Category Archives: Business

Eight Anti-Phishing Tricks for Your Company

With the ever-changing digital economy and its global impact, small to mid-sized businesses are on guard and on careful watch. With so much news on cyberattacks and with cybercriminals becoming increasingly creative with their methods, companies are looking for ways to out-clever the fox, so to speak.


First of all: What exactly is a “phishing email?”

Phishing emails are messages that appear to be official but are in fact fake. The goal is to trick your staff into supplying information or providing access to your systems, such as entering a password or clicking on a site that is infected.

They say in some sporting events, defense is everything. Which begs the question, what is a good anti-phishing defense? The easiest method to avoid a phishing email scam is to think about it BEFORE you click.  Only click on websites that are trustworthy. Only respond to e-mails when you are sure of the source.

>> The majority of cyber attacks HigherGround has seen so far in 2018 originated from phishing e-mails.  It is important to be vigilant here, which is why we often suggest your company deploy a tool like MailControl.

When working with numerous departments and many different employees, it can be hard for IT to control and question every email that comes in, though.  So it’s up to the users to help you defend the organization.


Tip One: Have All Machines Install an Anti-Phishing Toolbar

Have your staff use Internet browsers that have the ability to be customized with anti-phishing toolbars. These types of toolbars can run a quick check on the site the user visits and will match them to lists of known phishing sites. The toolbar will alert the employee if the site the person lands on is malicious.


Tip Two: Don’t Let Employees Trust a Pop-Up

While pop-ups can be okay for websites to include, it is also a common phishing tactic. Most browsers allow users to block pop-ups. If a pop-up does appear or slips past the block setting, train your staff that they should not click any “cancel” or “close window” buttons on the screen. This might take them to the phishing site. Instead, tell your staff to click on the “x” at the top corner of the pop-up.


Tip Three: Test Your Staff and Phish Yourselves

Will your people fall victim to a phishing scam? It’s hard to manage users all the time and predict their judgement.

An undercover test is a great way to find which employees may fall prey. If any of your people get caught, then it is a good thing to reiterate some basic security and IT training when it comes to managing emails and avoiding cybercriminals.


Tip Four: Users Should Keep Up to Date Browsers

Popular browsers often release security patches in response to current trends. This includes loopholes that phishers and hackers find and exploit. Don’t ignore messages about updating your browsers. When an update is available, install it right away and inform your staff to do the same.


Tip Five: Leverage Firewalls to Stay Safe

Firewalls are made to protect your company. It will serve as a buffer between your device and the potential intruder. There are different kinds, so keep in mind that your IT team should have a desktop firewall and a network firewall. One is a software and one is a hardware. When both are utilized together, “teamwork makes the dream work” by dramatically reducing the odds of falling victim to phishing scams.


Tip Six: Verify a Site’s Security Before Engaging

Businesses often need to supply sensitive financial information and make payments online. If a website is secure, however, you’ll be fine. A couple of items to check for before submitting information include checking for the “https” in the URL address. There should also be a closed lock icon near the address bar. Look for the website’s security certificate.


Tip Seven: Encrypt Your Company’s Data

Cybercriminals are hiding the shadows, on the prowl, waiting to attack and that can be for any type of data you have lying around. Hackers look for data like banking information and social security numbers. Wherever a small to mid-sized business is keeping important, sensitive data, the IT department must ensure that is encrypted.


Tip Eight: Companies Should Back Up Daily

If you back up your data on, at least, a daily basis, you can revert to the back-up files if your computers or servers get locked.  This eliminates the need to pay a cybercriminal to get the data (or access to it) back.


There is no way to keep your company and your data 100% safe, but you can and should reduce your company’s vulnerabilities. A few simple cost-effective measures can make a big difference in decreasing both the likelihood and the financial effect of getting hacked.

5 Reasons Your Inside “IT Guy” Is Becoming a Relic of the Past

There is a change in organizations across the US and globally. Remember the IT person? The one who walked through the office halls, arriving at cubicles and offices to help colleagues, fixing technical issues, as well as checking computers and machines like the ones in the server room? For most companies, that’s now a thing of the past.

Nicholas Fiorentino, Chief Executive Officer of CrediReady says, “…the IT professionals who patrol your office are becoming less and less relevant in today’s workforce.”

