What My Unlocked Front Door Taught Me About Cyber Security

What My Unlocked Front Door Taught Me About Cyber Security

I had an odd experience the other day.  I was on the phone working from my home office and I could see a man walking up to my door through my blinds.  My house is currently for sale, which has increased the number of strangers knocking on my door.  I figured he was going to ask about the house, so I decided to stay on my call since all of the information he would need about the house is on a sell sheet, conveniently located at the edge of the yard.  I heard him knock and yell “hello” a few times, but then I thought I heard a different noise – the sound of my security screen door OPENING.  I had a quick ‘no way’ moment and swiftly got up to check on the noise, terrified to discover that this strange man was … IN MY KITCHEN!

 

What Is My Home’s  First Line of Defense?

 

So why am sharing this somewhat personal story?  Because it made me think about the conversations I’ve had around cyber security.  My screen door serves a security function.  Primarily it is an access point into my house, but it is also as a first line of defense to keep unwanted or unknown people or things from entering.  Obviously if the screen door is going to be effective as a first line of defense, the door must be locked.  A locked door only allows those with authorized access, someone with a key, or someone that I personally allow access to, the ability to enter.

 

What is Your Company Network’s First Line of Defense?

 

This, my friends, is much like our first line of defense for our business networks:  firewalls are our security screen doors.  Firewalls are meant to guard/monitor the traffic that goes into and out of our networks; however, an improperly configured or unmanaged firewall will be as ineffective as my unlocked front door when it comes to keeping bad agents out.

 

After I escorted the stranger out of my house (who actually ended up being a curious potential buyer), I went around and locked EVERY door that anyone from the street might have access to. Wouldn’t you know it, not even ten minutes later, the same man was back at my door.  He tried to walk in again, this time to ask if he could see the backyard, but his efforts were thwarted because I activated the security measure of the door – the deadbolt.

 

The Moral of the Story

 

What’s the moral of the story here?  Our security is only as good as the end user.  You can have processes in place, but if they aren’t being implemented they’re useless.  A minor lapse in judgement can leave us vulnerable to all type of threats.  Fortunately for me, my intruder was nothing worse than a person who thought it was ok to let himself into my residence.  Sadly, that’s not always the case – either at home or with our computer networks.  I can almost guarantee a stranger who goes into your network, will be doing more than just “looking around”.

 

Are you leaving unlocked doors on your network?  You can assess your point-of-sale (POS) security risk with this quick Risk Assessment.

 

This article was contributed to the National Franchise Institute by Aubree Coderre from Netsurion   (760) 637-4679


The Brand Consistency Problem: Policing vs. Promoting

The Brand Consistency Problem:  Policing vs. Promoting

   

Once upon a time, Pete could do it all.  The year was 2002 and he had just launched Pete’s Bar & Grill in downtown Atlanta. With only 8 employees under his wing, there wasn’t much he didn’t see or do.  Who handled marketing?  That was Pete.  Accounting?  Pete did that too. Design?  Pete was no designer himself, but he oversaw design as well.

 

In Pete’s mind, he had set himself up for success. He knew his food was really good, that his branding was on-point, and that no one would be able to pass up Tuesday night “Karaoke & Kabobs”.  Pete’s Bar & Grill was his pride and joy, and so long as he was in charge, not one thing was going to mess it up.

 

But that was back in 2002 – the good ol’ days when Pete could do it all.  Fast forward 15 years to the present. Instead of managing 8 employees at a single location, Pete now managed a small kingdom of 30 franchised locations.  From the outside, it would appear that Pete was living the franchise-owner’s dream.  In reality, Pete had a big problem.

‘Close Enough’ Is Good Enough

 

When Pete’s Bar & Grill first expanded into the hands of franchisees, everyone was gung ho and had no problem adhering to brand standards and design guidelines. They understood how important it was for the brand to look consistent across every marketing medium so that customers would know without a doubt that they were at the one and only Pete’s Bar & Grill.

