Viewing archives for Data

How to Avoid a CRM Car Crash

Every CEO knows that customer information is a crucial asset. And how you manage customer relationships is vital. So of course you need to implement systems to help you standardize and manage Customer Relationship Management (CRM). Unfortunately, we’ve see countless CRM projects that fail, or CRM systems that are misused, underused, or never used at all.

So why is CRM a project that fails so often? This CEO’s Briefing explains the basics of CRM systems and why companies need them. It also presents the ten rules for avoiding a CRM project car crash.

Freeman Clarke is the largest and most experienced team of part-time (we call it “fractional”) IT leaders. We work exclusively with ambitious organizations and we frequently help our clients use IT to beat their competition. Contact Us and we’ll be in touch for an informal conversation.


Learning from Travelex

Due to a cyberattack, Travelex, the world’s largest foreign exchange bureau, has been paralyzed for weeks. The reputational and financial impact on the company and its senior leaders will be severe. New laws and regulations, like GDPR and NY Shield, mean that such breaches can no longer be swept under the carpet, and the business losses will be compounded by huge fines.

Travelex is a wake-up call to all businesses. In today’s cyber-risk environment, maintenance of your basic IT infrastructure and services is critical to remaining profitable and even staying alive. You may be concerned that if a giant like Travelex gets hacked, how can a mid-market company protect itself? It’s actually pretty straightforward.

When we engage with clients, we talk about “getting the basics right.” A fundamental part of that is making sure the IT infrastructure and services are fit-for-purpose and up to date. If the basics aren’t right, then there’s no hope of looking at ways to use technology to grow the business and get ahead of the competition.

To provide you with a head-start, here are your first nine priorities:

  1. Prioritize systems maintenance. All systems and services, particularly those that are connected to the outside world, must be kept up to date with the latest software patches. The IT team or your Service Provider must review and update systems in a regular, controlled manner.
  2. Review your backups. Many malware infections encrypt your data and hold it for ransom. Frequent backups mitigate the chance of you losing everything. A regular complete backup of data stored somewhere with no connection to your systems – what’s called an air-gap – will greatly limit the damage of an attack.
  3. Get a penetration test. Get a reputable security company to undertake an external penetration test of your systems and services. Resolve all the concerns raised in the results. Find your vulnerabilities and patch them before hackers find them for you!
  4. Get certified. Spend some money, usually less than $12k on earning the Cyber Essentials Plus certification. The process involves making your technology secure, and we’ve seen clients win new business after being certified.
  5. Lock down your data. Each individual in your business should only have access to the data they need to do their job. This minimizes the risk of data loss should they leave with it or accidentally click a malware link. Allowing employees wide-ranging access to data is asking for trouble.
  6. Invest in protection. Keep the bad guys out with well-configured firewalls, anti-spam email systems, malware detection software, and pro-active Day-0 protection systems.
  7. Get some insurance. Cyber insurance covers the losses resulting from a cyberattack. It can also aid with the management of the incident itself, particularly reputational damage and regulatory enforcement. Crime insurance covers the loss of money due to theft, fraud or dishonesty and includes theft of money by hackers. Add cyber insurance and crime insurance to your portfolio as separate policies, not just add-ons to existing business insurance.
  8. Train your staff. Your employees are the most vulnerable security point in your business. The more they know what to look for and what to do, the better your chances of avoiding an attack. Training is essential for all new staff, and it needs regular refreshing for the whole business – including you!
  9. Plan for the worst. Even with all the above nailed down, you still need to be ready for the worst. Sit down with your top team and discuss potential disasters and plan your way out of them. Who would be in charge? Who is authorised to make major decisions on the spot?

Will Travelex survive this attack? Who knows – the reputational and financial damage may be terminal. But by following these nine steps, you can avoid that fate for your own company.

For more information see our Knowledge Center about Cybersecurity.

Freeman Clarke is the UK’s largest and most experienced team of part-time (we call it “fractional”) IT leaders. We work exclusively with ambitious organizations, and we frequently help our clients use IT to beat their competition. Contact Us and we’ll be in touch for an informal conversation.

