Hiring the old guy

Hiring the old guy

Do you or don’t you, hire ‘the old guy’!

Perhaps I am just getting a bit older, but the IT industry seems to be more of a game for younger people these days. Although, to be fair, Police Officers are looking younger all the time too.

“As time goes by attending the various IT related annual corporate events, all the people sitting on the stalls marketing their company values to everyone and anyone that dares to glance their way for too long, are definitely much younger and seem to even dress less formally than when I did for many years.” states Craig Ashmole, founding partner at London based Interim Consulting CCServe Ltd.

I came across a piece of material by Nick Hughes, who is a Senior Programme, Project and PMO manager and all the same thoughts and views came rushing back to me and I quote him below.

Within IT especially there does seem to be more focus on younger, fresher talent. This was brought into sharp focus recently when I met with a manager at a consulting company. They were thinking of putting me into a bank, but the manager was concerned that my extensive and long experience might be a little intimidating for that client manager.

The manager also seemed a little nervous and said that I had a lot more experience than he did himself and that he hoped he did not ask any unproductive questions. This got me to thinking. Is there a perception for younger managers that hiring an older/more experienced contractor might jeopardise their own position? Or could older contractors probably be seen as ‘not as innovative as their younger counterparts’?

Is this ageist? Possibly, but for the hiring manager it could be a very real concern. From their perspective, they are possibly new to the position and want to prove their worth. Many managers want to be seen as the go-to person, that they are irreplaceable and key to the organisations success. Hiring in someone who may not only know more than you, but also may have experience doing your exact job, could lead to the manager being seen as superfluous. The deeper concern would be “Is he going to try and take my job?”

For contractors who have experience in roles more senior than the role being looked at, there can also be concerns for the manager around the contractor jumping ship as soon as the next best, or higher paying, opportunity comes along.

This presents a dilemma for the hiring manager and an issue for the contractor.

To be clear, I am not saying this happens all the time, or even a majority of times, but it does happen. When we are honest with ourselves, we all have those feelings of doubt, so it is perfectly understandable to have these thoughts, we would not be human if we did not.

So what is the answer? Does the manager “not hire the old guy”? Does he or she only hire people younger or less experienced than themselves?

If they do, then yes, they could avoid an embarrassing situation where the person reporting to them knows more than they do. But that will only be a temporary protection for your career and, to be honest, if you are so worried about your position that you feel the need to protect yourself, you will probably find it difficult to progress anyway.

But why hire the guy (I use the term ‘guy’, but it applies to both men and women) with more experience than you and who has potentially had a more senior position?

From my perspective, and with the experience I have gained I don’t actually want that manager’s job and I don’t want to settle down into a perm role. If I am applying for a contractor position, I don’t want the politics, the employee assessments, the HR hoops that I would have to jump through when you manage a team and also having to deal with any personnel issues. I am at a point in my life where I have realised I work to live, not live to work.

What I do want is to make the manager I am hired to engage with look good. I want to use my experience and knowledge to make a success of this project. I want to pass on my knowledge of short cuts that bring the project to a successful conclusion, or the ability to see through vendor marketing hype to accept only what is really needed in the business. Or to ensure we hit budgets & deliver on time.

From a interim consulting perspective it is simple. First, we get the satisfaction of a job well done. Second, we get the opportunity to pass on well-earned knowledge and subject matter experience to those younger people. But most importantly, we leave with the hope that the manager will recognise the contribution made and engage on the next project.

After all, as a contractor, one is always looking for the next contract. I have seen some contractors make themselves indispensable to an organisation, to the point where the perception is that they can’t be let go.

Experience on projects are usually quite simple. Define the scope and lock it down, establish a change control process to manage the inevitable scope creep, establish a governance process for decision making, plan the critical path and dependencies, identify the risks, establish a RAID log to manage them, set up reporting, then execute and monitor.

Once that is done the tough bit, the really tough bit, is managing the people. Getting the sponsor to truly understand their role. Ensuring other teams, who you have a dependency on, deliver in time for your critical path. Providing clarity around the impact to the stakeholders requesting a change. All the while you are doing this, trying to be as diplomatic as you can be but understanding why you were hired in the first place.