 

But as the success of the brand grew, so did the pressure.  In the hustle and bustle of feeding hungry customers, keeping the bars clean, placing orders, managing inventory, and keeping up with food safety regulations, spending time and energy on the ‘proper’ use of logos and colors seemed less important – especially since sales were going so well at all of their locations.

 

Rachel, Pete’s corporate designer of six years, began to notice the company’s branding was slipping.  Franchisees were just too busy to dot the ‘I’ of every font choice or cross the ‘t’ of every color option and began throwing together hodge-podge variations of Pete’s Bar & Grill branding just so they could get some semblance of marketing in front of customers.  Rachel tried pushing brand regulations with the franchisees, but the more she persisted, the less his franchisees seemed to care. You could cut the tension with a knife.

Good vs. Great

Now, Pete was a smart man. He’d done the research and knew that the difference between a good brand and a great brand was consistency.  After all, consistency is the cornerstone of franchising and was one of the key reasons that Pete decided to franchise in the first place.  Consistent food, consistent service, a consistent experience, and a consistent ‘look’ is exactly why he chose the franchise model.  Clearly the franchisees were delivering consistent food, service, and a consistent customer experience.  But how could he achieve branding consistency without either policing his franchisees or bogging down his creative team?  That seemed to be the question of the day.

 

Desperate for a solution, Rachel began to do some research.  She jumped on Youtube and did a search for brand consistency and found a quick two-minute video by Lucidpress that was exactly on point with the growing pains that were happening at Pete’s Bar & Grill.  Rachel couldn’t wait to share her huge find with Pete!  

 

“Hey Pete… ever heard of Lucidpress?” Rachel greeted him at the office the next morning with a surprisingly hopeful disposition. They sat down and took a look together.

The Evolution of Brand Management

“Wow, Rachel, you are a genius – this is fantastic!”  Pete couldn’t have designed a better solution himself He discovered that Lucidpress is a cloud-based brand management tool that:

  • Streamlines marketing by allowing any franchisee to customize marketing collateral on their own without waiting on the help of a designer.
  • Protects franchisees from going off-brand with custom, lockable templates — that way “close enough” variations are never a possibility
  • Reduces the custom collateral request turnaround process from weeks to minutes.
  • Provides publishing and printing services, delivered right to everyone’s door.

 

So they gave Lucidpress a try.  Rachel began designing flyer, menu, and business card templates based on Pete’s Bar & Grill brand guidelines.  From there, she locked down the logo, colors, and other branded elements that should never be altered, and then she shared the templates with Pete’s franchisees.  The franchisees loved it and immediately began dropping in the local details for their individual locations.  After all, that was much easier and less time-consuming than the hodge-podge creations they had been doing on their own – and Rachel was now a valued part of Pete’s franchisor support team instead of the adversarial ‘branding police’.  Franchisees were excited to send their finished projects to the printer, to publish them online, and to post them to social media.

Light at The End of The Tunnel

Pete wasn’t fully aware of how well the new solution was working until two months later when he stepped inside the building of his most frequent brand offender.  When he couldn’t tell the difference between his franchisee’s designs and Rachel’s, he knew he had finally struck brand-building gold.

Pete recognized that he — like a lot of other franchisors — had been unintentionally wasting precious time and resources policing brand standards instead of promoting them.  What a relief it was to know that now he could encourage everyone to get back to doing what they do best…build their businesses! 

 

This article was contributed to the National Franchise Institute by Nick Hatch with Lucidpress  (385) 557-5117


Are YOU Your Company’s Greatest Risk?

Are YOU Your Company’s Greatest Risk?

Steven began his working career some twenty years ago.  Learning business ropes from his father and taking every opportunity to learn from previous bosses and mentors, Steven had a high level of confidence that one day he would own his own company.

