Trillium Insights

Thoughts and Insights from Trillium's Practice Leaders

Cybersecurity - Where Do I Start?

Cybersecurity - Where Do I Start?

Every day or two, we hear about another cybersecurity attack in the news.   High-profile companies with millions of customer’s personal information has potentially been compromised.  The numbers are so big that most people cannot comprehend the impact.   The business impact of a breach can be huge in terms of lost customers, lost revenue, and taking a major brand hit. 

We are told that known vulnerabilities are being exploited.  In most instances, high-profile companies have defined policies, procedures, and standards in place that should have either prevented or at least mitigated the risk of the attack.  Where does that leave mid-sized businesses that don’t have the resources of larger companies?

The key for Small and Mid-Sized Enterprises (SME’s) is to first identify where the risk areas are and then determine what the right plan of action is to address them.   Perform an assessment and develop a risk register.  The register is a living tool that enables you to rank each finding to segregate the risk.   This enables an organization to analyze both the business risk and cost to determine the appropriate actions to be taken to mitigate risk. 

Any action that needs to be taken falls into the three buckets that we are all very familiar with – People, Process and Technology.  We will focus on those activities in a later blog.  The key is understanding what the risk is, quantifying the business impact of the risk, and the cost of addressing the risk. Once these are understood, the next steps will be clear.  

Why do the good ones leave?

Why do the good ones leave?

I have recently worked with several strong full stack developers and helped them transition to new companies.  There were two common themes for why they decided to make the transition.  The first was challenge and the second  was their intense desire to stay current. 

Each of the developers told me that they had been with their current companies for over 2 years and they felt that the excitement/ challenge of being a change agent within the company had worn off.   It can be difficult for a company to identify ways to challenge their people.  At the same time, the cost of not identifying ways to keep current employees engaged and challenged can be high, in terms of the cost of hiring and training new personnel as well as the productivity lost with the transition.

Many strong technical people have an intense desire to make sure they stay current.  As the use of XaaS technologies proliferates, it is becoming increasingly important that your key technical talent be given opportunities to expand their tool kit by either taking training or being given side projects to provide them with an opportunity to learn and share.

Keep looking for ways to challenge your people; it will really pay off.

HIPAA Compliance is way bigger than IT

HIPAA Compliance is way bigger than IT

We recently completed another Security Assessment and remediation plan development for a client that maintains HIPAA data.  In this instance, the organization’s maturity was relatively low in areas of data access rights and controls around data access.  For this client, there was an Information Access and Controls policy that had been developed, but the procedures for how the policy was to be implemented were incomplete, and there were no controls in place to prove that the policy was being adhered to.    

When we presented our findings to the leadership team, the presentation turned into a productive conversation.  It became clear to HR that they had a key role in maintaining HIPAA compliance by needing to notify IT when a person had been terminated to ensure that their systems access was revoked.  They realized that not notifying IT about the termination was putting the company at risk.  The leadership team then talked openly for the next 10 minutes about ways to notify IT about the termination.  After talking through that example, we walked through the remaining remediation plan for the other areas of focus and it was clear that the leadership team “Got It”.   Different members of the leadership team took on the areas of the remediation plan that affected their organization.  When we met a few days later, we were quickly able to finalize and prioritize a remediation plan that had full buy-in by the leadership team.

5 Signs of a Strong Leader

5 Signs of a Strong Leader

I read several articles over the holiday weekend about the traits of an effective leader.  It is a topic that I am passionate about, so I want to share some of what I read and what I took away from the articles.  

1. They build trust.

Strong leaders know that trust is essential to building a strong team and fostering growth. A leader who fosters an environment of honesty enables an organization to talk openly.  It also builds a culture of knowing that the organization will support them.

2. They give their team rewards and recognition.

This can be done on a regular basis by providing verbal acknowledgements and praise or small tokens of appreciation for the work that their team has done.  People remember those special moments.

3. They champion people development.

Strong leaders know that the key to building a great organization is to help their team grow.  Organizations are now realizing that it is better to help a team member hone a strength instead of developing a weakness. 

4. They give their people space.

Strong leaders give their people a chance to recharge by taking a break, taking a walk or listening to music.  Overworking employees causes burn out and demotivates their sense of belonging.

5. They have a positive attitude.

Strong leaders keep their teams motivated towards continued success by keeping their energy levels up. Whether that means providing snacks, coffee, or even relationship advice, remember that everyone on your team wants to  enjoy their work.  This is much easier in a positive work environment.