407-445-2414 info@wrmllc.com
Why Data Literacy Is Your First Step to Business Intelligence

Why Data Literacy Is Your First Step to Business Intelligence

In college, I had a short-lived and hilarious dream that I could learn to play lacrosse. I suppose I was attracted to the glamour of running wind sprints for two hours while being hit with titanium poles.

Alas, the dream was not to be. When I showed up to my first pick-up game, I had no idea what a “slide” was, didn’t realize “clamping” had anything to do with face-offs and had no idea where “the box” was.

I lacked lacrosse literacy.

The problem’s the same with business intelligence software. Except, data literacy is the key factor.

If you want your employees to use the $3,000-per-license business intelligence software you bought, they need to be data literate first. Otherwise, that BI tool will be as useless as a lacrosse stick was in my hands.

Why data literacy is your first step to business intelligence

Fortunately, Gartner research can help you and your team get data literate. They’ve come up with multiple strategic suggestions that you can implement at your business.

What Is Data Literacy?

Data literacy means you “speak” data the way you might speak any other foreign language.

“Gartner defines data literacy as the ability to read, write, and communicate data in context, including an understanding of data sources and constructs, analytical methods and techniques applied, and the ability to describe the use case application and resulting value.”

(Full research available to Gartner clients.)

In plain English, data literacy means you know what data you’re tracking, why you’re tracking it, how to read that data, and how to use that data to save or make money.

Data Literacy Is the Gateway to Business Intelligence

At its heart, business intelligence software is a data-wrangling program.

BI software programs organize all your data sources (website data, CRM data, email data, financial and POS data) and let you see how those data sources interact (for example, did sales increase when you changed the colors on your website?).

So, until your employees are literate with the data your business intelligence tool wrangles, they won’t know how to wrangle their business intelligence tool.

The data literate person knows what data they’re tracking, where it’s stored, and how it fits together. That’s not all they know, though.

Data literacy is also a way of thinking in terms of data. The data literate person doesn’t just think in generic terms—such as did sales increase? They think in terms of data—did Q1 website conversions among women ages 18 to 34 increase as a result of that email campaign?

It’s like learning a foreign language: You haven’t really learned that new language until you start thinking in it, as well as speaking it.

How To Teach Your Employees Data Literacy

Most employees, however, probably don’t think in terms of data, which presents you with another challenge: How do you get your employees to start thinking in terms of data?

1. Employees need to know what data literacy is

Becoming literate in any new lingo is challenging … especially when people don’t know that lingo even exists.

Chances are, most of your employees aren’t even aware that data literacy is a concept. So if you want your employees to use your BI software, you’ll have to introduce data literacy first and explain why it matters.

And don’t just introduce the concept of data literacy once. Introduce it repeatedly.

No, “introduce repeatedly” is not an oxymoron. Since learning how to speak (and think) data is a major change, a single introduction probably won’t stick. They may forget at first, and that’s natural.

Case in point: As a one-time substitute teacher, I got several classes to make a major change by introducing that change gradually.

The English teacher I subbed for allowed cell phone use in her classes. Predictably, the students were learning next to nothing, though their Candy Crush scores were amazing, and they Snapchatted all their paper cuts. About a month into the gig, I decided to ban cell phones.

The change only worked because I introduced it gradually—I announced I would start the policy on a set date, explained why I was doing it, and reminded students to leave phones in their lockers.

If students brought their phones with them, they could put it in a plastic box at the front of the room when class started. If their phone rang while in the box, I’d leave it alone. If it rang while on them, I’d answer it in a loud and public fashion, and they’d go to the principal’s office.

Though the notion of spending even 45 minutes without their phones was horrifying for most of them, the policy worked well because I gradually introduced the concept of class without phones.

How to put this into practice:

There are multiple ways to introduce data literacy to your employees over a period of time.

At Capterra, our employees volunteer to lead “lunch and learn” sessions: brief, hourlong intros to topics that interest them. You could encourage data-savvy employees at your company to do the same.

You could also spend time at all-company or department meetings translating basic activities, or concepts, into data. Anything that breaks the data-ice is a good idea.

2. Employees need to speak data

Once employees know what data literacy is, they need to learn to “speak” data.

