Month: August 2021

Graphic from TheConversation.com

Concerns related to cybersecurity plagued businesses of all sizes and in all industries in 2021. Such threats may range from monstrous data breaches to malware, downtime, and the loss of control over one’s operations. A quick Google search will produce dozens of results that frame the narrative that, although unseen, cybersecurity threats are not harmless or something you can simply ignore.

On the contrary, the potential for legal, regulatory, and reputational consequences make the case for the importance of solid cybersecurity best practices within every organization and the need for expertise in this domain. However, implementing cybersecurity measures often comes with distinct resource and organizational challenges. Worse yet, these issues are known to grow at a pace with the evolving size and complexity of the operation. That said, here’s a look at how businesses can improve their cybersecurity practices and achieve a new level of preparation now and in the future:

Regularly train staff at all levels.

Periodic training of all employees on cybersecurity threats and protocols is an important step toward protecting your enterprise. Training requires you to establish and disseminate a baseline level of cybersecurity knowledge within your organization. The training will not only educate staff on the types of threats they might face at the office but it will also address how remote work setups are susceptible to attacks.

Material that is both relevant and up to date can only take your employees so far. To that end, by working with consultants — or your own IT and Security — you can take your training process to the next level.

Here’s more about what that might look like:

Regularly challenge employees at all levels.

For example, you might test employees with “phishing” emails from IT/Security. Phishing emails often bate the receiver to perform an action that may endanger organization security. You can help employees test their skills by sending fake phishing emails to select employees. The results of the employee interaction and responses should be confidential. Provide aggregated and anonymous results to help your organization determine weak or blind spots.

Make cybersecurity compliance a team activity.

Another excellent way to reinforce any training is to ensure that cybersecurity becomes an organic part of frequent actions and common decisions. Working with IT or Security is one way to make best practices top of mind. Another way is to ensure that employees at all levels are surrounded by positive reinforcement of cybersecurity best practices.

Establish clear steps for all employees when responding to a security incident.

Despite proper training, the inevitable security incident may come to light. Depending on the nature of your business, your training may already cover the protocols to address a security incident. At the very least, all employees should know who to contact, and the information to provide. The introduction of an incident response plan will help educate and inform staff, bolster organizational structures, improve customer and stakeholder confidence, and reduce any potential financial and reputational impact following a major incident.

Automate cyber hygiene, so it’s seamless.

Cyber hygiene is a growing set of best practices to maintain the overall cybersecurity health and safety of your organization. Training your employees on cybersecurity is a necessity, but automating best practices makes it even easier to enjoy positive outcomes.

Here are a few basics to automate that can take the guesswork out of security:

• Strong passwords (typically this means longer and more complex)
• Multi-Factor Authentication
• Automated Phishing Detection
• Automated Endpoint Encryption
• utomated Software Updates
• Make updating and patching critical software a routine task that does not require user initiation

Identify potential security risks

Each device, software, and system within your organization means a potential security risk. For instance, an endpoint may be used in an unauthorized manner. A piece of mission-critical software may have unpatched vulnerabilities. A patch is essentially a piece of code that is installed ad hoc to correct a problem or to improve an application’s general performance. It’s essential in keeping machines up to date, stable, and safe from malware and other threats.

Be positioned to respond to a security incident by maintaining a regular security inventory of your systems.

Ensure you are following the newest password policies

For many years, it has been accepted as the gospel truth that periodic password changes are best practice. However, requirements for arbitrary password complexity, periodic changes, and guidelines on reuse have led to outcomes that do not enhance cybersecurity. Some of these policies are so ingrained within organizations that changes to acknowledge new National Institute of Standards and Technology (NIST) guidelines have been slow, if at all.

Bottom line? Cybersecurity is a team sport — and it simply cannot be ignored in 2021. If you don’t have the resources for an in-house security team, an outsourced team can provide you with the expertise, experience, and technologies that can protect your firm against the growing range and scope of cybersecurity threats.

I have never been fond of the term “human resources”, though I do have great respect for the man credited with its origination. In 1954, management guru, Peter Drucker, posed the question, “Is personnel management bankrupt?” While answering “no” to his question he coined the phrase “human resources”…and it stuck. Drucker did, however, see much room for improvement in the management of most organizations’ most precious resource (aka, people), as do I.

