By the DynaSis Team
In past articles, we have discussed the value of written policies to direct and define expectations for corporate security. We have talked about the importance of having strong employee security policies that not only educate but also clarify what behaviors are unacceptable—and potentially actionable.
As we head into a year predicted to be more dangerous than ever before in terms of cyber-risk, we offer you a list, developed with the input of DynaSis’ in-house security experts, of the principal elements a data security policy should include. When complete, such a resource will help to manage the activities and behaviors of personnel and provide support for the organization’s risk management strategy.
Nine Essential Elements of a Best Practices Data Security Policy
Data Privacy: What sensitive/confidential data the organization retains (including a plan for classifying data, if uncertainty exists) along with a program for securing, retaining and disposing of it. If the firm is subject to regulatory mandates, such as HIPAA (Health Insurance Portability and Accountability Act of 1996), how the firm will comply.
Password Management: Rules that define the content of passwords; how often they must be changed; how they are administered.
Internet Usage: What personal Internet usage is allowed at the workplace, if any, with a list of restricted site types. Information to help employees identify and avoid risky/infected sites. Also should include restrictions on Internet usage outside the corporate network (e.g. unsecured Wi-Fi sites) as well as prohibitions on establishing unauthorized Internet access points within the network.
Email Usage: How and where personnel can retrieve and send email, including prohibited behaviors such as transmitting corporate email over unsecured networks or allowing non-employees to send messages through a corporate account.
Company-owned devices: How and where company-owned devices may be operated; restrictions, if any, on the types of data stored on them; procedures in the event of damage, theft or loss.
Employee-owned mobile devices: Whether or not company data (including email) may be accessed or stored on personal devices. If personal devices are used for work and are company controlled, restrictions similar to those for company-owned devices may apply.
Social Media: Whether or not, and how, employees may use social media at the workplace or on company-controlled devices. Prohibitions, if any, on sharing information about the company, its personnel and its operations over social media.
Software Copyright & Licensing: Prohibitions against installing and using unapproved or unlicensed software on company servers. May also include how the company maintains its software licenses and how often it updates that software.
Security Incident Reporting: Policies and procedures for reporting security incidents. Incidents include not only activities (e.g. loss or theft of a mobile device) but also potential attempted intrusions, such as receipt of a suspicious email message. Personnel should be encouraged to report any activity or communication they are not certain is safe.
This list is extensive, but it is not exhaustive. Depending on the organization, industry and business model, additional information might be appropriate for inclusion. We have also excluded complex technology-layer policies, such as encryption policies and incident response procedures. Those are a discussion for a different day.
DynaSis has been Atlanta’s premier IT support services provider for more than 23 years. As an IT company working with small to midsized businesses (10 to 150+ users), DynaSis has developed a unique 12-layer approach to network threat protection, ransomware prevention and crypto virus threat elimination. The DynaSis Business Cloud functions through a highly secure environment with full real-time data backup. Please contact us at 678.218.1769 or visit our website at www.DynaSis.com.
By the DynaSis Team
For the final article of 2014, we thought it would be interesting to share some thoughts on leadership. A few decades ago, a major component of being a great leader was leading in your physical space―being in touch not only with your employees but also their work environments and activities. IBM CEO John Akers was praised for the way he left the executive office and walked around his company’s facility, connecting with workers in their own spaces.
With the advent of the digital era, leaders must deal with a new dimension in “connection”―the digital one. Many business experts conjecture that great leaders now must also be champions of the digital world, and some of the most respected, beloved CEOs are doing just that.
Following are a few ideas to help business owners expand their reputation for leadership and engender loyalty, respect and admiration among their employees, peers and customers.
No one expects or wants a company owner or president to post on Facebook all day long, but having a social media strategy is an important part of leadership. Despite this fact, CEO.com reported in 2013 that 68% of Fortune 500 Company CEOs have no social media presence.
On the flip side, Virgin CEO Sir Richard Branson, who has been named Britain’s most admired business leader of the past 50 years, has 4.5 million Twitter followers. The brand value of his social media following is incalculable, and the “cool” factor he has garnered from his efforts isn’t hurting, either.
In January 2013, an Economist article asked the question, “How can you be a leader if you don’t have followers?” Branson’s success certainly offers solid support for this argument.
