The CFOs Guide To Evaluating Information Technology

April 30th, 2019 by Julie Lough

CFO Tech Guide

Evaluating information technology can be a challenging aspect of the CFO role. Your organization is likely inundated with requests for new IT features, and understanding the true value of many of them requires technical knowledge you may not have. The spending possibilities are nearly endless, and many CFOs have reason to be cautious. Perhaps you’ve been burned in the past, too, convinced by your CIO to sign off an expensive software package that failed to deliver.

In this arena, there are competing fears. You want to avoid spending money on IT solutions that don’t ultimately deliver the promised benefit or that cause unneeded disruption. You also can’t afford to reject an IT request that would have given you a competitive advantage (or worse, one that allows your competitor to gain the upper hand).

Evaluating IT is a tricky business. Here’s our CFO’s guide to evaluating information technology.

Communication Is Key

Communication from the CIO or the tech team is one of the big pain points CFOs face. There are a few reasons for this.

Apples and Oranges

The first communication difficulty is one of dialect. It feels like the IT folks are speaking a completely different language than the finance folks. To a certain degree, they probably are. Your IT group is focused on enabling the company to do more through technology and on increasing your business’s capabilities. Your group spends its time considering the financial aspects of the business. There can be inherent tension there.

Unhealthy Shortsightedness

In some businesses, it’s even worse. In unhealthy businesses, the CIO and IT team pursue technology innovations that don’t truly align with the company’s needs. They lobby to purchase software that adds capability you don’t need and solves problems you don’t have. Similarly, the CFO and the finance team in an unhealthy organization can fail to see the value of a spend or defer a purchase long enough that a competitor gains an advantage.

Either side of the equation—IT or finance—can become too narrowly focused on its own objectives. When this happens, the company loses out.

Finding Common Ground

CFOs and CIOs need to find common ground, a shared language that focuses both on the ultimate goal: making the company succeed. Ask bigger questions. Which of the company’s (not the department’s) goals will this IT spend help achieve? Is there a less expensive alternative that will still meet the company’s goals? What metrics will we gain by implementing this solution, and how will those benefit the company? Are there any metrics that can show how the proposed investment will improve a process? If those metrics show that an investment is failing to deliver, can we get out of the contract?

Questions like these are all rooted in a “what’s best for the company” mentality. Find a common language using questions like these, and avoid conversations that only benefit finance or IT.

Establish a Clear Approval Structure

The likelihood of conflict between the CFO and CIO increases greatly in organizations without a clear approval structure. To determine whether that’s your organization, mentally answer the following questions.

  • Do you (or your reports) approve every IT spend?
  • If not, who else can approve?
  • What criteria determine which requests require CFO approval? Dollar amount? Subscription/lease entanglements? What else?
  • Is there an established, documented appeal process when you deny an IT spend?

Depending on the size of your organization it may not be sensible for the CFO to approve every spend. Individual projects may have their own needs and budgets. If that’s the case, a clear approval structure is still crucial. Who on the team can make purchasing decisions? What criteria kick the decision up to a higher level?

In the end, to have a clear approval structure your business needs both a clear vision and strong, clear communication between the finance and tech teams and their leaders.

Visualize your Strengths and Vulnerabilities

Another central problem with evaluating information technologies is prioritization. Everyone wants a piece of the budgetary pie, and it’s your job to allocate it. You need a way to determine where your priorities ought to lie. This is challenging in complex organizations due to the number of requests and the varied nature of those requests.

Creating a visualization of your IT strengths and weaknesses can help you plan and prioritize. What can IT presently do for you? What are the known vulnerabilities? What systems or programs are on their way toward obsolescence? What functions or abilities does the organization view as needful but doesn’t have currently? Are there information technology solutions for those functions or abilities?

Mapping out your strengths and weaknesses gives you a clearer picture of which moves are strategic.

Conclusion

That’s it for our quick CFO’s guide on how to evaluate IT spends. If you want to learn more on this topic, or for assistance with a wide range of IT-related questions, contact us today.


