C-Suite Network™

Menu
Search
Close this search box.

Category: Operations

Categories
Best Practices Growth Management Personal Development Technology

Cybersecurity Resources That Your Organization Must Have

This article is part of a series where we are discussing your role as an organizational leader in the cyberwar that has been all over the news on regular basis lately. I started with a frank discussion on whose side you might actually be on when you don’t protect your organization’s network. In the second article we discussed creating a culture of security and the third article was all about strategy. This is the fourth and final article in this series and we are discussing resources for your security team and organization.

In order for your security team to be on the front line of this cyberwar, defending your network and your data, they need to have the best resources available in order to defend against the many threat actors attacking organizations like yours every day.

One of the biggest challenges in this war we defend against in cyberspace is that it is always changing. The adversaries continue to get better and change their strategies, and if we don’t arm our people with knowledge and skills we will continue to be on the losing side. Depending on your industry that could result in a loss of data, intellectual property, or national security secrets, and could literally be a question of life or death for those in the healthcare industry.

New technologies emerge at lightening speed, which provide hackers new ways to launch their cyber attacks that we need to keep up with. Every time a new application is deployed, a new line of code is written, or a new Internet of Things (IoT) device is connected to the network, we invite the bad guy in. Not because we are asking to be attacked, but because they know how to use our technologies against us for their gain.

Let’s look at the three categories of resources and the key factors they address to win this never ending cyberfight waged against us on a daily basis.

People

Have you created your cyber team with the best offensive and defensive players? Like sports and traditional war, you have to have the best players or soldiers to win in a cyberwar. Not only does that mean that you have the right people in the right roles; it also means you have trained them and continue to train them. This applies to your internal employees and any third parties that work on-site or off-site to help secure your organization’s cyberspace and data.

Security personnel are in a constant state of adversity, trying to keep up with new technologies and threat actors. They almost never hear “job well done.” Often your security team is only recognized when something goes wrong, but not  for the success of stopping a breach, which is their job every day. Other employees are recognized for a job well done, for doing their job well, but the security team is often overlooked since their success is typically invisible.

People want to be recognized for what they do and often the security professional goes without such recognition most of their career. You want to help your team avoid burnout and apathy, this is going to be one of the key ways you can do that.

Time

Time is most definitely a resource and if you have ever said “I don’t have time for that” you know what I’m talking about. I’ve seen it myself, too many times, good people leave due to overwhelm and exhaustion.

This is a team of highly specialized people where you can’t afford high turnover. Not only because turnover is expensive in and of itself, but because these individuals have such specific knowledge that when they leave the time it takes a new employee to catch up is dangerous. In the time spent ramping up, they can easily miss what their predecessor would have seen. While you can’t avoid all turnover, it will happen, you can reduce the amount of turnover by understanding how much your team can actually do and providing additional resources like contractors, third parties, and tools where needed.

Whether you hire more staff or outsource, you must remember that time is a resource that cannot be changed and security is a role that cannot be given to just anyone or ignored due to budget constraints.

Tools

Every good mechanic needs a set of tools and the same is true for your security team. The problem often becomes which tools to use within your security team since there are so many and the tools can be very noisy. Noisy being all the alerts they can generate if not configured (or tuned) properly.

The best way to ensure you are getting the right tools for your team is to include your frontline defenders in the vetting process for new tools. Who knows better what you need, the person doing the work day in and day out or their manager or the executive team? You want what’s best for your security team so ensure the users are part of the decision making process.

It is often good to include a vendor-neutral security consultant who can ask questions of the vendor that you and your team may not have thought about and do it with complete objectivity.

  • What is the tool truly capable of?
  • Does your team already have a tool that can do something similar they are not fully utilizing?
  • Does the new tool integrate with the current infrastructure?
  • What alerts will it generate?
  • How hard is it to configure?
  • And often missed but extremely important, will you need a support contract or consulting contract from the vendor just to make it work?

