Ransomware
Q: Ransomware is currently my company’s biggest concern. We just discovered that a server we used to provide VPN service was affected by ransomware. The person responsible demanded $1,500 in bitcoin to release our data. Fortunately, this was an old server we used mostly for keeping outdated files, and there wasn’t any sensitive or valuable data on it. But it made us aware of the risks our company faces. What can we do to decrease the risk of malware and ransomware? —Kirsten F., office manager
A: It’s fortunate that a more mission-critical system wasn’t impacted—sadly this is often not the case.
Ransomware attacks have increased in recent years. Unfortunately, there is no single silver bullet to fend off attempts, and a multilayered approach is necessary.
One of the most common entry points is through your employees, in what are called phishing and spear phishing attacks via email. This is where a bad actor attempts to trick an employee into providing private or sensitive information, usually by impersonating a known or trusted source. The best defense here is to train employees on signs of a “phishy” email.
Because threats continue to evolve, I recommend finding a partner who can help perform what’s called penetration and social engineering testing and who can help develop a remediation plan to fix found issues. At the end of the day, you can’t fix a problem you are unaware of.
Video Conferencing
Q: Somehow video conferencing never quite works right. Someone is on mute, someone can’t hear, someone shows up late, someone has a shaky connection… So much time wasted. Help! —Anonymous
A: We hear this all too often, especially with companies that invested in complex and sophisticated video conference solutions in the past. Consider developing a closed-end ecosystem whereby everyone is on the same meeting platform.
Whether you’re a Microsoft, Google or Webex house, for example, consider investing in hardware certified for that brand. This usually introduces additional controls and features on the hardware itself, like easy-to-access mute buttons or camera controls.
It’s also important to develop governance and training around video conferencing. What are your expectations of your employees when they use these tools? Part of your governance should be to provide direction on what tools and platforms are supported and which are not. All too often, employees may seek new or “better” tools, not realizing the organization has already invested in a formal meeting platform. This leads to inconsistent experiences. Developing a team of experts or coaches that are embedded throughout the organization will drastically increase adoption and utilization, too. This group of coaches can socialize the benefits of the toolset within their teams while also keeping IT informed of technical issues that could be holding back adoption.
Tool and Program Sprawl
Q: We do not always work together on the technology that we have, and I think we use too many programs. In other words, we store documents in multiple places and then don’t know where they are, so we end up re-creating things that already exist. How can we become more efficient and break down our silos? —Anonymous
A: Tool and program sprawl can be a very real and costly issue. An easy fix is to centralize your organization on a productivity suite like Microsoft 365 or Google Workspace. These suites offer the data creation tools your employees have come to expect: Word/Docs, Outlook/Gmail, Excel/Sheets and Teams/ Meet, just to name a few. Both platforms combine software with the cloud to help employees collaborate on the same documents no matter where work takes them, helping to drastically reduce file duplication and issues with version management.
Collaboration
Q: My greatest challenge comes from us transitioning from a tech company hosting our files on its server to getting all of our employees to upload files to SharePoint. I would love to have help in getting us all on the same page with the technology that we use, the versions that are being used and getting co-workers to consistently use tech for the benefit of our clients. Any suggestions to get my team’s buy-in or onboarding tips? —Nadia E., client success manager
A: The switch to a hybrid cloud without appropriate support can be extremely disruptive for an organization. I recommend taking the following steps:
1. Develop governance on what platform should be used for what dataset (for example, SharePoint should be used for procedural documents, Salesforce for customer-related data, etc.).
2. Create a group of change agents embedded throughout your organization. These change navigators should assist in training and adoption across various departments and business units and act as a feedback loop for IT to gain insights on successes and problems with adoption.
3. Ensure that your employees are empowered to provide ideas or express challenges they’re facing. Don’t let these go unaddressed, or adoption of the new tool and process will be impacted. This is where the change agents can really come into play, raising issues and helping solve them.
What are your biggest problems at work? Email us at ideasforworklife@staples.com.
Images by Microstockhub/iStock, Amphotora/iStock