Particularly for small to mid-sized businesses, it just makes more sense to outsource the information technology department.

SMBs can get instantaneous benefits from outsourcing their IT needs, such as:


  1. Cost Savings and Better Budget Control

When small to mid-sized businesses outsource their IT, they gain better control over the IT budget. The organization can identify their needs and pay for IT “as needed.” Meaning, they do not have cover annual salary (or salaries) with vacation time and benefits, unrelated to the workload the IT person may, or may not, have.

With outsourcing, SMBs can isolate their budget to pay for technology services and projects solely (read: value and solutions) and move away from IT being a cost center. Not to mention, organizations can eliminate costly human capital management dollars for items like recruiting, hiring, training and onboarding while running the risk that a new hire and/or full-time employee may not work out and ultimately will leave the organization.


  1. Experienced Professionals for Every Project

While certifications are great to have as an IT professional is looking for a career, experience in the field is much more valuable. When organizations have in-house IT departments, it doesn’t necessarily offer a variety of work to those individuals with limited project scopes. They can become isolated in those type of environments, meaning that they might not have the ability to learn, grow and get the on-the-job experience that they could have from working with many companies on many types of projects.

As IT gets more complex and specialized, it’s harder and harder to find the journeyman IT person who can solve all the IT issues that arise. Outside firms, on the other hand, have experienced “been-there-done-that” resources who can solve these specialized issues as and wen they occur.  Or, better still, provide proactive counsel on how to avoid these issues.


  1. New Technology Can be Implemented Right Away

When embarking on a new IT project like an updated CRM, automated reporting, etc., outsourcing to experts reduces the time to complete and implement the new system. In-house IT staff may not have a lot of experience in that particular area and planning can take weeks or months. It may require hiring more people – even these same outsourced experts.

When SMBs outsource their IT projects, it reduces the typical challenges faced with implementing new technology.  Outsourcing new technology projects to experts will save time, dollars, and headaches. In short: SMBs can expect a smoother transition when outsourcing.


  1. More Bandwidth to Focus on the Main Business

Small to mid-sized businesses only have so many personnel they can afford to keep on staff. When you outsource items like IT needs, it leaves time and resources to focus on making other parts of the business better.

A quick rule of thumb here: If you have enough IT staff to fully handle the day-to-day, as well as all your IT projects (including the ones that pop up ongoing) then you are likely overstaffing your IT team.


  1. Minimizing Risks with Security and Compliance

When was the last time your SMB audited workstations? How about the servers? What about your back up recovery plan? Are you concerned about cybersecurity? (If not, you should be.) In fact, SMBs predict an increase in the security budget in 2019.

With so many threats, viruses, check points, and things to do to make sure that your organization has a solid and secure IT foundation, it’s gets daunting, even for a full-time in-house information technology department. Lessen the burden on your employees and protect the IT systems already in place by utilizing a robust, sophisticated, outsourced IT department. The investment will pay in spades when the security is never jeopardized due to in-house inexperience.

10 Ways to be More Efficient When Using Microsoft Outlook

Make your average workday a better day and save some time on your email communications with these Microsoft Outlook tips.

Tip 1: Use the “Search” Feature

While maintaining folders and filing your emails in those folders will help keep organized, it can only help so much when you start looking for items that happened months or years ago. The most efficient way to find an email in any folder, or across your entire account, is to go to the “Search” box at the top bar and enter a keyword that would be located somewhere in the email you are attempting to locate. The more keywords that you know the email would contain and the more that you enter in the search box, the better your results will be with a targeted list. Try adding the sender’s or recipient’s name as one of the keywords, to more tightly filter any results.

Tip 2: Turn Off the Notifications

If your notifications are on, that can be a major distraction, especially if you are in the middle of completing a task. Staying focused and keeping your attention to any project that you may be working on is key to getting it completed fast and without errors. When a notification appears, it can derail your train of thought. In this case, it is best not to have any Outlook notifications appear.

Tip 3: Create a “Rule”

If you often receive emails that you immediately file away in a folder, create a “Rule” at the top bar. It’s easy. Enter who the email is coming from, who it is sent to, what the subject line contains and what folder you want it moved to.

Tip 4: “Ignore” Emails You Don’t Need

If there are emails you receive often that you don’t want to see and you don’t want filed, try the “ignore” feature. Instead of deleting it every time, go to the top left or click Control>Delete. Emails regarding that subject will go to your deleted folder automatically.

