May News:

On The Calendar May happenings at The Fulcrum Group Vistage is the world’s leading business advisory and executive coaching organization, designed to help CEOs and executives drive better decisions and better results. Member companies grow 2.2x faster than average U.S. businesses and, as members, we would like to share some great nuggets with you as we come across them, so we're excited this month to bring you a new regular feature in our newsletter - Vistage Executive News.  Check out this month's contribution, below, by Mark Mitford, with HR Catalyst Consulting. The Fulcrum Group is still seeking assistance in our engineering department and sales departments.  Service Desk Engineer and Social Media Intern are still open positions. Please see our Careers page for how to reach out to us. We'll let you know about any upcoming 2018 special events through our social media pages, which we'll update on our Events page as they occur. Quick links to our social media pages are accessible right from our website and in every monthly newsletter email you receive from us. If you're new to our newsletter and you'd like to subscribe, let us know.
People, Processes, Technology - A Cybersecurity Framework Cybersecurity Framework One framework for establishing a comprehensive cybersecurity plan includes 3 components – people, processes, and technology. People Bring awareness and training to employees. There are many ways to approach training — and many economical solutions available.  Here’s what the experts recommend:
  • Train employees to abide by basic security principles.  Establish basic security practices, such as using strong passwords, maintaining appropriate internet use, and handling customer information and data with care.
  • Build a security consciousness. Consider using internal phishing simulations to teach people how to spot common signs of an attack.
  • Cross-train employees. Give employees the opportunity to shadow IT personnel so you can build a team of unofficial deputy IT managers. This also creates more redundancy in your security by spreading out responsibility.
  • Communicate why security matters. Help your employees understand why this training is important and what’s at stake for the company. Get past legal language and make it personal.
  • Hire a fractional CIO. If you’re on a budget, use a fractional (contract or third-party service provider) model to get IT experts when you need them.
  Processes Implement robust policies, processes and procedures. Policies, processes and procedures help a company stay in control of their cybersecurity. Here’s what the experts recommend:
  • Have an acceptable use policy. Tell your employees how they are allowed to use the company assets — whether that’s Office 365, a laptop or a mobile phone. Provide guidelines for social media use.
  • Limit employee access to sensitive data and information.  Your employees don’t need full access — or equal access — to your sensitive data and information. Make sure each employee’s access is tailored to their individual role and responsibilities.
  • Put someone in charge of checking logs. Assign a member of your IT staff to look at firewall logs, antivirus logs and antimalware logs on a routine basis. Or consider outsourced Managed Security Services that include checking logs.
  • Create a playbook for different scenarios. Four times a year, get your team together and work through a cyberattack scenario as if it were a fire drill. Work out your game plan and figure out whom you’d call in an emergency.
  • Meet with a cybersecurity expert on a biannual basis.  Routine meetings with your cybersecurity advisor are as essential as regular meetings with your financial advisor.
  • Conduct an external review of IT. Regularly review what IT is doing as a function to ensure the data and network of your organization are secure and that everything that is in place is current.
  • Stay current on cybersecurity issues.  Read cybersecurity articles, subscribe to cybersecurity blogs, and reach out to cybersecurity experts.
  Technology Make smart technology choices. When it comes to cybersecurity solutions, SMBs have a lot of options. These include:
  • Antivirus software. Make sure to get a commercially supported, centrally managed solution.
  • Firewalls. Provide an added layer of protection by preventing an unauthorized user from accessing a computer or network.  If your firewall is more than 3 years old, it’s probably time to replace it, as newer, next generation firewalls have more security features to address the latest threats.
  • Data back-up solution. With threats such as ransomware that lock out your data, a comprehensive backup solution that is regularly tested, and includes both local and offsite (or cloud) backup targets is critical to ensuring that you can recover from data loss.
  • Encryption. If your organization regularly sends sensitive information via email, utilizing an email encryption system for secure send is recommended.  Standard email is NOT encrypted or secure.  If you’re in an industry such as healthcare, financial services, or local government, encrypting the hard drives of your computers is recommended.
  • Multi-Factor Authentication. Passwords can be hacked, and are often shared amongst cyber criminals on the Dark Web.  Multi-Factor Authentication adds a security layer in addition to your password to improve security of your critical IT systems.
For more information on how we might be able to assist you in creating your own solid cybersecurity framework, don't hesitate to reach out to us at 817-337-0300 or email us today!
Risk Management Framework Steps

Click on image to enlarge.

NIST 800 Series – IT Risk Management Framework Overview The Fulcrum Group is big on IT standards, and NIST is one of our favorite organizations that develop and publish IT standards.  The NIST 800 series of publications establishes an IT risk management framework that any organization, large or small, can draw on to help with IT risk management.  Below are a few key takeaways from the NIST 800 Series of publications. The NIST 800 series of publications is a holistic and comprehensive risk management process.  It integrates the Risk Management Framework (RMF) into the system development lifecycle (SDLC) and provides processes (tasks) for each of the six steps in the RMF at the system level. The NIST IT risk management framework has 6 steps: Step 1: Categorize Step 2: Select Step 3: Implement Step 4: Assess Step 5: Authorize Step 6: Monitor NIST IT risk management framework includes a multi-level risk management approach, and it is implemented by the Risk Executive Function.  It has an Enterprise Architecture and SDLC Focus and supports all steps in the NIST IT risk management framework.
3 Levels of Risk Management

Click on image to enlarge.

