impact a project, how easy is it to stop the security concern from going further up the chain of command?

The culture also includes a way to report security incidents or suspicions without repercussion. If someone thinks there is an insider threat, they need to have a way to communicate that for follow-up. If someone clicked on the wrong link and thinks they are the victim of a Phishing attack they need to be able to report that without fear of reprisal.

Does the CISO have the team he or she needs to offensively and defensively protect the network? How about the team outside of security; are the developers trained in secure coding and do project managers have enough information to know when to get help from security and who to talk to? Are there enough resources for the security team to do their job properly? This is an ever changing landscape and the hackers have unlimited resources while organizations do not. However, there has to be some budget for the security team to stay sharp and up on the latest trends.

Hiring great security people is a challenge because there are more security positions than qualified people right now and it is a field filled with adversity. Security professionals only get recognized when there is a problem; and that recognition is not positive. When the Security team does its job well, which means there has been no security violation or breach no one notices, it seems like “business as usual”  to everyone else. As a result, Security professionals often don’t get any praise or recognition for what they are doing well and only get the spotlight when something has gone wrong.

That is not a great frame of mind for most people to work in, and after time, after putting out fires, racing against the clock, and doing everything to protect the network, there is no recognition. Security professionals are getting burned out and they are ready to move on when they do not feel that there is a strong culture of security. That combined with the current gap in qualified professionals and number of positions available makes it even harder to maintain security for organizations.

Culture, any type of culture, starts at the top. If you are responsible at any level for the success of your organization and have not given the culture of security much thought before that’s OK, it’s not too late. And if you need help or want to discuss your specific situation or you are looking for additional resources email sharon@c-suiteresults.com.

 

Categories
Growth Management Operations Skills Women In Business

Does Everyone Want a Piece of You?

Does Everyone Want a Piece of You?

Whose agenda runs your life? Yours or someone else’s? At the end of the day, do you feel you accomplished what you wanted to or is it another one of “those days”?

In the fast pace world we now live in, there are so many distractions.  Our inboxes fill up with unwanted messages and too many of the ones we do want as well. Think of how much time the dreaded “reply-to-all’ alone takes. We react to the crises that others create and are often more reactive than proactive.

The one thing we can never recapture is time. There are 28,500 days in the average person’s life if we live to 75 years old.  How many of those days do you have left? If I am depressing you then do something about it – it’s not too late.

Ask yourself what you want to do, see, or experience in your life so that at the end you will say that your life is a success. Not how other people define success, but how you do. That’s what The Big Five for Life philosophy is all about.

Ever since I learned about the Big Five for Life™, I realized that I must make time for those things that really matter to me. There is nothing more important, for example, than family and enduring relationships. If I don’t write another book summary or spend another hour at my desk it won’t matter to anyone at the end of the day so I now give myself a break.

When you are very clear about what matters, make time for those things that you want to do see or experience. Make a list at the end of every day about what you want to accomplish and if those things aren’t in alignment with your purpose or that of your organization – then don’t cheat yourself out of doing what does matter.

The best advice I can give you is live every day with purpose. Stick to your own agenda and don’t get sucked into that of others. When someone asks you to do something that is going to distract you from your purpose just let them know it’s not in your “time budget.”

 

Categories
Growth Human Resources Management Personal Development

Effective Leaders Use Systems Thinking Not "Blame Thinking"

“I do not judge success based on championships; rather,

I judge it on how close we came to realizing our potential.”

– John Wooden

I strongly believe that leaders who want to bring out the genius of every employee and who want to optimize results (especially through customer experience and employee engagement) must be systems thinkers.[1]

Bill Walsh, the renowned National Football League coach, had an unusual belief about quarterbacks: “They are only as good as the system they played in.”

In 1970-71 while an offensive coordinator for the Cincinnati Bengals, Walsh developed a passing game that enabled Virgil Carter, a below-average quarterback who up to that point had never even completed half of his passes. That system propelled Carter, the weaker quarterback, to lead the league in completion percentage at 62.2%; the system also increased his yards per completion by 24% (going from 5.9 to 7.3).

