Top 3 ‘Oh Shit’ Moments in Business

There are some dumb things that happen and are said in businesses situations and sometimes they lead to poor practices. Of course no business sets out to create inefficiencies but these things do happen over time. The bigger the business, the more prevalent the disease. In this article we discuss the Top 3 ‘oh shit’ moments when bad practices rear their ugly heads and how you can take action.

  1. When you hear someone say, “That’s the way we’ve always done that.” OR “Why fix it if it ain’t broke?” run for the hills. You’ve been infected!

time for change sign with led lightBlindly repeating the actions of a predecessor can lead to this mentality. The only constant is change. And let’s face it, change can generate innovation and excitement where passion can be lacking. It’s important to ask questions for continuous improvement. Understanding initial decisions and why they were made will be paramount when managing resource churn. As new technology presents itself, and as your industry changes, it will be productive to seize new skills, processes and tools to adapt. This should be seen as a business opportunity rather than pose as an adverse business risk.

2. The next time someone mentions, “Yeah, but this new tool is going to solve our problems.” OR “It’s the tool’s fault, because it can’t do [insert a feature].” take heed! This mindset is too focused on the technology instead of the people and processes. Over time this leads to tool sprawl and mismanagement of the technology meant to help.

woman wearing red and black checkered blouse using macbook

In some business cases, tools are tied to a person or even a calamity where business decisions may have been made based on knee-jerk reactions to firefighting or maybe it’s as simple as the lack of business maturity. Over time it’s very easy to be ‘in the weeds’ with a number of tool sets where only 20% of the tool is actually understood and utilized. Dedicating the time and resources to learning the other 80% often goes by the wayside and instead the tool you had is simply replaced with another tool, which will presumably solve business problems. This thought process of adding more tools to the stack can lead to a new set of issues like unnecessary network load, wasted budget, silos of chaos, and increased security risks. Look to your people and processes to be the driver for excellence delivering on business goals not features of software. Everytime a new tool is considered, simultaneously review existing tools.

3. The next time a deadline is missed and phrases like, “But nobody told me about this.” OR “Mistakes were made…” are uttered, you might have an accountability problem.

man in brown long sleeved button up shirt standing while using gray laptop computer on brown wooden table beside woman in gray long sleeved shirt sitting

It is not uncommon for a lack of accountability to creep into business process. Unclear priorities, low levels of trust, missing objectives, and unmet deadlines is a recipe for disaster. When working in teams and with multiple teams, it’s tough to hold others accountable if nothing is defined. It’s important to ensure everyone is aligned. Expectations should be set with teams and what success looks like should be defined. “If you never tell anyone what you expect, then expect to be disappointed.” –Thoughtful Leader

That’s it. Of course there are more ‘ah shit’ use cases we could roll through but these top 3 are pretty rampant in businesses no matter what their size, so keep your ears and eyes peeled for the warning signs.

security, technology

Need a MSSP? 5 Actions of Engagement

two person shaking each others hands

The pressure and concern around security in today’s digital business world can be daunting. Some businesses are operating on tight budgets, don’t have the talent in-house to manage security projects, and some aren’t even aware of their vulnerabilities until it’s too late. Qualifying buisinesses are taking note and looking to outsource their security plights to vendors to ease the pain.

So what is a MSSP and what can they do for me? In short, a MSSP is a contracted vendor meant to help with security services related to technology used in business. MSSP services include but are not limited to owning the security of the network down to individual endpoints. They are often used as consultants for meeting certain business compliance standards where technology is the critical resource for transmission of data, finances, and business service.

If you find yourself in need of a Managed Security Service Provider for your business, follow these 5 action items for engagement:

group of people in a discussion

1. Self-assess to discover weaknesses. The idea here is to understand and establish your business risk tolerance. Best practice would be to use already established frameworks like PCI, ISO, NIST etc. as a guide. This can prove to be more efficient and just as effective rather than trying to tackle any legal and/or regional regulations. Once you’ve uncovered security gaps, it’s important to prioritize the impacts to the business. How will this security gap or ‘risk’ affect business should it be compromised? Understanding your business risk makes it easier to rank thus determining the ‘business risk tolerance’. Rank your discovered gaps and prioritize the tasks necessary to close that gap. This very important first step will provide a means to establish a roadmap and help advance next steps.

TIP: Some gaps can be assessed internally. In-house talent and resource constraints should be considered for all discovered gaps during this step.

2. Identify selection criteria for a Managed Security Service Provider. Once you have an better understanding of your business needs from performing the discovery step mentioned above, you’ll be primed to deliver your needed services. Knowing what you need going into the engagement with a MSSP will be extremely beneficial. Ask the MSSP how they will deliver said services. Putting the ‘what’ and the ‘how’ on the table will be paramount to establishing a good working relationship. It will be critical to establish SLAs & incident response timelines in a statement of work to better set expectations between the two business entities.

TIP: Develop a RACI matrix (responsible, accountable, consulted, informed) with the MSSP to institute record which will help with the following next steps.

3. grayscale photo of person holding chess pieceProject manage the onboarding process with your MSSP. Establish timelines and stick as close as you can to them. When you are agressively managing this process, it is possible to realize ROI of security dollars quicker than other business investments. Establish an NDA with the MSSP to cut through legal ambiguity and expedite the process. It is in both the business and the MSSP’s best interest to lay everything on the table so that business risks can be addressed openly and honestly. Allow for realistic timeframes to establish monitoring practices and metrics that bring value. Efforts made up front can reap great rewards down the line.

TIP: Understanding the maturity level of tools used by the MSSP to perform services will help further refine the management of the project to achieve success for meeting deadlines.

4. Establish clear lines of communication and dedicate your cause to continuously improve. We mentioned getting an NDA in place above. Establishing clear lines of communication will go hand in hand with your NDA and having an open door policy between teams, MSSP and the internal business, will aid in collaboration and resolution efforts. A seamless integration of tools including workflows, process, testing, and incident response will help both teams be able to maintain the RACI matrix mentioned in the tip above in step 2. Continuous improvement can be achieved by establishing a cadence of meetups with your MSSP to help them understand changes to the business where they should actively be aware.

TIP: Questions asked during continuous improvement meetups should be along the lines of: Are we still meeting the requirements of the business? Are there any industry or regulations changes that may affect the current services?

5. green and white male gender rest room signagePlan B — Always have an out with your MSSP vendor. In this clause address items like data retention and requirements especially if the business must meet certain compliance measures. Also, should things go sour with the MSSP, ensure the business has a plan to recover data if necessary.

TIP: Get a termination clause built in to your contract.