Future proof business.

The rapid evolution of emerging technologies and the impact this has had on business has propelled technology executives into the C suite across most industry sectors. This has generated much discussion and activity around the new responsibilities and skill sets technology executives must accept and master. A great deal has been written to advise and assist CIOs and CTOs become leaders and successful contributors, setting and executing strategy for businesses on the path to digital transformation.

All of this is positive and will strengthen the individuals and organizations to the extent that they adopt the advice. Not so much attention has been given to the other members of the C suite – CFOs, CEOs and Board members who are also incurring new responsibilities and the need for new skills as businesses develop models focused on emerging technologies.

CFOs in particular need to recognize the expanded responsibility they have as business uses technology to develop new deep relationships with customers, suppliers, employees, regulators and shareholders.

Navigating Digital Transformation

The technology chiefs will have responsibility for knowing, recommending and implementing technology – dealing with the detailed, system integration, deployment and operation of infrastructure and applications.

The CFO’s responsibility is the financial impact of digital transformation on the enterprise and that can be extensive in ways that never came into play before.

To be clear, the focus for the CFO and C suite should be the management of technology’s role in the business and not the technology itself. Technology is evolving rapidly and promising so many attractive potentials that it is tempting to take on an aggressive agenda seeking benefits across an array of technologies. By focusing on strategies to manage technology the C suite can safeguard and promote the future of the business.

The CFO is responsible for weighing the value of all technology investment. He or she must consider each investment in the context of the entire business. For example, a customer experience improvement must compete with a new marketing campaign and literally countless other ways of investing the business’s resources. Steps to reduce cost through automation or outsourcing need to consider the effect on customer service and ability to develop new product.

Near term decisions need to allow for strategies to future proof the business, to remain flexible and able to respond to changes in the market as customer needs change and technologies continue to evolve.

Managing Cyber Security and Risk

CFO cyber security.

Cyber security has become a major responsibility for the CFO and his peers. A security strategy to prevent compromise is essential. A strong combination of internal and external security protection must be in place. Equally important is a robust, rehearsed response plan for when security is compromised. The financial implications of a security breach are severe and far reaching.

Research conducted by the National Cyber Security Alliance found that as much as 60 percent of hacked small and medium-sized businesses go out of business after six months. While the CIO deals with the technical aspects of a breach, it will fall to the CFO to answer to the regulating authorities, banks, customers, and suppliers. and take steps necessary to restore the business to firm financial footing, if possible. Security also plays into the very valuation of the business. A security breach can have impact on the valuation of a business, and security must also be considered regarding mergers and acquisitions. A CFO must be on guard against acquiring a company that brings with it a significant security risk.

Given these increased responsibilities for navigating digital transformation, in addition to a full load of strategic and day to day operations what is a CFO to do? Well, don’t go it alone.
Small and medium size businesses can work with a partner who has knowledge and experience – real experience in situations where what they know and what they have done can be applied to their enterprise.

48 percent of SMBs plan to transform their business for a digital future yet many don’t understand what digital transformation really is.

Strategic Financial Management of Technology

CFOs can develop a playbook. Identifying areas to be addressed on a regular basis using internal and external resources. The CFO and C suite peers will learn to assess technologies that have real value for that business. They will know the cost of these technologies, the impact to the current and future bottom line and the opportunity cost of the choices they support.

They will learn to focus on the management of technology and best practices in IT governance, and portfolio management. The C suite team will become aware of and sensitive to IT debt built by deferring investment to replace aging infrastructure or legacy applications. They will avoid building liabilities that reduce the business’s valuation, increase risk and hinder the flexibility needed for the future of the business.

Mastering the Customer Experience

Master customer experience.

They will also become technology users familiar with and benefiting from data analytics, business intelligence and process automation. They will invest time and effort to learn what their customer’s experience is and how to improve it.

Partnering with a network of expert resources the C suite will demystify the hype around IoT, Artificial Intelligence, Block Chain and Machine Learning and understand when and if these technologies might have true meaning for their customers and add value to their enterprise.

To increase their ability to manage technology the CFO and peers will get involved, learning how emerging technologies are being used in their industry or similar industries. Environmental scans will assess what is being done by traditional and non-traditional competition.

By exercising this playbook periodically and repeatedly, the C suite will monitor progress being made, refining and maturing emerging technologies. This will promote development of an organization with the people and resources that can take advantage when the time is ready.

What We Can Achieve Together

If you are looking for assistance on the journey to digital transformation, IT Ally™ can help. For starters check out our IT Fitness Test and our Business Agility Test here. To learn more about IT Ally’s C Suite IT Advisor services, please visit itallyllc.com or, schedule a 30-minute consultation with one of our key advisors.

[This article was originally published on itallyllc.com.]

In today’s world of rapidly advancing technology, cyber advisory is the last thing your SMB wants to think about. But in reality, that’s not ideal.

Many small and mid-size businesses don’t have systems in place if their business is under a cyber attack. In fact, one of our previous blog posts addresses this issue. Nearly 82 percent of SMBs don’t have a plan in the event of a cyber attack. As a result, up to 60 percent of SMBs go out of business within six months of an attack.

Cyber advisory is one of the best defenses your business can have, but is it right for your SMB? Here are some signs that it might be right for you from Neal O’Farrell, Managing Director of Cyber Advisory at IT Ally™.

Difficulty Communicating Risks

At times, it can be difficult for business leaders to communicate well in their organization, whether it’s to their employees or board members. For an IT leader, that can be especially true. Not everyone at the organization understands what their IT leader does, so when they try to communicate the need for more security, it may be hard for them to get that across to other colleagues. This can be especially hard if any technical problems your IT leader gets blamed for your SMB’s IT issues. If cybersecurity isn’t part of their priorities, they won’t bring it up.

This is where cyber advisory is important because advisors know how to communicate these issues, especially to boards who need to hear it the most. They can also bring forth the discussion if it hasn’t been brought up. Advisors will be more open and honest about issues and concerns since they aren’t part of the organization either.

C-Suite Lacks CSIO

If you’re an SMB, you likely don’t have a CSIO, which leads to cybersecurity not getting the attention it needs. Similar to the last sign, your management team may not have the right questions or insight to take on cybersecurity.