In 1979, Walsh joined the San Francisco 49ers as head coach. He used the same system he had employed in Cincinnati to propel another quarterback, Steve Deberg (who by most statistical measures was one of the NFL’s worst) from a 45.4% completion rate to an astonishing 60%. That year, Deberg ended up throwing more completions than any other quarterback in NFL history up to that point.

In the two years that followed Walsh found Joe Montana who is now known, in many circles, as the “best” quarterback in NFL history. I prefer to think that all three quarterbacks took advantage of the best system in NFL history – a system that challenged them, successfully, to reach their full potential as John Wooden suggested.

How did Walsh do it? He didn’t try to change the quarterback. Instead, he changed the system within which the quarterbacks played.

Effective leaders must understand why and how to manage their systems.  It’s about managing the system rather than trying to manage the people. The central tenet here is that “An employee is only as good as system he or she works in.” This core belief flies in the face of the typical belief held by the typical organizational culture, which, whether it is stated explicitly or not, usually holds that the performance of an individual can be measured and improved separately from the system within which he or she works. This is false.  Leaders who act with this false belief will continue to create unintended consequences which will hold back the potential of both the individuals and the entire system.  Leaders who assign blame will create fear and damage innovation. Leaders who focus on optimizing the system will bring out the genius of every employee and results beyond their expectations.

I love Dunkin Donuts Coffee. Nearly every morning I will pick up a large cup just before a client meeting and bring it into the meeting with me. I always order a large and I don’t like sugar. For years, I ordered my coffee using this process: “May I have a large, cream, no sugar.”

About 10 % of the time I would get sugar in my coffee. Since I can’t drink coffee with sugar I would have to either toss it out and be out $2.25 (and be cranky) or go back and order another. The Dunkin Donuts were always friendly about replacing the coffee; it was just a hassle to go back and replace it.

One day I ordered a coffee, got in my car. and headed to my appointment. I tasted the coffee; sure enough, it had sugar. I got angry. I decided to go back and complain loudly (at the clerk) about how they don’t seem to hire people who don’t know how to listen.

By the time I got to the store, the implications of an emotional confrontation with the store manager and the clerk gave me pause.  Perhaps my own process was not working. Why was I mentioning sugar at all if I didn’t want any sugar?

I decided at that moment to change my process. I began asking for a “Large — just cream.” In the four years that followed my new process, I have not gotten sugar in my coffee a single time. Not once!

As it turns out, our brains have a difficult time hearing a negative. If you ask someone to stop thinking about pink rabbits, they will think about pink rabbits. If you ask for no sugar, they will hear the word “sugar”.

It was the mention of sugar (the process) that caused the problem. The Dunkin Donuts worker was not the root cause. My system was the root cause. Once I changed the process the problem disappeared.  It made no sense to blame the clerk.  That was my first reaction.  That is how we have been taught to think about performance improvement.

Leaders are responsible for the system within which the employees work.  If the system is flawed it will create a high probability of dysfunction and it is the leader who has set up the system.  I was the leader of my coffee ordering process and it was my order process that caused the dysfunction of the Dunkin Donuts clerk.  Once my process was changed, the clerks I encountered performed perfectly every time.  How can one explain the perfect performance of multiple clerks at multiple stores if it is not the performance of the system?

A leader who appreciates systems will be able to recognize the real root causes of events and will spend most of their time improving the system and enrolling the employees to help improve the processes within the system.

The typical performance management process attempts to improve the individuals through feedback.  Furthermore, today organizations are requesting even more frequent feedback from managers to employees.  Is that frequent feedback about individual performance or is it about how employees can improve their processes and their interactions?  Are we systems thinkers or are we blame assigners?  To be optimally effective we must become system thinkers.