Tip 5: Set up Your “Out-of-Office” Email and Set it up as Early as Possible

When you know that you will be out-of-office, you can set up an email message that will automatically reply to new inbound email messages, letting the sender know that you are away and not likely to respond. Make sure that in your message, you let senders know when you plan to return, so that they know when to expect that you will be checking your emails.

You can set the date and time well in advance, so as soon as you know you will be out-of-office, go ahead and set up your out-of-office reply with the verbiage you would like. You can (and should) also suggest an alternate contact in case of emergencies or if a response is needed right away.

Tip 6: Change the Default Font Face and Size

Do you have trouble reading your Outlook? Is it the style of the font or do you need the text to be bigger? You can do that by changing the typeface settings in your Outlook. There are many free fonts to choose from. Simple, stylish, large, bold, serif, sans serif, whatever you would like, you can set it!

Tip 7: Schedule Your Emails to be Sent…Later

Is there an email that you know you will need to send, but not for a few hours or a few days?

You can set your Outlook to delay the email send for any day or time, instead of always opting for right now or saving it in drafts and, perhaps, forgetting about it.

Tip 8: Create Templates for Outlook Email Messages

For the emails that you send often with similar content, save yourself time by creating a template. When you draft the message, before you click the “send” button, save your message as a template so that you can reuse it over and over and over.

Tip 9: The Fast Method for Undeleting

It happens to all of us. You start to read an email and click delete too quickly. You didn’t want to delete the message and you need it back right away. The simple keyboard short cut is Control-Z to undelete. If there is a more than one message, you can continue to hit Control-Z many times to keep undoing the last action, and the action before and the action before that.  You can also shake your iPhone to “Undo Trash” to quickly retrieve that last few undeleted message … or messages if you continue to shake it.

Tip 10: Find Help When You Need It

At the top right of your Outlook application is a question mark icon where you can find help. A quicker route is the keyboard shortcut F1. Or, you can locate a dropdown from the top bar with a title of “Help.” It’s easy to find answers to your questions in Microsoft Outlook. Simply type what you need help with and search results of related topics will appear right away.

HigherGround Managed Services Announces Company Expansions

CHICAGO (August 24, 2018) – HigherGround Managed Services (HigherGround), one of Chicagoland’s leading full-service IT and consulting firms, today announced the addition of Jerry Seyffert as Chief Financial Officer (CFO) and the company’s move to a new office space.

Seyffert, a Chicago-native, has close to 30 years of financial, accounting and leadership experience. Prior to joining HigherGround, Seyffert was the CFO for Erehwon Mountain Outfitter based in Arlington Heights, Ill. Seyffert helped transition Erehwon from a small family owned retailer to a premier outdoor retailer throughout the Midwest region. As CFO of Erehwon, Seyffert was responsible for all operation and financial related aspects of the company, corporate level human resources responsibilities for over 100 employees and most IT-related operations.

“The addition of Jerry to HigherGround’s leadership team will help us further our mission to be a true strategic partner that provides growth-focused IT solutions,” said Brian Brammeier, CEO of HigherGround.

In his newly appointed role as CFO of HigherGround, Seyffert will oversee the financial well-being of the organization. He will also take on the role of Director of Human Resources for the growing firm.

“I can’t think of better time to join HigherGround and couldn’t be more excited to be part of their leadership team, which has done an incredible job assembling a talented staff,” said Seyffert. “I’ve always enjoyed developing small to mid-sized companies, and I hope to have an immediate impact on optimizing HigherGround’s growth potential.”

In one of his first duties as CFO, Seyffert managed the logistics of HigherGround’s office move. HigherGround has signed into a 3-year lease agreement at 5400 Newport Drive, Unit 19 in Rolling Meadows, Ill. The new space is double the previous location’s square footage, and allows for a better working environment, both internally and with clients, with collaborative meeting spaces.

Prior to his time with Erehwon, Seyffert managed sales and programming for BASIC Computer Systems in Oakbrook, Ill. Seyffert graduated from Northern Illinois University with a Bachelor of Science in Business. He is an avid outdoorsman and spends his free time hiking and camping.