If you don’t need someone full-time, but you want someone who can give you the best IT and cybersecurity guidance possible, cyber advisory is the ideal solution.

No Contingency Plan

There’s a saying that “a goal without a plan is just a wish” and that holds true for contingency plans. When you see the statistics, it’s better to have a plan than no plan at all. Of course, you hope your SMB will never have to use it, but if it were to happen, it could not only save your business but also save your business money as you manage the ramifications.

Numerous studies show that response plans that are thought out and executed well can save an organization a lot of money when the inevitable happens. Cyber advisory services can be a great resource as your organization develops a plan. Advisors not only have the latest knowledge, but also the outside perspective. This allows them to help you create a plan that fits the needs of your organization.

Low Priority for Board

Some boards just don’t care when it comes to cybersecurity. They either think that an attack will never happen to them. Or, they expect a cyber attack to happen, but don’t have a plan and are willing to deal with the financial deficit that goes with it.

If your SMB brings in cyber advisory services, they can change the conversation in a language they understand. Advisors can push through cybersecurity roadblocks, help the board navigate security and privacy regulations, aid in decisions and bring a fresh, outside perspective on the organization. Boards not only find it helpful, but refreshing.

If these signs ring true for your SMB, IT Ally may be able to help. With over 30 years of experience and perspective, our cyber advisors can provide the best knowledge and insight for your organization. Get to know us today by contacting us or by signing up for a free consultation.

This blog is based on an IT Ally Podcast featuring Neal O’Farrell, Managing Director of Cyber Advisory at IT Ally. Listen to it here

[This article was originally published on itallyllc.com.]

While on vacation in South Carolina visiting family and friends in Myrtle Beach and Hilton Head last week, I decided to pack my clubs and enjoy a few rounds of golf.

Our first stop was Myrtle Beach to visit my in-laws and play golf with my father-in-law, Garry, who is 80, and Griffin, my 17-year-old son – a cherished annual tradition. We arrived at the course to find it was a “cart-path-only” day due to recent heavy rains. To the non-golfers reading this, cart-path-only means that if you are driving a golf cart, you must stay on the paved path and cannot ride on the grass.

cart-path-agilityFor the average golfer like me, this is always a challenge. I am often uncertain which direction my ball will go. Therefore, having the use of a cart that can roam the course, creates more flexibility and more importantly, speeds up the pace of play. In this case, I also had not only to consider my play but my son, a novice and my father-in-law, ailing but accurate, now required to walk to his ball, though often in the fairway and easy to find. This round of “cart-path-only golf” had to end after nine holes. But never the less we had a great time together.

Golf mecca Hilton Head Island was the back end of our trip. Griffin and I booked an early, twosome tee time to beat the heat. Once again, we learned, at check-in, it was another “cart-path-only” day. Undeterred, we went on to play a very enjoyable if long and tiring 18-hole round of golf.

Upon reflecting on this experience, it got me thinking about the limitations, constraints and lack of flexibility of this “cart-path-only” approach and how it might apply to business. The objective to score low was now shared with the objective for fast play and less arduous completion of the course. To achieve this, you had to deliberately and successfully hit your ball within proximity of the cart path.

For a business that would mean constraint to a single strategy. You would have no option to adjust or to respond to market changes, locked into your lane unable to take advantage of opportunities.

I am certain the feelings I experienced on the course, being limited, slow to move and bound to a predefined path, would hamper and strangle a business trying to compete in today’s rapidly changing and dynamic market.

Defining Business Agility

In 2009, I wrote an article titled “Building an Agile Organization.” It proposed that “agile organizations have processes and structures that enable them to know what is going on both internally and externally, . . . and the mechanisms needed to act quickly on that knowledge.”

“ . . . evidence indicates that enterprises can best achieve agility by following basic management principles, using imagination to see an organization in a different light and having a willingness to adjust or change based on circumstances.”

I laid out 3 capabilities, key to pursuing and achieving business agility.

  • Learn to sense and respond
  • Emphasize improvement and innovation
  • Distribute and coordinate authority

Agility provides business the power to move quickly and easily; nimbleness. It is the ability of an organization to renew itself, adapt, change quickly and succeed in a rapidly evolving, ambiguous, turbulent environment.

Becoming an agile organization is easier said than done. But in my opinion, has the potential to yield superior business performance.

Agility Challenges and Impact

Agility has always been a hallmark of large successful, established companies. But with today’s levels of uncertainty, ambiguity, market volatility and globalization, agility is essential for any company. If you think you’re still in a corner where this doesn’t hold true, wait for the disruption to come. Tomorrow it will be relevant for you.

From a technology perspective, inflexible legacy IT systems, technical debt, antiquated infrastructure, insufficient skills and resource constraints, budgetary challenges, a short-term planning perspective, an ineffective governance process and data quality issues, could be the “cart-path-only” placards constraining your game.

It’s easy to envision how these limitations cause a competitive disadvantage. It results in the inability to meet changing customer needs, to address regulatory and compliance requirements, increased exposure to security risk and ultimately an inefficient and costly operating model.

Important Questions to Consider

If you are trying to master business agility or just want out of the “cart-path-only” mode; IT Ally™ can help.   For starters, here are a few questions from our Business Agility diagnostic that, at a minimum, tee off your own self-assessment.

  1. How quickly can your company respond to new opportunities/challenges?
  2. Who has primary responsibility for planning for change?
  3. What is the general state of your technology environment and how well do your major systems share data with each other?
  4. What is the primary factor in guiding alignment among decisions in your company?
  5. What visibility into industry and market trends do you have?

To learn more about Business Agility, please visit itallyllc.com. Or, schedule a 30-minute consultation with one of our key advisors.

[This article was originally published on itallyllc.com.]

Does your small or mid-size business need an IT Fitness Program? To help determine the answer, consider the following:

  • Have you built the muscle to protect and defend against cyber threats?
  • Do you have the agility to meet changing customer needs?
  • Are you lean enough to optimize value from your technology investments?