Ten years into his career, Steven finally quit working for the man and branched out on his own.  After a slow ramp-up period, things started clipping along and Steven was eventually making money – a profit, even.  In the grand scheme of things, Steven knew that he should probably be surrounding himself with other smart people who could help him make informed decisions about important areas of his company that he wasn’t really all that familiar with.  But ‘knowing’ and ‘doing’ are two different things.  Steven ultimately and unwittingly became one of the greatest risks to his own organization.

Steven had heard mention of cyber security.  He thought there was a slight chance that his company could be vulnerable but he also thought he had a better chance of winning the lottery than he did of being hacked and since the lottery was already a several-million-to-one shot, he pushed cyber security thoughts out of his mind.  His naïve beliefs actually blinded him to the realities of how vulnerable his company really was – and at his own hand, no less.

On his way into his office one day, Steven found a jump drive in the parking lot.  He picked it up and after grabbing a cup of morning joe, he plugged the jump drive into his computer to see if he would be able to figure out who it belonged to so he could return it.  Unfortunately, someone didn’t ‘accidentally’ drop the jump drive – it was intentionally left there, seeded with a virus that sent out a beacon to its cyber-criminal owner to transmit where it was plugged in.  The innocent act of simply plugging the jump drive into his computer ultimately bypassed security and provided the criminal with full access to Steven’s company as well as his family’s personal files.  And just like that, Steven became a statistic.

What You Need To Know

The article below discusses factors that impact businesses, business owners, and members of their Board of Directors, and it also discusses areas that may significantly increase cyber risk, potential liability, loss of business and reputation.

It’s safe to say that data breaches are getting worse and we hear about another major breach somewhere around the world almost every week.  For some, breaches have become commonplace, a part of doing business.  If that’s true, I would argue that ignoring the risks rises to the level of negligence.

The level of concern, especially among business owners, is definitely ramping up.  Despite this concern though, far too many CEO, executives and Boards are not taking the risks seriously.

“Optimism Bias” & Complacency

The first factor that adds to your risk is a theory called, “optimism bias.”  Below are some survey questions I frequently use when speaking at conferences:

  1. Do you believe your firm or business will be breached this year?
  2. If yes, is there an 80% or 30% chance of the breach?
  3. Do you believe another firm/company, or, “the other guy,” will be breached this year?
  4. Is there a 30% chance or 80%?

Most surveyed believe they will not be breached or there is a low probability.  Conversely most believe the “other guy” will be breached and there is a very high probability.  Why?  What have you done differently?  Is your security better than Target, Home Depot, NSA, the Pentagon, Lockheed-Martin, your local merchant?
So ask yourself, “Do the standard security practices work better on my network, or do I use magic security practices that no one else is aware of?”  Whether you are the victim of a random drive-by breach or specifically attacked in order to gain mergers and acquisition data on your clients, you are under attack and you will likely fair no better than most.

If you think your security is better, why do you believe that?  Most businesses surveyed believe their security is pretty good, certainly better than their neighbors’, and the chances of suffering a breach are fairly low.  In reality most companies either will be or have already been breached.  Amazingly, a large number of business owners who claim they won’t be breached also had little to do with the implementation of their own security and likely do not truly understand it.

According to the FBI, cyber crime will eclipse terrorism.  In the past, the saying was that “there are only two types of companies:  those that have been hacked and those that will be”.  Sadly, even that is merging into a new category:  those that have been hacked and those that will be again…

Don’t Assume Someone Else Has Taken Care Of It

Passively assuming that someone else, like your outsourced IT company or your in-house IT department, is identifying and addressing the threats and risks is not an adequate form of risk management.  Some IT professionals may be skilled and thus able to serve a dual-role as security and IT professionals, but most are not.  So, the battle begins — that is, the battle for budget.  Your IT guy’s primary focus is likely “uptime” and making sure everyone can access the network.  Security, unfortunately, plays second fiddle. 