With the right team doing the amount of work that makes sense with the right tools, you are setting your organization up for success in the fight against cyber attacks. If you have not given this issue much thought or deep thought before, that’s okay;, you’re not alone in that. It’s time to get started and the sooner the better because as we continue to see there are more and more breaches, attacks, and threat actors in cyberspace than ever before. As we continue to put more in the cloud, connect more devices, and have a larger remote workforce, this becomes more and more part of your everyday operational concern just like keeping the lights on and the water running.

If you want to discuss any of these resource concerns with a vendor-neutral consultant email sharon@c-suiteresults.com to start discussing the resource questions you have now. Sharon provides virtual Chief Information Security Officer (vCISO) and advisory services, consults with clients on security strategies, writes policies, and helps organizations of all sizes become and maintain security and compliance.

Categories
Best Practices Entrepreneurship Human Resources Management Marketing Skills Women In Business

3 Bad Speaking Habits You Don’t Know You Have

If you’re like most people, even if you consider yourself to be a “pretty good” speaker, you know you could always be better. The irony is that, while that’s generally true, you probably don’t realize the actual problems you need to fix.

So let’s turn the microscope to three of the most common pitfalls to effective speaking.

  1. Fillers

We’re all familiar with the sins of the repeated “um,” “uh,” and “like,” “you know” and “I mean,” but fillers get much more sophisticated and subtle.

Words like “actually” and “really” can transform into what I call educated fillers. They seem to fit into the conversation, but repeatedly sneak into speech in places where they have no inherent value. They just chop up the sentence, making it harder for the listener to cognitively process the underlying message.

But where most of us get tripped up is the variety of fillers used. If you alternate between them as you speak, they’re less likely to be noticed… but still detract from the fluidity of the point you’re trying to make.

  1. The Vocal Cliff

The “vocal cliff” is what I call the habit of trailing off at the ends of your sentences. This happens for a variety of reasons. First, we tend to speak in a stream of consciousness, which is full of commas rather than periods. As you’re running along, you run out of air but don’t know where or how to refuel, so your voice creaks its way to a slow, grinding halt, much like if your car ran out of gas in the middle of the road.

Another cause of falling off the vocal cliff is when you’re halfway done with your point but your brain is jumping ahead, cueing up the next point you want to make so you don’t forget it, while your mouth struggles to catch up. Your lack of attention to what you’re currently saying comes through as your voice falls off the cliff. Stay present.

Or maybe you trail off because you lose confidence in what you’re saying after reading some displeased faces in the audience. This causes you to hold back, and you fall off the cliff, which projects your self-doubt.

  1. Negative Facial Expressions

As you listen to people, chances are, you don’t even know what kind of facial expressions you make, but more often than not they can convey negative thoughts. Maybe you’re just thinking about what the person is saying, but your “thinking face” has furrowed eyebrows and an ever-so-slight frown. This leads to two problems.

First, people will infer anger or disagreement, regardless of how you genuinely feel. Second, when you do speak, those down-angled facial features actually flatten your pitch and tone, making you also sound displeased. Even if that’s how you feel, do you really want to telegraph it so transparently? And if that does not accurately reflect your feelings, then you’re sending mixed messages and sabotaging your own credibility.

To avoid any of these pitfalls, awareness is the first and most important step. Don’t assume you know which habits you do or don’t have. Try video recording yourself talking on the phone. When you watch it afterwards, do you hear fillers creeping in, or does your voice fall off “the cliff”? Do you appear anxious or irritated? You’ll be amazed at what you discover, and what adjusting such small behaviors can do for your overall executive presence and leadership image.

********

Do you have questions or comments about your bad habits or how to avoid them? If so, contact me at laura@vocalimpactproductions.com or click here to schedule a 20-minute focus call to discuss them with me personally!