A question I was recently asked by an interviewer from comSpark was, “What do you think is the trend in technology that all industry leaders should be aware of right now?” My answer may surprise you. Below is an excerpt from my response which was published in the spring edition of Lead Magazine.

“It is difficult to just pick one. However, I believe that the most important trend is about leadership and culture, specifically, how we think about the management of technology versus the technology itself. One thing is certain – technology will continue to evolve. It has, quite frankly, outstripped the pace of technology management. Compared to disciplines such as finance and accounting, IT management is in its infancy. We, as business leaders should never get too enamored with one particular latest and greatest technology or trend.”

Perhaps you thought I would have responded with big data, virtual reality, artificial intelligence or another hot topic. Although these are transformational technologies in fashion today, do we know what will be fashionable tomorrow and in the future? Let’s not forget that many companies are still figuring out how to migrate from legacy technologies, move to the cloud, leverage e-commerce to expand their businesses and enhance their customers’ experience.

Earlier this year, IT Ally™ introduced a new diagnostic, called the IT Fitness Test, to assess the effectiveness of the IT management capabilities in your company. This diagnostic is based on industry frameworks such as COBiT and leverages research from leading IT analysts such as Info-Tech Research Group. The test is a way to gauge whether your IT capabilities need to build muscle, become leaner or agile or both; to secure your business, meet changing customer needs or maximize the value from your IT investments.  

Your IT fitness program will need to be tailored to best address your business objectives. Like a physical fitness program, if your goal is to build muscle, become leaner or agile, you will use a combination of things (diet, nutrition, exercise) to achieve your objectives. With IT fitness as with physical fitness, you want to avoid gimmicks like diet fads, lose-weight-quick pills or slick workout equipment. Whether you are determining the IT needs for your business or establishing your personal fitness program, the conversation should start with “What are the goals you are trying to accomplish?” to help you align your strategy to increase the chance of achieving those goals.  

What’s at stake for SMBs?

data-analytics-program

The latest technology trends for SMBs, look similar to those I have seen in my past role as a CIO. SMBs are beginning to leverage artificial intelligence, data analytics, machine learning and robotics as key strategies to drive efficiency, scale and differentiation. Cloud adoption has become the platform for digital transformation. Cybersecurity risk is being proactively addressed and significant investment is being poured into improving the customer experience. Access to these technologies is becoming more available but there is a double-edged sword when figuring out how to leverage them properly.

For SMBs the need to manage IT, is paramount to success. Technology is changing rapidly and affecting every aspect of a business. SMB’s need to proactively leverage proven best practices to realize the full potential of their technology investment, regardless of the technology being adopted. For example, you are thinking about the vast amount of data available that can be leveraged to learn about your customer’s buying patterns or service preferences, but if you have no single version of the truth regarding your data, this will be a very difficult task. Or, you are trying to reduce the cycle time for a business process to create a unique customer experience, but your IT systems have been built in silos and are not integrated. This presents a significant challenge to achieving your goal. You get the idea, it will cost more, take longer, and you might never get there.

These are common issues, difficult to overcome in large organizations with plentiful IT and financial resources. So how is an SMB expected to cope, given their limited resources and expertise? Well don’t despair just yet – and that’s right, you have an Ally!

The IT Fitness Program for the SMB

it-fitness-programs

In the above examples, there are several IT Management capabilities that, if in place, could help realize these solutions faster, more cost effectively. At IT Ally, we have created a unique IT Fitness Program for SMBs that leverages Enterprise IT capabilities. Our IT Fitness Program identifies nine sections that we will describe in this and in subsequent blog posts. The nine sections are based on the COBiT Framework and best practices research from Info-Tech Research Group. They are:

  • Strategy and Governance
  • Financial Management
  • People and Resources
  • Service Planning and Architecture
  • Infrastructure and Operations
  • Security and Risk
  • Applications
  • Data and Business Intelligence
  • Portfolio and Project Management

As we introduce the IT Fitness Program for the SMB, let’s take a closer look at Strategy and Governance, a core foundational capability to establish alignment of business objectives and overall priorities for IT.

Strategy and Governance

it-governance-strategy

IT Strategy:

  • Traditionally, IT was seen as a separate support function. As such, IT strategy creation often happened in isolation and without a good understanding of the business. That’s no longer an option. A list of projects is not a strategic plan. A good strategy clearly links projects to goals. A compelling strategy proves more than IT’s contribution to business objectives. It justifies and prioritizes what needs to get accomplished and in what order.

IT Governance:

  • IT Governance is the number-one predictor of value generated by IT, yet many organizations struggle to organize their governance effectively. Optimizing IT governance is the most effective way to direct IT spend to provide the most value in producing or supporting business outcomes, yet it is rarely done well. IT governance needs to address the changing goals, risks and contextual environment of the business. A first step in establishing IT governance is to align IT with the goals of the enterprise. A proven methodology for accomplishing this is to establish a charter for IT that is built around the characteristics of the business.

Performance Measurement:

  • Service metrics are a key tool at IT’s disposal in establishing its value to the business yet are rarely designed and used for that purpose. Creating IT service metrics directly from desired stakeholder outcomes and business goals, written from the business perspective, using business language, is critical to ensuring that IT services are meeting business needs. Measuring, managing, and improving IT performance in relation to critical business success factors, with properly designed metrics, embeds IT in the value chain of the business and ensures IT’s focus on where and how it enables business outcomes.

IT Management and Policies:

  • Well conceived and enforced policies are a valuable communication tool. They help your organization spread the message of what needs to be done and how it should be done. Policies aren’t just your rules. They communicate how you do business. Use them to start a discussion with employees on how you do what you do.

Innovation:

  • Stakeholders expect more from IT today than technology resource management and risk mitigation. New technology available today provides an opportunity for IT to improve and innovate in many, if not all, areas of a business. An IT strategy aligned with the goals of a business will highlight opportunities for innovation IT will be viewed, not as a cost center, but as a center of innovation, vital to the growth and prosperity of the business.