In some cases the IT department or outside company doesn’t know the full risk or extent of the vulnerabilities, but this is unlikely.  What is more likely is that they do know but are hesitant to reveal how bad it really is, and how vulnerable your company is, for fear of the impression it will create.  Regardless of the reason(s), the message about how much risk exists gets lost and is never fully conveyed to leadership which is a risk in and of itself.  IT departments and companies are playing with fire when they don’t reveal the true risks and vulnerabilities and then allow the leaders to address them.

Caveat Emptor!

Have you have seen some of the TV ads for anti-virus companies that claim to speed up and protect your computer?  Regardless of their true intent, they imply  that they will make your computer or network 100% secure.  Well, news flash, they don’t and they can’t!  As a CEO, executive, or Board member, if you are given the impression that your network is secure – or if you’re told nothing and therefore assume it is secure – what will your reaction be when you are breached?  You need to know how bad it is, along with the risks and the vulnerabilities in order to evaluate, mitigate and make informed decisions, so go ask!

Convenience v. Security

Technology has been both a blessing and a curse.  Most of us have a love-hate relationship with our computers and mobile devices.  What we love about them is the convenience, but the security, or lack thereof, threatens that convenience and our privacy.  Most people find the security practices tiresome, awkward, and annoying.  For instance, do you password protect your smartphone or mobile device?  Believe it or not, many don’t.  Passwords are annoying though, right?  Many who do use passwords, usually because they are required to, use a very easy password, like 1234.

In 2014 3.1 million Smartphones were stolen.  With no password or an easy password, a hacker or thief who finds or steals your Smart phone or mobile device has full access to all of your social media, email accounts, texts, contacts, etc.  Think about the high volume of data that your firm deals with, creates, receives, transmits, and carries around monthly.  It is all at risk.  You can’t afford to put yourself at risk because you find security rules inconvenient.

Self-Imposed Ignorance

Self-imposed ignorance occurs when the threat or risk is downplayed. Conversely, “optimism bias” may also be a factor here.  When I speak to companies about cyber-security and the need for a risk assessment, far too often I hear:  “I’m not worried, I don’t have anything the hackers want to steal”, “I’m not worried, my business is too small”, or “I’m not worried, our IT guys make us use really good passwords and we have cyber insurance.”  Wow!  That’s like saying; “I will never get in a car accident because I am a great driver” or “I have good insurance.”  Some things you just can’t control. The old saying was: “There are two things you can count on:  death and taxes.”  The new saying includes a third thing:  getting hacked!  It will happen.  In fact it probably already has and you don’t even know it.

What You Can Do:  Tips, Procedures & Techniques

There are many tips, procedures and techniques that you can implement to improve your security, but, in my opinion, the first place to start and the most important is to do a self-risk assessment:

  •      –  Understand the information you collect;
  •      –  How it flows across your network;
  •      –  What devices it resides on;
  •      –  Who has access to it;
  •      –  How it is kept secure, and;
  •      –  Who you are connected to, (e.g. ISP, Cloud provider, other services, etc.)

If an incident occurs or a client asks what you did or are doing to secure data, responding with, “I don’t know, ask my IT guy,” or, “We use really good passwords,” is probably the worst thing you can say.  Statements like that will significantly increase your liability and make you look incompetent about an issue that is foremost on most people’s minds these days.

The point is, take an active role. You need to lead and manage the process.  Don’t just hand it over to someone else like the IT department or an IT guy/gal or company, and forget about it.  Never assume that your security is great, good, or even adequate.  In all likelihood, it’s not.  Security is a process that needs to be continually managed vs. a set-and-forget concept. At any given time you must be able to articulate what you have done to protect data and your company.  Pointing to the IT guy – whether internal or from an outside company – is not a risk management solution or a valid response during an incident response investigation.  Where does your company stand? Are you a basic, progressing or advanced organization?  Take charge, take control, and manage.

 

This article was contributed to the National Franchise Institute by David Willson who is a retired Army JAG and an attorney.  In addition to having worked at NSA, he helped to establish CYBERCOM and provided policy and legal advice for many cyber operations.  As the owner of Titan Info Security Group, he specializes in risk management and cyber security to help companies and law firms lower the risk of a cyber incident and reduce the potential liability if and when the firm or its vendor is compromised and all of the client information is stolen.  He also provides cyber security awareness training and assists with other unique cyber issues.