Categories
Best Practices Entrepreneurship Human Resources Management Marketing Skills Women In Business

You Always Have Control

“Change is ever occurring. Thus, you can embrace change and control it, or you will be controlled by change. The choice is yours but if you don’t make a choice, change will make the choice for you.” -Greg Williams, The Master Negotiator & Body Language Expert

www.TheMasterNegotiator.com

No matter what occurs in your life, you always have control. That’s true because you have the power and ability to change anything that doesn’t suit you. That change may be limited and limiting, but there’s a degree that you can influence change, you just have to seek what it is and what it means to change.

So, when you don’t like the outcome of a situation, seek to change it or the way you view it (i.e. change your mind per the meaning it has). Once you realize that you don’t have to be held captive by the outcome that change thrust upon you, you’ll feel better about how you can control the change that has occurred. That will allow you to see the perception of negative change from a more positive perspective … and everything will be right with the world.

 

 

 

 

Categories
Entrepreneurship Human Resources Management Personal Development

A Lot of Talk About Leadership, But…

I recently saw of list of what an organization considers the top 50 leadership gurus in the country. There were several familiar names on the list. Scott Love was not on the list. In this day and age, I see and hear a lot of talk about leadership, but I don’t see that much real leadership taking place.

Scott is a graduate of the United States Naval Academy in Annapolis, Maryland. When he was a twenty-two year old Ensign in the early 1990’s, he was in command of a U.S. Navy minesweeper. Yes, a minesweepers job is just what the name says. Scott Love has gone on to a successful career.

Leaders don’t become leaders because they write about the topic. They live it. They model it. They have followers. They are TRUSTED. They make positive things happen.

Yes, we do have leaders in our families, communities and in our workplaces. But don’t get confused with all the rhetoric – a real leader has a history and a life that clearly shows WHY we should follow them.

I think you will enjoy my conversation with Scott Love.

Categories
Growth Management Operations Personal Development

Your Brand is Only as Strong as Your Weakest Link

Your Brand is Only as Strong as Your Weakest Link

Recently I was flying to a speaking engagement. While waiting for my flight to board I bought a yogurt parfait. After paying for it, I looked for a spoon. There were forks and knives, but no spoons. The little compartment next to the forks and knives was empty. I asked the cashier if they had any spoons. She pointed to where they weren’t. I told her they were out, and in an effort to get rid of me, she suggested that I could go to the restaurant next store and ask them for a spoon.

I walked by the first restaurant a few minutes later and there were plenty of spoons. Obviously, there were spoons somewhere. The employee just didn’t want to get them, when a customer needed them.

I didn’t want to make a scene over this, but I thought I’d mention something to the manager. He wasn’t there when I bought my yogurt. He apologized, but then said something interesting. He mentioned that the restaurant was managed by a group at the airport, so I really shouldn’t expect the same service or quality I am accustomed to at this company’s regular restaurants.

This was a major brand with locations throughout the US. The airport restaurant had the same signage, the same logo and looked just like any of the restaurants you would visit outside of the airport. I’m sure that any executive of this brand would cringe at the response the manager gave me… “I really shouldn’t expect the same service or quality I’m accustomed to…” Really?!

And, that is where our lesson begins. You see, it doesn’t matter if it is an airport restaurant, a small kiosk or a full-service restaurant. There must be a similar experience across all locations, regardless of size or where it is. The logo is the logo, and the brand is the brand!

Let’s switch industries and talk about an icon in the world of customer service. When Nordstrom decided to move into the online world, many of their customers were concerned that they would erode their reputation for amazing service. Management thought long and hard about how to create an online experience that matched the expectation of a Nordstrom customer, and they delivered. Regardless of location – instore or online – Nordstrom will always focus on making sure the customer has the best experience.

Now we move to an employee within a company. If there are 100 employees, and 99 of them are amazing, but one is not, what happens when a customer encounters the one who is not? You know the answer. That one bad employee just created the reputation for your brand – at least with that customer.

The old saying is that a chain is only as strong as its weakest link. Well, the brand is only as strong as its weakest location – or weakest employee.