Gartner analyst Valerie Logan suggests you approach learning to speak data the same way you would any foreign language and even refers to the process as ISL or information as a second language. (Full Gartner research is available to clients.)

How to put this into practice:

Figure out which employees already speak data, and also who can translate data into plain English. These “data translators” can help employees who struggle to speak data.

Figure out what the language barriers are to speaking data: If business and IT folks don’t speak the same language, that’s a language barrier (or “interpretation gap,” as it’s also called).

There are multiple ways to break language barriers:

  • Keep a glossary of common terms.
  • Make sure C-level executives speak data so they can set an example.
  • Make sure your business goals are expressed in actionable language.

3. Employees need to speak data to each other

Practice makes perfect, so speak data regularly until it becomes a habit.

As Gartner analysts Alan Duncan and Lydia Clougherty Jones suggest, the best data-driven companies focus consciously on this goal. They don’t just speak data, they interact in terms of data. They use data as a way to build inter-team trust, presenting evidence and keeping an eye open for problems such as confirmation bias. (Full Gartner research is available to clients.)

At the same time, you’re learning terms such as “confirmation bias” and “cognitive filtering,” you can think about examples of this in your own work, and be on guard against these bad habits.

How to put this into practice:

Follow the example of foreign language conversation clubs. In the same way those clubs meet once a week to practice German or Amharic, get a group together for weekly or monthly coffee meet-ups where you talk data: what data you’re working with, how it interacts with other departments’ data, and what data you wish you had.

For instance, how does your website’s load time impact visitors and conversions? If sales and tech aren’t discussing how those data sets interact, you could be missing out on a possibly lucrative correlation. (Hint: shorter load time almost always means more visitors and conversions).

Discussion groups like this also help with another important goal: becoming data-driven. This is where business intelligence as a way of thinking comes into play. As you’re learning to speak data, treat it as an opportunity to learn how to think differently.

4. Employees need to speak data frequently

Ideally, brown bags and discussion groups will be your first step on the way to data literacy immersion.

Immersion’s the best way to learn to speak a foreign language, and speaking data is no different.

How to put this into practice:

Gartner analyst Valerie Logan recommends you speak data in everyday conversations, “from board meetings to team meetings.” If speaking data becomes a regular behavior, it’s more likely to stick. And when it sticks, you’ll be on your way to being data-driven.

As Gartner analyst Alan Duncan notes, becoming data-driven has more to do with behavior than technical know-how. That’s why HR should also be involved in your attempts to become data literate.

Duncan recommends having the HR department be a core stakeholder in business intelligence change management. Primarily, they can “adjust hiring practices to emphasize analytic literacy.” (Full Gartner research available to clients.)

The critical role of processes in your disaster recovery strategy

The critical role of processes in your disaster recovery strategy

Yet with the ever-increasing threats from both natural and man-made disasters – from the devastating fires and flooding in California last year through to the recent impact of Intel’s chip flaw that opened the door to potential hacking – is there anything more that IT departments can do to perfect how their organization both prevents and reacts to business disruptions?

Surprisingly, more than 1 in 3 businesses admit they don’t have a disaster recovery policy in place, a figure that is even higher amongst smaller businesses where an estimated 3 out of 4 are reported to have no contingency measures at all.

With our increasing reliance on technology and the reluctant acceptance that most technology is vulnerable to potential downtime, the CIO or IT manager is the obvious choice of leader to take responsibility for the whole disaster recovery plan, whether it’s due to a technical problem or other factors.

The ripple effect of abnormal events not only affects the IT department but can have serious repercussions on all daily operations including financial management, customer experience, HR, and workflow, etc.

Whilst CIOs regularly consult with other members of the C-suite on devising a risk management strategy, there are significant advantages to garnering the support of key employees across the whole organization, on a continual basis.

To ensure your disaster recovery plan anticipates every eventuality it’s essential to get ‘buy-in’ and input from all departments, so you can be confident that your plan is as informed, up to date and effective as possible.

Here are some recommendations on how to maximize the knowledge, creativity, and strength you can draw from key players across the organization.