This framework would be considered overkill for a small organization, but there are still important tips that can be gleaned.  Here a few of my favorites.
  • IT risk management starts at the executive level, but crosses processes, people, and operations.
  • IT risk management is a continuous process.
  • The increase of cybersecurity threats has increased the importance of IT risk management.
  • Categorizing your various IT systems according to criticality will help you understand where the most potential impact is to your organization.  This will inform you on where to spend your cybersecurity budget.
  At The Fulcrum Group, we are always ready and willing to help you unpack all facets of a good risk management strategy for your organization. Our SPOTDFW blog, geared specifically for busy Executives, contains tons of great, easily consumable tips and bits of information on business strategy, including your cybersecurity responsibilities, as CEO. Please feel free to reach out to us with any question you might have.  
Good business advice SPOTlight On: 6 Key Points from Jeff Bezos from The Hustle Business & Tech News Jeff Bezos' highly anticipated annual shareholders letter was published recently and full of interesting tidbits he’s gathered during his tenure at Amazon. Here are a few key takeaways: Overachieving is contagious. JB believes that high standards are learned. Great news for companies that effectively communicate high standards in their core values -- and bad news for those that don’t. Even high performers have blindspots. Just saying your company has "high standards" doesn't mean it does.  A startup founder might place a premium on innovation but neglect to put sustainable processes in place for longterm growth. Handstand coaches exist.  Ok, that's not the main takeaway, but according to Bezos, the reason these coaches exist is because, simply, doing a perfect handstand is hard, and it doesn't happen overnight.  Having high standards doesn't mean disregarding reality - the best coaches set realistic expectations and communicate them often. Football coaches don't have to be great quarterbacks. But they do have to recognize talent and develop it.  Team leaders don't need to have all the skills of everyone on their team, but they should know what high performance looks when they see it and how to cultivate it.

Iteration makes good products great. Fun fact:  Amazon doesn't do PowerPoints - they do "6-page narratives." Bezos says teams "silently read" memos at the beginning of each meeting.  The best ones, he writes, "are brilliant and thoughtful and set up the meeting for high quality discussion."  The worst not.  The difference?  Shoddy memo writers thought they could knock out the whole thing in a few hours, when the project warranted a week or more to plan out, write, edit...and edit again.


Then he capped it off with an impressive brag section. Highlights of the laundry list of 2017 milestones include Amazon’s 100m Prime members, $20B in revenue for Amazon Web Services, and record sales for Amazon hardware devices. Which all brought the letter to, you guessed it -- exactly 6 pages

  Read Jeff Bezos' annual shareholders letter in its entirety, here.
  Vistage Executive News - Top 5 Tips For Retaining Key Employees Contributed by Mark Mitford, Managing Director at HR Catalyst Consulting Here's the top 5 list of proven strategies to retain your key employees, compiled by fellow Vistage group member, Mark Mitford. #5 - Create a great onboarding program for new hires The first 100 days are critical to the retention of your employees. You invested a huge amount of time and money recruiting new team members, and that's just the starting line. Creating a consistent and well thought-out onboarding process just makes good business sense. If a new hire doesn't feel like they made the right decision joining your company and they don't feel as if they truly "belong" in the first few months, the chance of your new team member leaving within the first 12-18 months of employment are 3-4 times higher than with companies that have a good onboarding process.  Remember that your employees are your most valuable assets. Spend the time to onboard them successfully. #4 - Create career paths for your employees Show employees how they can grow in the company and give them the road map to do so. This is especially true if you have a large hourly workforce, or a younger workforce.  If employees don't see specific paths to grow in pay, responsibility, or challenging work, they may decide to leave for another opportunity where they see a career vs. a job. A simple job can be had anywhere; finding a career can be a bit more elusive. Show your team a career path to keep them excited about working for - and growing with - you. #3 - Conduct employee engagement surveys annually By doing simple engagement surveys you are not only keeping your finger on the organizational "pulse," but at the same time, are providing your team with a chance to share praises or frustrations with leadership. Surveys are quick, inexpensive and can be conducted internally. Once the survey results are back, share them openly with your employees. Also, put high-potential employees in charge of any tiger teams you create to come up with solutions to areas that scored low on the survey. Key employees want the visibility and challenge, especially if they don't get that in their current role. #2 - Create a strong company culture "Culture eats strategy for breakfast" - Peter Drucker, great quote from one of the top management gurus of all time. It is still true today. Build your culture on a strong purpose, vision or mission and set of core values you live by and use in running your business every day. Leaders needs to be very intentional about the culture they create and emulate it daily, a good culture doesn't just happen, it is worked on. And now, here's #1... #1 - Review your employees every quarter, or every month, give them feedback constantly! In today's instantaneous world, we want everything now, not later. The days of the annual employee review are dead.  They have gone the way of the dinosaur folks!  If you have a large percentage of millennials in your workforce, ask them when they want feedback - chances are they'll want it today, not next January! Remember, feedback is a positive.  Your company changes constantly, right?  Shouldn't your employees adjust constantly in response? If your answer is YES to continual change, then ditch the annual review and shift to quick, focused monthly reviews. It sounds like hard work, but once you do this you'll never look back. If you need help in creating and implementing any of the retention strategies referenced feel free to let us know!
  Did You Know...Fulcrum Group Security Assessments & AuditsThe Fulcrum Group Dallas Fort Worth IT Outsourcing Managed Services Did you know that The Fulcrum Group offers IT Security Assessments and Audits, to uncover your organization's security risk?  Reach out to your Fulcrum Group Account Manager today for assistance! .