Treat Digital Communication as a Gift that Comes with Strings
Digital communications such as email, the Internet and social media have empowered businesses and connected them with their customers in ways never before possible. Great leaders in the digital era recognize this fact and direct their outcomes in an honest but thoughtful manner.
The digital world makes it easy for CEOs and other business owners/leaders to connect with their employees, vendors and customers, sharing professional insights, thanking them for their support and more. The double-edged sword of this reach is that an ill-timed or inappropriate comment, even in a “private” forum such as a closed Facebook group, can leak out to the world.
The potential to cause damage or spark controversy is likely what keeps CEOs and other leaders off social media. That’s unfortunate, because the good that can be done though digital communication is undeniable. Genuine, well-considered, respectful communications won’t offend anyone. Try a few, and see.
Speak in Your Own Voice
For leaders to garner respect and love from their customers and employees, their blogs must be authentic expressions from their own perspective. This doesn’t mean they have to write them with no help. Some leaders simply are not good writers.
However, blogs, social media posts and other communications shouldn’t be left solely to a communications team, either. The business owner/CEO should at the minimum approve topics as well as the “tone” that any series of communications will reflect.
The reality is that digital communication is unavoidable, and leaders can show their fearlessness by conquering this space with composure and poise. Ownership of the digital world will become more important with every passing year, as the upcoming Millennial generation enters its prime work years. Millennials are intimately connected and in tune with all things digital―and they want their leaders to be, as well.
DynaSis recently authored a white paper about the challenges of attracting the new generation of workers, which involves not only having leadership that appreciates digital communications, but also taking a proactive approach to technology, mobile device usage and management, and other imperatives for this group. The white paper is complimentary; to request the download please give us a call.
By the DynaSis Team
If you studied psychology in high school or college, you probably encountered Maslow’s Hierarchy of Needs―those elements that take humans from basic survival to self-actualization. Did you know there is a customer hierarchy of needs, as well? The terms for these needs change from one model to the next, but they all say basically the same thing.
At the most basic level, customers want accuracy and availability. They want things to work and they want to be able to obtain them. Above that, they want companies to meet their desires―provide ease of use; wide color selection; extended operating hours―whatever they desire in the product or service that isn’t absolutely necessary for them to use it. At this level, customers become loyal, and most companies are content if they achieve this “pinnacle.”
The cold reality, however, is that meeting customer desires and gaining loyalty do not place you at the pinnacle. That spot is reserved for meeting customers’ unexpressed needs―actually advising them of things they might want and making them available for them. It involves having a two-way dialog and showing that you are looking out for them.
At this level, companies gain evangelism―customers that tell everyone how wonderful a company is. Most firms never come close to achieving this level, because they are caught up in trying to reach or stay at the loyalty level. They waste the opportunity to become truly great and extraordinarily successful.
So, how do you get your customers to the level of evangelism? You must already have great products or services, of course. Your employees should love your company and what it represents, and they should be dedicated to providing passionate, caring service. To make that leap from this foundation isn’t effortless, but today’s technology is making it a lot easier than one might think.
What do you do with the data available to you? This includes, not only what your customers order, but what they ask about when they call; what they say about you to their friends on social media; even what they say about your competitors. All of this data is available to you, either through your own internal records or through social media analysis. You just have to harvest and analyze it to get a pretty good idea of what your customer might like you to offer them, next. (It’s also a good idea to participate in their conversations and let them know you are listening.)
Best of all, there are ready-made data gathering and analysis solutions that can do a lot of the work for you, even going as far as monitoring conversations about you and your customers across the entire spectrum of social media, so you can jump in and participate. They can even tell you who your key influencers are―the folks that persuade others to either like or dislike your products or services. (If you are old-school and this sounds like an invasion of privacy, consider this: it’s perfectly legal and your competitors are probably already doing it.
These solutions aren’t DynaSis’ specialty, although we can point you in the direction of someone who offers them. Because we care about your success, we just wanted you to know they are there. We also wanted to remind you that, before you decide to implement any solution that gathers and stores customer data and preferences, you should order a security analysis and ensure you have robust defensive mechanisms in place.