Stakeholder Relations:

  • We have stressed IT governance and business goal alignment as important components of an IT strategy. The governance and goals are not internal to the IT function but belong to an array of stakeholders inside and outside the business. They have different needs, sometimes competing with each other that must be addressed by IT leadership. The relationship IT builds and maintains with these stakeholders will determine the success of the IT strategy. Identifying and prioritizing stakeholders; listening to them and managing their changing needs will be the primary agenda of IT governance.

We Can Help

Our comprehensive selection of IT Effectiveness Assessments combined with our Assess, Measure, and Improve approach, enables tailored improvement plans to be established and implemented. Given the importance of alignment as part of the IT Strategy and Governance Fitness Program, we recommend the following assessments:

  • CEO – CIO Alignment is designed to identify and close the gaps between your vision for IT and the business and to ensure alignment of goals and objectives.
  • CIO Business Vision is designed to assess the level of satisfaction across core IT services, support and relationships with key stakeholders to identify and better understand areas in need of improvement.

IT Ally has the experience and expertise to help small and medium-size businesses succeed in establishing and improving your IT Fitness Program. To get started, check out our “IT Fitness Test” to get a customized report or call us at 844-4ITALLY to continue this discussion and see how we can improve your IT fitness!

In our next blog, we will cover Financial Management and explore several capabilities including Business Value, Cost and Budget Management, Vendor Management and Cost Optimization.

[This article was originally published on itallyllc.com.]

Listen to this IT Ally™ Podcast interview to learn more about the formation of IT Ally and how they are helping SMB’s to leverage technology for strategic advantage.

Read The Podcast Transcript

Hello, I’m John Connors, writer and commentator on technology in the business community.

I’m here today with Michael Fillios, founder and CEO of IT Ally, the recently established company dedicated to providing competitive advantage in technology to small and medium size businesses.

I’m going to ask Michael what makes IT Ally unique, capable, and the right choice for SMBs. Michael, by way of introduction can you tell us how IT Ally came about and what you expect to accomplish?

Basically, if you look at the importance of the small and medium businesses in our economy today there are number factors that we should consider.

1. Statistics show 3 out of every 4 hires in our economy are coming from small businesses. 

2. This demographic certainly represents a significant portion of our economy in that it supports a lot of our GDP growth and

3, just the sheer size and scale of businesses that exist, nearly thirty million, just in the United States alone, represents a significant portion of our overall market. 

That being said, there are number of companies that have attempted to service this market space, particularly from an IT consulting perspective, and that have not had wide success.  My view on that is that these companies were established businesses servicing much larger clients and decided that they wanted to go downstream into markets to grow their businesses. 

Yet that still left the infrastructure, overhead and complexity that just, quite frankly, is not attractive to the small business owner. 

That’s one of the things that makes IT Ally more unique is that we were conceived with the sole intent of servicing small and medium business owners and spent a lot of time in developing the appropriate offers that would allow these organizations to not only afford but also digest the service offerings and that is where some of the uniqueness of our business model comes into play. And, now we’ve begun to see wide interest in our offering. 

Not only in the areas of IT but quite frankly, in areas outside of IT, in other functional areas such as legal, HR, finance, sales, etcetera. 

So with that, the nature of the IT Ally model, essentially what we are doing is providing. enterprise level capabilities and talent to the everyday business and we’re able to do this, as I said, by packaging up our offerings such that they are affordable and digestible to these businesses largely on a subscription basis which is how we provide them. 

Michael, you have a broad-based background in large businesses and in various sectors. Tell us about your experience and how it has prepared you and IT Ally to provide leadership for smaller scale enterprises?

I believe the modern day IT leader needs to possess a variety of skills and capabilities to be successful in today’s dynamic and challenging environment.  My IT leadership experience came as an accident as I was asked to lead an ERP evaluation, selection and implementation for a $30M global pharmaceutical company where I was in charge of Accounting.  I still revert back to this experience as it was the beginning of thinking about IT from a business perspective meaning, what outcomes did we want to achieve as a business and how was technology going to enable them to be realized 

Although, at the time, the technology landscape was also evolving we never got enamored with the technology itself.  My early experience in auditing and leading the accounting function, being a management consultant, a start up entrepreneur and ultimately a corporate CIO in large global companies, has given me a very unique set of experiences of seeing IT in many different facets. 

From acquisitions, to divestitures, through bankruptcy and emergence, across several decades of technology evolution, I have benefited from applying technology to solving many different business challenges including, growth, cost containment, risk mitigation and customer experience which quite frankly are many of the same challenges that SMB’s are facing today. 

Leaders of small and medium sized businesses have several priorities vying for attention in today’s environment. And technology is complex and rapidly changing. How can IT Ally assist these leaders in making technology challenges more approachable as one of the many factors they have to deal with?

The challenge for SMB’s is that most of these organizations don’t need to have a full time IT leader certainly not a CIO, Chief Information Security Officer, roles like this, but quite frankly have some of the same complexities that a fortune 500 company would. In fact, most recent trends reported by SMB Group on the Top 10 trends in technology for small and medium businesses suggest that many of these companies are faced with some of the same decisions around how to leverage technology such as artificial intelligence, analytics, big data as well as many others on the list including robotics or internet of things not to mention having to do it in a secure fashion. 

So, these are very daunting challenges for most Fortune 500 CIOs never mind small business that are thinking about how do we leverage these wonderful technologies to help us grow, differentiate and secure our businesses.

So, that’s the opportunity,  how do we bring folks that have had this experience, we’re talking about individuals with 25 – 30 years’ experience, that have been in wide ranging situations, understand how business runs and want to apply that experience and capability to these organizations that need it to not only survive but effectively to thrive against the continuous competition that arises in the marketplace on a daily basis. 

So that in a nutshell is IT Ally. We are continuously adding to our offerings, not only in conducting assessments of what a world class IT organization needs to look like at a small or medium business. But also providing other services, education and ways that we can provide full services to our partners and our clients. 

Confronted with the complexity of technology, an SMB leader might be concerned with the financial commitment needed to take on a robust technology agenda. Can you talk about the cost and value proposition IT Ally offers?

One of the advantages of our business model is that we have built from the ground up exclusively to service the small and mid size business market.  Because of this, we have really focused on packaging our offerings so that they are not only affordable, but also digestible to our clients.   