Us old guys (men and women) have seen this before and have dealt with it successfully. So, my suggestion to those managers who worry about “hiring the old guy” is to not worry so much but be happy to benefit from paying to get a programme delivered with SME skills that can be transferred to the perm staff. Don’t get me wrong, there are younger people who may well have the ability to be able to navigate the shark infested waters of the project world, but the old guy may well have been bitten before and survived, so has the practical knowledge of what works and what doesn’t.

So, it is up to you, hiring managers. Do you want to benefit from 30+ years of experience and dodging bullets? Do you want to have that edge to making your project successful? Having that experience that you can call on when it does go wrong – and some really do go wrong! If you do then you really should be hiring the Old Guy.

 

Thanks to Nick for sharing his thoughts

Having spent a majority of my career working with and supporting the Corporate CIO Function, I now seek to provide a forum whereby CIOs or IT Directors can learn from the experience of others to address burning Change or Transformation challenges.

Craig Ashmole

Founding Director CCServe

CIOs benefiting from Interims

CIOs benefiting from Interims

4 key objectives CIOs can benefit from using Interims to deliver less politics, and more action

Taking charge of a programme by an interim for what’s considered a short period of time doesn’t mean the Interim can’t make a big impact to an organisation.

Full-time positions allow CIOs to get their teeth sunk into an organisation and to lead an IT-enabled business transformation but not every CIO, is a permanent role. Then bodes the question; Why should technology chiefs consider utilising interim positions and what benefits do they gain from these temporary roles?

1. Dive into challenges that are inaccessible to full-time CIOs

Reading an interesting blog from Chris Chandler, head of the CIO practice at recruitment specialist La Fosse Associates, who is a big advocate for the interim CIO role. He says that, in some instances, taking a temporary position can allow a CIO to design and deliver what they deem to be the optimal IT structure for the business.

“Such interims are often free from the politics that can restrain their full-time counterparts,” says Chandler. “Operating without such constraints can be wholly liberating for CIOs and often leads to more radical IT transformations.”

A word of caution however is to not use a transformational interim CIO to focus on BAU (business as usual) activities which often require them to conform to the status-quo of the organisation. The interim in these circumstances consequentially has limited, or no, freedom to follow his or her natural change or transformation instincts and capabilities.

Chandler goes on to say, “Experience from the recruitment industry suggests that, generally speaking, organisations are increasingly industry-agnostic when it comes to appointing interim CIOs”.

Therefore, aside from the obvious over qualified capabilities that often accompany interim positions, these appointments can offer CIOs the opportunity to dive into new sectors and challenges that would not be accessible to their permanent counterparts.

2. Treat the interim position as access to valuable learning experiences

One of the biggest benefits to any company taking advantage of bringing an Interim into their Change programmes is the multi-company experience that they bring – having the opportunity to engage in so many differing corporate environments brings skills you cannot get in the short term working in one company.

The requirements of one interim placement to the next also have extensive varying elements and this sharpens another skill within Interims and that’s complacency – they are always in a new environment having to look at the situation that they are immediately in front of so no time to sit back and relax. Interims are dedicated to finding resolution to business problems quickly, to mitigate costs, and to drive change to the company.

“In a recent assignment I was engaged with, the company was on the verge of signing a contract with a global Outsource supplier and they wanted someone to come in and give them a second opinion,” states Craig Ashmole, Founding Partner of London-based IT Consulting CCServe. “I came in, assessed the geo-markets, built an ROI business case and recommended an alternative solution that presented more than $20million savings over a 5-year period”.

In total, Ashmole spent five months building the business case, gathering all the BI data to put together a report for the board. He advised that certain geo-markets were easy to follow into from an outsourcing perspective, but that other considerations like Customer Service levels and access for company directors to keep close to the Centre of Excellence were quite different to what was initially thought.

“My job was to provide the company with a viable compelling strategy,” says Ashmole. “The strategy demonstrated that the global market knowledge he brought to the table opened up other avenues not previously thought of. The Board agreed with the strategy, signed it off and he was then asked to remain for an additional 13 months to implement, and manage the transition of a 700 seat Shared Services centre.”