Bitcoin and Blockchain: The Next Big Thing(s)?

Cryptocurrencies like Bitcoin and the underlying technology promise to change the business world. It’s easy to be cynical about this, when so much that promises sweeping change turns out to be hype. Still, we should pay attention: technology has indeed changed the business world many times, even after cynics have dismissed it!

So what is Bitcoin, exactly? And what is Blockchain? And why are they important to business? Read this briefing to see how you can position your business to take advantage.

Or watch our short video to understand the reality, the potential and the barriers.

Freeman Clarke is the largest and most experienced team of part-time, or fractional, IT leaders. We work exclusively with organizations looking to use IT to grow their business. For an informal conversation, contact us and we’ll be in touch.

Manufacturing Insights — Part 3: Getting Data Right

This is the third of our three-part series on the future of manufacturing. Check out Part 1: The Impact of the Internet of Things, and Part 2: Checklist for Successful ERP Projects.

Previously in our series on the future of manufacturing, we discussed the impact of the Internet of Things, and we provided a checklist for a successful enterprise resource planning (ERP) project. Now let’s take a look at data, a third and arguably most critical component of the future of manufacturing. More specifically, let’s talk about how to get data right.

Getting Data Right is a Critical Commercial Issue for Manufacturing Businesses

We meet many manufacturing CEOs who are frustrated about their data. Despite spending huge sums on new systems, their waste is much higher than expected, and they are still unable to get a clear view of inventory or the true cost of production.

When a project fails to deliver, often there’s a simple cause: the master data in the system is wrong. The tech may be fine (emphasis on may), but if the data is wrong, then everything else is built on sand. When new systems roll out with poor data, problems remain and a growing business becomes less profitable.

What do we mean by poor data? One example is duplication — when the same customers, finished goods (FGs), or raw materials (RMs) have been entered with different names, often multiple times. The bigger the company, the more likely it is that these mistakes can happen.

Poor data leads to some (or all!) of the following problems:

Poor Data: Causes and Solutions

Broadly speaking, we’ve identified three root causes of poor data. We’ve explained them below as well as provided possible solutions:

  1. Leadership is weak or ownership is unclear.

Data is difficult, detailed — and (let’s be honest) not very interesting. So who is going to take ownership of it? Solution vendors don’t really care about your data, and your people are too busy with their regular tasks. Often it gets left to the Finance or IT teams to sort out. And they may not have the knowledge to fix the issues or the authority to get people to change bad habits.

This issue has strategic implications, so an executive needs to take ownership. He or she also needs (a) time to get to the bottom of the issues, (b) experience in this kind of work, and (c) the authority to make decisions and get things done.

  1. The strategy is confused or vague.

Processes need updating. Data problems often reflect process problems, or lack of alignment between people and departments. It may not be clear internally who is responsible for what, such as for updating data or correcting errors. Perhaps this kind of thing falls to some very overstretched people. Or there may be no-one getting to the bottom of what goes on and why. So it’s a good idea to take a hard look at your processes. Fixing the problem may require process changes, technology changes and some retraining (or even “redeployment” if the real issue is an individual).

Multiple systems create confusion. We often see data issues when companies use multiple systems. There may be good reasons for this. But if you have separate systems there needs to be clarity as to which system owns what data, and interfaces need to be complete, tested and working.

Monitor systems and processes. You’ve straightened out your processes and standardized your data. Now you need to monitor these activities so you can make corrections when necessary. This will be easier once you’ve established who has authority and ownership.

  1. You’re planning and reacting for the short-term.

Data issues often arise due to time constraints, and commercial pressures result in shortcuts. Getting data right may be a matter of diminishing returns, as fixing obscure problems can be very difficult and time-consuming.

If this sounds your business, it’s time to make some rational decisions. Short-term pressures don’t necessarily mean that you can’t plan for the medium- or long-term.