When we look at the SMB market, we define it by the number of employees.  For example, small businesses are those with 1-49 employees and medium size businesses are with 50-499 employees.  With this level of diversity, it is essential to have offerings that will scale up and down, be repeatable, yet still allow for some level of tailoring to meet our clients needs. 

For example, we offer several fractional models to access our CIO’s, CTO’s and CISO’s on a subscription basis depending on the level of scope and engagement necessary to deliver value to the client. 

Michael, we have talked about your business experience as an executive, successful in managing technology and deriving benefit for businesses but you can’t duplicate that success yourself across an SMB client base. What resources does IT Ally bring that can operate in the trenches to leverage your expertise into successful, cost effective initiatives?

That’s a great question and one that we have been very deliberate about as we conceived the business from day one.  To your point, we wanted to be very careful to not create a business that wouldn’t scale beyond one person.  To that end, we have created a business model that enables our subject matter experts to leverage our content and intellectual property to create a consistent and repeatable experience for our clients when delivering our services.  Naturally, we are very critical about the quality of the folks we bring into our network and make sure that we are vetting them accordingly.  The IT industry is a rather close-knit group particularly for those with 25-30 years experience and it is pretty easy to reference check individuals as you typically know them or know someone who does.

You have alluded to the importance of an organization’s cultural readiness to adopt and benefit from technology. Can you discuss that further, and tell us how IT Ally can assist businesses in attaining the necessary level of cultural readiness?

It is true that viewing IT as a strategic weapon starts with the tone at the top of the leadership team. In small business, this is typically the owner, president, CFO or other leadership team member.  I have seen a wide-ranging view of the importance of technology over my career across different industries and size organizations and sometimes it does take an outside voice or an event to trigger this thinking. 

For example, some companies are more passive as it relates to information security until such time an unfortunate event occurs such as a breach of data, or vulnerability is exposed.  Or it could be a competitor that introduces a new application that dramatically changes the customer experience that threatens your very existence or value proposition.   

The role that IT Ally can play is to provide an outside in perspective that helps an organization to see technology differently – not just as an enabler to automate an existing process, or to increase productivity, but also a way to grow, differentiate and secure your business.  Much of this starts with taking a very fact based and data driven view, leveraging our IT Effectiveness assessments to create a baseline that can highlight potential weaknesses and areas for improvement.  Armed with this data and our experienced team, we can typically be very compelling in shifting this mindset. 

Michael, your response indicates that a successful technology agenda extends beyond infrastructure and software and permeates many areas of an enterprise. Do you see IT Ally providing services outside the traditional IT environment? If so / where might that be and how is IT Ally equipped and qualified to add value in meeting those needs?

Yes, we do and have been developing a network of other leaders that can support other functions such as Legal, Marketing, HR, Accounting and Sales.  In fact, these partners take a very similar approach to servicing their clients on a fractional basis, making it affordable for SMB’s to access these services on a demand basis.   These partners are very complementary to our business and allow us to provide a full spectrum of services to meet most of the needs of our clients.  In effect, we are all trusted advisors and become a valuable extension of the company’s leadership team. 

Tell us more about the partner ecosystem and how that is becoming an important asset to IT Ally and your clients. Do you see that continuing to expand nationally and internationally?

To that end we’ve also established a pretty extensive partnership network that ultimately extends what we do, that allows us to serve our clients more completely. So, where we don’t provide or don’t desire to provide those capabilities we’ve got companies in our portfolio of partners that would be happy to service them. Again, these are in areas that are in complementary businesses perhaps in other functional areas such as in legal services or HR.

But it enables IT Ally and my overall team to really provide a holistic view to business owners and help them in ways that go beyond the areas that we directly serve. So, the partner ecosystem is extremely important to us we are adding partners on almost a daily basis and coming in contact with organizations that want to engage and be a part of this overall ecosystem. 

Michael, / IF this discussion has raised the interest of SMB leaders who want to learn more or take next steps with IT Ally to assess their technology position and opportunities, what message would you leave them as to how to proceed?

I would say take us for a test drive.  Our offerings are priced in such a way that allows an organization to start small in an agile like fashion to experience our value proposition.  We are very confident that we can deliver value to our clients and welcome the opportunity to earn a position as a trusted advisor to their business. 

Thank you, Michael for a stimulating discussion and to you, our listener. Contact Michael Fillios and IT Ally at 844-4ITALLY or 844.448.4559 or email info@itallyllc.com.

[This article was originally published on itallyllc.com.]

Listen to this ComSpark Podcast interview to learn more about the potential impact of cyber attacks on your business and why you should care.

Visit itallyllc.com/blog to read more from our blog. If you’d like to learn more about working with IT Ally™, schedule a 30-minute consultation with one of our key advisors.

[This article was originally published on itallyllc.com.]

SMBs need to use IT as a competitive advantage

When SMB chief executives ask themselves about the modern trends they need to be paying the most attention to, the first item that pops into my mind is how today’s lightning-fast technology changes are affecting every aspect of a business. Clearly, we have seen a number of innovative and emerging technologies surface recently—machine learning, artificial intelligence, robotics, big data, cloud computing, etc. It is difficult to choose just one!

However, I believe that the biggest trend is one regarding leadership and culture—specifically, how we think about the technology management vs. the technology itself. One sure thing about technology is that it will continue to evolve and outstrip the pace of technology management.

Technology Management is as important as the technology itself

Compared to other disciplines such as finance and accounting, technology management is in its infancy. As we have seen in the industry, there are new roles evolving that were not even in existence three or five years ago; roles such as data scientist, cloud architect, agile developer, and chief digital officer to name a few.

As IT leaders, we should never fall in love with the hottest current trend or technology, rather we should be thinking about how it will be used to solve a real business challenge. Technology for technology’s sake is never a good thing. This mindset and style of leadership is crucial, as the business/technology convergence becomes the norm regardless of the size of company, industry or geography.

plan-think-act

Technology will always continue to evolve, disrupt and invent new ways of conducting business. Because of this, I believe that a business such as IT Ally™ will become even more important in advising SMBs on how to leverage technology to grow, secure, and ultimately differentiate their businesses. In my opinion, technology has leveled the playing field for SMBs such that size no longer dictates the survival of the fittest.