3. Make a difference and avoid the strain of corporate politics

The interim role provides benefits in a range of key areas. First, being temporary provides an escape route from the swamp of organisational politics all companies own. You will be surprised just what you can learn and then fix when you have a perspective from outside the organisation, whilst also performing a key role within it.

One of the key skills Interims develop is to look beyond the corporate politics that every company has and to in fact get to understand quickly ‘who wants what done, and who does not’. This then builds a strategy path for the Interim to manage the respective individuals so as to get the best out of them and also to achieve the goals of the assignment.

Interims have the natural opportunity to make a big difference, without being seen as a threat to entrenched operational territories and empires. Interim often use this political awareness as an opportunity to forge alliances across the organisation, and to deliver results directly through brokering and partnership of executives whom may all have differing agendas. These are skills a good interim will possess if they have the experience of engaging across multiple businesses and one you cannot learn from a classroom.

Interim CIOs can become a change catalyst by delivering quick and highly visible results that map directly to their contract objectives. Unlike some permanent positions, interims are often given short-term targets and are presented with the entirely realistic prospect of leaving an important legacy behind.

4. The High impact Change injection

CIOs run highly technical disciplines and usually come from technical backgrounds. Their strength is in knowing the details of IT work. This gains them respect in the eyes of their staff and enables them to use projects to drive improvement. Nevertheless, IT management responsibilities have changed substantially over the past few years. As more IT processes become automated, CIOs must become more business-savvy. CIOs also need strong people, as well as good communication and other soft skills. In this new world, CIOs must embrace new roles and skills as markets change.

Interim skills are often used as a means to this end as a quick injection of high visibility change or transformation especially where a CIO has brought an interim in to assess areas of skill shortage or to drive a particular change element.

Having spent a majority of my career working with and supporting the Corporate CIO Function, I now seek to provide a forum whereby CIOs or IT Directors can learn from the experience of others to address burning Change or Transformation challenges.

Craig Ashmole

Founding Director CCServe

Customer Service Effort

Customer Service Effort

Great Customer Service Requires Very Little Effort

Why the Financial Service Industry Needs to Simplify Every Customer Interaction

In the early 1990’s I remember reading the following story in the IT press:

McConnell got so fed up with not being able to talk to a human at his bank that he wrote a program that dialled eight different branches of his bank automatically. The program then left the following recording: “This is an automated customer complaint. To hear a live complaint, press button one.” Having pressed the appropriate button, the hapless bank employee would then hear: “The customer is unable to come to the phone right now, but your call is very important. Thank you for being patient.” Finally, the tape recording revealed McConnell’s name and phone number. He described his action as “just your basic customer protest.”

The world of financial services and technology has changed hugely since then, but I think for many of us, the same feelings still exist. Doing business with many financial services organisations feels difficult and frustrating. The technology and processes seem designed to make life easier for the organisation, not the customer. Everything seems product-centric, not customer-centric. Despite this, we often remain loyal to the institutions we started with as a teenager. And as the press often likes to quote – on average we stay with our bank longer than we stay with our partner!

However, there’s a feeling that we’re now at an inflection point, or jumping on a new S-curve with the changing views of millennials, Generation Z, including mobile technology, social networking, and driven by crowd-funding, new regulatory frameworks, switching services, for example internet giants like Google taking on the insurance world… these are all affecting financial services. No longer can our loyalty be taken for granted by corporate companies.

So how should the Financial Services industry react?

Research has shown that the new battleground for customer loyalty is focusing on effortless experiences. Somewhat surprisingly what we find from customers:

  1. Delight doesn’t pay
  2. Customers prefer to self-serve
  3. Customer service interactions tend to drive disloyalty, not loyalty
  4. The key to mitigating disloyalty is reducing customer effort

So there is an inverse correlation between customer effort and customer loyalty. The higher the effort required by the customers, the lower their loyalty; the lower the effort required, the higher their loyalty. This very much echoes the Amazon philosophy that the best service is no service.