List the data problems, estimate the necessary effort for each and the business impact. If there’s no time to fix something right now, can it be on the list for next month? Can you monitor the impact to ensure it doesn’t grow? Deciding to tolerate a problem for now is not the same as sweeping it under the rug.

Even poor systems can work effectively when the data is policed, maintained and structured. Most importantly, this is a good platform for system improvements. Well-structured data can eliminate a whole range of problems and inefficiencies, can boost profitability, and can give everyone new energy as less time is wasted on distractions and snags.

Read the rest of our special series on the future of manufacturing:

Manufacturing – Part 1: The Impact of the Internet of Things.

Manufacturing – Part 2: Checklist for Successful ERP Projects.

Freeman Clarke is the largest and most experienced team of part-time, or fractional CIOs and CTOs. We work exclusively with organizations looking to use IT to grow their business. If you’d like to discuss how Freeman Clarke could support your business contact us now for a no-strings conversation.


13 Key Steps to Cyber Security for Non-Technical Board Members

Cyber attacks can be complicated, but in our experience over many years, most are really simple and exploit basic weaknesses.

In the vast majority of cases, simple steps can make you safe, or minimise disruption in the event of an attack. But, normally, these decisions are taken by technicians and the Board are not able to effectively challenge or lead.

Here is a simple list of 13 questions and answers to allow non-technical Board members to stop hoping for good luck!