Ransomware Hits Popular Cable TV Network

April 30th, 2019 by Julie Lough

Weather Channel Ransonmware

For several years now, sporadic attacks that interrupt major networks’ daily programming have been occurring around the world as hackers try to break in and succeed at their digital violence.

In April 2019, the victim was The Weather Channel. The network found itself having to broadcast pre-recorded material while an internal plan to regain channel access was quickly developed and put into place. Because this happened during some peak air morning air time—between 6 A.M. and 7:40 A.M. EDT—a significant number of viewers were affected. Aside from money the network needed to spend on emergency tech measures to get their channel back and rebuild it to a more secure form for the future, this event must have cost them reputation points as it likely didn’t sit well with advertisers.

While the network publicly announced that malware was at play in the attack, there has been speculation about whether this was the result of ransomware. With ransomware, the disruptive effects of malicious software persist until a specified amount of money has been paid. And although the malware attack itself may seem senseless, this stands as a good opportunity for your business to take some precautions to protect itself.

  1. Back-up your machines and networks. Having multiple layers of back-ups in place—both locally as well as in the cloud—can help easily restore your systems should a ransomware attack strike. Part of this also includes making sure you set back-ups to happen regularly; this ensures that you have fixed and reasonably recent recovery points to draw upon in the event of an emergency.
  2. Break up network access by different machines and user groups. Odds are that very few users if any need to have access to everything in the business; why leave full access open to anyone? They’d be a source of major vulnerability since, should a hacker gain access to their account, everything would be up-for-grabs. Leveraging the limited access of specific user groups or permissions helps contain an attack should one arise, and prevent damage from spreading business-wide. You and anyone on your team might be the exception to this in that you all need total access to be possible somehow. Fortunately, you can always construct a solution, such as several different administrative users with limited permissions, to give you the tools you need for your job while still maintaining high security.
  3. Train employees and enforce best practices. Make sure that everyone working at your business understands what steps they can take to protect their computers from hackers as well as how some of the most common types of threats work. Empower your people to set up strong passwords and to know when to trust an attachment or link. Make sure they follow through on some of these precautions by requiring them to take measures such as setting up multi-factor authentication on their accounts. Don’t let weak security be a possibility!
  4. Install software to secure your machines and scan for attacks—and make sure you keep it up-to-date. First off, you want to try to make sure your machines and networks are fortified against attacks. Use a well-constructed firewall as a central part of your protection plan. But don’t rely entirely on a strong structure to protect your business, particularly given how rapidly tech evolves. Make sure you have systems in place that anticipate vulnerabilities and keep an eye out for attacks. Some businesses even opt for honeypots, which are like dummy vulnerabilities to bait potential attackers and keep a digital weathervane in place to tell if hackers are likely to try something. Regularly update these scanning tools to ensure they are up-to-speed with the latest hacker trends and potential aggressors.

Malware attacks cost businesses large amounts of money, accounting for as much as about one-third of global cyber attack costs in recent years. In fact, cybercrime in the United States is estimated to cost enterprise companies an average of $27.4 million per year, a number that is only continuing to climb over time. If you’ve been fortunate enough to not experience any recent spikes in malware attack attempts, don’t let that lull your business into a false sense of security. After all, 85% of companies polled had experienced a social engineering or phishing attack in the past year, while 75% had at least one web-based attack. Regardless of your company’s size, remaining vigilant for possible threats and attacks is important to ensure that daily business operations can continue to flow as usual, uninterrupted and uncompromised.


Foreign Hacker Steals Nearly Half a Million From City of Tallahassee

April 26th, 2019 by Julie Lough

Tallahassee Cyberattack

The Tallahassee Democrat reported on April 5th that a large sum of money had been stolen from the city of Tallahassee’s employee payroll. The perpetrator is suspected to be a foreign hacker.

What was stolen in the hack?

The breech diverted approximately $498,000 from the city payroll account. Still, all city employees have received their earned paychecks. This hack was the second time in less than a month that a breach of city security had occurred.

