Does Your Business Understand the ‘How’ of Digital Transformation?

Digital transformation is a term that has been thrown around board rooms for a few years now. Many legacy businesses that once struggled with accepting the need for digital transformation now unanimously accept it, but are increasingly struggling with how to implement the change.

It is a dangerously broad term that can mean anything from creating or redesigning a website, to launching a digital marketing campaign to a complete change in the structure and working of a business. That is why the how of digital transformation has become a headache for many top executives in more traditional firms who believe their business is being threatened by digital start-ups who are disrupting the market.

One the one hand, you have businesses that believe that digital transformation is the creation of digital platforms and new marketing channels that once did not exist and on the other, you have those that believe that it means replicating the digital start-up culture perfected by the likes of Facebook and Google. The answer is sort of in-between and more nuanced than the extremes presented above.

What digital transformation is not

An important concept to grasp when talking about digital transformation in businesses is that it is not an end product. The very word transformation should hint at the fact that it is an ongoing process, yet there has been a fixation of reaching an end goal of having your business become ‘digital’.

It is a dangerous concept for the very reason that the digital world is no longer a separate entity that evolves at its own pace – the digital world is now just the world. There is no ‘traditional’ or ‘non-digital’ world that exists in tandem with the digital one. As the world – read digital world – is ever changing and advancing, there cannot be a fixed goal in sight and so digital transformation is an ongoing reaction and adaption to the trends of the world.

Because non-digital is now extinct, many executives and consultants are referring to digital transformation as business transformation. It is a response to the shift in consumer behaviour away from traditional channels and into an almost purely digital environment in which they interact with their peers and with businesses.

The how of digital transformation

One reason why newer companies, and specifically technology start-ups, have found it so easy to adapt and change to the latest digital trends is that by virtue of being young companies, they can enact vast change rapidly. They can get board approval to purchase billion dollar companies in fields that never existed a few years prior in the drop of a hat.

Legacy companies that have been around for decades and even hundreds of years will often struggle to get a buy-in from the board. For an effective digital transformation, you need a vision (not a goal) of where your company is headed and you need all employees, senior and junior, to buy into that vision and engage with it.

The biggest barrier to effective change is often quoted as the belief of senior leadership that no change is needed.

A culture change is often needed because of this. A poll by Organic found that 30% of respondents believe that transformation of the culture of the business is required for a successful digital transformation while only 8% believe that adopting new IT is required.

A customer-centred approach to tackling digital transformation is the best option because technology, by virtue, will track the needs of consumers and customers. Any implemented project has to serve a real customer need, and at the same time, a customer need has to be understood and predicted and planned for. The failure to do so is what leads to start-ups entering the market, based on delivering something that other companies failed to deliver on.

Many digital transformation projects are short-term and do not always deliver a ‘bang’ when revealed. What business needs is constant progress, addressing micro-goals that contribute towards a long-term vision. If your business can achieve this, then you are on the right path towards digital transformation and the goal of remaining relevant in an ever-changing world.

How to Get the Attention of Your Board of Directors

For any ambitious professional, the pinnacle of their career will be joining the board of directors. Not only does a position on the board come with the benefits of status as well as financial rewards but also provides a unique insight into a business along with which comes a great responsibility for influencing change.

Depending upon the sector of the organisation, most boards of directors will look to strengthen their leadership team by appointing individuals from across all of the critical sectors of their business. Typically, this will include a representative from areas such as finance, legal, HR, sales and logistics. Many larger organisations will also include a space for IT on their board but is their room for more specialisms? In particular, can a cybersecurity executive find their way to the boardroom?

With more and more such positions opening in job markets it seems that the answer is plain but just how do you go about making that momentous step?

What is the board looking for?

A board of directors is established to provide a strong and knowledgeable team to support, advise and manage critical business functions as well as determine the direction of an organisation’s policies. A place at the boardroom table depends on three key factors: business acumen, technical expertise and gravitas.

