Let’s talk about the basics of cyber security.

When you think about cyber security you probably think of hackers, insidious bits of software, and malware. Although that is part of the picture, it’s not the whole canvas.

Picture your security like a castle

The analogy I have come across to explain how to approach information security for your business is to consider your information security like a castle you have built to protect your business. If your castle is going to protect you, the greatest concern is not the highest point of the wall but the lowest point. Anybody trying to break into your castle will obviously try and find the easiest way in.

So when you look at cyber security for your business your first thought should be “where is the weakest part of my defences?”

Cyber certification can protect your weak spots

A good place to start in protecting your defences is with cyber certification.

Let’s take the example of Cyber Essentials, a well-known security standard used here in the UK. The process of completing Cyber Essentials will simply help you understand where the low points are in your defences and what you need to do to build them up to a reasonable height. Although the process can take a while, the principle is as simple as that!

I’ve spoken to many business owners about improving their cyber security and one of the common objections that I’m given is ”My business is too small for a hacker to worry about, nobody is going to bother attacking me”.

Unfortunately, that’s not the case. The Government Cyber Security Breaches Survey 2021, showed that four in ten (39%) businesses reported having cyber security breaches or attacks in the last 12 months. Of these 1 in 5 lost money, data, or other assets and one-third reported a negative impact on their business.

Business of all sizes are vulnerable to cyber attack

Hackers have a wide array of automated attack tools at their disposal and don’t need to put much effort into any individual attack.

Time for a shift in metaphor! The best way to imagine this is by comparing a little shrimp to a hungry whale. The shrimp might think it’s too small for a whale to be bothered with, and as an individual shrimp that is true. But, that’s not how whales feed. They don’t eat one shrimp at a time, they open their huge mouths and swallow thousands in one go.

This is what your business looks like to a hacker. They will simply find the weakest point of your cyber defences and use that to gain entry.

Once your business has come under attack, several things can happen next, none of them good.

  • Your business data may be encrypted and you will have to pay a ransom to get it decrypted.
  • Your data may be stolen and you’ll have to pay a ransom to stop them from releasing it to the public.
  • They may get in touch with your suppliers or customers pretending to be you and make fraudulent transactions, and so on.

Essentially, there are a large number of bad outcomes for you in the event of a cyber breach, and the survival statistics for unprepared businesses make for pretty gloomy reading.

Now you may be thinking “but I have good anti-virus software and email filtering in place already, I’m pretty secure”. Again that’s not necessarily the case. The most common weak points in business defences are related to people and processes. Examples would be:

  • Shared accounts
  • Easily guessed passwords
  • Passwords used for multiple accounts

My advice to all businesses is to make sure you have some level of cyber certification whether it’s Cyber Essentials or something more robust.

If you would like to discuss what options there are to protect the information and data in your business, I would be happy to have a chat.

First let me say, I don’t hate spreadsheets. Despite what I am about to say next, I am not a spreadsheet shamer. I think they are a fantastic business tool if used for the purpose they were intended.

And that’s the problem, right there.

Spreadsheets have accidentally become highly successful at migrating business tasks away from pen and paper and into a digital format. But, as business processes have become more complex and purpose-built software solutions are developed, the limitations of spreadsheets as an ‘all purpose tool’ have become increasingly apparent. Although impressive pieces of software in their own right, they are intended for a limited set of tasks, not the myriad jobs I have seen them used for.

Stock control, staff management, project management, job-tracking … I have seen Excel supporting all of these and more. Any of them sound familiar?

I don’t think I am stepping over the line to say that the widespread use of spreadsheets is one of the main factors holding back the growth of many businesses I have talked to.

So what are the main problem areas?

1) If multiple people need to use it, then it sucks

How many times have you had people shout across the office “Who has the JobTracker.xls open. I need to make some changes!” The risk is that people are locked out because Sharon has gone to lunch and left the file open on her desktop or Brian is on leave today and has the latest version on his laptop. Or even worse, several people have their own versions of the spreadsheet which leaves everyone working with conflicting data.

Although collaboration is available via Microsoft 365, it is not necessarily the solution to the other problems, and what do you do if you are not on 365?

2) It is only as good as the person who set it up

Excel is easy to use. Using Excel well … not so easy. When used for numerical calculations, the output of the spreadsheet is only as good as the skill of person who has created it. And, even if it has been done to a high standard, what happens when that person leaves the business and their knowledge leaves with them?

3) It is a very manual process

I have seen companies employ people whose only job is to keep an essential spreadsheet updated. This is crazy! If the process the spreadsheet is handling is that important, there must be a better way to automate some of the activities rather than paying someone to keep a spreadsheet up to date.

