I don’t need to crash a motorcycle to know that road rash is painful. Or wade through a marsh in order to learn that alligators aren’t friendly. I’ve learned these things, and a million other life lessons, from watching and listening to others’ experiences.
In business, the advice you often hear isn’t quite as black-and-white as how to avoid an accident or a reptile. More often than not, good advice is freely given when you’re not quite ready to hear it or before you have a use for it. The trick is knowing what to file away for later. My hint? You’re going to want to keep this newsletter.
We’ve chosen to share advice from the trenches of DTS in this issue. About cybersecurity. Empowering employees. Strategic planning. And retaining valuable staff members (in IT and other roles). All of it learned first-hand, and often hard-won.
Helping clients is our mission but turning around to help the next person in line? That’s a choice. What advice would you share with yourself if you could travel back 10 years? Could that voice of experience benefit someone else? Continue the conversation – and share your best lessons-learned advice with me – or pass it along to help another.
Edward Tuorinsky
Managing Principal
DTS
Edward.Tuorinsky@consultDTS.com
571.403.1841
Hard-Won Truths About Driving a Security Mindset
(as published on SecurityBoulevard.com)
Working in cybersecurity as a consultant can be eye-opening. We regularly see clients who, despite knowing they need cybersecurity, come to us with little or no real security controls in place. Our job is to quickly assess where they are most vulnerable and recommend solutions and then implement a plan to bring them up to speed.
The process isn’t always straightforward or easy for the company’s employees—they are used to their routines and frankly are extremely busy and it’s tough to get them to adopt the needed changes in technology and in their security mindset. The following are hard truths we’ve seen and realized as the result of watching and guiding numerous organizations to get it right.
Change is Painful (But the Alternative is Costly) If you’re holding on to the security status quo, it’s going to cost you. We see companies that are so busy growing that they put off cybersecurity. The result is costly reworks and policies that could have been much more easily (and more cheaply!) handled if addressed earlier when the company was still relatively small.
Culture Matters These unwritten rules and norms can define you and provide a competitive edge. Culture can also be a catalyst, driving your people to work harder or be more creative. And it goes without saying that a dysfunctional culture can hamper or even sink an organization. Pay attention to how you ingrain policies and rules around cybersecurity—it can be seen as a hassle or just another norm.
Employees Are Your Greatest Asset A well-educated workforce can push your cybersecurity program to the stars. Bad actors target the vulnerable, including those companies that think they are too small to be attacked. Make sure your employees know they are the first line of defense. Give them the skills they need with training and testing (phishing email simulations, hacking exercises and practicing a breach), so they slow down, trust their gut and verify.
Ignorance is Bliss (Until it Isn’t) Without foundational cybersecurity knowledge in-house, you may not recognize risk or be aware of cybersecurity requirements. We had a client who didn’t realize that they had access to controlled unclassified information (CUI). Get smart by asking for a free assessment and estimate (or several) from a cybersecurity partner (or partners). It can help you understand your security stance and identify areas where you need to improve.
Cybersecurity is a Cat and Mouse Game Threat tactics change fast. Bad actors work hard to get to your data. Once they have an attack that works, it’s payday. Be cautious of any security solution that you “set and forget.” A strong cybersecurity program requires management and constant monitoring.
There’s no Need to Reinvent the Wheel Although every company is unique, the fix for cybersecurity problems often comes down to the basics: Best practices and proven models. An experienced partner with a strong network and technical skills can steer you toward the right tools and proper configurations.
15 Ways to Empower Your Employees
The Forbes Business Council, which includes our own Ed Tuorinsky, offers proven advice from business leaders on a variety of timely topics. Workforce issues have been on our collective mind as hybrid arrangements and the Great Resignation impact American businesses.
When asked about empowering employees, a leadership style that has been shown to drive employee satisfaction, experts from across the country weighed in with culture-building tips and ideas like:
“Give employees decision-making responsibilities over areas they control, as well as the opportunity to make recommendations for larger, enterprise-level decisions. If employees are involved in the decision process, they tend to be more vested in the organization.”
Read all 15 recommendations to encourage employees to have more autonomy.
