You can spend lots of money and time defining and executing a cyber security strategy. That being said, here are three things that can be done this week to dramatically improve your organization's defenses.
This isn't a list of goals for the year, if you really want to, you can get this done today.
1. Require verbal confirmation of financial requests (free)
You'd be amazed by how many organizations get duped by this one. An email sent to people in your finance group will look like it comes from a company's executive. The email will direct the receiver to wire money to an account or to buy a bunch of iTunes giftcards. The easy way to guard against this is to require verbal confirmation of these transactions.
2. Turn on "multi-factor authentication" (you probably already paid for it)
Gsuite and Office365 offer this feature, it just needs to be turned on. In short, if your email notices a login from a new dev...
That's the first piece advice we give to IT managers we coach. As Fractional Chief Information Officers, we wouldn't get anything done if this motto wasn't at the core of our consultancy.
Remember that CFOs and COOs are at odds. One is watching the bank account, the other needs to keep the trains running. If you understand their objectives and language, you're going to have a much better chance of getting technology projects approved.
Understand their objectives:
COO - Are they worried about downtime? Do they need to improve accuracy?
CFO - Are they trying to reduce headcount? Better manage overtime? What's their investment horizon? What sort of a return do they want on capital?
Understand their language:
COO - This is usually pretty easy for IT people to understand. Processes, flowcharts, roles and responsibilities are generally understood....
Salesforce is the #1 brand in CRMs. If you mention Customer Relationship Management to anyone, Salesforce is the first name that comes to mind. Salesforce is super flexible and powerful. The problem, is that it's gotten expensive to licenses, implement, and maintain.
If you are looking for a pure CRM (tracking leads, sales pipelines, customer contacts) there are many vendors that are less expensive and can be setup without a technical team. Insightly, Pipedrive, Nutshell, Zoho are all less expensive than Salesforce and can be setup in a day or two.
Salesforce makes sense if you want to move beyond the CRM. So if you want to track fulfillment (warranty, service crews, customer service tickets) it can make sense to buy into the whole Salesforce stack.
If you just want to track your sales, Salesforce isn't for you.
The F35 Joint Strike Fighter is a 1 TRILLION dollar defense boondoggle. The idea was that the US Air Force, Navy, and Marines would all use the same fighter jet. That sounds great, except each branch of the armed forces has different needs. By the time those needs were sorted out they ended up with three models that share only 20% of their components (essentially 3 different jets).
The fighter project tried to be all things to all people. Instead, it ended up not making anyone happy. Don't let this happen to your IT project!
Your goal shouldn't be to get all your departments on one system. Your goal should be to get your departments the functionality they NEED. If all those NEEDS align with each other and make a single system feasible, great! If not, focus on how how you might be able to tie a few systems together either by technology (APIs, CSVs) or good ole' humans!
Before you hire a data analyst a few things should be in place.
1. Your business processes should be buttoned up.
2. Basic data collection should already be happening.
If these two things aren't in place there is no consistent process to measure and there isn't any data to analyze. if you think a data analyst will get those things in order you're looking for a data analyst + process reorg unicorn (read: expensive).
You helpdesk is geared for firefighting, not strategic thinking. It's unfair to expect them to "Keep the lights on" and handle "Strategic IT" at the same time. If a user calls your helpdesk, they'll drop everything to work on the issue at hand, because of this your strategic technology initiatives will always be on the backburner.
"Keep the Lights on Technology" is the IT that is required for any organization to function. Email, Internet, Wifi, Phones are examples of this category. We sometimes call this "Break-Fix" technology. "KTLOT" should be like a utility, it should just work.
When you turn a knob, water comes out. When you flip a switch, the light turns on. KTLOT should work the same way. If it doesn't just "work" something is wrong. This technology should just melt into the background.
Technology is easier than ever to buy. Because of that, we see organizations buying technology before thinking about how their people are going to use it. The cart is coming before the horse. In other words, Technology is coming before Business.
Your IT team is like the scientists in Jurassic Park. Just because they CAN buy technology doesn't mean that they SHOULD.
Think about the humans, what their problems are, and the ROI you expect from a technology project before you buy ANYTHING!