[1] Systems Thinking: Is a discipline of using data to identify patterns, processes, and structures that cause events. It’s a way of thinking and acting to obtain knowledge to make changes in process and structure to improve the interactions between the parts of a system and instead of making improvements to the parts of the system.  Excerpts taken from The Art of Leading: 3 Principles for Predictable Performance Improvement by Wally Hauck, PhD, CSP

Categories
Management Marketing Skills

Business Builder – A Tool to Help You Acquire More Customers

The business builder is a chance to find out a simple strategy or technique to acquire more customers, get customers to spend with you more often or get them to spend more money when they shop.

This is about creating opportunity from what otherwise would be wastage. We’ve all had opportunities where we’ve met with customers, we’ve introduced what we’d like them to buy from us and it’s been too rich for them at that period of time–too big a decision. They were interested, but couldn’t say yes at that moment in time. Typically in those scenarios, we leave with our tails between our legs and we put it away for another day to revisit in the future. You’ve all heard about how effective it can be to upsell, to add to people’s purchases, to add stuff on top, to increase the average transaction value. But what I’m talking about here is the power of a down sell, the opportunity to acquire a customer when otherwise they would have said “no”.

Let me give you an example of an incredibly effective down sell that happened with a client of mine around 12 months ago. The client in question runs a relatively new start up accountancy practice looking to acquire new customers. The key service she was looking to introduce was a high-level accountancy, non-exec financial director position, a fair sum of money, a fair size investment. She’d meet lots of people who were interested in the proposition, they would show a level of interest, maybe ask for some details to be sent or written down, and then she’d typically get a response of “I’m going to need some time to think about it.” This happens in all of our businesses.

What’s the simple thing that could’ve been introduced as a product or service to get them on board as a customer right now so we could build their value over a period of time? What she chose to introduce was some fabulous online accounting software. In fact, it’s the same accounting software that we now use ourselves, and she’d introduced it to these clients for a low monthly fee for an initial start-up, and they took this product on board because it was a no-brainer.

Introducing your down sell is what I call your “Columbo Moment”. Columbo was famous for saying “Oh, just one more thing.” That was his chance to get his real golden piece of information.

You’re going to introduce your down sell almost as you’re heading out the door, as if it’s a no-brainer, so that you get more customers from your activity that you can then revisit to grow into the size and scale of customer that you would like. But a customer at a low value is far better than no customer at all.

Categories
Best Practices Growth Management Personal Development

Preparing for the Unpredictable

Preparing for the Unpredictable: Tips on Crisis Management

Crisis management, in simple terms, refers to how an organization deals with disruptive, unexpected events that could potentially have a significant negative impact on the organization, its stakeholders, and the public.

No organization – start-up enterprises or long-time market leaders (think Toys “R” Us) – is immune to experiencing a crisis. With proper advance planning (because, after all, crises are usually unexpected), strong leaders are prepared to deal with the unanticipated.

There are usually three common elements to a crisis: the threat to the organization, its stakeholders and the public; the element of surprise; and the need to make decisions and take action quickly.

Successful crisis management can be implemented quickly and efficiently in three steps:

  • Risk Assessment
  • Course of Action Planning
  • Contingency Planning

The risk assessment phase begins with an analysis and prioritization of the risks that the crisis has created. The challenge here is to identify as many possible emerging risks without being overwhelmed by their potential.

Leadership needs to analyze and prioritize these risks so they can be addressed immediately or dealt with at a later date. It’s critical that leaders determine the likelihood of the risks occurring and their potential damage. With this information, leaders can prioritize risks and build them into their planning.

Next, a course of action analysis (COA) should be conducted. A COA determines what can be done to best mitigate current and minimize future risks. While it can be helpful to run “simulations” that analyze hypothetical scenarios (e.g., if ‘A’ happens, we’ll do ‘B’. If ‘C’ happens, we’ll do ‘D’), most leaders of start-ups don’t have the resources in-house to do that. Therefore the COA is often the product of staff brainstorming and discussions – which is invaluable!

The COA provides an assessment of the risks and articulates a preliminary plan for dealing with them.

The COA effort is very time intensive and must be quickly formulated. It is usually limited to two proposed courses of action and details what the most likely results will be, and what presents the greatest potential threats to the proposed courses of action.