Shep Hyken is a customer service expert, keynote speaker and New York Times bestselling business author. For information contact or www.hyken.com. For information on The Customer Focus™ customer service training programs go to www.thecustomerfocus.com. Follow on Twitter: @Hyken

Categories
Best Practices Entrepreneurship Management Personal Development

7 Ways Entrepreneurship Can Be Incorporated into Your Company Culture

Company culture is the foundation of relevancy for your business. A positive company culture fosters creativity, outside-the-box thinking, and imagination. Changing your company culture is not easy, but the benefits speak for themselves.

While building Barefoot Wine into a bestselling brand, we relied on seven steps to build a positive company culture:

  1. Remove Roadblocks: Structure can be limiting. If an employee’s great idea has to pass through more than one pair of hands, they can become discouraged and may even lose recognition for their work. At Barefoot, employees were able to present their ideas directly to management, avoiding unnecessary compliance processes.
  2. Acknowledge: When creative, thorough, and efficient work is recognized publicly, all of your employees are more likely to respect others as team players. On every employee’s work anniversary with Barefoot, we sent out a memo that outlined their accomplishments during their last year. Recognizing employees’ efforts sends a message that good work does not go unnoticed.
  3. Have Fun: Vendors, employees, and consumers alike all want to do business with fun people. Going along with the Barefoot brand, Michael was “Head Stomper” and CEO; Bonnie’s title was “Original Foot” since her foot was on the label. Doug McCorkle was our Controller and “The Cork”—because who else but our Controller would put a stop to it? A fun environment allows creativity to flourish.
  4. Make Mistakes Write: Don’t just make your mistakes right—make them write! Mistakes happen. Establish a culture that embraces this, as long as all of the blunders are identified. Allow any mistake to be an opportunity to put processes in place that will prevent it from happening again. Identify which documents need to be updated for the future, whether that’s a checklist, a new procedure, or a new policy. Establish a culture of permission—a culture that says, “Be creative and make mistakes as long as you hold yourself accountable.”
  5. Have a Two-Division Company: What set Barefoot apart was having two divisions, compared to a vertical structure with the CEO at the top and numerous departments on the bottom. We had Sales and Sales Support. That’s it! Product development, marketing, accounting, and the CEO were all part of the Sales Support division. If your company is all about the consumer experience, sales should be on top with everyone else supporting sales. Think of where your company would be without sales—it wouldn’t be!
  6. Pay for Performance: Paying your employees right will not only keep them there—it will keep them motivated. We established our pay structure with teamwork in mind. Since our employees’ bonuses and employer’s contribution to their 401k were partially reliant on performance, they were determined to excel, and to encourage their teammates to do the same.
  7. The Money Map: Set the precedent for your employees right when they start. We distributed an infographic that showed exactly how the money traveled from the consumer’s pockets into their In that moment, the sales process became transparent to the employee, and the stage was set for a positive sales culture.

Making changes to company culture starts at the top and radiates through the rest of the company. So, take a look at your management’s attitude toward everything from pay, to making mistakes, to having fun, and you will soon see where the changes are necessary.

For more, read on: http://csnetworkadvis.staging.wpengine.com/advisor/michael-houlihan-and-bonnie-harvey/

 

Categories
Entrepreneurship Human Resources Management News and Politics Personal Development Taxes

What I’m Thinking

I’m concerned with Inequality. Chuck Collins, great grandson of Chicago meat packer Oscar Mayer has been a great teacher for me. Too many of us only read and listen to Twitter feeds, or the talking heads on radio and TV and never really understand the economics, let alone the human dignity involved in racial, gender, and income inequality. Chuck’s book is “Born on Third Base: A One Percenter Makes the Case for Tackling Inequality, Bringing Wealth Home, and Committing to the Common Good”. Great read. Bill Gates, Sr. is part of the story.

As an executive coach, business consultant and business journalist I work hard to help my clients and Business Builders Show subscribers to go deeper on the issues they face today and will face tomorrow. I recommend they go beneath the headlines to understand what’s really happening in our system of governing. For instance – do you really understand the Estate Tax?