At least one of these is an obvious one and is something that should be well within your control to achieve: technical expertise. There is no point in looking for a place at the board table if you do not possess a superior knowledge of your field of experience.

Business acumen is the second achievable quality that professionals can set their career plan on achieving. Directors appointed to the board must be able to apply their field of expertise to the wider picture of the business in which they are operating. They must be able to appreciate other key factors which influence the decisions being made and be able to operate within, and to, the existing company policy, ethos and goals.

Gravitas is a slightly ‘fuzzier’ skill set that is difficult to define but covers the interpersonal skills associated with people who can operate at a senior level, can communicate effectively and can conduct themselves with a great deal of professionalism.

Acquiring essential skills and work experience

To reach the lofty heights of the boardroom you will be in competition with a large number of other ambitious candidates so it is important to ensure that you have a wide range of transferable skills as well as a broad background of senior positions held. To hold a position of such seniority you need to be able to demonstrate that you are qualified to do so. Successful candidates who make the leap to the board of directors can typically evidence their progression in one of four backgrounds:

Experience in legal or consulting;
Government backgrounds particularly in the military or intelligence community;
Previous roles as CISO/CSO’s;
CEO’s of cybersecurity firms (typically those that have moved on following acquisition or IPO’s).
What experience in any of these roles demonstrates is a business acumen above, and in addition to, technical knowledge.

You think you have what it takes so, how do you get in front of the right people?

It may very well be that you are currently working in an organisation where opportunities to join the board exist but it is more likely that you will need to be proactive in getting yourself in the market.

Firstly, be aware of those industry sectors that are most likely to seek someone with specific experience in cybersecurity. At the moment this is very pertinent to those organisations that offer critical services: sectors with government contracts, energy companies, healthcare and industrial manufacturing are all prime candidates to approach.

Press the flesh and start networking. There is no greater impact than actually connecting with people directly. Do your research and be sure to attend events, seminars and conferences that will have other board directors attending. Take the opportunity to meet people of influence and try to get introduced to potential recruiters. By all means look to a recruiting firm directly but do take the bull by the horns and be your own best marketing strategy.

Whilst you wait for your efforts to pay off, take any opportunity to improve the attractiveness of your resume.

Finally, if you are serious about reaching board level then you may need to take a fresh look at your career plan. Cybersecurity is a hot field right now and there are many new start-ups taking the lead over larger competitors; getting on board with an innovative young company could lead you to your goals sooner than you think.

Want to Avoid Major IT Disaster? Learn About Identity and Access Management

An identity management access system or an IAM system is a program, which is set up so that businesses can manage the processes of facilitating electronic identities. IAM technology is used in a variety of ways. It is the framework that assists identity management in capturing and recording identities as well as manage them, along with a user’s automated access authorization. It assures the subscriber that services permitting access are authenticated according to policy and also authorizes regular audits of electronic data.

IAM processes that are poorly conducted or controlled could lead to a non-compliance issues. A company may have to demonstrate that current data is not at risk and just so you know, the chances of failing the audit may be great.

Typical IAM Bloopers

There are a few mistakes that organizations are guilty of making when attempting to implement IAM systems. Three of the biggest ones are –

  1. Failure to verify scalability within a growing business
  2. Not considering compatibility issues
  3. Not completing a through examination of the systems

Before you install any IAM system, the user must choose the data it should protect, consider how it will adjust to company policy and who will take ownership of the electronic data. Another common mistake is that many organizations either put out too much access management or too little.

The error is that too much importance is placed on protecting systems which contain low risk information. On the other hand, sometimes the emphasis is not centered around high risk content enough. By not having enough security on high risk content, it opens doors for malicious hackers.

You need an IAM system; Why?

With the way technology is growing, it’s difficult to keep up with the latest developments, however, it’s a must for IT businesses. Having an IAM doesn’t make a difference in how your system functions nor will it increase your profits, but not having a good IAM will impose certain risks to the data’s security, plus the organization may receive additional penalties for non-compliance.