Numerous examples have played out over the past decade, whereby well-established, resourced and funded technology companies became extinct. This can be due to the availability of the technology and the uniqueness of the business model to which it is attached. Consider Netflix, Uber, Airbnb, Amazon, eBay, FB, Google and I am sure many more to come.

Business model innovation and disruption will continue everywhere and companies (large and small) will need to determine how to leverage technology as a strategic weapon as a means of survival. Organizations that can master the customer experience will be the ones who dominate their markets. Technology will be a key enabler to achieve this dominance and longevity.

Enterprise Perspective for the every day business

In my prior roles as a CIO in large global businesses, I was often responsible for technology transformations which included the creation of a multi-year, business-led IT strategy. In most instances, this also included large-scale modernization of legacy systems to improve both the customer and end-user experience, as well as adding new or enhancing existing digital capabilities to the IT infrastructure.

Although the strategies and the technologies were unique for each company, the playbook was the same in that I brought together a number of key business and IT stakeholders across multiple lines of business to create a roadmap for change.

Fundamentally this was about leadership, not technology. The result of this carefully planned transformational change ultimately served to differentiate us positively from our competition.

Technology trends that are leveling the playing field for SMBs

Regarding the latest technology trends for SMBs, the list looks similar to those I have seen in my past role as a CIO. For example, we see SMBs beginning to leverage artificial intelligence, data analytics, machine learning and robotics as key strategies to drive efficiency, scale and differentiation. Cloud adoption has become the platform for digital transformation. Cybersecurity risk is being proactively addressed and significant investment is being poured into improving the customer experience. Although access to this technology is becoming more available, it is a double-edged sword figuring out how to leverage it properly.

Assessing IT Management Maturity

For most large enterprises, IT Management is an evolving and ongoing challenge given the pace of technology change, the inherent complexity of business processes, entrenched legacy systems, data quality and ugh, I am exhausted just writing about it. When it comes to SMBs, IT Management is in its infancy, often relegated to a few individuals that are essentially building it on the fly.

This scenario creates an even bigger challenge given the outpacing of technology versus technology management. So what is an SMB owner to do about this? Our suggestion is to first take stock of your management maturity by conducting a formal assessment. This doesn’t have to be a science project but should have the breadth and depth of focus that is enterprise-grade, yet relevant for the SMB. 

I decided to start IT Ally with the simple mission of helping SMBs leverage technology to achieve their business objectives. This is not only a passion of mine but something that I believe is essential in the modern business landscape. I see this mission as of even greater importance to SMBs than their large corporate counterparts in terms of survival, growth and differentiation. My goal is to help fill this need.

If you’re interested in connecting with us, schedule a 30-minute consultation with one of our key advisors.

[This article was originally published on itallyllc.com.]

 

If you’re like most small business owners, cybersecurity is probably a big question mark. The digital world is constantly evolving and it’s hard to keep up. For small and medium businesses (“SMBs”) or companies with 1-999 employees, the statistics are alarming.

While you’re busy doing what you do best and running your small business, hackers are actively trying to find new ways to breach your company. They want to compromise your system, steal your data and profit from the damage they cause to you.

Even worse, this damage is “life-threatening” for small businesses. 60% of SMBs that are breached go out of business within six months. It is estimated that more than half a million SMBs shut down each year because of cybersecurity breaches.

To address this substantial risk, your business is in a bind:

It wouldn’t be cost-effective to pay for full-time IT security personnel or expensive consulting firms. But you know you need to address this issue that could impact your company’s future.

For a business owner who understands the importance of cybersecurity and wants to begin to see what you’re up against, here are five questions to consider.

Ask Yourself These 5 Cybersecurity Questions

1. Are your employees your first line of defense… or are they holding the door open for hackers?

As a small business, the percentage of employees who have access to business-critical data and systems is much higher than at a corporate giant.

This means more than ever, your employees are your first line of defense. If one of your employees is breached, it’s much more likely they have access to sensitive information than one of the tens of thousands of employees at a Fortune 500 company.

So cybersecurity is “all hands on deck” for your small business — is your entire team prepared for this responsibility?

We recommend holding regular training seminars and sending frequent security bulletins to keep employees in the know about the latest threats. If they don’t know what to look for and how to react, they might inadvertently expose your company to any number of harmful IT risks.

2. What are you doing to prevent a breach from happening at all?

In the news, you only hear about breaches after they happen. Of course, it isn’t front-page news when a breach doesn’t happen!

That doesn’t mean diligence isn’t important. What is your company doing to prevent these risks from ever happening? Installing up-to-date antivirus software on all your employee’s devices is a great start. However, it’s only the beginning of the complete prevention strategy you need to have.

Do you have the right IT processes and policies in place, and if so, do you know how well your employees follow them? Do you have a regular employee training and IT risk prevention program? Have you secured sensitive data access to appropriate personnel only?

These are all questions your business must consider to ensure a disaster isn’t on the horizon. You should have policies in place that guarantee continued security and plan for regular audits to make sure your plan is working.

3. If a breach does happen, how will you handle it? Have you planned for the worst?

Despite your best efforts to fend off hackers, sometimes they make it through. They’re quite crafty and inventing new techniques every day.

Are you prepared to react if a breach does happen? Based on what data was lost or which system was compromised, how will your business proceed? Do you have cyber liability insurance or a validated backup of your data?

When a breach happens, it’s important to react with speed and authority. When Equifax was breached in 2017, the company’s reputation suffered significant damage. In large part, this was due to the manner in which they addressed the situation.

Perhaps Equifax could have avoided a breach altogether if they had the appropriate policies in place, and they could have reacted with more poise if they had an advance plan for what to do. (Fox Business described it as “a story of crisis response gone very, very wrong.”)

Per CNN Tech, Equifax was aware of the security flaw for two whole months before hackers exploited it to access data. In the CNN article, a security expert called the way Equifax addressed the security flaw as a “systemic failure of process.”

