The Ultimate Future Proofing: Open-Heart Surgery

Open-heart surgery prepped my SMB for the ultimate future proofing.

As a young executive, I received some sage advice from a career coach when discussing the topic of “work life balance.” The advice was simple, but the impact was significant and lifted a burden I was carrying for quite some time. My coach said, “don’t try to come up with a magic formula that allocates a percent to the time you allocate to work, family and yourself, but rather put 100% focus into anything that you do.” In other words, be fully present and commit to those areas individually and you will never feel the burden of work / life balance ever again. He was right!

The Mindset

This gave me a unique perspective and more importantly a mindset that I have applied ever since. This mindset was recently tested when I decided to become an entrepreneur again when I launched IT Ally in 2017. My first tour was 10 years during the 2000’s when I was Chief Solutions Officer at BTM Corporation. So as the saying goes, this was not my first rodeo. As my fellow entrepreneurs know, in the early stages of a starting your business, 100% of your success fully depends on the actions of the entrepreneur. You never feel you are doing enough, there is always more you want to accomplish, and it can never happen fast enough.

However, one additional shift in this case from my role as a Fortune 500 CIO, was on the personal side. Yes, I always worked hard regardless of the job or role I had, but as an entrepreneur, I knew exactly what it is was going to take, the sacrifices I needed to make and how that increased time would impact my work / life balance. With my career coach’s advice in mind, I made sure to apply the 100% percent formula. Being an entrepreneur, outside the structure of the corporate world, there was another dynamic – that is, there truly isn’t a bright line defining what is business versus personal time. My fellow entrepreneurs know this all too well – that line is never clear and tends to shift continuously. In fact, in my experience, it is in most cases nonexistent.

Open-Heart Surgery

In early January 2021, this struggle to define and separate business and personal was “big-time” tested when I learned that I needed to undergo open heart surgery to correct a known defect that afflicts about 1% of the population. The realization hit me when my cardiologist strongly recommended, I address this issue right away, when in my mind, I had about another ten years! Coming off of a record-setting 2020 for IT Ally Holdings and our operating companies, navigating the pandemic and the usual entrepreneurial stresses in an early-stage company, I worried about the impact this would have on my business, my personal life, my health, and my family. I also knew that I would need to apply a different plan and playbook to navigate this process, especially with a relatively compressed timeline of about two weeks before my surgery. I could not, for example, just go out on short term disability and let my corporate HR and benefits take care of the rest. So, let’s just say, we had more questions than answers in terms of getting prepared, not to mention major surgery that was looming!

Needless to say, I treated this situation like many others that I have done before, and became hyper focused on detailed planning and flawless execution at least for the pieces in my control. Oh did I mention, that I managed to schedule my surgery at the top cardiac hospital in the country, the Cleveland Clinic, so I knew that I would be in great hands for my procedure.

Personal Affairs

Although my surgery went as planned and I am in midst of my recovery process now, I wanted to share some of my experiences and lessons learned from a business and personal perspective that might be relevant to other entrepreneurs and business owners and in my case as a husband, father and grandfather, which again reinforced the blurred lines that exist from what is a business versus personal situation.

Getting your personal affairs in order. Having surgery thrust upon us so quickly, it was a great opportunity for my wife and me to update our legal and business documents such as wills, trusts, beneficiaries, insurance coverage, health care proxies, banking and investment portfolio. Having three kids over the age of 18, also meant that our conversations with them would need to be thoughtful and detailed, but hopefully without creating any major sense of panic. Fortunately, we had many of these documents in place, but our personal /business circumstances had changed since their creation and therefore required some significant updating and alignment with my newly formed businesses and financial situation.

Business Affairs

Getting your business affairs in order. Having created and launched 4 operating businesses and a holding company since 2017, it was important to revisit all operating agreements with our corporate attorney. We basically wanted to ensure that these agreements reflected our current ownership structure and aligned with the trust we established to ensure the assets were protected, estate taxes were mitigated and that the business had a clear path forward should I no longer be able to operate it. Although I had these conversations in my mind a thousand times, the process this time around was much more real and, in some cases, required difficult decisions to be made, but once addressed, felt like a major burden was lifted. Not to mention, I knew that my family and my business would be protected and we had a plan to operate from should the worst scenario play out.

Communicate

Communicate, communicate, communicate. We knew that we needed to communicate my situation, but wanted to be thoughtful and deliberate in terms of our message and timing for when and who to deliver it to. Like many transformational or significant projects that we assist our clients with, we needed a plan to manage this process and the various business and personal communications. As we contemplated the plan, it turned out to be a fairly comprehensive list that included my team, current and potential new clients, partners, children, family members, and close friends. Armed with this list, we defined, sequenced and executed a communications plan within the two week window and got the job done.