Next, leaders must address contingency planning. It is essential to consider long and hard contingency responses should even the soundest, well-considered plan of action fail. Imagining and anticipating worst case scenarios – however unlikely they may seem – is a vital component to effective crisis management.

By rapidly accomplishing these three stages of response, the organization’s teams can be informed and engaged in the crisis management activities. This might include new training for staff as well as increased internal communication efforts.

When it comes to crisis management, there aren’t any hard and fast, silver bullet solutions. Every situation is different. What every   crisis does have in common is the leader’s need to use every resource available to quickly gather knowledge to effectively address the situation.

Leaders – whether in crisis or not – must always be learning about the organization’s operating environment and its people, which greatly helps identify potential challenges or threats. This continuous learning approach leads to greater agility and capabilities in reacting to a crisis.

Ultimately, the actions of leaders shine through in resolving any crises and mitigating the damage. A well-prepared and knowledgeable leader should have the tools available to manage a crisis rather than allowing it to spiral out of control.

Ed Brzychcy is former U.S. Army Infantry Staff-Sergeant with service across 3 combat deployments to Iraq. After his time in the military, he received his MBA from Babson College and now coaches organizational leadership and growth through his consultancy, Blue Cord Management.

 

Categories
Best Practices Growth Management Personal Development

Don’t Judge A Book By It’s Cover

There’s an old proverb that says, “Outward appearances are not a reliable indication of true character.” In other words, you can’t – and shouldn’t – judge a book by its cover.

One of my favorite examples of this is from the movie Pretty Woman starring Julia Roberts and Richard Gere. This classic movie from back in the 1990’s was about a wealthy man, Edward Lewis, on a business trip in Beverly Hills who falls in love with a prostitute, Vivian Ward. Edward wants Vivian to attend some of his business functions throughout the week, so he gives her some money (as in thousands of dollars) to buy some conservative, less revealing, clothes. In her “working clothes” Vivian walks into an upscale store where the employees won’t sell her anything and asks her to leave. Dejected, she returns to the hotel. The next day, the hotel manager takes her to a different store and gets her outfitted in some beautiful clothes. As she is walking back to the hotel, dressed in one of her new outfits and carrying several bags with different Beverly Hills store logos on them, she stops back into the store that asked her to leave. She asked the salesperson if she remembers her from yesterday. She reminds her, and then comes the famous line from the movie: “Big mistake. Big. Huge! I have to go shopping now.”

I experienced something similar years ago when I was looking to buy a new car. I was just 22 years old and driving an older car that had 170,000 miles on it. I’m not exaggerating! I walked into the dealership and none of the sales people would talk to me. I knew it was the car. They saw me drive up in an old car and decided I didn’t have the money to buy a new car.

The next day I went back, but this time in my father’s car, which was quite nice. This time I was approached by numerous salespeople. I had no trouble finding a sales person who wanted to sell me a car. I shared the story with the manager of the dealership, who was quite embarrassed. As a way of apologizing, he sold me a car at a fantastic price.

In business, it can be economically dangerous to make a snap judgement based on someone’s looks, what they are wearing, the car they drive and more. The founder of Walmart, Sam Walton, used to drive a pick-up truck. He didn’t look like a man who was worth billions of dollars. How many times did he “fool” people with his unassuming looks. It wasn’t intentional. It was just who he was.

Unless they prove otherwise, customers should be treated like… customers. Don’t make the mistake of judging a book by its cover. As Vivian Ward said in Pretty Woman, “Big mistake. Big. Huge!”

Shep Hyken is a customer service expert, keynote speaker and New York Times bestselling business author. For information contact or www.hyken.com. For information on The Customer Focus™ customer service training programs go to www.thecustomerfocus.com. Follow on Twitter: @Hyken

 

Categories
Growth Management Operations Skills

Why Share Your Vision?

Those with a tightly focused cause and Purpose for Existence (PFE) have a vision.  They don’t seek to cram it down anyone’s throat.  Instead, their passion and enthusiasm attracts others.  It soon becomes a common vision shared among many.