Security is of top priority to online users and owners should protect its audience from the dangers of cyber threats. With cloud-based applications, the influx of mobile applications and other trends, there are more devices to manage. Each of these applications has requirements unique to its brand, which include access and privileges.

Considering the extra load on IAM, identity and access management is increasingly difficult to navigate through. In addition to that, nearly all employees retain certain privileges and accesses, even when they are no longer in a capacity to use it which leaves the doors open for information data systems to be abused and this is why you need the best IAM system available.

Advantages of IAM

As more individuals or corporations turn to using cloud-based services and mobile applications, IAM has never been so critically important to IT. The ways in which these devices are programmed to handle security issues are the key to the future of said services and their partnerships.

The IAM assures its people that the best is being done to meet with security checks and performance issues. The benefits of IAM are not only maintaining security, but to

1) improve the way the cloud connects to the business environment
2) provide the right individuals with the right services and access
3) cater an approach that is compliant and consistent with preventing risk
4) verify identities through secure outsources

Want to lessen the risk?

One of the best ways to lessen the risk and to maintain accuracy is to make sure that only those individuals needing to have access have access but to a limited amount of data and that which is connected to the job’s code of conduct. It seems as though there is a struggle to make systems foolproof, however, there are ways to make the processes more efficient.

Plan the process out – Planning is vital in almost everything you do in terms of success. One must also do the homework to set up communications, implement hardware and software programs and even select particular hosts and servers. It also involves checking to make sure the plan is working.
Hire the best team – Experience is the best teacher so you want people behind you who have been there… done that, but at the same time, you need sharp, innovative minds to stay up with the latest developments.
Create Documentation – Never rely totally on recall or memory. A tangible reference lessens the risks of overlooking certain requirements or decision.
Build a Rapport – Establish an open door policy with the owner as communication is at the core of the relationship
Select an Executive – Having two heads are always better than one when attempting to overcome barriers and in-house tug-o-wars. Assign an assistant to handle key issues that may pop up over time.

What The Next Gen Authentication Mechanisms Will Be Like?

The serious implications of breaches in front line security system defenses are driving the development of next gen authentication at a furious pace.

With information security at the top of the agenda for both businesses and individuals alike, the need for improved protection of confidential and sensitive data is reaching a critical point. But what will the next gen mechanisms be like?

The current landscape of authentication

Authentication mechanisms fall into one of three categories, referred to as ‘know, have, are’. The ‘know’ refers to something that a user has to remember such as a password, key code or an answer to a given question. ‘Have’ relates to an item that a user physically has; typically, this has been something to supplement the ‘know’ element such as a personal chip-and-pin card reader or token. The ‘are’ element is, perhaps, the most advanced area of authentication and supports biotechnology as well as behavioral activity. It relates to something that is inherently unique to one user. We are probably most used to seeing such access control as fingerprint entry to smartphones, retina scanning at airports and restrictions placed on our online activities depending on our geographical location.

The downside of two of these authentication methods are, of course, that personal information such as pass codes and information (know) can be accessed by third parties and peripheral accessories (have) place the onus on a user to have these about their person. However, it is the third level, ‘are’, in combination with ‘have’, which is fast becoming the front runner of the next gen of authentication.

Developers have already recognized that smartphones are something that the majority of users carry with them and have exploited this ease of access with systems such as two-factor authentication across mobile banking applications. However, with the exponential spread of banking Trojans such as Asacub, Banload and Acecard, the need for more robust security is informing the advancement of access control.

How is next gen authentication shaping up?

With devices such as smartphones already a staple part of daily life and wearables rapidly being taken up by consumers, the shift from user-driven authentication to device-driven access control promises to be the next step towards the golden 99.999 per cent reliability target. The technology of devices being able to monitor and detect behavioral patterns in an individual already exists and can be seen in action by the way our spending activity is monitored by banks; patterns, locations and behavior are all routinely processed using algorithms to identify unusual activity and, thus, help to prevent debit and credit card fraud.