Of course, this is partially a PR question, but it’s also a matter of closing the breach, convincing customers the right systems are in place to avoid the same situation in the future, and resuming normal business operations as soon as possible.

If a critical breach like this happened to your business, could you recover?

4. Are your systems and software exposing your business to any security risks? Is your sensitive data protected?

You now have more useful software and data at your disposal than ever before. Since these technologies can give you a powerful competitive advantage, you’re probably using a wide variety of software, cloud applications and devices.

Each of these is a potential doorway into your company. For example, all the benefits of cloud applications are paired with comparable risks.

It’s great for employee productivity. They can access their work from anywhere and collaborate with their colleagues more seamlessly than ever before. But it’s riskier to store data in the cloud than the “old-fashioned way” on your local network.

This doesn’t mean you should go back in time a decade and close up all your cloud access and collaboration applications. It’s just important to ensure your sensitive data is secured.

Consider conducting “penetration tests” and vulnerability scans to confirm your internal and external system access are protected.

If hackers gain access to internal emails about organizing an employee’s retirement party, it’s probably not the end of the world. But it’s a different story if they get their hands on customer financial information, proprietary business processes, or trade secrets that give your company an edge.

Your company should have some basic cybersecurity principles in place and processes to audit adherence to these practices.

Examples of such principles are granting employees access only to the data and applications they absolutely need, prohibiting open access to networks that also store sensitive data, and preventing employees from emailing sensitive attachments to people outside your company.

Defining these policies and sticking to them will give you more peace of mind that your business is protected.

5. Do you have a plan in place for ongoing oversight of your company’s cybersecurity?

It’s not enough to perform an audit of your cybersecurity every now and then. Your business needs to commit to a cybersecurity program involving IT policies and employee education to stay safe going forward.

Companies are too often reactive to breaches that have already occurred. While it’s necessary to make cybersecurity a proactive focus, the stakes are too high to merely wait and hope you’re protected.

After you initially audit your cybersecurity and determine your risk exposure, prioritize a list of policies and processes you’ll need to stay compliant. Ensure your employees and vendors are on the same page. Establish routine audits and other measures to evaluate adherence to your cybersecurity policies.

And once again, employee education is the most important piece of a cybersecurity strategy. The best enterprise cybersecurity policies won’t protect you if your employees are exposing your business to risks.

What Should You Do?

As a small business owner, you may not know the answers to these questions yourself. Ask your IT staff, vendors, or whoever is responsible for managing IT in your business. Whatever it is, do something.

It is time to be proactive and begin to develop an understanding of where you stand from a cyber risk standpoint. It’s imperative to consider your exposure to cyber risks and plan accordingly before a breach ever happens.

To learn more about IT Ally™ and our comprehensive set of IT Effectiveness Assessments, please visit us at www.itallyllc.com.  Or, schedule a 30-minute consultation with one of our key advisors.

[This article was originally published on itallyllc.com.]

Your small business is perfectly immune from cyber attacks, right?

You know, cyber attacks like those targeted against Equifax in which they lost sensitive data for 143 million US customers, or the 3 billion Yahoo accounts that were breached, or when Target lost payment data for 40 million cards?

Why would hackers target small companies when there are so many huge corporations ripe for the picking?

If you think cyber attacks aren’t a serious threat for your business, think again: 60% of all targeted attacks are towards small to medium-sized organizations. And out of those data breaches that are successful, 90% impact small to medium-sized companies.

What explains the higher success rate? Research shows 82% of small to medium-sized businesses are not adequately protected from cyber attacks.

Cyber attacks are a PR nightmare. They are often so damaging to your reputation with customers that it’s impossible to recover. In fact, of small and medium-sized businesses that are breached, as many as 60% go out of business within six months.

These staggering statistics show it’s absolutely imperative to take cybersecurity seriously so you aren’t the next business with a huge, expensive headache on your hands, a seriously damaged reputation, or worse.

These 9 cybersecurity risks are very real risks for small and medium-sized businesses. It’s difficult to take all the necessary safety measures to keep your business and data safe, so your company probably has at least a few of these to address.

Can you afford not to know whether your business is protected?

9 Cybersecurity Risks Common For Small Businesses

1. Lack of adequate training

We’re mentioning this one first for a reason—it’s incredibly prevalent, but it’s easy to do something about it and often is your first line of defense to protect against these risks.

Most cybersecurity breaches are a result of human error. With “phishing” emails, hackers trick employees into giving up their passwords and other information by sending communications that appear to be legitimate. For example, an email may appear to be a routine credit card statement or order confirmation from Amazon, but it’s actually a fake email from an opportunistic hacker.

Employees click these emails because they are inadequately trained to identify and avoid these communications. And even if they suspect something is fishy, they may not know the appropriate steps to take.

What to do about it: We recommend regular security education, including periodic training sessions and email bulletins about the most common cyber attacks.

Why it matters for small businesses: It’s easier to drive these training initiatives for large businesses who have entire teams of people devoted to cybersecurity and compliance. For small businesses, training can slip through the cracks and there may not be someone internally who is qualified to deliver the training. But that doesn’t mean it isn’t crucial.

2. Inadequate protection against malware and ransomware

Hackers have been targeting businesses with malware (computer “viruses”) for years.

Ransomware is a particularly nasty iteration you’ve probably heard mentioned in the news recently and has become a lucrative business for the bad guys. Essentially, hackers take control of your data or devices, lock you out, and only restore your access once you pay their “ransom” fee.

Imagine being faced with a choice between paying a hacker $2,500 (or more) or never being able to access your customer data again. What would you choose?

It’s best of course to avoid the situation entirely by protecting your business against ransomware and other typical malware threats that compromise your data and device security.

What to do about it: Employee training is the most important component of an effective malware and ransomware prevention strategy. Further, companies should maintain protection solutions to avoid device infections and continuous cloud backups for disaster recovery if something slips through the cracks.

Why it matters for small businesses: Just one virus on an employee device could give hackers access to all your company’s data and control over what to do with it. From there, they can sell the data on the black market, encrypt it (via ransomware) to sell it back to you, among other nefarious strategies — none of which are good for your company.