Strategic Planning 101: Returning to the basics to nail your goals
Creating a living strategic plan gives everyone in your organization a working roadmap, navigating what employees do tomorrow as well as where things are headed in the next 24 months.
Done right, the pieces of your plan should help guide daily actions—everything ranging from how to allocate company resources, to how to engage stakeholders. Small companies, especially, benefit from the process of creating and using a strategic plan because it formalizes their values and vision, guiding goal setting and measuring impact beyond the bottom line.
Hang On to Your Staff
If you value the role employees play in your success – and honestly, that should be the case in every healthy organization – then you must prioritize and plan for training. A well-structured continuing education plan pays dividends in operations, innovation, and culture.
Plus, what you can learn from pre- and post-training assessments, in terms of employee satisfaction, job performance, and business progress, can inform specific moves that keep your staff feeling happy, valued, and productive.
In Good Company: This year’s small business trends
Data tells a compelling story, and the recap below captures what it’s like to lead a small business right now. Keep this year’s trends top of mind as you plan the year ahead and your response to market conditions.
Image source: https://www.guidantfinancial.com/small-business-trends/
Service Spotlight: DTS focuses on SMB cybersecurity in a unique way
Small businesses aren’t mini versions of their giant colleagues. Everything is different, from operations to resources to the employee experience. That’s why our small business has chosen to focus on yours.
While DTS has made a name for itself in government contracting, Veteran-owned businesses, and nonprofits for more than a decade, it’s our commercial-oriented Cybersecurity division that has grown the fastest in the last three years. 2000 percent, in fact.
In today’s business climate, every business needs to practice good cybersecurity as part of normal operations, especially our fellow SMB contractors who are facing a slew of rigorous mandates. While it’s tempting for these smaller organizations to brush aside the risk and do the minimum to keep costs low, best-practice cyber solutions and security policies can be business-enhancing and a competitive advantage.
DTS has designed our cybersecurity services to provide smaller companies and government contractors with enterprise-grade security solutions tailored to their size, structure, and budget.
- We align our cybersecurity programs with our clients’ business strategies, helping to justify the investment, demonstrate ROI, and address future needs.
- We actively and continuously scan the industry for best-in-class partners and licensing opportunities.
- We scale our services to the needs of each client, from licensing to configuration to implementation and system integration.
- We offer services to augment and support self-managed cybersecurity, from third-party reviews to the monitoring required of government contractors.
The Pulse of Cybersecurity
DTS continues to follow all cybersecurity regulations and CMMC updates very closely and commits to providing this information to our clients in plain language, with actionable takeaways.
WHAT’S NEW: NIST controls aren’t changing, but CMMC requirements might
What DIB companies need to do now: We’re still seeing a lot of confusion among contractors about NIST 800-171, CMMC, and when companies need to be compliant.
- NIST 800-171 is a list of controls that departments and agencies are authorized to select from. It spells out 110 control requirements for safeguarding CUI. The requirements are finalized and have been for several years.
- The DOD requires all 110 controls, but other agencies, including the DOE, haven’t specified which ones they will require. That’s where CMMC can help.
- Scheduled to be finalized in the spring of 2023, the CMMC program will certify that contractors with CUI and DFARS 252.204-7012 are compliant with all 110 controls of NIST 800-171 and, therefore, that those companies also meet or exceed all other agencies’ requirements.
For any contractor with a contract containing CUI hoping to continue to work with the DOD in 2023 or beyond, complying with NIST 800-171 is not something that you may need to do – it’s a guarantee that you will. The sooner you get started, the sooner you can protect your data and people, and confidently approach CMMC assessments – in whatever form they take. For additional information or an assessment to help you get started, contact DTS.
About DTS
DTS consultants go far beyond just “getting the job done.” We continually find better, more efficient and more effective ways to satisfy the needs of our public- and private- sector clients. DTS provides full lifecycle Management and IT consulting services, and can support your organization by researching and answering specific questions, solving critical issues or helping you plan for the future. Among a crowded field of contractors, DTS stands out for the quality of our people, the power of our approach, and the impact of our results. www.consultDTS.com
Continue the conversation:
Email sales@consultDTS.com or call 571.403.1841