About HigherGround Managed Services

HigherGround Managed Services (HigherGround), headquartered in Rolling Meadows, Ill., is a full-service IT and consulting firm that partners with owners, entrepreneurs and leaders of small to medium-sized organizations – ensuring they spend more time managing their core businesses and less time worrying about their IT infrastructures. Founded in 1998, HigherGround has 20 years’ experience and its forward-looking services include managed serviced, managed cloud, managed security, application development and fractional CIO/CTO solutions. HigherGround also provide technology logistics and relocation support.

How to Make Your Company Culture More Cyber Aware

The biggest problem companies face when it comes to cybersecurity is often not the technology; it’s the people.  And hackers (often called “bad actors”) know this. That’s why it takes more than strong IT to keep your company safe. It “takes a village.”

Beyond technology, the best way to protect your business from cybercriminals is with a trained and educated cyber aware company culture. It may seem like a large and daunting company initiative, but it isn’t.  There are a few corner stones that continue to build up, along with continuing education and strong corporate communication.


Set the tone from the top; Let people know that cybersecurity is everyone’s job

Leadership is always where a company culture starts. Employees and contractors, from entry-level to senior management, need to feel that cybersecurity is important to the company. If the executive leadership team values cyber safety, it will trickle its way down to all corners of workplace.

Cybersecurity should be more than just the responsibility of the Information Technology department. A statement by leadership must be delivered that it is up to everyone, beyond IT, to keep cyber criminals out of the company’s network.

Management shouldn’t be the exception to the rule.  Management most often have the highest privileged accounts.  Allowing management to bypass those safeguard not only put the organization at risk but sets a bad tone from the top.


Train and test your staff; Hack your staff before the hackers do

Posters, employee newsletters, training sessions and regular meetings are avenues to communicate across the organization about how everyone can be more cyber aware. Regardless of what methods you choose, you should train staff on a regular basis. Monthly training is highly suggested. It can be via email or face-to-face. Or both.

Beyond training, it is good to see that employees are understanding and retaining the cybersecurity information. While you can trust that the staff is paying attention, it is recommended to test your staff as well.

>> Send a mock phishing email a little while after a training session or communication. It would be interesting to see who, if anyone, falls prey to the false hack.  This shouldn’t be a gotcha for those employees but a change for the organization to focus on more advanced training.


Teach your team that the inbox is the bad actor’s favorite target

Based on current trends, cyber attackers are finding email to be the best route for penetrating a company’s security defenses. Trends Labs reports that 91% of targeted cyber-attacks use email as their way to breach networks. Likewise, Ponemon reports that 78% of targeted email cyber-attacks use malware embedded in an attachment.

Addressing targeted email attacks from leadership and your technology department is an essential piece of puzzle when creating a cyber safe culture. This should certainly be a topic addressed in employee training and even onboarding.


Have a password update plan; Avoid weak or universal/default passwords

According to Verizon’s 2017 Data Breach Investigations Report, as many as 81% of hacking-related breaches were caused by leveraging stolen or weak passwords.

Often, employees are not aware of the risks. That is why password education is a great topic to include in cybersecurity training. Require complex password structures and explain the reasoning behind it.  Do not allow people to use the default password for more than the first login.


Have a formal cybersecurity plan; Get advocate from each department

Your technology team should contribute significantly to a cyber aware culture and with cybersecurity training. Have the IT folks develop formal cybersecurity training with a documented plan to accompany it. The plan should be reviewed and updated often. Too many companies create cybersecurity plans and teams only to find that the plan becomes dusty and the teams include staff that’s no longer at your company.

Ask for a cyber security advocate from each of your functional teams (E.g. HR, Finance, Sales & Marketing, Etc.) since this casts a wider net to learn about targeted phishing and helps show that cyber security isn’t just for IT anymore.

No matter how great your CIO or CTO might be, one person alone cannot fight cybercriminals. Create a cyber aware culture and get everyone at your organization involved.

Using Technology Trends to Fuel Your Business-Aligned IT Strategy

In today’s digital economy, where all businesses are now tech-enabled, organizations globally are well-aware of how vital technology is to future success. To keep up with industry standards and stay ahead of competitors, businesses must make investments in their information technology.

One way to begin budgeting and strategizing your IT goals is by looking at current trends. Here a few tech trends to consider for your technology strategy and how they breakdown in terms of simple solutions for your organization.