A good example is Tony Hsieh (pronounced, Shay).  Hsieh was already a wealthy man (having sold his startup, LinkExchange, to Microsoft for $265 million).  Nick Swinmurn asked him to invest in his online shoe store, ShoeSite.com.  Hsieh and his Venture Frogs partner, Alfred Lin, put up $500,000.  They changed the company’s name to a snappier, Zappos.com (a variation on zapatos in Spanish, meaning shoes).  They had just three very simple goals.  One was to bring great customer service—they just happened to sell shoes at an affordable price.  Another was to hit $1 billion in sales by 2010.  The third was to become one of the best places to work in the country.

Hsieh built Zappos completely around customer service, which started with happy, committed employees—that was his purpose.  This purpose required complete control over the customer experience.  They made the stomach-churning decision to stop drop-shipping product, costing them 25 percent of their 2003 sales.  They did it because drop shipments removed their control of the customer experience.  Since their purpose was to provide a great customer experience, this decision was one that they felt compelled to make.

By 2008 Zappos hit Hsieh’s second goal, $1 billion in sales.  The next year, Hsieh hit his third goal, entering Fortune’s list of “Top 100 Companies to Work For”, by debuting all the way up at number 23.  Amazon purchased Zappos in 2009 for $1.2 billion.

The story of Tony Hsieh is rare, but not necessarily unique among ultra-successful, employee/customer-oriented companies.  Facebook is reputed to have such a corporate culture.  The reason these enterprises treat their people and customers so well is because it is a key part of their purpose. How are you communicating your vision and PFE as a leader?

Categories
Growth Management Personal Development Technology

Whose Side Are You On? The Cyberwar Question

In every war there are two sides, whether we are talking about military action, a football game, or the fight against cybercrime. What all these scenarios there have in common is there are some people on defense and those who are on the offensive side of the line. You are either the predator or the prey.

Since I am not writing for the Army generals or the New England Patriots, let’s talk about cyber attacks and which side you are on.

You are probably thinking I’m on the good side, the side that is defensively protecting my network, the side that is always under attack even though I never did anything to provoke it. And I’m here to say that might only be partially true.

If you are not fully committed to doing everything possible to stop the cyber attackers, you might actually be unwittingly helping the them more than you realize.

If you are not keeping your network secure, you are inviting hackers to use your network as a playground. A place where they can find vulnerabilities and practice exploiting them. A place where they can see what works and what doesn’t, what goes undetected and what gets noticed. If you are not creating secure websites and applications, you are giving the hackers more to learn from so they can then use it against other organizations.

Once inside your network you are also giving them a place from which they can launch their next attack. If the breach goes undetected in your network, which they most often do, they can launch an attack on someone else and make it appear to investigators that  you are the perpetrator, not them. And if you are connected to another organization’s network you might have just opened the doors for the attacker to gain access to them as we saw happen with the Target breach.

The attackers are fully vested in finding new ways to attack and get what they want, and if you are not equally fully vested in a security program, you are letting them win without putting up much of a fight. Just as you wouldn’t expect the US military to show up without a battle plan or for your favorite football team to show up without a game plan, it makes as little sense for a company or organization to show up without a security plan solidly in place.

If you are the CEO of an organization, you are responsible for what happens under your care. That means you are responsible for security and any breach that might occur. I’m not saying you personally have to be the one to figure out how to protect your network and the data that has been entrusted to you. You don’t personally have to monitor the network and know exactly what is happening at all times, but what I am saying is that you are responsible for ensuring you have the right people to do this, that they have the resources they need, the best strategy, and that a culture of security is in place.

Stay tuned for the next three articles in this series that will discuss culture of security, ensuring you have a security strategy, and having the right security resources.

As a 12-year veteran of the information security and compliance space, I invite you to send me an email at sharon@c-suiteresults.com or reach out via LinkedIn https://www.linkedin.com/in/smithsharonj/ to ask any questions you might have on this topic or other security topics that might (or should!) be keeping you up at night.