Click here to listen to my latest interviews with Chuck Collins. You can follow him at www.inequality.org.

Love to hear your feedback.

Categories
Best Practices Entrepreneurship Human Resources Management Marketing Skills Women In Business

You May Not Be As Influential As You Think You Are – 4 Steps to Increase Your Self-Awareness

Click here to watch You May Not Be As Influential As You Think You Are – 4 Steps to Increase Your Self-Awareness

Have you ever given thought as to how your communication may be sabotaging your influence without you even knowing it?

Most leaders haven’t given thought to this question, much less taken the steps to increase their awareness of how their listeners hear and see them rather than what they believe to be true.  That is why self-awareness is the first step to greater influence Monday to Monday®.

To enhance your influence, you need to evaluate your communication based on facts, not feelings. You need to get to the heart of what is really going on by experiencing your communication through the eyes and ears of your listeners and readers.

Categories
Best Practices Growth Human Resources Management Personal Development Women In Business

Listening – A New Approach to Quality Communication

Listening – A New Approach to Quality Communication

In our corporate worlds, there just isn’t enough listening going on.  This has been made abundantly clear with the vast amount of sexual harassment accusations we are hearing.  One aspect that is leading this cry for honesty and transparency is that the victims finally feel like they are being heard.   Unfortunately, they needed the masses to feel that way.

Scandal is not necessary for you to learn this essential skill of listening.  Don’t you dare call it a soft skill.  If you want your company to grow from the inside out, for every stakeholder, then clearly comprehend why you have two ears and one mouth.  Specifically, listening can afford you valuable information from recruiting to exit, from design to sale, from start up to IPO.

When you are recruiting, assuming you are looking for a workforce that plays well with others and wants to grow with you, listen.  Ask questions that will open a dialogue to expose what that person would do when circumstances aren’t perfect.  Ask and then listen.  Don’t negate or manipulate what they are saying.   Be still, stop thinking about what you want to say and listen.  Ask what they want to be doing in 1 year, 3 years, 5 years.  Under the right conditions, can you give them the pathway to meet those goals?

When someone leaves, find out why.  You may be surprised.  They may have changed priorities, goals or skills.  Simply, they may not be a good fit for your particular organization anymore.  You might be able to help them find a better suited position and keep what might become a loyal customer in the future, because you listened.

Just as you listen to your public, your customers and clients, for feedback on your newest services and products, do the same for the people that carry out your business goals.  In the C-Suite you don’t know what it is like to be in the trenches every day.  Just because you come up with a great idea it doesn’t mean it will work.  You have to include those that will be utilizing that idea in design, preparation and modifications.

Listening.  It’s the new primary skill that has found its celebrity in time to be taught, nurtured and practiced.  See if you can just listen in your next conversation.

Julie Ann Sullivan’s focus is on employee engagement and creating workplace cultures where people want to come to work.  Julie Ann works with companies to develop people who are engaged, productive and appreciated. She hosts the Mere Mortals Unite and Businesses that Care podcasts on C-Suite Radio . For more information go to http://julieannsullivan.com/

Copyright ©2017 Julie Ann Sullivan – Used with Permission

 

Categories
Best Practices Growth Management Personal Development Technology

Cybersecurity Strategy- Do You Have One?

Do you have a security strategy? I don’t mean locks and guards, I am asking if you have a cyber security strategy. Until recently there has been no shortage of frameworks for best cybersecurity practice and more regulations than most organizations know what to do with. But even with all of that, there have been minimal requirements to have a security program and even less enforcement on the issue.

That is, until now. The New York Department of Financial Services (DFS) has established their Cyber Security Requirements for Financial Companies (23 NYCRR 500 ). The new DFS regulation holds an institution’s senior leadership accountable by requiring an annual compliance certificate signed by a senior officer or board member. This is the first state legislation of its kind and I am sure with all the breaches we continue to see that it will not be the last, whether or not you live in New York.

