Building a High-Trust Culture

Building TrustTrust is a powerful thing.  It serves as a foundation for organizational success.  It builds bridges between people of different persuasions, allowing them to move forward together in a common direction.  I suppose our politicians, and our country as a whole, could benefit from a higher level of genuine trust… ya think?

In Keller Schroeder’s most recent, internal survey (we collect feedback anonymously about every three years), responses from our employee-owners were 95% favorable to the statement, “Management delivers on its promises”, and 96% favorable to, “Management’s actions match its words”.  Lest we too quickly conclude that trust is all about management, our staff also responded 99% favorably to both of the following statements:  “People care about each other here”, and “People avoid politicking and backstabbing as a way to get things done”.

While all of us at Keller Schroeder are humbled and blessed to work in such a positive, high-trust culture, we never endeavored specifically to build one.  No one ever said, “You know, we really need to increase trust here!”  So how does trust happen, and what contributes most to trust in the marketplace?

Avoidance of any major violations of trust is certainly important.  Keller Schroeder consists of about 85 high-integrity individuals who are trustworthy and honest.   But I would suggest that trust is more than a moral issue.  Of all the bosses in my career, the one I respected and trusted the least was, by most standards, a trustworthy person with high moral standards.  I trusted his morals, but I doubted his intentions.  Conversely, the people who have influenced me most have been ones in whom I could place complete trust.  These mentors, peers and bosses each had two things in common:  (1) all their cards were on the table – I knew their intentions – and (2) they had a genuine interest in me and in others, ahead of themselves.

These may sound like very different attributes – clear intentions and other-centered interests – but upon closer examination I believe they are very much related.  It is difficult to have all your cards on the table – to be completely open and honest about your intentions – when those intentions are primarily self-indulgent.  And, when you are genuinely interested in what is best for those around you, it is not difficult at all to be candid and transparent about your thoughts and plans.

We all know people who we absolutely do not trust, based on obvious reasons or personal history, but the overwhelming majority of those we interact with have the basic moral fiber to be trusted.  The development of a high-trust culture for your organization depends on your intentions and your interests.  If it is first about you, trust will be compromised.  If the well-being of your colleagues ranks high among your priorities, trust will grow.  This is a leadership principle which may start at the top, but we all have the opportunity to influence how our organization’s culture evolves.

So before we too quickly point upward or outward as it pertains to trust and culture, let’s look inward.  No organization can build trust.  Only individual members of an organization, on an encounter-by-encounter basis, can demonstrate the authentic interest in others necessary to build a healthy culture.

Larry May [President]


It’s OK to Ignore the CEO, When it is NOT the CEO!

ImagineBrad Mathis  – [Senior Consultant – Information Security]

Imagine the following scenario.

You are going through your daily routine and you receive an urgent email from the CEO.  The email is urgent, appears to be time sensitive, and is requiring you to act immediately.  You are aware the CEO is currently out on vacation or away on business, and is therefore unreachable.  However, the email is direct and to the point.  “Get this Done!”  The email is asking for you, a member of the financial team, to process a payment or monetary transfer.  It may even inform you someone from another company will be reaching out to you with further instructions, such as account numbers and routing information. An abbreviated example of such an email may look something like this:

CEO Email
What if you also received an email ahead of this one from someone in finance saying “Keep an eye out for an email from the CEO asking about a funds transfer”, followed by an email from the alleged company the CEO mentioned in their original email?  Transferring large sums of money from one account to another is a normal part of your job.  Although this chain of events is a bit out of the ordinary, it also seems perfectly legitimate.  Would you process the transfer?  Would a co-worker?

Sadly, far too many organizations are falling victim to these type of crimes known as CEO Fraud and Business Email Compromise (BEC).  Some of the email senders’ email accounts are spoofed, meaning the criminal sender is making the recipient think the email is from the actual sender.  Even more concerning is when the actual senders’ email account credentials are compromised and the criminal is able to send emails directly from the account of a CEO, CFO, Attorney, and so on.  This may sound complicated, but it isn’t.  With the advancement of malware laced email attachments and infected links, it is far too easy to install malicious software on a victim’s workstation, thereby allowing the criminal to capture every keystroke the legitimate user types.  Even more concerning, cameras and microphones can be controlled by the criminals.