Produce a clear mandate

During ‘business as usual’, a robust process management discipline and a strong process culture provides a firm foundation for teams to document and develop new and innovative ways of working and can help a company drive competitive advantage and innovation.

However, do employees know what processes to follow when the extraordinary occurs? Whether the Internet or phones go down, sensitive customer data is stolen, or severe weather stops them from getting into the office, clarity, and communication of disaster recovery processes is just as important as the plan itself. Every member of staff needs to know when and how to trigger a disaster recovery response, as well as be aware of who else is part of the team.

Part of the CIO’s remit should be to oversee the design and build of processes that are easy and clear for all personnel to find and follow, every day. In a disaster situation, it becomes imperative for staff to act with minimum delay, limiting the damage that could result from a disaster.

Build easy to follow checklists

One way of communicating unequivocally is to introduce simple checklists as advocated by US doctor, writer and speaker Atul Gawande in his book “The Checklist Manifesto”.

By getting the basics right, well-designed checklists have been proven to cut through unnecessary complexity and encourage transparency, leading to a 35% reduction in complications in hospital operations. These same fundamental principles can be applied to the corporate world where teams are responding to an emergency or extraordinary incident.

You also need to consider how and where to store this critical process information and make it easily accessible to all key staff.

Stage regular ‘fire drills’

Like most insurance policies you hope you’ll never need to claim on them, but you need to know that you’re fully covered. Regularly testing and modifying your disaster recovery processes will keep them up to date and make sure they work. Set up simulation exercises to rehearse what everyone’s roles are during a catastrophe.

With today’s accelerated pace of business change, a month-old plan may soon become obsolete. Organizations need to monitor changes in general circumstances like impending legislation. They also need to be sensitive to company or market-specific conditions such as when a key person leaves and joins a competitor, a laptop goes missing or perhaps a product needs to be recalled.

As soon as a new threat appears on the horizon it needs to be factored into the overall disaster recovery strategy immediately.

Crowd-source ideas and share responsibilities

With a collaborative and collective approach that encourages everyone to work as a group, it’s simpler to both create and follow agreed checklists so you can minimize the impact of unforeseen circumstances.

Employees on the front-line are often best equipped to advise on what level of impact disruptions may have on themselves and other departments. For example, the service manager can give the most insight on the scale of a spike in customer enquiries after your IP network goes down.

By leading the charge for a proactive, constantly-evolving approach to disaster recovery, CIOs can be confident that the entire operation is fully prepared and protected for when the unexpected occurs.  Rather than panic-stricken employees bombarding you with support calls, instead there is state of relative calm as everyone already knows what they should do and can focus on executing an agreed plan.

Putting in the advance groundwork during quieter times not only leads to cooler heads during more turbulent times, but will also make a tremendous difference to your customers, employees and future business performance.

Source: CIO

Author: Ivan Seselj

Insurance market evolving to handle terrorism risks

Insurance market evolving to handle terrorism risks

While the number of incidents and casualties declined in 2017, a report released Monday by Marsh L.L.C. said terrorism is still a significant threat and that the insurance market is adapting to handle the evolving risk.

Marsh’s 2018 Terrorism Risk Insurance Report, which explores the state of the terrorism insurance marketplace, said that in the wake of recent events, terrorism insurers are expanding terrorism definitions to include active assailant events.

In some cases, the report said, insurers also are developing specialty products that offer first- and third-party business interruption protection for businesses that suffer lost income or revenue without the need for a direct property damage trigger.

Although fewer people were killed in terrorist attacks in 2017 than in 2016, the Marsh report said the means of attack and perpetrators have shifted.

“Past attacks were carried out primarily by specific groups against perceived high-value-high-profile targets,” the report said. “While that threat remains, many recent attacks have come against soft targets and been perpetrated by ‘lone wolves’ and small groups with no direct connection to known terrorist organizations. Weapons of choice now include vehicles, knives and other handheld devices.”

In 2017, the report said, pricing increased in five of the 17 industries surveyed by Marsh, with the sharpest increases being felt by hospitality and gaming companies, public entities and nonprofit organizations, which have been targets of terrorist acts in recent years.