If you are seeking resources to assist in your self-assessment, email David Willson for a free “Cyber Self-Assessment” form.


How To Avoid a DIY Branding Disaster!

   How To Avoid a DIY Branding Disaster!

Once Upon a Time . . .

Once upon a time there were two business owners named Dan and Stan. Although there are some basic similarities between both men and their individual companies, this story illustrates how differently each approached the marketing and branding for their businesses and how their respective decisions produced vastly different growth outcomes.

 

First, let’s start with some background information. Dan and Stan each run their own Paintless Dent Repair (PDR) shops. Whenever a hailstorm hits in the area, both men get busy removing dents from their customers’ cars by “massaging” out the dents without affecting the original paint and finishes of the vehicles…a valuable service that saves customers time and money.

Many New Businesses Start Out With Limited Cash Reserves

When they first opened their doors five years ago, Dan and Stan were like many start-ups: limited cash reserves that were allocated to expenses such as specialized equipment, rent, utilities, insurance, etc.

 

When Dan started his business, the term “storm chaser” had somewhat of a nice ring to it. While he couldn’t take credit for creating the storms, he was definitely not opposed to making a great living because of them. Convinced this was the perfect, needs-based recurring opportunity – which was covered by most people’s insurance – Dan saw his business as a “build it and they will come to ME!” opportunity. To save some money, Dan felt he could put together his own logo and he hired a college kid to build his website.  Although he knew everything about PDR, Dan admitted he knew nothing about branding a company. “How hard could it be?” he thought.

But Some Entrepreneurs Also Start With a Plan!

Stan, on the other hand, saw things differently. He heard that other PDR shops were opening up around town. “With more competition,” he thought, “I have to find a way to stand out…to be recognized and remembered by people so when the next storm hits, my company is the one everyone will remember and then come to me. Besides, some day I’d like to grow, perhaps add another shop or two…maybe even franchise my PDR business all over the state.” Although his vision seemed far off in the future, Stan decided to plan for it now. He figured this would help save money in the long run by avoiding costly re-dos and confusion down the road. Like Dan, Stan knew everything about PDR, but all things being equal, Stan understood that a well-developed brand would give him the competitive edge he needed to grow his business.

 

Stan performed his due dilligence: he asked around and searched online for reputable branding companies. He looked through each company’s work and called references. After meeting with a few, Stan found a branding team he liked a lot. He felt comfortable with them, asked them questions, expressed his opinions, and shared his dream. He felt they understood his vision and had the ability to create a strong brand for him that would reach larger audiences and build greater value in his company. With only start-up resources, they were also willing to work within Stan’s budget by spreading the work out over time so as not to strain his finances. Stan’s branding team researched his competition and discovered hidden opportunities they could take advantage of. They developed a strategy that would align with Stan’s short-term and long-term goals and designed an exciting, eye-catching brand and messaging that held peoples’ attention, stood out from his competition, and represented the values of his company perfectly. They also created a website with internet marketing capabilities that targeted the types of customers Stan was seeking and introduced special offers to convert website visitors into customers – all the things that Stan knew he needed but didn’t have a clue how to go about doing.

Others Wish They Built a Solid Foundation

Fast forward a couple of years, Dan was exhausted from running his business and trying to do business development simultaneously. No matter how hard he worked, Dan was getting by but he sure didn’t feel like he was getting ahead. What he thought would be an easy, cash cow business turned out to be the financial equivalent of working for someone else – except he had all of the headaches and sleepness nights of being a business owner.

 

Stan’s well branded business grew exponentially and not long after, his vision became a reality. His strong, consistent brand not only got the attention of customers, but also franchise buyers. People recognized and appreciated the powerful qualities that Stan’s brand stood for: credibility, trust, quality work, and professionalism. They wanted to be a part of his success.  As a result, Stan opened up several franchise shops and the rest is success history.