The FBI estimates the organizational amount lost to Business Email Compromise between October 2013 and February 2016 to be $2.3 Billion.  Since January 2015, the FBI has seen a 270 percent increase in identified victims and exposed loss! Keep in mind, this is only the amount of loss actually reported.  Many businesses remain quiet and never report their losses for fear of public reputation damage.

Know Be 4Luckily, the risk of becoming a victim to this type of crime, as well as other email and web based threats can be reduced.  A modern and evolving layered security infrastructure is extremely important.  It cannot and should not be overlooked.  However, the most effective and most overlooked method to reduce your risk of becoming a cybercrime victim is effective and measurable End User Security Awareness Education.

While we constantly stress the importance of Vulnerability and Patch Management, this does not just apply to your technology.  User vulnerability levels need to be assessed in order to gauge their likelihood of falling prey to a Phishing email and other criminal scams.  This activity is most effective when supplemented with required security awareness training.  This is where it sometimes gets tricky.  The simulated phishing campaigns and security awareness training requirements must apply to ALL employees, up to and including the President and CEO.

Identifying your employee vulnerability baseline is an important and effective step toward lowering your overall risk profile, as well as empowering your workforce to always be on the lookout for malicious and criminal activity that can threaten your business.

So, Yes… It is OK to ignore the CEO’s request when it cannot be verified it is truly the request of the CEO.  When the business is on the line, they will thank you for your due diligence.

How vulnerable are your users?  How likely are they to fall prey to becoming a victim?  How have you taken steps to get data to support your answers to those questions?  When performing these employee vulnerability baseline assessments, we have already seen as high as a 75% failure rate for the initial Phishing test.  Launching an effective awareness solution that allows you to measure risk and track improvements is a critical first step in lowering your employee vulnerability risk, making your organization less likely to become a victim of cybercrimes such as CEO Fraud, Business Email Compromise, and Ransomware.

Contact Keller Schroeder today to find out how we can help you implement solutions that effectively reduce your employee vulnerability risk through ongoing security awareness training and testing.


Microsoft Goes Cross Platform?

Microsoft LogoEric Maurer  – [Consultant – Applications Solutions Group]

Things have been changing recently within the Microsoft ecosystem.  You no longer have to decide to be a Microsoft shop or embrace anything but Microsoft. They are fulfilling their original promise for .NET to be a platform that can be written anywhere and run anywhere. Microsoft has now embraced open source, blurring the lines between the two camps.  At a recent user group meeting, I talked to users who were running Linux Bash on Windows 10, installing Microsoft SQL server on Linux, and developing iOS and Android applications using C#.  You can also now run Linux on Azure, and since the .NET Core has been open sourced, you can now run ASP.NET on Linux or Mac as well.

Being a mobile developer, I was ecstatic to learn of their newest acquisition and open source release: Xamarin.

What is Xamarin?xamarin-logo

No, Xamarin is not the latest drug being pushed on late night commercials. It is a software company that allows you to deliver native iOS, Android, and Windows apps using your existing .NET skills, teams, and code. Xamarin was founded over four years ago with a mission to make native mobile development fast and easy. They wanted to allow C# developers to share their code across platforms to reach billions of devices. Those four years have been highly successful for them, as they boast having over 1.3 million developers and 15,000 companies using their software to develop apps across the Apple, Google, and Microsoft ecosystems.

Rumors have been circulating for years about a Microsoft acquisition of Xamarin. First, they worked together to create tight integration with Visual Studio, and Microsoft undoubtedly helped develop the Mono framework now maintained by Xamarin, if only unofficially.  Next, they worked together to offer a limited Start Edition free with Visual Studio and discounts and training through Xamarin University for MSDN subscribers.  Yet they stayed two separate companies until February 24, 2016, when Microsoft announced it had signed an agreement to acquire Xamarin.

NATIVE, EVERYWHERE, and now OPEN SOURCE

xamarin-joins-microsoft

Why Xamarin?