Pricing declined in seven industries, the report said, most notably for energy and mining and construction companies, reflecting the generally positive conditions in the property insurance market prior to the 2017 Atlantic hurricane season.

Sixty-two percent of U.S. companies in 2017 purchased coverage embedded in property policies under the Terrorism Risk Insurance Program Reauthorization Act of 2015, or TRIPRA. Companies in the Northeast U.S. were most likely to purchase terrorism insurance, Marsh said.

The number of Marsh-managed captive insurers actively underwriting one or more insurance programs that access the TRIPRA increased 44% to 166 captives in 2017.

After incurring sizable ransomware losses in 2017, kidnap and ransom insurers are seeking to restrict coverage for cyber risks in their policies.

Terrorism insurance capacity remains strong, the report said, but pricing could increase as global insurance costs generally increase following natural catastrophe losses in 2017. January 2018 year-over-year pricing changes for a majority of reinsurance program renewals that included terrorism coverage averaged flat to an increase of 10% on a risk-adjusted basis, according to the report.

The Marsh report made several suggestions for businesses in the face of evolving terrorism risk, including continually reviewing and reevaluating their risk financing programs to ensure they have adequate protection for property, business interruption, workers compensation, general liability and cyber losses.

The report also encouraged businesses to effectively model their terrorism risk and to build and test robust crisis management and business continuity plans.

Author: Rob Lenihan

Source: Business Insurance

Risky business: Keeping employees safe in a world of emerging threats

Risky business: Keeping employees safe in a world of emerging threats

Recently, I had the chance to spend some time at Walt Disney World in Orlando, Florida, when I attended the NAMIC conference in February. One session included a presentation by Barry Dillard, director of claims for Walt Disney World, where he shared the company’s approach to handling a wide variety of claims.

I sat down with their vice president of risk management to learn about some of the strategies they employ, and I had the opportunity to tour Walt Disney World itself to peek behind the curtain and see how this massive theme park creates the magic for its guests and cast members while keeping everyone safe.

Believe it or not, the Walt Disney World Resort covers 40 square miles and is twice the size of Manhattan. Within its confines, this world-class attraction employs 75,000 cast members, each of whom plays a critical role in spreading the Disney magic. Their emphasis on safety is both taught and caught, which is especially important when serving the millions of guests who visit the Disney attractions around the world.

The Walt Disney Company is extremely proactive in their risk management strategies — it truly is everyone’s responsibility — not just the realm of those at the corporate level. As is often the case in life, the simplest things can make the biggest difference. Merely walking the parks, hotels, shops, and restaurants can yield valuable information, allowing cast members to identify small issues before they become larger ones. Even in one of the most magical places on earth – reality tends to intrude.

Unexpected risks arise every day and training plays a key role in mitigating them. Hackers are constantly devising new ways to access company information or hold it for ransom. The use of ransomware is expected to increase 350% this year, so being vigilant and backing up data has never been more important.

The number of shooting incidents in businesses and other settings is increasing at an alarming rate. Knowing what to look for and how to respond in these situations can literally be the difference between life and death.

For better or worse, new risks are changing our behavior — how observant we are in open spaces of our surroundings, what we post on social media, where and how we protect our personal information, what we open online and how we train our staffs. It really is the smallest things that can make the biggest difference in keeping people safe.

Author: Patricia L. Harman

Source: PropertyCasualty360

6 Essential Tips for Getting Through Any Nonprofit Crisis

6 Essential Tips for Getting Through Any Nonprofit Crisis

Is your nonprofit ready to be tonight’s breaking news?

You don’t even have to be guilty of something to become the daily news. Bad things happen even to worthy nonprofits.

During my nonprofit career, organizations I have worked for have experienced a client’s death; a product tampering that threatened the biggest fundraiser; an athletic scandal; and a mass shooting on campus.

We learned the hard way to be prepared or prepare to suffer more than necessary.

Here are six suggestions for better crisis management by your nonprofit.

01. Don’t Wait

Many organizations only get their crisis plans underway once a disaster has struck.

Instead, brainstorm possible scenarios or types of disasters that could happen and start planning for them.

Educate yourself about nonprofit crises and talk to those who weathered them. Invite a veteran of disasters to speak to your staff and your board. Assign your public relations staff to draft a crisis plan and give them a deadline.

