One of the world’s biggest security vendors had hidden backdoors in their products that would allow virtually anyone to take over the firewall.

Your firewall is the security appliance that is supposed to separate your internal, secure, network from the outside world. This bug/backdoor essentially lets anybody into your network that would like to be there.

This hits East Tennessee hard for 3 major reasons

  • One of the biggest IT firms in the area standardized on this vendor’s firewalls years ago, smaller IT shops followed
  • The security required by firms that do business with DOE and ORNL mean a lot of these firewalls are in place in and around Oak Ridge and Knoxville
  • One of the areas biggest retailers also standardized on these, with 100s believed to be in production

What you need to do — today!

If you’ve seen the images below in your office, server room or computer call your IT firm — TODAY — and ask them if they’ve updated it to a version that no longer contains these bugs. Most IT firms are notorious for patching firewalls slowly, so things don’t break. But being behind on these patches means you are already broken.

This is a really big deal

It allows anyone, anywhere to reset any user’s password on the firewall.

One of the world’s biggest video game companies has had two incredibly major bugs this month and it can kill your organization’s security if you don’t have the right policies in place.

Most organizations we bring on initially have a fuzzy line around what’s “work” equipment and what’s “personal,” and what can be used for what, the result is an insecure environment. On business machines, there is typically a security standard that is in place, a set of policies and procedures set by management and rules (set by IT) to keep the bad guys out and your confidential information inside. Personal machines typically have virtually none of this. security

If your organization allows business information on personal machines or personal use of business machines you’ve opened up the door to attackers. To use the video game example, this company doesn’t seem to count an entire category of bugs important enough to fix. If they sold to businesses, they would never get away with it. If you let your employees install this video game software on your computers, however, you just did. If you allow your employees to access your company information from their personal machines, you also just did.

It’s an easy fix: put in place a written policy that only allows access to confidential information from secured, company-owned machines.

BIG WARNING: Execs usually want to be exempted from these rules. They also typically have the MOST access to the most CONFIDENTIAL information. Then THEY become your biggest risk, and TARGET.

Policies are abstract and don’t often change. They are defined by specific procedures that change as your business changes (“our external IT partner will provide you with a work laptop from which you can access company information”) and enforced by technical rules (i.e., your MSP provider blocks access to company information from machines without your security policy in place).

Even if you can’t get all of your rules and procedures in place today, define and communicate your policies. The security of your organization depends on it, and your security is no less than your future.

Need help? Call us today: 865-240-2716.

In my last blog post I wrote about a company that lacked internal alignment between their marketing and sales departments. In this blog post we’ll look at what actionable steps might entail for this real-life company.

Step 1: Have a Company Goal

The company ought to have a time-bound specific, measurable goal that guides the entire company.*

For this company, something like, “increase the total number of seats sold through managed service providers by 10% compared to Q2,  by the end of Q3,” would meet our criteria. It is specific (up 10% quarter over quarter), time-bound (end of Q3) and measurable (you either hit 10% or you didn’t).

Step 2: Communicate it

The second step is to make sure that everyone knows what this goal is. Communicate it at leadership meetings, company meetings, emails, every week in your Slack channel. Discuss the company’s progress towards it.

Step 3: Align Goals

After everyone knows and understands the goal make sure that they are on the same page as each other. Does sales know their target? Do they know what well-qualified leads look like to them? Does marketing know what well-qualified leads look like to sales? Does engineering know what product features to be in production for marketing to go after those leads?

I’m going to guess that in our real-life company this is where things first went off track: Mike (marketing) either didn’t know or didn’t care who Rob (sales) needed to close sales. As a result, Mike booked calls for Rob that not only led to no-sale; Mike wasted Rob’s time that Rob could use to talk to prospects that might actually switch.

Step 4: Align Rewards and Consequences

it’s clear that Mike is rewarded based on calls booked regardless of whether they were well-qualified leads or not. I’d recommend to Mike’s leadership that he be rewarded based on the overall company goal: tie everybody’s quarterly bonus to that goal and let Rob and Mike get together on their own to figure out how they are going work to achieve it.

If that’s too much for you to swallow, Mike could at least be rewarded based on calls booked with qualified leads. Based on the company goal, a qualified lead might be defined as, “a managed services provider with 250 or more seats that is ready to commit to change to a new tool provider before the end of Q3.”

Mike’s company could also combine those, either way, they’d find a greater degree of alignment than they have today.

Of course, if they stuck with the first suggestion the natural consequences would also line up: Mike & Rob would both waste time and miss bonuses if they didn’t work together. No manager needed to get between them to tell them that bad prospects (me) need to be saved for a different time.

ArsTechnica: Louisiana declares state of emergency in response to ransomware attack

Business alignment is one of those things that speakers and leaders often talk about in platitudes but don’t give anything actionable. This is a short blog with a story of non-alignment that also gives some actionable steps at the end.

I have an open-door policy with prospective vendors: if you want to sell me something I’ll give you 15 minutes, no questions asked. Mike (business development aka marketing) recently took me up on this. Mike works for a company that sells tools every company in my industry uses. My company has the tools Mike’s company sells from another company and I am very happy with the performance and price, which I let Mike know ahead of our phone call. Mike still wanted to go ahead.

The scheduled phone was with Rob (inside sales) not Mike. As soon as I let Rob know that I had the same tools he was selling and was happy with those tools you could feel the emotion leave the conversation as Rob wanted to get me off the phone as quickly as possible.

What happened?

I didn’t let Rob off the phone right away.

I asked some questions – I am insatiably curious.

Turns out Mike is evaluated/compensated on booking calls, Rob is evaluated/compensated on booking customers. Mike was fully incentivized to get me on a phone call regardless of if I would switch. Rob was fully incentivized to get me off when he knew I was a poor prospect.

This is what lack of alignment is: departments have goals that differ from each other and do not ladder up to the primary company goal. In this case, the lack of alignment led to direct conflict between departments that are part of the same process and pipeline.

What do you do about it?

First, have a clear company goal. If you don’t have one today, get one. Yesterday. (Resources: Measure What Matters, Life In Half a Second)

Second, communicate that goal to everyone in the company. Over and over, this is a multi-channel all-the-time effort from the CEO on down.

Third, align department goals with the company goal. Peers (i.e., department heads) need to know what each other’s goals are to make sure that they are not in conflict.

Fourth, align department and employee incentives with the overall goal and punish behavior that is not in line. (Punishment can be the natural consequences, not discipline).

My next blog post will go over what that would look like for Mike & Rob’s company.