The good news; there are dozens, if not hundreds of ways that financial services organisations can reduce customer effort across the whole customer lifecycle. For example, at my bank’s ATM recently I inserted my debit card and it presented me with just one option – your usual £50 and no receipt? Brilliant. No spurious choices that I never take. It only saved me a few key keystrokes and a few seconds, but I really appreciated it. Their mobile app is also great for checking my account and paying bills. And Apple Pay lets me pay easily and quickly. But as soon as I want to get help I have to swap channel and either email or call. That’s a lot of effort. I don’t want to leave my app to get help! Another great example of low effort is within a bank in Germany – Everything is mobile-first, including the opening of the account, which takes 8 minutes via a video call. Now that’s impressive. And then there’s Berkshire Hathaway Travel Protection, which monitors the airline timetables and automatically pays out compensation if the passenger is delayed and then texts them to say the money has been transferred to their account.

Other examples of effortless customer service

  • Using voice biometrics (rather than the dreaded touchtone menu) to reduce the time to identify and verify (ID&V) the customer.
  • Using the Touch ID or passcode on the mobile phone, in conjunction with the mobile app, to ID&V the customer.
  • Proactively working out what a customer can borrow, before they’ve asked for a loan, so they don’t have to wait for a decision.
  • Having a Single Customer View across all touch-points, so customers never have to repeat themselves and can move from channel to channel and continue the conversation from where they left off.
  • Offering a wide choice of channels, such as branch, call, email, SMS, video, social media, website, web-chat and yes even letters!
  • Being open 24 x 7, 365 days of the year
  • Sending out proactive notifications about the account status or the stage something is at in the application process, so the customer doesn’t have to chase for updates.
  • Using video in-branch to connect the customer to a remote expert, rather than asking them to come back another day.

Many of these improvements or innovations seem insignificant, some have been implemented by Financial Service organisations but added up these can lead to huge improvements in overall performance and service levels. It’s what the sporting world calls the “aggregation of marginal gains” and it’s usually what separates the winners from the losers.

Content by Dave Thomson

Having spent a majority of my career working with and supporting the Corporate CIO Function, I now seek to provide a forum whereby CIOs or IT Directors can learn from the experience of others to address burning Change or Transformation challenges.

Craig Ashmole

Founding Director CCServe

CISO moves to the top

CISO moves to the top

The CISO moves from the basement to the boardroom

A growing threat landscape has changed the role of the chief information security officer in the past decade. Here’s why this position and its evolution are vital in the modern enterprise.

“With the recent ransom virus affecting so many global businesses the executive boardroom stakeholders now have their attention”, stated Craig Ashmole, Founding Partner for London based Interim consulting firm CCServe. “Talking with a Security consultant colleague on the train the other day, he said that the insurance firm he’s engaged with did not feel the need for a CIO or CISO role until the resent infamous Ransom virus. That’s now all changed”

The rapidly expanding cybersecurity threat landscape has driven the chief information security officer (CISO) out of the basement and into the boardroom in many enterprises. While these tech professionals were traditionally seen as security enforcers, they have now clearly got the attention of the executive stakeholders and are taking a seat at the table as strategists helping the enterprise avoid cybercrime.

“The CISO’s role has changed from a pure technologist to understanding what the business is trying to do, and to make sure security is part of the business strategy, not an afterthought,” said Steve Martino, CISO and vice president of information security at Cisco. A 2016 Cisco study found that business leaders today believe that cybersecurity is a prime growth enabler, reinforcing the need for those in charge of security to increasingly think in business terms.

Cyber threats have changed dramatically in the past decade in terms of sophistication and volume, Martino said. That change has been driven by two factors: Organizations becoming more connected through the Internet of Things (IoT), and cybercriminals shifting from making political statements to cybercrime as a business.

This changing landscape and added responsibility means CISOs need to develop a new set of soft skills, including learning how to talk with a line of business leaders about risk, privacy, user experience, and balancing the trade-off of security with features.

“Five to ten years ago, the C-suite really didn’t have a relationship or a dialogue with the information security team or leader,” Martino said. “Today, we do. In order to be effective, you have to have this business context, and be able to have a business dialogue with many different functional leaders.”

That means understanding what the different parts of the business—finance, sales, marketing, etc.—prioritize, and be able to translate risk issues to their language.