One of the big differentiators in 23 NYCRR is the requirement for covered entities to develop a Cybersecurity Program. Other regulations require risk assessments and information security policies, but I am not familiar with any that have specifically require a cybersecurity program.

You can think of your cybersecurity program as your security strategy, which is important for the same reasons a business plan, a map, or an architectural blueprint is important. Without any of these you don’t know where you are going or how you are going to get there.

I’m here to let you in on a little secret. It’s not that a security strategy is difficult to create, it’s just that you, the organizational executive has never had to create one before. Everyone you talk to about cyber keeps throwing acronyms and technical terms around that you don’t understand and that has kept you largely at arms length from this topic. Because I don’t think you should be responsible for becoming a security expert I want to break down the mystery of a security strategy so that you can see it is doable and necessary.

Policies and Procedures

It all starts with policies and procedures. You already have these for so many areas of your business, it’s a matter of adding those applicable to security and then training your employees and continuing to make them aware. ComputerWeekly reported that a recent survey conducted at Black Hat Security Conference in Las Vegas revealed that 84% of respondents whose company has suffered a cyber attack attribute it, at least in part, to human error. Policies and procedures could have helped stop a large number of those. Sometimes people just don’t know what to do and with a lack of guidance will do what they think is best.

Risk Assessment

You have to know what your risks are to know what to protect and how to protect it and you do this through a risk assessment. This is required in every best practice framework and regulation I have ever seen.

A risk assessment asks a lot of questions to identify risks, severity, and likelihood. Questions like: What sensitive data do we have, How is the data transmitted and stored? What systems are used to host the data,? How are those systems accessible inside and outside your network? Do those systems have all critical security patches applied? Who are your third parties that access your data? How well are you employees and vendors trained? Who are your adversaries?

Most of this can be assessed through interviews with the people who interact with the data or manage your systems and through automated tools like vulnerability scanners. There is also a professional service called penetration testing where ethical hackers mimic what malicious hackers would do so that you truly understand your security posture and risks from the outside and inside of your network.

Risk Management

Prioritize prioritize prioritize, this will become your new mantra. Once you have completed your risk assessment you will be left with a list of low, medium, high, and critical items to remediate and manage. That can be overwhelming and you can’t fix it all at once so don’t try; the answer is the same whether you are trying to remediate your vulnerabilities or eat an elephant – one bite at a time. It’s a matter of understanding what the highest risks are, the easiest to fix first and those that are less important or more long term to solve for. This is where your security team and security executive is there to help. If you don’t have this team or person in place to run security then you bring in a third party to help with remediation and retesting.

Food for thought – The same ComputerWorld article said “Nearly 55% of more than 130 attendees of the 2017 Black Hat security conference in Las Vegas admitted their organizations had been hit by cyber attacks.” The reason I say that is very common to hear “it won’t happen to me.” Risk management is how you help ensure that it won’t happen to you.

Continuous Monitoring

Continuous monitoring, regular control testing, and at least annual risk assessments is how you keep this going. It is not a one and done project. This becomes an operational part of your business just like keeping the lights on. Whether it’s your internal team or third party consultants that help you achieve this, it must become part of your daily culture of security.

This includes implementing and maintaining technologies that can prevent a cybersecurity event and the processes and technologies for detecting cybersecurity events, responding to events and mitigating risks, and recovery from events.

If you are still wondering “how will I accomplish all this?”, don’t worry I understand that is a real question and concern. In my next article in this series I will discuss resources with you and the how you will do this. I want to make this as simple as possible because your organization, people, and customers need to be protected from malicious individuals and from costly errors. Please note I said simple, not easy; with the right people creating the strategy is simple, but it will take time and resources along with a culture of security to make it happen.

***

If you don’t want to wait for the next article email sharon@c-suiteresults.com to start discussing the resource or strategy questions you have now. Sharon provides virtual Chief Information Security Officer (vCISO) services, consults with clients on security strategies, writes policies, and helps organizations of all sizes become and maintain secure and compliant.