How did the attack occur?

The city of Tallahassee employs an out-of-state third-party vendor to host their payroll services. Their employees should be paid regularly through direct deposit. However, a foreign hacker apparently targeted this third-party vendor, effectively redirecting the direct deposits to their own accounts.

The city of Tallahassee found out about the breach when their bank alerted them. Of course, employees found out simultaneously when they awoke to realize they had not been paid on payday.

Is there any way to get the money back?

In the majority of large scale hacks, stolen funds or data is difficult or impossible to retrieve. Still, with help from their bank, the city of Tallahassee has managed to recoup approximately a quarter of the stolen money.

They continue to pursue criminal charges against the hackers with the aid of law enforcement and their insurance provider as well.

How do cyber attacks like these occur?

Successful cyberattacks usually start with some form of an email hack. This is usually achieved through phishing.

In fact, before the most recent hack of the city of Tallahassee, an email had been sent out that appeared to be from the City Manager. It was actually from an outside hacker who had included a virus disguised as a Dropbox link in the email.

While it is not suspected that this email was related to the stolen payroll funds hack, this does happen. “Phishing” emails can help hackers procure useful information about accessing in-network files and accounts.

How can you prevent hackers from attacking your business?

Large municipalities such as Tallahassee City are increasingly being targeted in cyber attack thefts. But the truth is, any business — or individual, for that matter — can fall prey to a cyber attack.

Unfortunately, the retrieval rate on hacking thefts is not high, meaning that prevention is key. The best way to prevent a hack is to prevent phishing, as this is how most hackers access your systems and accounts.

Make sure that everyone on your staff is keenly aware of what to look for in terms of phishing emails. When in doubt, suspicious emails should be left unopened. Or, at the very least, links should not be clicked, and personal or account information should never be handed over unless it’s sure the request is legitimate.

It’s also important for businesses to employ the services of a reputable and experienced IT services provider. Look for one who specializes in cybersecurity and has experience dealing with hacking prevention.


Happy Administrative Professionals Day!

April 24th, 2019 by Julie Lough

April 24th is Administrative Professionals Day, which is an occasion worth celebrating. No office can function without hardworking and dedicated administrative staff, so why not take this as an opportunity to remind them how much you value them?

 

 

Treat your administrative staff to a little something special today, and let them know how important they are to everything that your business does.

Happy Admin Professionals Day


CFO Tech Blog: How To Become The Tech Savvy CFO

April 23rd, 2019 by Julie Lough

Tech Savvy CFO

More than ever, today’s CFOs are expected to have a degree of tech savviness. Big data and analytics are tools that are just too powerful to ignore in the CFO suite. If you’re not particularly tech savvy, harnessing the power of these tools to the fullest extent will remain out of reach.

Why You Need to Become the Tech Savvy CFO

It’s crucial to understand just how powerful today’s technology tools are for financial leadership. Whatever the nature of your business and industry, technology can empower you and your staff in the following ways.

Forecasting and Risk

Forecasting has always been a part of the CFO’s role. Forecasting today can be much more accurate, thanks to the rich data that’s available. CFOs must have the skills to understand and interpret that data (or they must employ people who can). Use robust data and analytics to reduce the amount of guesswork in your forecasting.

Risk management is another responsibility under your purview as CFO. Forecasting and risk management are interrelated, of course, and both have traditionally involved a fair bit of prediction and uncertainty. If you’re like most CFOs, you’re a fairly risk-averse person. Reduce the risks of prediction and uncertainty by basing your decision-making on data wherever possible.

Advanced Data Visualization Techniques

All this data that companies now have access to can quickly become overwhelming. Today’s tech savvy CEOs harness the power of advanced data visualization techniques to bring the most important information to the surface. These techniques include making dashboards for interacting with the data and scorecards for presenting it to users at all levels.

Predictive Analytics

In the 1960s, business predictions were often made around a conference table in a smoke-filled room. They were based on some amount of data, but hunches, opinions, and interpersonal power dynamics often played an outsized role.