  1. How do we get security risks and issues under control?
    Every substantial business should maintain a list of risks and issues, with some analysis of the options and mitigations. Each risk or issue should be owned by someone around the Board table who has the expertise, time and ability to manage it. This document should be reviewed by the Board at least annually. The list and the open discussion drives sensible, productive decision-making and avoids a culture of sweeping issues under the carpet. This approach prevents overspending in the wrong areas – it’s all about “proportionate response”.
  2. What kind of insurance do we need?
    Unfortunately, not all Cyber Insurance is created equal and you need to take care to select an appropriate policy and provider. Check the exclusions on the policy and ensure a member of your Board understands the cover. Cyber Insurance may not give you back money that’s stolen from you – that generally requires Criminal Insurance. Check your IT is compliant with your policy conditions – the devil is always in the detail and your IT team or supplier need to know what they have to do to maintain compliance? Finally are your suppliers’ contracts clear about their liability and are they appropriately insured?
  3. How do I get staff to take security seriously?
    Security systems can be bypassed by canny criminals because they know where the weak link is … it’s your people. Create a “security culture”, where taking this stuff seriously is encouraged. Ensure you and the Board demonstrate good practice – for example, if you write your passwords on post-its then you should fully expect your staff to do the same… and one day you will probably be hacked as a result. Many hackers exploit helpful staff who simply hand over money! Sound financial processes, clear controls, good education and ongoing training are all vital to security. Remind people to “think before you click”!
  4. How do we keep data secure?
    Access to systems and data should only be given to those who need it. This is known as a least-privilege policy. For example, when a person is given access to a system, the default should ensure that person has no rights to anything. Then privileges should be granted according to what that person needs to do in the system, building up to only include the data and processes they require. If you don’t follow a least-privilege system, then you are really exposed to cyber attack, to fraud and to errors. When users’ roles change their access should be reduced if their job doesn’t require it anymore (and their access removed altogether when they leave!)
  5. What are firewalls?
    Start by ensuring your office has sensible physical security. Then make sure the equivalent measures are in place for your systems – these are your firewalls. Knowledgeable and trusted experts who understand the complexities of system and firewall management need to configure this equipment and to keep it up to date. Specifically ask them whether they have minimised points of access (ports) and are using secure ports for email and web access rather than standard ports.
  6. Why is it important to keep security up to date?
    This should be so simple, but most hacks exploit the fact that many companies fall behind. All computers should use up to date operating systems which are properly patched; utilise up to date anti-virus and anti-malware systems. However these systems only work well when they know what they’re up against. Newer protection systems coming on the market look for programmes acting suspiciously and will automatically shut down the programme before it has had time to cause mayhem. These systems provide protection against new attacks (often called “Zero Day”) because they spot the bad behaviour of an application rather than recognise the malware itself.
  7. What is data encryption?
    To protect your data, it should be encrypted and only accessible to those with the approved rights to look at it. Where you have customer data, particularly user accounts and passwords, ask your IT team whether the data is “hashed and salted” which will make it very secure and difficult to break even if your systems are breached. It is unforgivable nowadays to be holding personal or confidential data unencrypted (known as “clear or plain text”).
  8. How should we backup our data?
    Your data and systems should also be well backed up and the backup must be stored off-site, preferably with no connection to your live systems (known as an “airgap”). Ensure the backups include multiple versions of the same document in case corruption or malicious encryption took place at some point in the past. Having a decent data backup can be the difference between having a business post-disaster and not.
  9. What is a penetration test?
    A penetration test is an assessment by an expert company of your website and network to find weaknesses. This is essential if your website includes custom software or any kind of ecommerce services. Poor technical practices can result in custom software being full of holes and these are well documented in a standard list known as the OWASP top 10. This list are the standard vulnerabilities that almost all hackers focus on – ensure your penetration test includes checks against the OWASP top 10. Simple!
  10. Practical but secure password rules.
    Many hackers don’t have to be clever because users make it easy by choosing “password123” – hackers automate attacks testing thousands of obvious passwords until they get lucky! Users must take passwords seriously, choose long passwords that are hard to guess, use different passwords, and don’t share. Software can be used to store passwords securely, but if people must write down details then these must be locked away. Make sure your systems are configured to enforce good password discipline and lock out users after repeated failure attempts. Sensitive systems should be protected by 2 pieces of information, not just a password (this is called “2 factor” or “multi-factor” authentication).
  11. Sensible Cyber Attack crisis plans.
    Establish how you will handle a crisis in advance. Who’s in charge if you are attacked by ransomware and decisions need to be taken on the spot. GDPR makes specific requirements about notifying the ICO if you suffer a security breach – who is responsible for making this happen; failure to do so will result in a fine.
  12. Why does security certification matter?
    Certification will give a focus and purpose to your efforts to improve security. A good place to start is Cyber Essentials Plus certification. This will provide you with a government standard accreditation that directly demonstrates to you, your company and your customers that you take security seriously and that you’re working to ensure their data is held securely and your systems are well managed. We know of clients that have won new customers simply because they stood out from the competition by having Cyber Essentials Plus accreditation. If your business is complex or has specific security requirements then ISO27001 provides you with a means to go further and embed a “security culture”.
  13. Who should be in charge of Cyber Security?
    Someone around the Board table who has the time, expertise and right commercial attitude! This person needs to start by getting clear on what you’ve got – who are the users, 3rd parties and suppliers who access your systems. List your equipment, networks, software etc. What are the crown jewels that really matter and ensure these are these properly protected. If you want a high-class CIO, CTO or IT Director on your side and sitting around your Board table … then that’s where we come in!

You can download and read our full CEO’s Briefing about Cyber, Legal, Compliance here. Or, visit our Knowledge Center which includes all content related to this topic.

Freeman Clarke is the largest and most experienced team of part-time, or fractional, IT leaders. We work exclusively with organizations looking to use IT to grow their business. For an informal conversation, contact us and we’ll be in touch.

Subscribe to our Business Insights

Plain English board-level briefings focused on technology strategies to deliver competitive advantage and business success.

* Please enter an email address

You can unsubscribe at any time.

Thank you.

You’ll now receive regular expert business insights.

Call us on 0203 020 1864 with any questions.

Graeme Freeman
Co-Founder and Director

Subscribe to our Business Insights

Plain English board-level briefings focused on technology strategies to deliver competitive advantage and business success.

* Please enter an email address

You can unsubscribe at any time.

Thank you.

You’ll now receive regular expert business insights.

Call us on 0203 020 1864 with any questions.