Trust

Trust your team, trust the process. Since the formation of IT Ally in 2017, I always viewed this as a scalable business rather than one that was centered just around me. Because of this strategy, I created a business and operating model to achieve this vision. In fact, one of our first podcasts, Inside the IT Ally Business Model, explained more about this.

Having to leave the “business office” for this surgery and with a lengthy and somewhat uncertain recovery period to follow, I was able to test or perhaps retest and validate this model given the reliance needed on my team to sustain our operations during this period. For example, our Monday staff meetings that we instituted some time ago, meant that the team was highly informed and aware of all current clients, new business opportunities and key strategies that we were pursuing.

From the beginning, I had also been very disciplined about taking a product management mentality in the way that we deliver our services. This enables repeatability, consistency and scalability of our services as well as a way to manage quality control over our deliverables. By having a defined set of packaged, and tool enabled services, we are also able to make our proposal pricing and client agreements more standardized and use these templates to streamline and simplify our client acquisition process.

Key Takeaways

Having navigated this harrowing experience for myself, I realized the lessons I’ve learned extend to my business and to SMBs who are my current and future clients. In many of our IT due diligence engagements, we often come across the topic of key man risk which in too many cases, highlights the dependency on one or a short list of a few key resources that have deep knowledge of the business, systems and typically a long history with the company.

Needless to say, whether this is the owner, executive, manager, or your administrative assistant, having a game plan for key members that you can’t live without” needs to be understood and comprehended in a plan. The plan should be formalized and communicated to those who are involved and should include documentation of passwords, procedures, practices, responsibilities, and confidential information essential to the business. Below are a few others to consider regardless of whether being brought on by a major surgery in my case or because you want to take stock in your business and personal affairs.

  1. You can never be prepared enough, but need to be aware of the implications and burden as an entrepreneur and the blurred lines between personal and business.
  2. You can’t do it all alone, rely on and trust your team and communicate with intent to all key parties including essential staff, clients, partners and other key stakeholders.
  3. Don’t underestimate the legal and tax side of things. This input and expertise are extremely valuable so make sure that you have trusted partners on your side.
  4. Don’t wait for a crisis to validate and pressure test your business and operating model. Plans should be subject to periodic review and adjustment
  5. Identify your “key man” risks as it relates to your business and put in place a contingency plan to prepare for the unexpected.
/by

From SMEs for SMEs: Cybersecurity Tips for Small and Medium-Sized Enterprises

The Cyber Readiness Institute (CRI) asked its Small Business Advisory Council, a group of 15 public and private organizations that serve SMEs in various capacities, to identify key tips to help SMEs become more secure and resilient. The Council developed the following seven fundamental cybersecurity actions. While each enterprise’s individual circumstances will dictate the specifics of its cybersecurity program, the tips below serve as guardrails toward making your organization more cyber ready.

Every organization needs to take cybersecurity as seriously as other mission-critical functions, such as operations and finance. Cybersecurity is not just an IT issue; first and foremost, it is a people issue. These seven tips apply to your organization, no matter the size.

Tip 1: Pick a Cyber Leader

It’s important to have a designated person spearhead your company’s cyber efforts. Assigning a person with authority to be your “Cyber Leader” highlights your commitment to cybersecurity and provides an additional professional — and relevant — experience for the individual. In addition to ongoing cybersecurity management, the Cyber Leader can adopt and share best practices that employees can implement and be the point person when employees have questions or when cyber incidents occur.

Tip 2: Create a cyber aware culture

Creating a culture of cyber awareness means ensuring that all employees know they play a fundamental role in your business’s cyber resiliency. You need to make sure they have the knowledge, skills, and commitment to play that role. This culture can be facilitated through education and training, but it takes leadership to create and sustain a cyber-aware culture. With a remote work environment, regularly review cyber policies with your employees and ensure they understand their role in keeping the organization “cyber-safe.” In your workplace, consider posting your Remember, culture is created through your employees having a common behavior.

Tip 3: Communicate, communicate, communicate

Awareness is built through frequent, short communications. Weekly newsletters, regular emails, posters, or screensavers can all be vital to keeping your employees aware of the dangers of cyber breaches and how to prevent them. The CRI Starter Kit has eye-catching posters to communicate important reminders to your employees. Identify what is relevant to your organization, and tailor communications accordingly. Some of our suggestions include picking a cyber theme of the month to focus on – for example, recognizing phishing attempts or using strong passwords. Many governments and organizations offer free monthly awareness newsletters that businesses can share with their employees. Examples include the State of Mississippi and SANS’ Ouch!

Tip 4: Protect the Crown Jewels

You cannot protect everything equally. You should identify which data and systems (e.g., website, email, accounting, customer information) are most important to your ongoing operation. As part of the risk assessment, think about what would happen if you lost important data or your system went down. This preparation will help you prioritize what to protect. Every organization, no matter how small, should identify the so-called “crown jewels,” and make sure security controls protecting the “jewels” are appropriate to the task. Regularly assess how well protected your most critical data and systems are and proactively take the necessary steps to improve security. CRI’s “Ransomware Playbook” offers helpful guidance on prioritizing your assets.