Advocate for real emergency preparedness. Many people in nonprofits, especially small organizations, don’t think anything bad will ever happen. They don’t want to think about it. They don’t believe that they have the time to prepare.

And they might even resent staff who push on this topic.  Speak up anyway. If that crisis happens, people will appreciate your forethought.

02. Realize That Crises Take Many Steps

Crises come in all flavors. Some are high profile. Others might be more low key. But, in a time of 24/7 news, thinking you can keep the situation out of the public eye is a fantasy. If nothing else, local media will likely be all over it. Have you built up good relationships with local media outlets?

Like a fire, quickly getting on top of a crisis can make a huge difference in the outcome.

Your crisis might be an accident involving a volunteer, the death of a client, embezzlement by your chief financial officer, a lawsuit by a former employee, or a hack attack that threatens the privacy of your donors and clients.

They all require different responses. Prepare for as many as you can imagine, and do your best to put plans in place to minimize the damage to your nonprofit’s reputation.

Even if something happens that you didn’t think of, your preparation for other types of emergencies will help. The planning may reveal gaps in security, insurance coverage, inadequate human resource policies, or the shortage of people with particular skills.

Practicing any emergency response is likely to make your organization better prepared for others.

03. Develop a Logistical Plan and a Communications Plan

A logistical plan has to do with getting everyone out of the building in case of an earthquake, texting staff and clients that a gunman has been spotted in the building, or handling a medical emergency.

Develop a risk management program to deal with the loss of life, property, and insurance issues. Identify point people who can go into action quickly, notify appropriate help, and manage evacuation plans.

A communications plan involves identifying spokespeople, assigning someone to gather the facts as they emerge, writing press releases, and locating a place to have a press conference.

04. Get Your Social Media House in Order

Social media can be a blessing during a crisis IF it you handle it well.

Almost all nonprofits use some level of social media. Decide now who will manage that media during an emergency situation. Set up a dashboard (here are nine to consider) where you can monitor all social media platforms and respond quickly.

Because of social media, there is little chance of controlling information in a way that used to be possible. So don’t try. But you can give useful information, fight rumors with fact, and express concern.

Don’t just let your social media pages sit there. Use them. One study found that nonprofits often do not respond to social media questions or complaints.

However, social media may be the best way to show the human face of your organization and shore up its reputation for being kind, sympathetic, polite, accurate, and a source of unbiased information.

05. Prepare to Speak

Every minute counts after a crisis. Don’t waste any of them. Silence is deadly. Get out with appropriate statements and messages immediately, even if it is only to say that you know about the situation, you’re working on it, and that few facts are known at the moment.

Then keep it up with updates as events develop. For many situations, you may have already prepared statements.

In all communications, be concerned, show concern, speak concern, and always tell the truth. Don’t be afraid to say, “We don’t know.” That is better than guessing. Add that you are working as quickly as possible to get all the facts.

Far more is lost by refusing to speak to the media than is risked by doing so. A vacuum of information breeds media hostility and public loss of confidence.

06. Provide Media Training

Media training will be your best friend during a crisis. Don’t risk a media meltdown.

Put together a media training program before disaster strikes. Train anyone who might need to be a spokesperson. That might be your board chair, your CEO and other key staff, such as a media relations person.  Also, consider your top fundraiser, your volunteer coordinator and, where applicable, your security person or facilities manager.

Media training need not cost a lot if you have someone on your board who works in public relations or someone who is a member of the media. The key is to do it regularly so new people become trained, and others don’t grow stale.

 

Author: Joanne Fritz

Source: The Balance, Small Business

What Organizations Can Do to Strengthen Their Cybersecurity Stance

What Organizations Can Do to Strengthen Their Cybersecurity Stance

The challenges of cybersecurity have been covered ad nauseum: the ever-increasing volume and sophistication of attacks, the shortage of skilled cybersecurity analysts, and the general inability to keep up with all that is going on in the cybersecurity market have all been well documented.

So, what can be done? Given all these conditions, how can a business better protect their operations and resources? The short answer is they can start using a combination of technologies, services and education to stem the impact of cyber-attacks on their organization.