Big Data is Erupting

Business technology strategy is becoming largely centered around all things data including collection, storage, security, sharing and more. Keep in mind for your IT budget that while the importance of data and intelligence is on the rise, the actual cost data and storage is decreasing, as described by Information Week.

When it comes to big data, the latest trends are with in-memory analytics and real-time analytics. In-memory analytics processes information stored in RAM versus on a hard-disk. This delivers faster results because RAM can typically read and write information quicker than a disk.

Real-time analytics, also known as streamlining analytics, is in hot demand because it is no longer sufficient to analyze data a week after it was produced, let alone even a day or an hour later. Businesses today need real-time, data-based decisions to stay competitive in the marketplace.


Clarification on Blockchain

BitCoin may be to blame for some of the confusion regarding blockchain. Blockchain, in its truest form, is an amazing invention. Don & Alex Tapscott, authors of the Blockchain Revolution (2016) describe the technology as this:

“The blockchain is an incorruptible digital ledger of an economic transaction that can be programmed to record not just financial transactions but virtually everything of value.”

At its core, blockchain is about trust as it is uneditable information that is secured and held by a distributed ledger. With blockchain technology, the reality is that data is not from one single entity alone, but rather made by many.  Think of it as the game of telephone, but everyone must agree when a change is made.


Mobile Device Management (MDM) Solutions

Employees today are using their own mobile devices such as tablets and smartphones in order to access not only personal data, but corporate as well. This is commonly refereed to as BYOD or Bring Your Own Device.  BYOD means that technology professionals must make new plans about connectivity, security, privacy and management.

This is what has brought MDM solutions to the table, or mobile device management solutions. MDM is software for technology departments to monitor, manage and secure everything that employees use in the workplace from laptops, tablets, smartphones and other electric devices. You can’t stop BYOD, however, with security and data breaches being so costly and damaging to the organization, you can be proactive and prepared to keep your organization safe.


The Year of 5G

Mobile is a top technology trend with no end in sight. 2018 is the year of 5G. It is up to 100x faster than 4G. Further, this is crucial because it infuses Artificial Intelligence (AI), Internet of Things (IoT), and big data all of which are working to automate daily technological experiences. This means that a much greater bandwidth is required in today’s business. To keep up with industry trends, and ensure your teams have the bandwidth to be as productive as possible, your businesses needs more speed.


Cloud Computing Platforms

This growing IT trend often provides businesses with faster and greater access to services and applications at a lower cost. It’s no longer an ‘if’ or even a ‘when,’ but a ‘what.’ That is, the platform IT chooses for cloud computing can vary based on public, private and hybrid. It’s also not an all or nothing proposition. Some systems and workflows are best suited to remain on your physical (in-house) servers.

Private clouds are single-tenant and generally internal. Public clouds are multi-tenant and you have less control of the underlying enviroment. Hybrid cloud computing has both public and private as components. Public clouds are often offered at more flexible pricing, which can be a more cost-effective solution for a small to mid-size business.

In an ever-changing technology landscape, it might seem like an overwhelming sea of information. But there’s no need to do it all today.  Evaluate emerging technology breakthroughs, assess which ones are right for your growing business and create a roadmap to roll them out to stay ahead of your competition.

Companies are Bullish on Growth, But Fearful of Cyber Attacks

Recently, Treasury Secretary Steven Mnuchin reported to CNBC that he believes gross domestic product can sustain, at minimum, a 3 percent growth in late 2018. “We are well on our way,” Mnuchin states.

He also tells the Squawk Box, “You combine this with tax cuts, and I think we’re looking at very strong GDP growth for the rest of the year.”

Despite companies feeling bullish on growth, Chief Executive Officers understand that cyber-attacks are a top risk facing organizations. CEOs in the US, particularly, are the most vigilant when it comes to cybersecurity.

In fact, 68% of U.S. CEOs report that a cyberattack on their business is “inevitable” according to a recent KPMG article. The article goes on to mention that cybersecurity risk is at the top of the list when CEOs are asked what poses the greatest threat to the growth of an organization – at a whopping 33%.

When it comes to being prepared for cyber attack, however, some are more mature than others. Some have only basic fundamental elements in place, while other companies are preparing for the long haul to mitigate cyber risk.  92% of U.S. CEOs feel prepared to identify cyber threats while only 41% consider their organization well prepared to deal with them.