Tip 5: Have a plan

Having an incident response plan to direct your actions when a cyber incident occurs is vital. The incident response plan should cover preparation in case of an incident, response during the incident, and rapid recovery from the incident. It should include considerations for business continuity, data loss, and back-ups for recovery. Given that many small businesses are forced to cease operations within one year of a cyber attack, it is especially important to have a recovery plan that is communicated to all employees. Furthermore, conducting exercises or drills that test the incident response plan (known as tabletop exercises) will help employees identify their responsibilities during incidents, and allow them to act effectively and securely when (not if, unfortunately) cyber attacks happen. The most important part of preparation is having current back-ups that you have tested – especially for your most important data (aka “crown-jewels”).

Tip 6: Understand the basics

There are many technologies, activities, and services that you can focus on when it comes to securing your IT infrastructure. It is important to have someone in your organization (the Cyber Leader) who knows what questions to ask and can understand the answers. Examples include keeping a current inventory of the devices people use to connect to your network, ensuring your software is routinely updated, using multi-factor authentication (MFA) for email, online banking, and other sensitive services, using a properly configured virtual private network (VPN) for all remote access, adopting mobile device management, enforcing strong employee passphrase policies with length and complexity requirements, and automating secure storage backups. Whether your IT is in-house or you use a Managed Service Provider (MSP), it’s vital to make sure your IT is being securely managed.

Tip 7: Be compliant

Data regulations vary across industry and region. Depending on the location of your business and the locations of your customers, you may need to change the way you handle personal data or face penalties and fines. Two examples are the General Data Protection Regulation (GDPR) in Europe and the California Consumer Privacy Act (CCPA) in the US. These regulations focus on Personally Identifiable Information (PII) (e.g., full name, social security number, email address). If you collect credit card information you should also be familiar with the Payment Card Industry (PCI) standards. Taking the time now to research security requirements to make sure you are data compliant is important and can save you a lot of time later.

Tip 8: Choose third parties carefully

When you share information with third parties, allow vendors to connect to your network, or rely on them for technical services, you often increase risk to your business. Ensure you choose third-parties carefully. Ask whether they have any security certifications or attestations, like ISO 27001, FedRAMP, or Payment Card Industry (PCI). Ask whether they are audited regularly to ensure their cybersecurity safeguards are appropriate and operating as expected (and ask to review a summary of their audit results). Include cybersecurity-related clauses in contracts, such as the third party agrees to use reasonable security precautions or comply with a set of security safeguards, to mitigate critical security vulnerabilities within a specific timeframe, and to notify you within a specific timeframe if they have a breach.

[This article was originally published on cyberreadinessinstitute.org]

/by

The Burden of Command – Tech Debt 2.0® W/ Michael C. Fillios

Michael C. Fillios is the founder and CEO of IT Ally, LLC., a C-Suite IT and Cyber Advisory firm for small and mid-size businesses. He is a four-time CIO and senior global business and technology executive with 25 years of experience in transformation, change leadership, and operations management in the Pharmaceutical, Industrials, Automotive, Banking, and Consulting Industries. His first book, Tech Debt 2.0®: How to Future Proof Your Small Business and Improve Your Tech Bottom Line, was published by the IT Ally Institute in April 2020. In 2020, he formed the IT Ally Institute to provide research, best practices, thought leadership, and peer to peer programs for business and IT leaders at small and mid-sized businesses (SMBs).

His CIO responsibilities have taken him around the world including living in Shanghai, China where he served as Vice President and Divisional CIO at Delphi Automotive and led global IT operations for over 100 plants in 30 countries. At the multi-industrial giant ITT Corporation, he was part of the transformation team that led the successful tax-free spinoffs of ITT’s water and defense-related businesses to shareholders.

Michael also spent ten years as an entrepreneur at tech startup BTM Corporation, where, as the Chief Solutions Officer, he advised CxO’s on implementing transformative technology management practices in the public and private sector. Earlier in his career, he led the Finance, Human Resources and IT functions at Penwest Pharmaceuticals and worked at consulting firms Grant Thornton and Ernst & Young.

Find out more about Michael and Tech Debt 2.0® at:
www.ITAllyInstitute.org
www.ITAllyLLC.com

[This article was originally published on leadershipphalanx.com]

/by

The School for Humanity Podcast [Tech Debt]

Michael C. Fillios is the founder and CEO of the IT Ally Institute, a nonprofit organization providing small and medium-sized businesses access to knowledge, research, and practical tools to improve their tech bottom line. A senior global business and technology executive with more than 25 years of experience in IT, finance, operations management, and change leadership.

In this episode, I speak with Michael Fillios about his mission and the impact he is making in the world.

Let’s dive in!

[This article was originally published on podcasts.apple.com]

 

/by