“CISOs need to have that business knowledge and multi-lingual capability to be able to translate what you’re trying to get across in terms of risk to the business owner,” Martino said. “Both are required to be effective at the speed of business, and earn the respect and trust required.”

Developing new skills

Training is helpful for CISOs who have been called to report to the C-suite for the first time, said Gary Hayslip, an ISACA expert on cybersecurity, the former CISO for the City of San Diego, and the current CISO at Webroot. “It’s a different view of risk, and on the use of resources and costs,” he said. “You have to start really getting into the strategy of where the organization is going.”

Hayslip recommends finding another C-suite member who has reported to the board before, and partnering with them to learn how the board meetings typically proceed, and what the individual board members are like, what they look for as a group, and how they process information.

“If you’re a CISO dealing with the C-suite and it’s relatively new for you, don’t be scared—ask a mentor so you can start learning about what they look for, so you make sure when you do report to a board, the information you’re presenting is relevant to the discussion,” Hayslip said.

It’s key to remember that the CISO does not own the risk—the business does, said Forrester analyst Jeff Pollard. “CISOs are now transferring ownership of risks back to business units,” Pollard said. “Instead of the CISO possessing the power to stop the business in its tracks, they are advising and coaching business unit leaders on the risks and security ramifications of decisions but the business owns the risk and makes the decisions.”

Don’t be the barrier factor

Rather than becoming a barrier, this new model allows CISOs to work with, instead of against their colleagues, Pollard said. However, the CISO does need to be flexible, and understand that the security system in place must be resilient. “You’re going to take breaches,” Hayslip said. “There is no totally secure network. If you factor that in, you can start looking at where your risks are, how your teams are trained, and what policies are in place.”

If the CISO is overwhelmed with projects, it can be helpful to determine which departments you are serving, who the stakeholders are, and what is critical to them, Hayslip said. That will help you create a more narrow list of issues to tackle. It’s often wise to start with cyber hygiene, he added: If you have basic security policies and patch management, antivirus, and firewalls in place, updated, and managed, it builds a strong foundation for your organization’s cyber health.

CISOs also have an opportunity to redefine their role as a business strategist during the digital transformation, Pollard said. To prove their value, they should spend time mapping the firm’s technology touchpoints, foster security champions across the company, and get involved with customer-facing activities like product design and development, he added.

“We’re in this transition as an industry from being a technologist and a protector to being a business enabler,” Martino said. “In order to cross that chasm, the CISO has to earn a place at the table, by bringing business relevancy, and helping the business get to their goals faster.”

By Alison DeNisco  (TechRepublic)

Having spent a majority of my career working with and supporting the Corporate CIO Function, I now seek to provide a forum whereby CIOs or IT Directors can learn from the experience of others to address burning Change or Transformation challenges.

Craig Ashmole

Founding Director CCServe

Interim Consulting Demand

Interim Consulting Demand

IT contractor demand at highest point for over a year

IT Consulting and Interim management skills are at the highest demand in more than a year now that post Brexit has kicked off.

Demand for freelance IT contractors rose to a 14-month high in March 2017, according to the REC national index. The demand has been fuelled by several factors, including a lengthy list of IT skills that appear to be in increasingly short supply within the salaried permanent workforce. Brexit uncertainty could also be working in freelancers’ favour as employers are more likely to engage freelancers for IT contract jobs on a limited timeframe rather than the lengthier commitment of hiring new permanent staff. Additionally, those already working in permanent positions could be unwilling to take a chance on jumping ship in such uncertain waters.

REC chief executive Kevin Green said: “Economic uncertainty about future prospects is having a detrimental effect on employees’ willingness to risk a career move at this time. “Many [employers] are [therefore] reporting an increasing number of white collar jobs as hard to fill, including within the IT and the financial sectors.”

[REC = Recruitment & Employment Confederation]

Contractors and those who are willing to change employers are reportedly reaping dividends as skills on the scarcer side are attracting premiums in the current climate. The skills most in demand can vary from one month or even one week to the next however, so when you actually secure a contract can have a major bearing on whether you also manage to secure premium rates.

Digital generalists, UX/UI experts, and those with experience in the gaming field were particularly scarce in February for example. In March a variety of different IT skills were at a premium, including Java developers, Dev Ops, IT security, software developers, software and embedded software engineers, Ruby software developers, and PHP software developers.