If you’re looking to safeguard your organization, here are few areas to take notice of in a rapidly changing landscape of threat:

Emails with Malicious Attachments are up 300%

Ransomware was at the top of a Proofpoint Q4 2017 Threat Report. Emails containing ransomware accounted for 57% of malicious emails. Ransomware is a malicious software that will either threaten to publish the data from their victim or block a person’s access to the data until a ransom is paid.

The Dangers of Cryptocurrency: Cybercriminals Follow the Money

When the price of bitcoin and other cryptocurrencies increase, so does phishing attacks. This correlation cannot be ignored. Cybercriminals will pay attention to fluctuations in the market.

Social Media is Vulnerable to Cyber Threats

There is also a rise in customer support accounts or “angler phishing.” Angler phishing get its name from the anglerfish, using its bioluminescent lure to attract and then attack small prey. The bright glow that’s shining in this case is fake customer support promising to help clients and customers while secretly stealing their credentials. Phishing links in general on social media is on the rise.

Mobile Malware Surges on 2018

Symantec reports blocking an average of 24,000 malicious mobile applications daily in 2017. A good practice for cyber security hygiene is to update to the latest operating system, which, unfortunately, is not a consistent practice for many SMBs. Only 20% of Android operating system devices are running the latest version. Further discouraging is that only 2.3% are on the very latest release.

Grayware apps offer mobile users a troublesome privacy risk. In 63% of these cases, grayware apps will capture the device’s phone number. Grayware got its name as it is a “gray area” in category of software. A no-man’s land. It is between outright malware and legitimate conventional software. Common types of grayware include spyware and adware.

Even if you’re feeling a bit bullish about your company’s growth these days, don’t lose focus over the risks that can harm your organization. Keep your guard up and mitigate risk by planning ahead for cybersecurity threats.

CIO, CTO or Director of IT: Choosing the right option For Your SMB

When it comes to deciding on an individual to take on a leadership role for the Information Technology department at your small to mid-size business, selecting the right person is crucial but complicated.  Before interviewing candidates, however, you need to define the role.

There are three common titles with differing levels of responsibility: CIO, CTO or Director of IT. In all three of these roles, the IT leader would oversee information systems as well as the company’s underlying technology. These roles can include strategy and business process, too. These three different IT leadership positions can oversee management of information, digital and online. Further, they can oversee office and facilities management.

Despite some similarities, there are some elements that distinguish the roles.


CIO – Chief Information Officer Role

The CIO of an organization is one that focuses on business process alignment. The Chief Information Officer will place an emphasis on the management of information and business strategy. Also, the CIO will really pay close attention to operations and the delivery of the company’s technology. This includes infrastructure and the way third party service providers are managed.


CTO – Chief Technology Officer Role

The CTO job often dedicates most of their time and resources to software development. This could be for digital projects or ecommerce – as well as customer interactive systems and customer portals. The CTO is likely to be more focused on profitability.


Director of IT Role

The Director of IT is quite vast in responsibilities. The Director of IT, oftentimes, will be a leader in the strategy of all kinds of IT areas in the business, as well as keep track of how the organization applies technology resources. A person in this role would need to possess a background in software development and business systems. The Director of Information Technology job title can cover project, infrastructure and facilities alike.

With an understanding of the subtle differences, now ask yourself a few of the following questions before coming to any conclusions as to what job title – and accountabilities – your business needs.


Who will the technology leader will report to?

Keep in my mind that regardless of the job title, this IT leadership position will need to work with all departments, company-wide. The CIO, CTO or Director of Technology will want to update processes and the way the people in the organization operate. This role will be a part of executive management or the senior management team. This may mean that this technology leader will need to report to the Chief Executive Officer.


Will your new IT leader be in charge of the organization’s “Digital Vision?”

If you are company in the ecommerce sector or if you possess a marketing team that relies heavily on promoting with social media platforms, will the CIO, CTO or Director of IT be held accountable for digital initiatives? What is needed to execute the company’s digital vision? It is imperative to decide before browsing senior technology candidates’ resumes.


Do you need the senior technology leader to manage suppliers or do you need a person to build a team?