The next step in authentication comes by applying similar principles to current devices (smartphones, wearables) or the next generation of portable technology.

It is envisaged that such technology will be capable of accurately identifying it’s user by detecting simple behavioral traits such as the way the device is being held, the accuracy of how that person types (and the speed at which they do so) as well as the routines of that individual (e.g. on a working day between 9am and 11am the device will come to learn that the owner is situated in their office in central London therefore an online transaction from a laptop in Glasgow is likely to be a fraudulent one).

There is still some work to be done to develop next gen authentication technology to achieve the promised land of a secure online environment, free from the threat of data loss, but these super smart devices look set to be a huge step forward along the path to change.

Corporate Security: How to Deal with Human Factor?

Hacks, worms, malware and viruses are never far from the headlines. Corporations across the globe spent small fortunes every year trying to protect their systems from such problems but there is one major aspect that gets overlooked: the human factor in cyber security.

A company can have the most sophisticated system in place, but many of the major vulnerabilities lay with the people who are regularly using them. Study after study has highlighted the human factor in cyber security as a problem, yet still it remains. So how do you deal with this issue?

Develop stronger systems

Perhaps one solution is to take the employee out of the equation. Workers already know what they should and shouldn’t do, but one small lapse could bring chaos to the entire system. In his expert analysis, Dr JR Reagan of Deloitte Touche Tohmatsu Limited, suggests in the future the emphasis should be on developing systems that can successfully identify phishing e-mails and prevent bad links from being opened, but as these innovations are some way off, corporations need to find a way to address these issues here and now.

Raise staff awareness

Research shows that not nearly enough staff regard IT security as an issue, and if this problem is not addressed, it doesn’t matter how much of its budget a company spends on securing its systems.

From the smallest law farm to the biggest corporation, every company should have firm protocols that staff should be aware of. Employees should know what they need to do to help prevent a security breach, but they should also be informed how to act if they suspect a breach might have occurred.

From the smallest law farm to the biggest corporation, every company should have firm protocols that staff should be aware of. Employees should know what they need to do to help prevent a security breach, but they should also be informed how to act if they suspect a breach might have occurred.

Curb Social Media Use

Protocols will vary from corporation to corporation, but there is one area every firm needs to toughen up on: social media. One way of effectively managing the human factor and reducing the risk to security is curbing the use of social media. Obviously, this is a move that won’t be popular with some employees, but it’s far too tempting to click on a harmless looking link on Facebook or Twitter, which could introduce malware.

If a corporation doesn’t want to limit the use of social media, then staff need to be aware of the basic rule: no clicking on links if they don’t know where they are leading to.

Security Reviews

Another way to successfully deal with the human factor in cyber security is to regularly review their current systems. Security experts say too many firms wait until they have had a security alert before they review the measures they have in place. Are they adequate to contend with the next big virus or a newly discovered security flaw and human error?

Another factor that companies often fail to consider is the security providers themselves. Their ability to manage the latest threats and possible beaches should be monitored, and if it is felt they aren’t proactive enough, it’s time to find another firm.

Protect mobile devices

Today, corporations are more dependent on mobile devices than they ever were before; the same applies to the staff. Mobile devices are now a fact of life, which is why it’s fortunate there is plenty that can be done to enhance their security.

Corporations – and their employees – should eliminate the ‘human factor’ where they can and have application and device controls installed for an added layer of protection. Removable devices like data sticks should be encrypted, and each mobile device should have some form of guard against malware and viruses.

Analyse the security budget

Another way of tackling the pressing issue of the human factor is to take a look at the security budget and how it is distributed. Could it be better used to shore up the security system and protect your firm from vulnerabilities? Where possible, enhance the system to take the responsibility away from staff, and have measures in place should human error occur.

Hacks, viruses and malware cost businesses billions every year. While every firm should have security measures in place, businesses of all sizes should look beyond this and empower themselves against the human factor.