All the customer engagement and gratification in the world won’t build your business if a criminal steals those lovely pools of data that you collect, analyze and store. If you suffer a data breach like those of PF Chang’s or Target, your customers will become evangelists, but they’ll be telling everyone to run the other direction. If you’d like to request a technology assessment to see where you are, now―or discuss any aspect of technology and how it impacts your business―we invite you to fill out our inquiry form or give us a call at (770) 569-4600.
By the DynaSis Team
We’ve talked about BYOD (bring your own device) several times here, but it’s always been mostly from the technology perspective. This week, we’ll offer a few suggestions that also address what your employees need to know about using their devices. These are all ideas we recommend you integrate into your own corporate policies.
As we’ve discussed before, many employees show little compunction about sneaking onto corporate networks with personal devices, whether you allow them to or not. It makes no sense for companies to fight the BYOD trend any longer. Beyond adopting best practices such as mobile device management, having a straightforward discussion with workers will go a long way towards preventing trouble with BYOD.
1. Be Crystal Clear. Make it clear what employees are and are not authorized to do. For example, don’t assume they know they will not be reimbursed if they upgrade their plan, purchase more data and/or add international dialing or data when they go out of the country. If you won’t pay for these add-ons, tell them so. Don’t get caught between keeping a key employee happy and footing a big bill.
2. Establish Barriers. Create “clearance levels” for different pools of company data and restrict the most sensitive information to workers that really need access. (Restricting data behind a cloud-based portal is a good solution; controlling access is an even better one.) Notify all personnel of the procedures and remind them that not following policy puts the business and their jobs at risk. New surveys show that consumers absolutely blame corporations for data breaches and expect them to pay for damage they do. Don’t accidentally expose your firm to litigation by taking a slack attitude towards data access.
3. Enable “Lock and Wipe” Features. The best corporate “portal” solutions wipe all traces of the data from the device after each work session ends. Nevertheless, corporate data may sneak onto personal devices, often when workers forward emails or text corporate data to themselves for the sake of convenience. Be sure your mobile device management platform has remote lock and wipe features in case a phone goes missing. Reinforce to personnel the importance of reporting a missing phone promptly rather than holding the information in hopes of finding the device.
4. Reward a Job Well Done. Studies show that employees will work extra hours when you permit them to use personal devices at work. That’s great, but you should reward this behavior by compensating hourly employees for documented work that takes place outside the office. To do otherwise sets you up for a possible Department of Labor violation and penalties.
5. Don’t Fight Social Media. Your personnel are going to check Facebook or other social platforms during the work day. It’s a fact of life. So, ensure that all corporate content is sufficiently protected by encryption and anti-malware software. In lieu of pay, consider establishing a social media policy that trades on-the-job social media “comp” time for work done after hours (see number 3). Isn’t it better for workers to be given a few minutes a day to check Facebook rather than to have them do it without your consent?
6. Respect Worker Privacy. Speaking of social media, under no circumstances should you ever require workers to give you social media passwords―or passwords that protect any personal data. Your goal is to protect your data and intellectual assets, not to snoop into theirs. To do otherwise could set you up for a lawsuit.
Using BYOD blurs the lines between personal and corporate life. It’s your job to redraw them clearly. To learn more about some of the solutions we have mentioned here (all of which DynaSis offers), fill out our inquiry form or give us a call at (770) 569-4600.
By the DynaSis Team
Last year, we published an article that introduced the concept of Social Business and hinted at what it can do for small and medium-sized businesses (SMBs). We also promised to share more information to help you explore the value of this approach.
Social business, as we mentioned before, is an operating model where companies embrace social media at the enterprise level, not only for outward-facing marketing and communications but also for internal collaboration and information sharing among employees―and possibly partners and vendors, as well. Despite the availability of an array of enterprise-grade social tools such as Yammer and Socialcast, the approach is not taking off like gangbusters―yet. Per Forrester Research, only 8% of employees use social collaboration tools more than once a week.
Despite that discouraging statistic, many studies indicate that these tools and platforms can provide companies and their employees with substantial benefits. For example, a 2012 survey by consulting firm McKinsey & Co., found that social collaboration software can reduce the time employees spend processing email by 20-25%.
The challenge, of course, is adoption―by both SMBs and their personnel. Companies want secure, controlled-environment social collaboration tools; users prefer to “socialize” via Facebook or Twitter and don’t want to learn a new platform. Early adopters struggle to obtain user buy-in, and many become frustrated when it doesn’t happen.