Keller Schroeder has been using Xamarin for over three years and has employed it to develop apps for iOS, Android, and Window Phone. Xamarin enables us to take advantage of the productivity and power of .NET and to use C# to write to the full set of native APIs and mobile capabilities provided by each device platform. Depending on how you architect your solution, you can realistically obtain 80% or more code reuse between apps. Having one code base reduces the chance for errors and makes same day deployments much more feasible. It also allows for a faster ramp up for new developers and makes maintenance much easier, as changes often only need to be made in one place. Xamarin is also dedicated to providing same day updates with new iOS and Android releases so new features are available at the same time as they are to native developers.

Why Microsoft and Xamarin is Even Better

“Everything you need to run Xamarin apps on any OS, any device, is now open source,” Scott Guthrie, executive vice president of the Cloud and Enterprise Group at Microsoft, declared at the Build conference. What does that mean to us?  Let’s start with the obvious reason: it is now free with Visual Studio!  Though it doesn’t take long to recoup your money, Xamarin wasn’t cheap and licensing was sometimes confusing. What I think is really more important is that Microsoft has already taken steps to tighten Xamarin integration with Visual Studio and Azure. Their goal is to allow Visual Studio to easily connect to your Mac and for your app to communicate seamlessly with Azure. They are also unveiling new Xamarin.Forms enhancements to allow for a shared UI and adding a Test Recorder in Visual Studio to make creating unit tests easier as well. Having Microsoft fully behind Xamarin is going to solidify its position as the best option for cross platform native apps well into the future.


ProofPoint Email Protection – Not Your Average Spam Filter

ProofpointChance Webster  – [Systems Engineer – Network Solutions Group]

In today’s fast paced world, e-mail is the medium that drives business.  Not only do we use email to conduct day to day operations and communicate with employees, customers, and business partners, we also use email to advertise products and services, convey information to a large group, or even send that all-important casserole recipe to a coworker.  With the pervasiveness of email, a common business concern is how to filter out junk mail or messages with malicious content.  There are many good solutions on the market today, however there are sometimes gaps in coverage as vendors try to keep up with ever-evolving tactics used by spammers and other malware techniques.  A complete solution to mitigate both junk mail and mail-based risks and provide solid intelligence on these threats is ProofPoint Email Protection.

ProofPoint Email Protection is a cloud-based platform that grows with your business and can be used to develop a highly reliable, low latency solution to protect your users from malicious or otherwise unwanted messages by use of policies rather than a set of rules that apply to everyone in the organization.  By using policies to define your message filtering rules, administrators can allow for a more targeted audience for messages from a particular source, sender, or classification of messages, if required.  Since ProofPoint Email Protection is cloud-based, it also provides for continuity of incoming email if your email servers go down and will automatically restart delivery when your email services are restored.

Proofpoint DemoProofPoint Email Protection also provides a high level of visibility and reporting for your email administrators while also providing your users with some level of control.  Messages can be searched using the message tracing logs and dozens of search criteria to quickly identify messages and take action as necessary.  There are also a large number of detailed reports that can be used to provide a vast array of information and allow administrators to make informed decisions when approving or denying messages with questionable content.  End users can also be provided some freedom to opt in or out of routine quarantined message notifications, ProofPoint-managed or Administrator-defined Safe and Block lists for known spam or malware sources, or even Bulk Message delivery.

If you are considering more effective ways to manage against mail-based malware risks or the loss of time related to sorting through spammed messages, make contact with your Keller Schroeder Account Manager and let us show you more about the ProofPoint Email Protection solution.


Spotlight On…

Employee-Owner: Amanda Gries

Amanda Gries Family


Amanda Gries is the newest addition to our technical recruiting Staffing Solutions Group. Amanda has over 16 years of experience in the Human Resources field. The majority of her career has been as a recruiter for finance and manufacturing companies. She has also worked as an HR generalist and manager.

Amanda spent over ten years at Springleaf, refining her administrative and recruiting skills. She has also held HR and management positions at Berry Plastics and Toyota Boshoku Indiana.

Outside of the office, Amanda loves spending time with her family – husband Brian, stepson Payton, son Clayton, and daughter Aspyn. They are avid sprint car fans and travel all over to watch races. They also love the water and try to spend as much time at Barkley Lake as her kids’ summer sports schedules will allow.

Contact your Keller Schroeder Sr. Account Manager to learn more about Amanda and how you can leverage her experience and skills to benefit your organization.