Issue link: https://nebusinessmedia.uberflip.com/i/676128
www.HartfordBusiness.com May 9, 2016 • Hartford Business Journal 21 BIZ BOOKS A blueprint for company innovation initiatives "T he Three Box Solution — A Strategy for Leading Innova- tion" by Vijay Govindarajan (Harvard Business Review Press, $32). Reinventing your business and manag- ing its current state are "two fundamen- tally different management challenges. Why? Tomorrow versus today inherently involves competition for resources (i.e. people, time and money) needed to do both jobs. Also, the rewards of the future are question marks while financial results show the rewards of the present. Govindarajan's three-box approach provides strategic focus to managing the versus: Box 1 — Maximize core-busi- ness efficiency by emphasizing "smarter, faster and cheaper." At the same time, address near- term customer needs by intro- ducing innovations that "extend the brand and/or improve prod- uct offerings." Doing both allows people to explore the how of creating "new." The explo- ration increases their comfort level with respect to making change happen, which promotes continuous improvement. Box 2 — Take a hard look at how you do business and question its relevancy in terms of where the business should be headed. While it can involve pruning businesses, it must also look at processes, practices, atti- tudes, etc., that thwart change. Some tough calls will have to be made — but these free many of the resources you'll need to move forward. Your answers should help identify paths to planned opportunism, which involves listening to divergent think- ers. "Champion their ideas and don't tolerate obstructionism." Box 3 — Look for "weak signals that could transform your industry." These may involve changes in customer demographics, technology, distri- bution channels, potential competition and regulatory environment. Also look for clues in things that disrupted other industries. With this information in hand begin making small bets, which allow for testing assumptions while hedging risk. Some bets will pay off financially; others won't. Regardless of financial outcome, all bets provide if-then insight into making larger bets in the future. Govindarajan drew his three boxes from Hindu philosophy, which believes that "creation-preservation-destruction is a continuous cycle without a beginning or an end." By keeping the cycle in mind, the process of constantly questioning what should be in each box becomes ingrained in an organization's culture. • • • "Negotiating the Impossible: How to Break Deadlocks and Resolve Ugly Con- flicts (Without Money or Muscle)" by Deepak Malhotra (Berrett-Koehler Pub- lishers, $27.95). Most people believe negotiating pits one side against another. As adversaries, the par- ties try to win because winning provides a measuring stick for success. When deadlocked, no one wins and each blames the other for the impasse to save face. Malhotra sees negotiation from a different perspective — the human-interaction view. It's the way people work as partners to resolve their dif- ferences relating to a common issue. The "we're partners" approach begins with prop- erly framing the issue. "The frame that takes hold will shape how negotiators make decisions, evalu- ate options and decide what is acceptable." The message: Control the initial frame and you'll control the process of the negotiation. Framing requires both homework and adaptability. The homework involves edu- cated guessing about what the other party wants to accomplish. The adaptability involves how to appeal to the other. There are multiple ways/combinations of ways to frame the issue including: financial, strategic, short term, long term and terms of previous deals. If the other party has read this book, refram- ing may be required to create the process and/ or resolve sticking points. The process should always focus on "forward momentum." What's that? It's "the deliberate, gradual process toward elimi- nating obstacles and creating the conditions that might eventually lead to a successful outcome." Note Malhotra's use of "gradual"; he believes a low bar for progress on individ- ual elements, while length- ening the process, leads to a high probability of achiev- ing a "problem-solved" final agreement. Key takeaway: "Remem- ber — every problem wants to be solved." n Jim Pawlak is a nationally syndicated book reviewer. Jim Pawlak EXPERTS CORNER Understanding the impact of cyber-attacks on your business By Scott Garcia C ongratulations, your data has been held hostage. A criminal has hacked into your computer and taken control of your critical files. On your screen is a message, "For $10,000, you can have your computer back." Sound like a movie? Unfortunately, this hap- pens every day to unsuspecting business owners and remarkably, this type of criminal act is one of the least costly hacks that can happen to your network compared to other more sophisticated and less detectable cyber-attacks. In the previous scenario, the FBI advises that you pay the ransom as it will ultimately be less expensive than trying to crack the code. This is the hacker's intent. They figure the majority of businesses will pay the ransom rather than hire a forensics company to try to break the hacker's encryption. More times than not, the hacker will leave with the money; but how can you ensure that your computer is protected? The truth is that you can't. We have reached a point in our society where we are too reliant on the Internet for conducting business and criminals are often one step ahead of the latest security measures. Thinking that your organization would not be a target would be a false sense of security as criminals are looking for all types of infor- mation and there is a good chance that your network has something they are interested in. Hackers use various methods to steal pri- vate information such as personal identifiable information, client records, financial informa- tion, proprietary data, health records and more. Malware may also be launched on your computer devices in order to spread their virus across your entire network and other networks. Regrettably, crim- inals have become very knowledgeable in the way they lever- age stolen informa- tion for financial gain and the effects of a breach can be so crippling that a single event can bankrupt an organiza- tion overnight. To put this into context, a 2015 report from the Ponemon Institute found that on average a breached file will cost an organization $217 per record. A small organization with 10,000 records would be on the hook for over $2 mil- lion in order to recover from a single breach. With these damages, it is not surpris- ing that an AERIS Secure report found that approximately 60 percent of small business- es close within the first six months of a data breach. Larger organizations may be able to fair through the fall out, but their losses are often much more severe and damages extend beyond financial, impacting an organization's reputation and trust with its clients. Having a solid understanding of the life cycle and vulnerability of data within an organization is a critical step to mitigating and understand- ing your exposure to a cyber-attack. Employees make up a significant exposure that most orga- nizations may not think about as a cyber risk. Human error or corruption makes up approximately 19 percent of a cyber exposure to an organization and while it may take the form of a rogue employee deleting or manipu- lating data, it is more often than not a result of an accidental release of information by an unsuspecting employee who opened a file they shouldn't have or clicked on a corrupted link. So what is the best way to protect your organization from a devastating cyber-attack? The first step is to work with a specialist to do the following: • Review contracts with all vendors • Review your organization's data information security policy • Review incident-response plan and deter- mine the response team • Review your organization's social media policy • Enforce strict computer-usage policies • Review document-retention policies • Audit security of the organization's pro- tection of physical devices • Conduct training on all security policies • Require confidentiality agreements of employees, vendors and visitors The next step is reviewing the remaining risk and choosing a proper cyber insurance policy to protect your organization. Choosing an appropriate cyber policy is critical, how- ever, because cyber insurance policies vary dramatically from carrier to carrier. Cyber breaches are only going to become more common and while it may be impossible to stop every criminal, it is possible to mitigate the effects of such an attack. Computers are the lifeblood of most organizations and business owners need to be proactive in protecting their company against cyber terrorism. n Scott Garcia is a professional services risk advisor at Smith Brothers Insurance SGar- cia@smithbrothersusa.com. Scott Garcia