A Guide to Building a Safe Corporate Culture

Safety culture is spoken frequently but it is infrequently well understood. To be successful a commitment, safety must permeate the corporate culture. A strong safety culture is unlikely to just exist, but it will need to be defined and built from the top down, guided by the leadership team and management. In the 1930’s and 1940’s H.W.Heinrich developed a behavior based safety concept. He researched thousands of insurance reports and came to the conclusion that approximately 90 percent of industrial accidents were due to employee failures. Therefore to correct the issue, worker behaviors need to be changed, perhaps by instilling safety into corporate culture. The question is, how can this be done in practice? These are our top three ways in which to build a safe corporate culture.

1. Empower employees to be observant and speak up

There will be occasions where something just does not seem right and an employee being empowered to speak up and halt what is in progress, could avoid a serious event from occurring. If employees are going to feel that they have the authority to pause a working practice, they need support from management and the organizational leaders. An employee’s caution could prevent an accident, but on the other hand they may have been overly cautious, and they need to be able to raise their voice without the fear of reproach from management or colleagues. In many organizations there will be social norms in play which may prevent for example more junior staff from feeling they can appropriately raise concerns, so culture has to shift to accommodate everyone having a voice.

2. Organizational risks are understood

This seems simple but it can often be missed. Employees should be aware of the inherent risks in the task they are undertaking, whether it be a service or a product they are involved in delivering. Employees should be trained on the risks, and how to mitigate against them, thereafter they should receive periodic training to try and avoid complacency. Additionally, it is important to have a record of all accidents and near misses and ensure that employees are aware of both. This is not designed to instill fear in employees, but to bring their attention to the risks and associated safety methods used for mitigation.

3. Avoid the blame game and encourage continuous improvement

Accidents happen and very often organizations will not discuss them openly. To genuinely instill a safety culture, accidents need to be discussed and valuable insights should be drawn out and there should be learning. The result should be a focus on continuous learning and improvement. Managers and leaders should not look to assign blame when something goes wrong, but encourage openness and information sharing. One way to share information is to agree a set of reports and an associated communication strategy.

In summary

Organizations don’t want industrial accidents to happen for a myriad of reasons. We know that most accidents can be avoided by employees themselves. However, very often employees become complacent, or they are poorly trained, or they see something go wrong but are just too intimidated to speak up. A safety culture seeks to create an organizational environment enforced by the management and leadership team which engenders open conversation without fear of reproach. It also looks worth to be discusses and learnt from past mistakes and ensured that all employees understand the risks the organization faces. There is a number of ways to develop this culture, some of which have been identified above, but at its core are trust, openness, training, and commitment to continuous improvement.

Federal Trade Commission Is Committed to Keep Personally Identifiable Information Safe

The Internet has opened up corporations to a whole new world of security threats, and this means personally identifiable information can easily be at risk. This is why it’s imperative safeguards are put in place, and programs such as the FTC Start with Security education initiative are there to help guide corporations towards the best practices.

With its latest program, the Federal Trade Commission has reiterated its commitment to keeping personal information safe and detailed the steps it is taking to keep our sensitive data secure. As you can probably imagine, the commission has been pretty busy with enforcement activities.

FTC enforcement activities

To show just how serious the Federal Trade Commission is about keeping data from being misused, it regularly undertakes enforcement activities. In recent years, the FTC has brought numerous cases against companies regarding privacy and security issues, so you really can’t be careful enough with your customers’ information – especially when you are storing vast amounts of personal data.

However, it is just as strict on companies that send spam or who are found to be misleading about the way they use consumers’ details, so it is essential that your business stays abreast of any new changes in data law or e-mail communications regulations if you want to stay on the right side of the FTC.

While the Federal Trade Commission had highlighted the actions it’s prepared to take to crackdown on breaches, it’s also a useful reminder of what corporations can do, too.

Guidelines for specific businesses

Depending on the sector your company works in, you’ll need to adhere to the best practices outlined by the FTC. Whether you are working in healthcare, selling/buying debts, or your business needs to store or dispose of data, there’s a specific set of best practices and step by step plans that apply. The FTC makes copies of these available online – make sure you follow them.