Having spent most of my career in what I fondly refer to as “the ultimate people business”, the term “human resources” has always struck me as oxymoronic. I personally do not view humans as resources to be used and used up in the same way true resources are. To wit, Mirriam-Webster offers the following definitions of “resource” (examples in parentheses are mine):

• A source of supply or support: an available means (water)
• A natural source of wealth or revenue (timber)
• A natural feature or phenomenon that enhances the quality of human life (solar energy)
• A computable wealth (gold)
• A source of information or expertise (Google)

Within the IT staffing and recruiting industry we so proudly serve, IT professionals are commonly referred to as “resources”. Just today we received an email from an IT executive asking, “Do you have a deep bench of resources in networking, Windows & Citrix administration or Linux administration?” Worse yet, if your business model does not allow for a “deep bench” lest you go deep six, your company may be referred to as a “body shop”. We prefer to have neither resources nor bodies on our team, choosing instead to be in the “somebody” business. Like snowflakes, every somebody we represent is unique. It appears God throws away the mold after creating each human being.

Pretty schmaltzy, huh? Before you get too choked up, let us consider some amazing facts regarding just how unique we humans truly are. Fingerprints have long been used to accurately identify people while attesting to their uniqueness. Did you know it is now possible to identify a person from just a fuzzy picture of their ear with 99.6% accuracy? If that smells a little fishy to you, get a whiff of this. “Researchers…in Japan claim they can distinguish between individuals with 100% accuracy, using equipment that produces atomic “fingerprints” of a scent (aka, body odor) and then running it through an artificial neural network on a computer.” Ergo, to deny the miraculous uniqueness of every human being is tantamount to denying gravity. Both are risky business.

Now, back to work and Drucker. At the top of Drucker’s list of assumptions causing personnel management circa 1954 to be “temporarily insolvent” was the belief that people do not inherently want to work. Drucker strongly believed people wanted to work and it was management’s job to create an environment conducive to it. I could not agree more, though we may disagree on the elements necessary to create such an environment. Free lunches and a fitness facility may attract new employees, but to retain them takes more than keeping them well fed and fit. It is an old, but very true adage –people don’t care how much you know until they know how much you care. A well-timed, heartfelt word of encouragement or empathy can do more to strengthen your employee relations than all the freebies in the world.

Whether you are a widget maker, biometrics researcher or IT staffing provider, the more you see yourself as being in the people business, the more likely you are to succeed. There are many exceptions for a season to this axiom, but very few companies manage to prosper long term while treating employees as expendable resources. PayPal’s CEO, Dan Schulman, clearly recognized this when he recently appeared on CNBC’s Squawk Box saying, The only sustainable competitive advantage that any company has is the strength of their workforce.”

Dan Schulman, PayPal, CEO

If PayPal’s Schulman is right, then Amazon’s Chairman/Founder, Jeff Bezos, could be wrong about many things regarding his workforce. Check out these quotes from the NY Times lead story, “The Amazon That Customers Don’t See” (front page, June 15, 2021):

• Even before the pandemic, previously unreported data shows, Amazon lost about 3 percent of its hourly associates each week, meaning the turnover among its work force was roughly 150 percent a year.”
• “Amazon’s founder didn’t want hourly workers to stick around for long, viewing “a large, disgruntled” work force as a threat, Mr. Niekerk recalled. Company data showed that most employees became less eager over time, he said, and Mr. Bezos believed that people were inherently lazy. “What he would say is that our nature as humans is to expend as little energy as possible to get what we want or need.”
• “We have always wanted to be Earth’s most customer-centric company,” he (Bezos) wrote. Now, he added, “we are going to be Earth’s best employer and Earth’s safest place to work.”

Andy Jassy succeeded Jeff Bezos as Amazon CEO on July 5, 2021. He could put his Prime account to good use by ordering a few Peter Drucker books on human resource management. Drucker’s sixty-seven-year-old management wisdom seems to be light years ahead of Bezos’ apparent “people last philosophy”. Maybe that’s why the world’s richest man is so obsessed with visiting planets unfit for human habitation. Write this on a moon rock — if CEO Jassy fails to radically change Amazon’s toxic culture, the odds of Amazon becoming the Earth’s best employer are lower than Donald Trump hitching a ride on Bezos’ first rocket to Mars.

Since April 1, 1989, we have endeavored to run Ambassador Solutions with a “People First Philosophy”. To serve as a constant reminder that people really do come first, we etched our Core Values in Indiana limestone on the wall of our corporate lobby. Whenever we fail to put people first, we encourage our teammates to call us out…and they do. So today, I am calling out business leaders to view their workforce as PayPal CEO, Dan Schulman, does…as their only sustainable competitive advantage, then put people in their proper place –first!