The REC said: “Our concern is that Brexit will make the problem worse, particularly if onerous restrictions are imposed on people coming from the EU to work.”

It is a problem for employers, but for IT contractors a lack of skills in the general workforce means more opportunities.
“Experience and knowledge/exposure to Business Transformation related programmes are on the increase too,” stated Craig Ashmole, Founding Director of Interim IT consulting firm CCServe Ltd. “There are some high profile programmes in the City of London that have increased over the last 12 months driving PMO or Portfolio Management”.

Source: Consulting Hub

Having spent a majority of my career working with and supporting the Corporate CIO Function, I now seek to provide a forum whereby CIOs or IT Directors can learn from the experience of others to address burning Change or Transformation challenges.

Craig Ashmole

Founding Director CCServe

How PMs succeed in procurement

How PMs succeed in procurement

How project managers can succeed with procurement management

Check out these tips on how to successfully use procurement management in your projects. Also, two experts share their experiences on what simplifies the procurement process for their businesses

Procurement management is critical to successful project management—and yet, some project managers are unfamiliar with the practice, or perhaps are intimidated by what seems to be a daunting process. These are the procurement management basics you need to know.

What is procurement management?

More for CXOs

Procurement management is the practice or process of acquiring products or services from an outside vendor for the purpose of initiating or maintaining business operations. Procurement involves, at the very least, the process of determining requirements, researching options, requesting information, quotes, and proposals from vendors, as well as the final selection, approvals, the processing of vendor orders and payment and all subsequent activities until project close.

Procurement is common in the world of project management, where there are formal processes that have been established and identified in the Project Management Body of Knowledge (PMBOK). Procurement management is an area of increasing focus as more companies are outsourcing due to benefits that include cost savings, decreased administrative burden, increased efficiencies, and improved access to outside expertise.

According to IDC’s worldwide procurement forecast from June 2016, the market for procurement software is expected to reach $5.6 billion by 2020. In fact, IDC analysts note that “procurement is the second largest contributor of eight application markets within the ERM [Enterprise Risk Management] market.”

SEE: Understand the PM’s role in procurement management (TechRepublic)

Four phases of the procurement process

  1. Plan for procurements:Put together a procurement management plan that identifies all of the necessary requirements and details.
  2. Execute the plan: Send vendors requests for information (RFI), requests for quotes (RFQs), and requests for proposals (RFPs), among other things. During this phase, evaluate all of the vendor information in relation to the procurement management plan and requirements, as well as the overall project goals. Following the evaluation, select a vendor’s products or services.
    • RFIs: This is the first set of requests from vendors and is an initial step to explore project requirements, procurement needs, and vendor offerings. This a broad, yet simple, request and format.
    • RFQs:After specific project/procurement requirements are clearly identified and documented, RFQs are sent out to vendors to determine which ones can meet the requirements, as well as request specific pricing, which is a significant part.
    • RFPs: Companies will often send vendors an RFP and include information on specific issues they are trying to resolve, or project goals. The vendors will use this information to sell the company on their product or service in relation to those needs. This is a much more comprehensive document and leaves vendors a significant amount of flexibility to customise their response and solutions. RFPs are widely used.
  3. Control and monitor procurements: The control procurements process should be initiated to manage the vendor relationship, monitor and evaluate all aspects of the vendor offerings, and make changes as required.
  4. Close out the procurement: Once the vendor products or services are fully accepted, the project procurements can be officially closed.

Tips on achieving successful procurement management

Each organization develops their own unique internal policies and procedures when it comes to projects and procurement; however, these procurement management tips can apply to all businesses.

  • Develop a clear understanding of all goals and unique challenges
  • Focus on vendors’ capabilities and on how their solutions will help to achieve goals and address obstacles
  • Resist the temptation to weigh final decisions solely based on cost
  • Make sure solutions are not just short-term (unless that’s the primary goal)—sustainability and future support are also factors to consider

Procurement experts share what works for their businesses

Greg Tennyson, Chief Procurement Officer of a global vision care company, says:

“Setting a specific process for how sourcing requests are managed is key for our company’s procurement success. By using a centralised sourcing platform that works for our team, suppliers and the business allows us to engage opportunities earlier. The result is we collaboratively compare options and proactively manage work streams that drive greater value creation back to the company.”