Before selecting a title and advertising your senior technology leader job opening, take into consideration if the organization’s technology workers are outsourced or if they are full time employees or dedicated contractors. If the technology is mainly outsourced, that would mean the executive leader would need a background in contract management. This person must possess strong negotiation skills and be well-experienced in procurement. If the technology workforce is sourced from within the organization, that would mean your leader would need strong interpersonal skills, excellent leadership qualities and be able to motivate and inspire a team atmosphere.


Is there already a sound technical infrastructure in the organization?

Determine if the CIO, CTO, or Director of IT will be leading a group of capable technical professionals or if vision and oversight is needed, along with direction. There is a vast difference. To set your tech leader up for success, it is best to have the business’s ducks in a row. Determine your needs, first, before recruiting for the or even creating the job description and list of accountabilities.

Answering a few of the significant questions as mentioned in this article and planning for the big picture in will help determine which type of technology leadership is best-suited for your business.

GDPR’s Impact on Small Business and the Role of IT

GDPR and the Role of IT

The General Data Protection Regulation, otherwise referred to as GDPR, is in effect as of May 25th, 2018. It is a legal framework which sets guidelines for processing and collecting personal information of people that are in the 28 countries in the EU (European Union).

Any business that processes personal data is now required to disclose any data collection. Organizations must also declare the lawful basis and purpose for processing the data. Additionally, businesses must also report how long the data is being retained and if it being shared with a third-party or with anyone located outside of the European Union.

It is the right of the user to request a portable copy of the data, in a common format, collected by the processor. The user has the right to have his or her data erased under some circumstances. Authorities who are considered “public” as well as any organization whose main activity is centered around the systematic or regular processing of personal data will be required to employ a DPO or Data Protection Officer. The DPO will be responsible for managing GDPR compliance. Organizations will be required to report within 72 hours any data breaches in the case that it will have an adverse effect on the privacy of the user.


GDPR’s Impact on Small Businesses

GDPR is applicable to every organization that processes and holds European Union resident’s personal data, no matter where you are operating your business across the globe. Most businesses do not realize that even if you are outside of the European Union, the General Data Protection Regulation still applies.

GDPR is a regulation, not a directive. This means that it is not mandatory that national governments pass legislation. It is directly applicable and binding. To meet the GDPR compliance requirements, an organization must offer goods or services to, as well as monitor the behavior of residents in the EU.


No Question About It: GDPR Matters and Must be Addressed.

Architects, engineers, and IT experts are typically already experienced and skilled about providing details regarding data security for auditing purposing as well as other regulatory requirements. Keep in mind that GDPR goes a step further. It requires organizations to capture the purpose for the stored data, not just the data itself. GDPR questions whether the purpose is considered compliant.

Leaders of small and mid-sized businesses need to take a deep dive and look at the organizations’ people, processes, system and applications. There is a two-part process for getting ready for GDPR compliance. The two parts are designing the machine for compliance and getting it running. Designing the machine refers to designing processes and identifying roles. It also means building an understanding of end-to-end processing activities for the personal information of individuals in the EU. This will enable teams to meet GDPR obligations.

Here is a handy 5-step process to get started and comply with GDPR:

  1. Understand the mission and model IT efforts: Get the IT folks together with the risk and compliance team to create a mission. Ask both teams what needs to be done to accomplish GDPR compliance. Identify how personal data is captured, why, and with who at the organization.
  2. Identify shadow IT with integrations and algorithms: Shadow IT is defined as a technology system and/or solution that is built and utilized within a business without explicit organization approval. It is difficult to prevent information from being distributed, copied or saved if the technology team is not aware it exists. The key is casting a wider net that goes beyond the IT department.
  3. Perform an Analysis of Compliance Risks: In steps one and two, business processes, application, cloud hosting providers, etc. should be an element on a map. Now is the time to analyze the compliance risks of each piece of the puzzle.
  4. The Roadmap Ahead Looks Brighter: Based on research and analysis, some business processes will require tighter controls. Or, perhaps replace or discontinue a process altogether. There may be an introduction to new roles and controls. This should include a Data Protection Officer (DPO) role, process for accessing personal information, rectification, transferring, erasing, and/or notification of breaches as well as assessments of impact.
  5. Reporting and Monitoring Progress: By taking the aforementioned steps, you’re on the path for success when it comes to GDPR compliance. Be diligent and you’ll reduce GDPR headaches later.