Today, there’s a better way. Predictive analytics are driven by algorithms and data, not by cigars and opinions. Leverage the power of all the data you’ve collected into predictive analytics. While they are neither perfect nor omniscient, predictive analytics remove human biases from forecasting. This powerful tool can enhance your effectiveness as a CFO.

Adjust in Real Time

The CFO that understands how to use these new tools can be agile, adjusting in real time based on the data that’s coming in. Many marketplaces change rapidly, and a 6-month-old report may no longer ring true. Big data and analytics let CFOs make these quick adjustments as they continually monitor data and adjust their predictions.

Drive Growth

Acting on your analysis of data can often spur on innovation and growth. Creating efficiencies aids in growth, and as you do so you’re likely to discover new business opportunities, such as a hole in the market that your company is suited to fill.

How to Become the Tech Savvy CFO

Having a tech savvy CFO brings many advantages to a company. As a result, being a tech savvy CFO makes you a much more valuable asset. If you’re not there yet, here are a few quick tips for how to get there.

Learn Analytics

Yes, this sounds basic, but if you don’t understand how to use analytics to do the things we’ve talked about, you need to learn. If others in your company already know analytics, leverage your rank. You are the CFO, after all—make it part of their job to teach you. If you’re in a smaller firm that has yet to embrace big data and analytics, it may be time to go get a certification in this area.

Meet Regularly with Experts

Your CIO, if your firm has one, should be well versed in the sorts of technology we’ve discussed today. Meet regularly with your CIO and ask questions. Do the same with other experts in your network. They aren’t the finance people, so they may not readily see how big data and analytics can transform your role. As your understanding grows and you learn to them the right questions, you’re likely to discover breakthroughs together.

Read What They Read

Sites like CIO.com are go-to resources for CIOs, but you can benefit there, too. Not every article will apply to what you’re learning, but many will. Reading sites like these will increase your overall tech comfort level.

Leverage the Data

As your understanding of analytics grows, you can start leveraging that data in real, meaningful ways. It’s easy to get overwhelmed in a deluge of data if you don’t have the tools to parse through it. At the same time, it’s possible to parse the data so finely that you miss valuable conclusions. As your comfort level grows, you’ll improve in leveraging data to the fullest extent.

Educate Your Team

Last, you need to educate your team. As you journey to become a tech-savvy CFO, teach your team what you’re learning so that they can help you win using data and analytics.


Why Have a Technology Strategy?

April 22nd, 2019 by Julie Lough

Why have a technology strategyFollowing a solid technology strategy can make the difference between experiencing minimal downtime when a problem arises or being knocked out of commission indefinitely. A well-thought-out plan provides a direct path to your goals.

Needless to say, this is more involved than shopping at Best Buy for your business hardware. You need a plan that is flexible and resilient, allowing you to meet long-term technology goals while addressing short-term issues.

Even a simple plan creates clarity because you:

  • Map out how long it will take to implement it
  • Understand all the costs you will need to cover
  • Identify what technology you need to reach your goals
  • Clearly see how any changes will impact your business

What Does a Technology Strategy Look Like?

Your IT plan doesn’t need to be complicated. It can be as simple as a bulleted list outlining the goals your company wants to achieve and what future IT implementations it might need.

Read the rest of this entry »


How Technology Can Increase Your Competitive Advantage

April 8th, 2019 by Julie Lough

Technology fuels competitive advantages

Businesses spend millions on marketing each year in an attempt to look different from the competition. While marketing will always remain essential, technology offers endless opportunities to create differentiators that put real space between you and your competitors.

How Technology Affects Competitive Advantage

Many companies believe they must make massive changes and large investments to reap the advantages of changing technology. This isn’t true, although organizations that adopt software solutions not suited to their company struggle to adapt and actually create a disadvantage.

Before diving into any big technology purchases, we recommend working with a strategic managed IT provider (like Micro Visions!) to gain an edge without creating problems. Here are a few ideas:

Read the rest of this entry »