Technologies Can Help Fill the Gap Created by the Skills Shortage
Organizations can look for technologies that are primed to automate and orchestrate responses to cyberattacks.

This is not a new concept – back in 2011, the US Department of Homeland Services described, in their paper “Enabling Distributed Security in Cyberspace,” an ecosystem where “cyber devices are able to work together in near-real time to anticipate and prevent cyberattacks, limit the spread of attacks across participating devices, minimize the consequences of attacks, and recover to a trusted state.”

This is very different from what most organizations have today. Typically, companies have a host of cybersecurity technologies, from firewalls and to that are working alongside, but not in concert with one another. Each solution is specialized to look for something – e.g. evidence of a distributed denial of service attack, indicators that a user’s credentials have been compromised, pointers to data being leaked via cloud apps, signs that a mobile device has been taken over, etc.

Each of these solutions requires someone to deploy, manage and maintain it, as well as make sense of the information it generates. The data these solutions produce and the people managing them often remain in a silo, making it hard for anyone or anything to see the complete picture to quickly and confidently take action, as appropriate. But change is coming.

Half of the respondents (55%) to a survey by Intel Security “believe cybersecurity technologies will evolve to help close the skills gap within five years.” Likely this will come in the form of advances in intelligence, automation and orchestration. We have already seen vendors dabble with artificial intelligence (AI) and machine learning to accelerate the identification of an attack and support the orchestration of more automated responses.

It has been particularly effective when entities or events can be easily incriminated or exonerated, such as in the incident response process. A large organization can average close to 17,000 alerts a week, which is why only one in five alerts ends up being something worth dealing with.

A solution, however, that can automate investigations and help prioritize subsequent activities is sustainable. Hence, we have seen an explosion in the IR automation market – the Enterprise Strategy Group found that 56% of enterprise organizations “are already taking action to automate and orchestrate incident response processes;” Technavio has the IR system market growing at a compound annual growth rate (CAGR) of 13%.

To truly ease the burden on cybersecurity analysts and improve the efficiency and productivity of their cybersecurity infrastructure, organizations need to look for and demand more of these kinds of innovations from their technology vendors.

Services Play a Viable Role in Augmenting Capabilities
The reality is there are always times when organizations, even those with SOCs that are skilled and staffed appropriately, may need a little help. This is where services come in; we are finding there is greater acceptance that augmenting resources with a service offering can be a good way to enhance the effectiveness of an organization’s cybersecurity strategy and implementation.

An outsider’s view can give organizations the knowledge they need, a fresh perspective or a new way of thinking that helps drive better decision-making and ultimately better security.

The problem is managed security services providers (MSSP) are having to staff up themselves to meet the demand, which is why we’ve seen some a lot movement in this space. For example, there has been FireEye’s acquisition of Mandiant, IBM’s acquisition of Lighthouse Security, and BAE System’s acquisition of SilverSky, etc.

Ultimately, being able to deliver the experience and know-how organizations need will help close the gap and strengthen overall security.

Educational Opportunities are Key to Bolstering General Awareness and Expertise
At the end of the day, nothing replaces the knowledge and expertise of an in-house analyst. Only they truly understand an organization’s nuances, putting them in the best position to effectively identify, contain and fully remediate many of the more sophisticated attacks targeting the organization.

Unfortunately, as we’ve already mentioned, these folks are in short supply, so organizations need to look across their IT organization to develop cybersecurity awareness and know how.

Training courses taught by experts with real-world experience and include lab time are invaluable for building the skills that will be applicable to strengthen the organization’s security stance. Virtual sandboxes (vSandbox) and Ultimate Test Drives (UTD) are also good tools to deploy. They allow attendees to test and work with solutions in a safe environment, so they can see firsthand how they can be deployed and used to improve the cybersecurity capabilities of the organization’s own environment.

Ultimately, to address the cybersecurity gap and all the threats that are targeting an organization, it will take a confluence of technologies, services and experiential learning. Together, organizations can deploy the skills and capabilities they need to keep up, and ideally get ahead, in this harried cybersecurity landscape.

Source: InfoSecurity Group
Author: Pradeep Aswani