Cybersecurity Teams Aren’t Just for Large Businesses

Whether an organization is considered a small, medium or large size business, cybersecurity expertise is needed. Without it, the company is vulnerable to attack and is putting their risk in the hands of others.

Cybersecurity is important to the company’s overall success in today’s digital age. Information is being accessed by malicious parties and hackers that can poke around at internal and external communications. Not to mention, financial transactions too.  By having a cybersecurity plan and team in place, you can dramatically decrease your risk of attack as well as increase the likelihood you can recover quickly and fully.

Also, having a team actively focused on your cybersecurity will improve the perception of your business to your staff and customers.

It doesn’t matter if the business is a high-tech goliath or a low-tech local business with only a handful of employees; a critical component of a well-established, well-managed organization is effective cyber governance.  Though the more “tech enabled” the business, the greater the risk.


The SEC Keeps a Watchful Eye

The SEC, or Securities and Exchange Commission, has been updating and expanding its guidance. The “2018 Guidance” or “Commission Statement and Guidance of Public Company Cybersecurity Disclosures” recognizes, quite profoundly, the importance of the role cybersecurity plays for both a stable market and a company’s health.

To supplement the SEC’s effort, they have created a cybersecurity website. Companies can visit for compliance toolkits, educational resources, as well as helpful alerts and bulletins. There is an email update signup form on the right-hand side to receive news on cybersecurity.

Further, the SEC has a “Cyber Unit” that targets and finds a multitude of cyber-related misconduct. This includes market manipulation which can spread by hacking, false information, intrusions and attacks on market infrastructure and trading platforms.

If the SEC is telling us to be watchful over cybersecurity, then businesses must heed that warning. US companies must be proactive and prepared.


Cybersecurity Candidates are Not All Created Equal

According to a recent Forbes article, there may be a bit of inequality for businesses based on size because top cybersecurity talent want to work for big companies with interesting problems. The tasks offered by a small bank, for example, may not seem as attractive as a large aerospace company with thousands of employees globally.

It’s not just the scope of the business, it also comes down to dollars. Bigger organizations can offer the high salaries that the niche cybersecurity candidates demand. DICE released a recent report that the average job title of “Directory of Security” earns greater than $178,000 annually, which isn’t surprising due to supply and demand.

But what does all this mean to small and mid-sized businesses?


Build Your Cybersecurity Team Right Now

It’s a simple thing to tell an organization to “create your cybersecurity team.” It’s a completely different thing to have a well-prepared cybersecurity team, with a plan that has been tested recently.

It starts with focusing on cybersecurity proactively.

You can either hire someone from the outside, such as a fulltime specialist or a consulting firm, you can task your internal resources, or you can ask one of your current IT providers to add this to their scope of work.

This doesn’t mean you should outsource it; it means you can have a resource help you create cybersecurity efforts, which should definitely include an internal team focused on mitigating the risk of hacks, pre-planning the response and recovery process, and dealing with the inevitable attacks when they come.


How to Get Started? 

Step 1: Look around your office.

  • Who and what role would most likely be tasked with leading the recovery after a hack attack? Unsurprisingly, if you are a smaller business, this might land on the President’s desk.
  • Who would the President bring into the room to help with any cybersecurity and hacking issue?
  • Who would you call from your current supplier base?

Step 2: Get the team together. Right. Now.

Pull all these people into the room, as soon as you can (Why not set that meeting up today?) and let them know you want a customized cybersecurity plan BEFORE you get attacked.  You and they can start with HigherGround’s hack attack plan.

The plan should include staff training on cybersecurity and hacks, a review of your physical security, a review of your IT infrastructure and back ups, and scheduled recovery “pressure testing”.

Step 3: Make the meetings and tests recurring.

Set schedules for when you will meet to review the plan and test the process.  Cybersecurity is a process not an event.

And keep the document up-to-date and in a place where all key team members (and no potential hackers) can find it.  Tip: Make sure file management is also part of your plan, ensuring only the right people can access your critical data

Regardless of the size of your business or the size of your IT budget, always plan for someone to concentrate on cybersecurity, and make sure to review the process on a scheduled basis.

This will minimize your security risks and help keep your business focused on other important tasks, like building profits.