Archives for September 2015

One of the keys to a successful, outsourced IT project? Laying the groundwork to mitigate risk at the beginning.

Big, outsourced IT projects can be as daunting to companies and their bottom line as extensive, enterprise-wide IT projects. But with the shift to agile development, those enterprise projects have been restructured into more discrete deliverables. For outsourced projects, take the same approach. For example, when working with a vendor to implement a software-as-a-service platform, set up smaller chunks of development and testing lifecycles to increase collaboration on the configuration. Then, set your focus on mitigating risks. Start when you’re in the negotiating and contract phrase.

Make your contracts agile! Start by committing to work that can be discretely specified and scoped in the near term. What’s your one year roadmap? What are your first deliverables? What are your top priorities to accomplish in that timeframe?

As the buyer, limit the scope of the work to begin. With a narrower focus, you can work with the vendor to define specific deliverables. Committing to a known quantity of work allows you the ability to define the fees more accurately and avoid the risks of bloated scope/resources/schedule. As the buyer, you can better plan your expectations and budget.

When contracting and working with a vendor in this phased approach, you can leverage your negotiations. Keeping the scale of the project under control with such planning will help your business create a comprehensive structure for your partnership with the vendor. You can expect project milestones to more accurately hit expected timelines, keep your budget within expectations, negotiate committed rates or discounts, have clearly defined staffing and resource requirements, and expect your outsourced IT projects to perform.

It’s the end of a long work week, and you’re going through emails before braving the commute home. There’s an urgent message from your CEO to approve a wire transfer. As the CFO, you receive these requests regularly. You rush to resolve it, opening the message and reading through it. There’s a link in the message to follow and enter some personal information.

If you clicked on the link, if you followed through with the request, you may be the latest victim of spear phishing. Have you heard of it?

When cyber criminals send official-looking emails trying to coerce personal information out of you, that’s phishing. When it’s targeted at a specific group or individual, that’s spear phishing.

Most users are savvy enough to know not to click on links in emails from people they don’t know. Phishing is less of a threat this way. But when the email looks like it came from the CEO of one’s company, that person is much more likely to think they can trust it. In this way spear phishing attempts to bypass all of the conditioned barriers we’ve set up to block out internet noise.

To best defend yourself and your business from these attacks, you should understand how they happen.

Spear phishing is not new. It’s simply Social Engineering via today’s technology. Older examples would be somebody trying to get you to wire money. Today, they want you to click on the malicious link.

Spear phishing gets around hardware and software security by targeting weaknesses in human behavior. It doesn’t matter how strong your firewalls are, if you have implemented Intrusion Detection Systems or whether or not your anti-virus software is up to date. These safety measures can’t stop the actions of a user deliberately clicking a link. When a spear phishing attack appears to come from the boss’s email, it targets people’s propensity to trust, obey, help or simply be curious. Software can’t stop that.

Criminals have some inside information on their targets in order to target them with what looks like a legitimate email. This information can be obtained maliciously via hacking an organization’s computer network, or it could be done by searching through websites, blogs and social media sites. This gives the criminal pretext to create an email that looks like it can be trusted.

The emails sound urgent in addition to seeming legitimate. Attackers are hoping that targets will make a quick decision to click on the link instead of stopping to think about why they’re being asked for personal information.

When users click on the link, the website may be phony, but it looks legit. Because the site looks like the real thing, users are tricked into trusting it and providing their personal information.

They can use the information to steal your identity, get your credit card or bank information or download malicious software. For businesses, malicious software can provide the criminals with access to sensitive, internal information or trade secrets.

What can you do to avoid becoming a victim?

1. Educate your employees. Banks, companies and agencies will not request personal information via email.

2. Install phishing filters on web browsers. Many of the latest browsers have them built in or available as a plug-in.

3. Educate employees not to follow a link from an email but instead to enter the URL manually.

4. Check the recipient’s email. The sender’s name may look correct, but is the email address the actual address used by your coworker, John?

5. Use email spam filters.

6. Learn new behavior. Pause before clicking a link; hover over hyperlinks to see where they actually direct your browser; recognize suspicious text and grammar; take the appropriate actions when a suspicious email is received. What’s your company’s cyber-security policy?

Next time an email shows up in your inbox, be wary. Anyone can be a victim of these new, sophisticated attacks. Be especially wary if you’re in finances. Because of the wealth of information available online, hackers are choosing to target those who work in accounting or finance more frequently.

By following the above tips, you can decrease your likelihood of falling victim. And sometimes the best defense is to trust your instinct: If something doesn’t feel right, then it’s likely to be fraudulent!

Collaboration is a mighty buzzword in the business world right now. Have you seen it on resumes lately? Heard it from vendors or customers? Do investors talk about creating a collaborative relationship?

That’s because success follows in the footsteps of good collaboration. When your teams and partners have the same ideas and commit their resources towards a common goal, business works better. Here are two ways we think you can improve collaboration within your business through the design of your organization, and through the use of technology.

1– Design your organization to collaborate well.

Have you heard of the Silo Effect? This is the opposite of what you want for your business, and yet we constantly see organizational structures that create and reinforce imaginary walls, which leads to this problem. Departmental ‘silos’ crush attempts at collaboration. Start by creating an executive vision that is unified. Are the people at the top of your organization all acting with the same vision? Does this unified vision trickle down? Execute and implement your common goal through motivation and incentives.

For example, one company that has made this part of the culture is Facebook. They have a hierarchy-free orientation, frequently rotate jobs, and set up “hackathons” to foster cooperation among project groups. What works best for your company will depend on what motivates your employees.

2– Use technology to foster collaboration.

Collaboration is fundamentally a human-centric activity, but you can find the right technology to help aid this process by implementing digital collaboration tools. Tech tools can help by supporting the following initiatives:

• Improve transparency by sharing information with everyone by default

• Create a successful collaborative culture with leadership at the head

• Provide features that enable teamwork between people and projects such as activity streams, rich user profiles, and improved searching

• Allow anyone in the business to participate

• Give the creators of the content the credit deserved for their knowledge and work

Companies are still taking the time to understand and appreciate enterprise social networks. When staff is supported with a solid organization structure to encourage collaboration, you can make this buzzword a successful implementation at your place of business.

If you need the tech support to make this happen, please don’t hesitate to get in touch!