3. Outdated or unpatched software

Keeping software up to date is tricky, and hackers love that.

Many software updates and patches are released to fix security issues. This is why software vendors try so hard to enforce automatic updates and regular update intervals.

Cybercriminals learn quickly, so your software may be perfectly secure now but introduce a huge security hole in just a few weeks.

What to do about it: Establish and stick to a regular patch and update schedule for all your applications. If you don’t currently follow any regimented policies, identify the applications with the most sensitive data and tackle those first.

Why it matters for small businesses: Small businesses have a smaller IT staff to ensure regular software updates, and this comes at a cost. Outdated software exposes your small business to a 3x greater risk of a security breach.

4. Poor data management practices

Chances are, your business has a lot of data you’d prefer to restrict to the appropriate personnel at your company, such as financial data, trade secrets, customer information, or proprietary processes.

Many small businesses pass sensitive spreadsheets, account credentials, and other protected information back and forth by email regularly.

Email is the most convenient option, but that convenience ends when the data ends up in the wrong hands.

What to do about it: Your small business needs a written policy about backing up and securing your data, and your employees should be educated regularly. Periodically, consider evaluating awareness and compliance via surveys and audits.

Why it matters for small businesses: Since just one data breach puts 60% of small companies out of business, it doesn’t make sense to pass customer spreadsheets, trade secrets, and confidential plans back and forth by email or other insecure file sharing solutions. Unfortunately, the practice is all too common.

5. Lax access control

It’s not just important to transmit data securely—your business should also have an intentional policy around who has access to certain data in the first place.

With so many risks associated with data security, it’s best to restrict access to parties who really need it.

In the cybersecurity world, this is called the principle of least privilege—give users access to the permissions and data they need, and nothing more.

What to do about it: Audit which employees have access to the data and applications on your network, making adjustments according to the principle of least privilege. Going forward, create and follow an access control template to keep your data secure.

Why it matters for small businesses: Your company’s competitive advantage may hinge on certain processes or information remaining secret, or the wrong data breach could jeopardize customer trust forever.

6. Insecure network

Whether you host data on your own network or in the cloud, security is vital.

At your office, guest devices, employee mobile devices, or personal laptops should not be permitted to connect to any network that also stores any sensitive data.

And if you use cloud data storage or cloud applications, managing access is critical as well. Hackers are quite effective at probing every possible opportunity to get their hands on your sensitive data.

What to do about it: Conduct regular audits of your company network and cloud security. Put the right policies in place to design new systems with security in mind. Leverage access control best practices and use a “whitelist” system for application access to your network (only explicitly permitting those applications that need access and are verified to be secure).

Why it matters for small businesses: The right hack could jeopardize vital business operations for days or weeks, and small businesses feel revenue and productivity losses especially hard.

7. Weak password policies

It doesn’t matter how secure your business technology is if your employees give away the keys with insecure passwords.

Many think password security is no longer an issue, but as recently as this year, a study found an average of 19% of business passwords are easy to compromise.

Think about that: without the right password security policy, at least one in five of your employees could be holding the door wide open for hackers.

Even if employees use secure password, that means very little if they use the same password for other platforms or personal use. In that case, their password to access your secure data only remains secure until those other platforms are breached.

What to do about it: Implement a regular interval at which employees must change their account passwords, such as every six months. Add system controls to ensure passwords meet certain strength requirements, such as length and avoiding dictionary words. For access to particularly sensitive applications and data, consider two-factor authentication for an extra layer of defense.

Why it matters for small businesses: Since a higher percentage of employees will naturally have access to sensitive information, they need to be your first line of defense.

8. No disaster recovery plan

Are you ready for an outage or hack? Are you sure?

Accidents happen. As much as you can and should try, it’s impossible to anticipate and avoid any incidents affecting the security and availability of your data and systems.

Your business needs rigorous, thorough “disaster recovery” plans, so if your data falls in the wrong hands, a critical application goes down, or an employee poses an insider threat, you and your team are ready to spring into action.

What to do about it: This is certainly a bigger issue to tackle—but one of the most important. Identify the biggest threats to your business by asking “what if…” and start by establishing policies and plans to answer those questions.

Why it matters for small businesses: As a small business, it’s less likely you have backups and contingency plans than large companies who pay people to think about those risks all day. And outages and disruptions can be incredibly detrimental to your revenue and customer trust.

9. Lack of documented and enforced security policies

You need written IT security policies, plain and simple. As of now, do you have any?

If you do have them… are they communicated to your employees? Do your employees actually understand?

In our experience, the answers are “not really”, “no”, and “definitely not” in the small business space. These are tricky concepts to grasp and this is a rapidly evolving space.

For most small businesses, it doesn’t make sense to have a cybersecurity specialist on your payroll full-time. And your IT team (if any, depending on your company size) is busy with activities critical to running your company today.

What to do about it: After you assess your exposure to the risks in this post, consult with experts and develop documented policies and procedures. Then, train your team and put the appropriate measures in place to track and improve compliance. The future of your company just might depend on it.

Why it matters for small businesses: For small companies, security is a real team effort. The best way to navigate cybersecurity is to make it second nature for everyone working for your company—get everyone on the same team protecting your business from rapidly changing risks.

Now What?

Feeling overwhelmed?

That’s understandable. The stakes are high. And for many small businesses, these concepts are completely new—and until now, off the radar.

After reading this post, we bet you feel compelled to take action to protect your small business. The first step is conducting assessments and audits to determine how exposed your business really is. The second step is putting new policies in place that will protect your company going forward.

We provided some helpful resources and first steps in this post to get you started. IT Ally™ also has your back. We offer several cybersecurity assessments that can get your business on the right path in no time.

The assessments check for many of the risks covered in this post.

IT Ally believes in delivering enterprise value to small businesses, so our assessments are comprehensive and offer the same value a Fortune 500 might get by engaging exorbitantly priced IT consultants.

Your small business needs an Ally — we’d be honored to help. Get in touch to start the conversation or schedule a 30-minute consultation with one of our key advisors.

[This article was originally published on itallyllc.com.]