Rendi Miller, Director of Travel & Procurement at Splunk, a leading platform for operational intelligence, says:

“At a hyper-growth company like Splunk, our tactic for sourcing success is being one step ahead of business needs. We use a cloud-based e-sourcing provider to help us deliver essential resources to the business faster, and at a lower cost. The platform automates our process so that we can manage more spending, giving us more bandwidth for strategic projects, and keeps us ahead of the game at all times.”

By Moira Alexander from TechRepublic

Having spent a majority of my career working with and supporting the Corporate CIO Function, I now seek to provide a forum whereby CIOs or IT Directors can learn from the experience of others to address burning Change or Transformation challenges.

Craig Ashmole

Founding Director CCServe

Website Hacking on the increase

Website Hacking on the increase

Here are the top 6 ways websites get hacked, according to Google

Google recently noted that it had seen a 32% rise in hacked website over 2016. Here are the most common tactics it found.

In 2016, the number of hacked websites rose by 32%, according to a blog from Google. And, unfortunately, the search giant said it believes that number will continue to rise as hackers become more sophisticated.

While 84% of webmasters who “apply for reconsideration” were able to clean up their sites, the post said, 61% were never alerted by Google that they had been hacked. The primary reason for this disconnect for more than half of hacked webmasters is that their sites weren’t verified in Google’s Search Console, which the company uses to communicate information about websites.

In a post by Google Security Team, Google outlined some of the common hacks that are affecting websites today, such as the Gibberish Hack, the Japanese Keywords Hack, and the Cloaked Keywords Hack. Citing the old adage “a chain is only as strong as its weakest link,” Google said that prevention is key in keeping these hacks at bay.

To improve prevention, it is important to know how these attacks are being carried out. Google outlined the following six ways that websites get hacked by spammers:

1. Compromised passwords

Whether an attacker is using guessing techniques to obtain a password, or simply trying out common variations of passwords, compromised account credentials are a serious issue. It’s important to create a strong password, not use the same password across multiple web properties, and use additional security tools like two-factor authentication, the post said.

2. Missing security updates

Old software that hasn’t been updated may be missing an essential patch to account for a serious vulnerability, the post said. Make sure your web server software, CMS, plugins, and other essential software are all set to update automatically. If that isn’t an option, set up a cadence by which you’ll manually check for updates.

3. Insecure themes and plugins

In addition to making sure your plugins and themes are patched, be sure to “remove themes or plugins that are no longer maintained by their developers,” the post said. Also, be careful when using free plugins, or ones that may only be available through an unfamiliar website.
“It’s a common tactic for attackers to add malicious code to free versions of paid plugins or themes,” the post said. “When removing a plugin, make sure to remove all its files from your server rather than simply disabling it.”

4. Social engineering

Social engineering attacks, like phishing, try to trick the user into thinking they are providing needed information to an actual webmaster or account manager, for example. Check to make sure the email address matches perfectly to a person you know, and never give out personal information to someone you aren’t familiar with.

5. Security policy holes

Bad security policies, such as allowing users to create weak passwords, giving admin access too freely, and not enabling HTTPS on your site can have negative consequences, the post said. To better protect your site, Google recommends making sure you have the highest security controls configured, that user access and privileges are properly managed, that logs are checked, and that encryption is used.

6. Data leaks

When data is mishandled, or improperly uploaded, it can become available as part of a leak. One method, “dorking,” can utilize common search engines to find the compromised data. Make sure only trusted employees have access to the data they need, and use URL removal tools to make sure that sensitive URLs don’t display in Google search results, the post said.

Sourced from TechRepublic
By Conner Forrest

Having spent a majority of my career working with and supporting the Corporate CIO Function, I now seek to provide a forum whereby CIOs or IT Directors can learn from the experience of others to address burning Change or Transformation challenges.