4) Reporting is a pain

Getting any reports from Excel requires yet more manual tasks, and even if you set up wizards, the data you’re looking at is usually out of date. As a business having KPI data available at your fingertips is essential to make informed and timely business decisions. Decisions that rely on data from spreadsheets is likely to be severely compromised.

5) The more complex it gets, the more fragile it becomes

As data volume increases, a spreadsheet can get very complicated. But the more complex it becomes, the greater the likelihood is that someone is going to change something that creates an error on the formula on the 27th worksheet. Errors that can be difficult to unpick and put right (see point 2!)

6) Unscalable

As your business grows, what worked when you were smaller, suddenly isn’t scalable. Excel isn’t built to support a large number of users and its limits are likely to be shackling the potential of your business.

Ask yourself, if you were specifying a process management solution for the needs of your business if it were ten times its current size, would that solution be Excel?

7) Limited history or audit trail

“Who changed the figures in the current stock row?” When people make changes on Excel it is virtually impossible to track or see an audit trail of who did what. And that is when very costly mistakes are made.

8) It is not secure

How can something be secure if there could be many, many copies and versions floating around your systems? Every time someone emails it and it gets saved to a local computer, all these versions make the data they contain at risk of being viewed. If the spreadsheet data includes information about customers, this quickly becomes a GDPR nightmare.

Yes, you can encrypt the file, but that often leads to more problems than it solves with passwords being lost and users locked out!

If this sounds like some of the things that are happening in your business, then we need to talk.

There are far superior options available to streamline your processes and give you the accuracy, efficiency, and security you need to support your business growth rather than hinder it.

Sorry Excel.

We all rely on email. And with the advent of smartphones, it seems we can’t get away from it.

So with email at everyone’s fingertips 24/7, we should all be communicating brilliantly, right?

Unfortunately, the reality is that email is a solution looking for a problem!

It does many things very badly and only one thing really well. If you need formal communication, with a written audit trail, then email is great. Anything else … meh.

While email is good for one to one communication, it often ends up being used for ‘one to many’ conversations with multiple cc’s and reply all’s and so on.

So here are my top reasons why email is the wrong choice for your internal business communications.

1) No control over who can send

Generally speaking, anyone can send an email to anyone else. Or they can CC anyone in. Or even worse they can BCC someone in. And don’t get me started on the Reply All function! Receiving a Reply All from someone complaining about someone else using Reply All is the pinnacle of irony in the workplace!

What should be a simple conversation can rapidly become confusing, and with increasingly complex email threads the important information gets lost in the mix.

2) Email overload

According to research by Campaign Monitor, the average office worker receives about 120 emails a day, of which less than 40 percent contain important or relevant information. That’s a lot of email clutter in an employee’s inbox. Such an influx often leads to people only skim reading these emails and important information being buried (I go back to my point about reply all as one of the main contributors to this noise).

3) Wasted time

Not only does it take time to go through all these emails, but email is displacement activity, not necessarily productive time. Add to that the fact that email distracts and interrupts productivity. Research by Danwood Group and Loughborough University into the effect of email interruptions within the workplace highlighted that it took over a minute for someone to get back to work after answering an email.  If they receive 120 emails a day that could be a couple of hours of non-productive time every day, just because of email.

4) Ambiguity

Often it isn’t clear from an email if there is an action attached to it. Or the person has to read the full email (or even the email string) to work out if it something they need to action,  just for information purposes or were just included to cover someone’s back!

5) It often gets built into a business process

Because email is such a ‘go to’ communication method in the workplace, I often see it being used as part of a business process.

  • A web form drops as an email and that needs to be picked up by sales
  • The sales team email a sales order over to operations
  • Operations email over new client information to the Finance team
  • Sales hand over new clients to Account Management
  • Account Management communicate via email

These are all instances where better process tools could be used rather than email.

When that web form lands to a shared inbox, is there an agreement on who is going to pick it up, or does everyone assume someone else is doing it?

What if someone is not in and the email isn’t actioned?

What if a client has an urgent query but gets an out of office from their contact and doesn’t know who else to contact?

5) Using email as a filing system

How many emails do you have in your inbox? Perhaps you have lots of folders set up so different emails drop into different folders. Often people use their inbox as a way of filing and categorising, but this invariably is a very inefficient way of storing information.

6) Deskless workers do not use email

Many businesses have workers who are not sat at their desks every day. People working in the field, on shop floors, and in factories. If people don’t have access to email, yet the company uses email to send out important information to employees, this can cause problems.

Whether you need more effective communication or improved business processes, there are so many alternatives to email that are more efficient and user-friendly. So maybe it is time to take a step back from the tools your business is familiar with using and take a look at your workflows, business processes and pinch points and look to see if there is a better alternative to the ubiquitous email before it really damages your business.