Pay Now — Or Pay Later!

The moral of this story?  Stan acted on his dream and understood that a strong brand would become the most valuable (and visible) asset of his business.  As for Dan, the term “storm chaser” no longer holds the allure it once had.  Word has it he still runs that one-man shop with hopes of selling it…someday.

 

This article was contributed to the National Franchise Institute by Greg Armgardt at Blue Ocean Branding   (303) 791-9725

 


Brick & Mortar Franchise Success: Know The Costs or Pay The Price

N E W   B O O K !

Amazon #1 Bestseller

Brick & Mortar Franchise Success:  Know The Costs or Pay The Price

Failure is not an option — until it happens!  Then what?  The purpose of the book is to take the guesswork out of the entire development process so franchisees know exactly what it takes to get their new location open in the least amount of time, for the best overall price and, more important than anything else, without making costly mistakes in the process.

Miller dedicated her book to all the brave entrepreneurs who join the franchise ranks with dreams of opening a successful location.

Her new book hit best-seller lists on Amazon.com within 24 hours of release in both the “Franchises” category as well as the “Entrepreneurship & Small Business” category.

With a Foreword by Rick Grossmann and Michael J. Katz, Esq., authors of Entrepreneur Magazine’s Franchise Bible, “Brick & Mortar Franchise Success” provides roadmaps through the build-out process from calculating a realistic timeline for the project, hiring of the right general contractor, architect and attorney, through the physical reality of the construction process and getting the doors open for business.

Carolyn Miller’s no-nonsense approach to site intelligence and construction management reveals specific strategies that have saved hundreds of franchisees millions of dollars. Many new franchise buyers learn the hard (and expensive) way that setting up a new brick and mortar business is challenging and confusing. The average franchise buyer is in unfamiliar territory and historically many make costly mistakes, which can be the downfall of their business.

Franchising is the fastest-growing method of conducting business in the world. Why? Because it works! But don’t be fooled – success isn’t guaranteed and the stakes are a lot higher when leasing space and building physical locations.  “Over the course of a few decades in development with brands such as McDonald’s, Chipotle, and Red Robin just to name a few, I’ve seen millions of dollars wasted on fixing problems that, in many instances, could have been avoided altogether.”

Like most business owners, your primary goal is to operate a successful business.  You can’t actually do that until your location opens.  While you may know a little bit about a lot of things, the devil is in the details.  When you don’t know what you don’t know, especially when it comes to leasing space and building new locations, you could be in for a long, rough ride.  The reality of how much you don’t know (and what can happen next!) can be all-consuming. Enthusiasm, persistence, and dogged determination won’t be enough to save you.

Do not, Do Not, DO NOT sign a lease without reading this book!

Once a lease is executed, you are ‘officially’ a business owner – even if your new location never actually opens!  A lot of professionals with years of business experience assure themselves that there isn’t any part of the building process that they either don’t know or can’t figure out.  What they don’t take into account is the additional time that ticks away while they learn the ropes – and make costly mistakes in the process. No matter how much business experience and success you have had in past roles, if you are not well versed in all that is involved in getting your new location open, failure will find you!

Building new locations hasn’t changed much over the years. Because it happens thousands of times a day across the country, it’s easy to adopt the mindset of, “I can figure this out.” The truth is that you CAN figure it out – but how much will you spend or forego in the process?

Ignorance isn’t bliss — it’s EXPENSIVE!

Failure is not an option – until it happens! Then what? The purpose of this book is to take the guesswork out of the entire development process so you know exactly what it takes to get your new location open in the least amount of time, for the best overall price and, more important than anything else, without making costly mistakes in the process.

Whether you are an independent business owner or a franchisee, if you have plans to lease space to build your first (or your next) location, the book you’re holding in your hands will become one of the most valuable investments you can make!

To your success…

Purchase Your Copy Thru Amazon Here

Continue reading