Craig Ashmole

Founding Director CCServe

Bad Management affecting your business

Bad Management affecting your business

How to avoid hiring bad managers

Ineffective managers can drive productivity down and turnover up. Here are three ways to make sure the right people get hired or promoted

Several years ago, the catchphrase “people don’t leave companies, they leave bosses,” began to circulate. There is merit to it if we look at survey results.

In a 2015 Gallup poll of 7,272 adults, 50% of respondents said that they left their companies because of their bosses. Aware of this, human resource departments conduct exit interviews when employees leave, and many HR units keep a tally of employee resignations by manager so they can see where the potential management trouble spots are in their organisations.

Sometimes the managers quit on by the most employees have endeared themselves to the organisation as high level technical performers who have been promoted, but who lack people and management skills. Other times, especially in small companies, the culprits are the founder-owners of the business themselves, and there’s not much you can do. In still other cases, companies (and their HR departments) lack the time and resources to tackle attrition and problems with managers.

Just what should be done?

The most obvious step is to develop managers within the organisation who have the ability to not only run projects and departments, but to create a winning culture in their work teams.

These people tend to lead by example, to create open and clear communications, to work collaboratively and not as autocratic leaders, to be approachable, and to generate a sense of purpose in their staffs. Talents like these aren’t always easy to find, corroborated by the same Gallup poll mentioned above, which revealed that only three out of 10 bosses have the natural or coachable talent to become great at managing people.

To improve the odds of finding strong management talent, companies can vet candidates for management positions for their ability to lead and to manage, as well as for their expertise in the departments that they are being asked to lead. If companies can’t find suitable management talent internally, they should get it from the outside—even if there is initial resentment from someone who might be passed over.

A second step is to understand (and make sure that your managers understand) what it is that employees value most from their managers.

In a survey of 500 employees conducted by Korn/Ferry scholar in residence Terry Bacon for his book, What People Want, Bacon concludes that employees want managers who are honest, fair, trustworthy dependable, genuine, participative, responsive and collaborative. On the flip side, employees are less concerned if managers are friendly or chatty.

One way companies can improve management’s awareness of what is important to employees is to have HR conduct internal employee surveys to see what is meaningful for employees in their work environments, in how they do their work and in the work direction that they are getting from their managers. These surveys should be conducted with assurance of anonymity so that employees feel comfortable completing them. To help reassure employees that their answers are confidential, some HR departments elect to use independent outside consultants to conduct the surveys.

Another step that HR departments can take is to perform analytics on what departing employees tell them during their exit interviews. In most cases, HR does ask departing employees questions about the work environment, about their managers and the work direction they received, etc., but all too often this information remains in files and is forgotten. Especially if a company has a serious employee retention problem, it is important for HR to enter the data from these reports into an analytics software that can probe the information and assist in coming up with actionable recommendations.

A third step is to develop metrics that help to reveal where there are disconnects between managers and staffs in the organisation.

One way to do this is by looking at company attrition. If there is a standout department where attrition is inordinately high, this could point to a manager who isn’t connecting well with his or her staff. Departments with troubled management also tend to show reduced rates of productivity (e.g., a finance department with a troubled manager-staff relationship might begin to take four days instead of two to perform the month-end close).

When I was a senior executive at a bank, we looked at attrition rates across the organisation and found that turnover was over 50% in the teller lines at our branches. We initially identified the problem to our compensation package, which was less than what our local competitors were offering, so we fixed that. However, the higher attrition rates continued to occur. When we looked at the situation more closely, we realised that we had managers in the field who stayed in their offices and gave little direction to staff members.

We eventually replaced these managers with individuals who were more collaborative, and also superior communicators. We succeeded in reducing the attrition rate.

It is not always easy to understand why some departments underperform and others don’t—but how managers manage is a definite factor.

“To avoid losing your best and brightest, I suggest a strategy that is aligned with a culture of recognising employees as far more than just function roles, making sure to reward more than we have seen since the 2008 financial collapse”, states Craig Ashmole, Founding Director of London based IT consulting firm CCServe.

Contibutions by Mary Shacklett from Techrepublic

Having spent a majority of my career working with and supporting the Corporate CIO Function, I now seek to provide a forum whereby CIOs or IT Directors can learn from the experience of others to address burning Change or Transformation challenges.

Craig Ashmole

Founding Director CCServe