What else can you learn from the FTC start with security initiative?
Keeping your customers’ data safe

Unless you want to fall afoul of the Federal Trade Commission, there are several steps your business needs to take to keep personally identifiable information secure.

First, the FTC advises companies to only hold as much data as they need and to inform customers how their personal information will be used. This will help to limit the impact should data be compromised, and advising customers how their data will be utilized creates a greater transparency, which helps to improve consumer trust.

Remote Access

The use of smartphones and tablets have soared in recent years, and while this brings added convenience it also means there is a new set of security risks that comes with it. One of the biggest potential problem areas is remote access, so make sure these access points are protected from hackers.

Give customers options

The FTC also stresses the importance of allowing consumers options when it comes to their personal privacy, and where possible it encourages companies to limit access to data. Due to the risks posed by cyber threats, corporations are told to have their own measures in place to safeguard the security of people’s personal details.

Have a security plan

It is advisable to have a security in plan should the worst come to the worst, and make sure that these details are kept safe. Also, always adhere to FTC guidelines for protecting data – that way and your company is covered should a breach happen.

The FTC’s start with security education initiative is a crucial reminder of what the Federal Trade Commission does to protect our information, but it is also an important guide to the efforts that corporations must take to protect their customers. Follow the above tips, protect passwords, monitor networks, check for vulnerabilities, adhere to best practices and have sound policies in place – this will help make the information you hold much safer.

Don’t Want to Put Your Company at Risk? Avoid These 5 Bad Security Habits

The first thing to tell you is that users typically have lots of bad habits which can put the company at risk. The reason for this is primarily because they have not had appropriate training, they are unaware of the risks, and perhaps they are complacent. In many organizations employees’ interaction with IT systems and the wider internet is governed by a policy which must be adhered to or the employee faces disciplinary consequences.

The first bad user habit can lead to your IT systems being penetrated by many different viruses, and that is opening attachments that are not recognized. It might be completely benign, but on the other hand the attachment may harbor something far more sinister.

Next on the list is poor password management and this one is twofold. The first case is when users have the same or similar passwords for all of their online accounts, whether that could be social media or banking. Once the cyber criminals manage to crack one password, they have just cracked the code for the user’s entire online identity. The second big issue is that many users use simple passwords so that they are easy to remember which makes sense to the user, but of course that makes them easier to crack for unscrupulous hackers. You can enforce password complexity requirements on users to access the company’s IT infrastructure and it would be prudent to give wider training on password management to employees.

The third user habit is not having your guard up and being overly friendly to strangers. Most of us are telling our children not to speak to strangers but the reality of working environment is you will speak to strangers in your professional life. However, users need to be wary of people who are trying to social engineer on phone calls or face to face to get information which will allow them to gain access to online platforms. More commonly this kind of activity is called phishing, and hackers often do their homework, and they can be very convincing as often they are armed with small pieces of information they have gathered from elsewhere to fool the victim into trusting them.

In some organizations users are restricted so that they are unable to download software to their laptops/PCs. However, in companies where employees can download applications, they should be updating and patching regularly so that any security vulnerabilities are managed. Again, most users probably click away the prompts to update as it slows them down when they are trying to work. The organization will need to provide training to ensure that employees understand the importance of maintaining the software they have installed.

The final bad user habit is probably the simplest to avoid, and that is leaving your laptop or PC logged in and walking away. This could be in the office, or worst of all in a public place such as a cafe. Whilst most organizations install an automatic lock on a device which requires a password to unlock, it is usually set at a few minutes. That will leave plenty of time for an opportunist to gain access to the computer and potentially cause a huge amount of damage to the organizational IT infrastructure.

These are just five bad habits but unfortunately users have many more. The key to safeguarding against this is to train users periodically and perform random checks to ensure the policy is being adhered to. Whilst this may not prove popular with employees, it might just save the organization a lot of potential damage both to its IT infrastructure, and to its reputation.