Patience Pays Off
So, how can you deploy enterprise-level social tools without becoming a statistic? To borrow a phrase from the 1970s show Kung Fu, “Patience, young grasshopper.” Increasingly, major technology players from Salesforce to VMware are embedding social features into their platforms. Salesforce has reported success with its social networking and collaboration tool, Chatter, and Microsoft has integrated Yammer with Office 365 and SharePoint as a by-the-seat, SaaS (software as a service) offering.
In other words, you won’t have to force users to adopt a totally new platform, and you also don’t have to give in and abandon your craving for control and security. (Control and security should not be negotiable, no matter which solution you choose.)
The trick is to find an offering that integrates with enterprise-grade systems you already use (or are planning to deploy), rather than to expect workers to learn a new platform (and keep another window open on their desktops.) The more tightly social tools integrate with other technology systems, the easier it will be to encourage users to adopt them―and the more benefit you will see.
This is true, not only because social collaboration and information sharing is more approachable when employees access functions from a familiar interface, but also because interconnected platforms work together to convey more and better information. With an integrated solution, for example, your sales people might be able to receive alerts when a pending contract is executed. Then, your warehouse manager might receive an automated tweet because the contract was for more items than your current inventory levels could support.
This may sound like a futuristic scenario, but it’s already happening in larger enterprises. The potential for social collaboration and information sharing to foster amazing achievements is increasing, every day. Social platforms and tools are even helping some companies create “corporate brains” for vital knowledge sharing between departing Baby Boomers and their younger successors.
At the SMB level, we expect many larger developers to debut solutions that target (and are affordable for) smaller enterprises. Some already have. After all, that’s the real beauty of SaaS. Developers can serve an identical interface and feature set to a 50-person company or a global conglomerate at an affordable, per-seat cost.
To see if these solutions make sense for your firm, give us a call. Our virtual CIOs can perform an analysis and help you devise a strategy that will carry your business into a very bright future.
Social media activities are capturing many headlines these days, whether it's a celebrity tweeting something foolish or an employee being fired for posting the wrong thing on Facebook. These stories make for interesting reading, but they obscure the underlying message—social media is here to stay. Not only has it become deeply entwined with many peoples' lives, but the newer generation of workers is positively addicted to it.
Savvy, small and medium-sized businesses (SMBs) are exploring social media in all its aspects. This effort goes well beyond creating social media policies for usage in the office or even launching social marketing campaigns. Social media in the enterprise, for which the new catchphrase is "social business," can include internal collaboration between employees and contractors, external communication and information sharing with vendors and customers, and much more.
Nearly 62% of businesses are expanding their investments in social business, per an IBM Institute for Business Value report. Increasingly, companies are weaving social throughout their operations—from marketing and customer service to team collaboration and R&D. The immediacy that social media offers has incredible advantages in today's fast-paced business world. Consider these examples:
These examples only scratch the surface of what social media can do for a company beyond marketing and branding. Anything that averts an unnecessary delay in company operations fosters momentum and agility. Every resolution that saves a few minutes of productivity adds to the cumulative value of social media, which can be enormous over the course of a year.
Simply connecting workers with better, more available information can provide extraordinary benefit. A 2011 IDC report estimated that knowledge workers spend 15%-35% of each day just searching for the right information.
SMBs that become social businesses can more efficiently process, leverage and disperse the massive amounts of data flowing through the world every day. They can help people connect, find expertise, make better decisions, take swifter action and develop stronger employee, customer and vendor relationships. Doesn't that sound good?
Of course, in order to achieve this benefit cost effectively, firms need their technology ecosystem to support the effort, and they need to develop lasting, viable social business programs tailored to their needs, not jump on whatever bandwagon happens by.
Furthermore, they must design the program with mechanisms and metrics to ensure sufficient management buy-in, security, governance and other success factors—just as they would with any major deployment. (Stay tuned—I'll talk about more about this in a future blog later this fall.)
DynaSis' on-demand CIOs have the knowledge and expertise to help you evaluate and develop a robust, fully integrated social business platform in your own firm. If you'd like to speak with one to learn more now, give me a call.