Skip Navigation

Thought leadership from SAI to accelerate your performance
 

Systems Alliance Blog

Opinion, advice and commentary on IT and business issues from SAI

High-profile media coverage over recent ransomware attacks have brought substantial attention to cyber security issues.  The potential for a serious incident to undermine the viability of an organization feels higher than ever to many business leaders following the news.  If high profile organizations with huge IT budgets including Sony Pictures and the UK’s National Health Service can’t deal with ransomware effectively, how can smaller teams cope?  C-Level executives and board members are now faced with an unsettling question – “Could we be next?”

Limit Malware Risks

When discussing the potential for a cyber security incident, leaders without an IT background may feel ill equipped to assess their overall risk.  Taking the word of technical staff isn’t necessarily going to assuage their fears.  IT professionals’ skillsets do not necessarily include the ability to communicate effectively with senior leadership.  Complex technical architecture, arcane industry jargon, defensiveness over turf, and confusion created by an ever-changing security environment can all contribute to miscommunications.  This does not absolve leaders of the responsibility to understand and mitigate risks in IT.  So, what indicators should leadership teams use to assess the health of their IT department and their readiness to deal with an incident?  Here are three suggestions on where to focus additional attention:

Patching

Patching of software should be a routine item on the IT Operations calendar. It is one of the most critical steps you can take to avoid an incident.  The impact of the WannaCry malware would have been negligible had users been working on fully patched and fully supported systems.  Clearly this means patching isn’t being done in an effective manner in many organizations. So why doesn’t patching always occur? 

First, the patch may break some other critical component.  If your organization is running software that is incompatible with the patch, it may be impossible to install it without losing a critical application.  This is also why most enterprise IT shops do not use “automatic updates” that deploy patches as soon as they are released.  Patches need to be tested and understood before they’re deployed or the consequences could be just as bad as malware.

Second, there may be contractual obligations for hardware and software provided by a third-party vendor that prevent your team from patching the systems.  These systems and their interaction with the rest of your network need to be carefully studied and well understood.  For high profile organizations, they can expect that they will be the ones who take the reputation hit, not the third-party vendor.

Third, you may not have any maintenance windows available.  Patching usually requires IT to take systems offline for an extended period.  In some industries with a 24x7 workplace, this is difficult to get approved, especially if IT cannot effectively communicate just how big the risks of not patching are.  In other industries, there may be seasonal rules on when systems can be modified that prevent patching.  Retailers are very averse to making any IT changes during Q4. Any restriction that prevents patching should be carefully reviewed and understood by the leadership team.

Policies, Procedures, and Documentation

Having policies and procedures in place may strike some as mundane but it’s a good indicator of the overall health of an IT department.  Many IT organizations have some challenges when it comes to keeping their documentation fully updated.  If, however, there’s almost no documentation, inconsistent or informal policies, and no internal procedures that should be a major red flag to leadership.

Documentation of your networks, systems, and integration points is a critical tool for maintaining your IT investments.  It is also a critical resource should there be an incident, to be able to understand and isolate the damage.  Without effective documentation, the knowledge trapped in the IT team’s heads will be difficult to share and could potentially be lost if a key team member is unavailable.  You would not want to purchase a building without any documentation of its systems and you should feel equally as anxious if your organization relies on IT systems with no documentation.

Policies and procedures play a different role but are equally as critical.  End user policies and procedures govern how systems can be utilized, set user expectations for service, and help to inform users of their shared responsibilities around reducing risks.  In some cases, policies may exist but a deeper look would reveal that they aren’t being followed or enforced.  Security policies are the most obvious place to look, but the processes for provisioning and de-provisioning of accounts is often more telling.  Lack of consistency in this area not only creates extra work and confusion but can also create unintended risks. Without robust controls around how accounts are built and delivered you may have users getting inappropriate levels of access.  If there aren’t constant checks to make sure accounts for users no longer at the organization are decommissioned, you may have zombie accounts that become an easy vector for malicious activity.  Imagine the potential damage if an employee, terminated for cause, retained access to your systems after they’ve departed from your organization.

Backups

Backups aren’t always considered when thinking about cyber security but when dealing with ransomware, they may be the best tool available.  After all, if your files are locked out, the easiest approach may be to simply wipe out the affected drives and restore from the last good backup.  This begs the question – how good are our backups?

When it comes to backups, the most important thing to understand is what is being backed up and how often does the backup occur.  Often there will be different backup schemes for different users, departments, systems, or applications.  Understanding the nuances of these backups and where their limitations exist is important.  Hard choices should be made here because backing up “everything” does not align with budgetary reality for most organizations and the complexity of a system that could do that would be very high.

The second piece to understand is restoration of data.  Restoration is all about two different components: Recovery Point Objectives (RPO) and Recovery Time Objectives (RTO).  These are often found as part of the organization’s disaster recovery plan.  RPO specifies what point in time a backup should go to – i.e. if we do a daily backup at midnight each night, we know what we can always restore to that last point.  RTO is focused on how long the backup takes to deploy once a decision is made to restore from backup.  In most cases this is not an instantaneous process so understanding the amount of additional downtime is important. 

One other item that usually gets overlooked with backups is a testing plan.  Backups should be routinely tested to ensure that the contents line up with what is expected and that they can be fully restored within the RTO.  You want to have confidence in your backup technology and the only real way to deliver that confidence is through testing.

Conclusions

Proactive questions from leaders can highlight gaps that may have otherwise been overlooked.  While these discussions may initially be uncomfortable they may also reveal governance issues with how IT decisions are being made. Decisions made at the IT level about what risk to accept may be very different than what the rest of the business can tolerate.  Inappropriate decisions in either direction can be damaging.  If risk tolerance is too high, the potential for an incident may increase.  If risk tolerance is too low, the expense to operate IT may be unsustainable.  Looking at patching, documentation, and backups is an easy way to start conversations and assess if there are major gaps in your IT department.

Looking for a more in depth discussion or an outside assessment? Our IT Strategy and Operations Practice focuses on the intersection of people, processes, and technology.  We can provide an impartial outside look at IT and the ways in which it can better support your business.  Our impactful work at organizations large and small often starts with a simple conversation.  Reach out and let us know what you’re concerned about.

When we began work on SiteExecutive version 2017 (SE 2017), we had three goals in mind:

  1. usability,
  2. usability,
  3. and usability. 

Alright, maybe that was only one goal; however, it embodies every decision we make as we improve SE 2017. This goal, coupled with the great feedback we have received from all of you, makes us excited to share some of the enhancements planned for the next release. Read on to catch a glimpse of the improvements we are making to the page editor, accessibility, reporting, event calendar, and overall product usability.

Editor Enhancements

We are making some significant additions to the editor in SE 2017. The editor itself has been upgraded to add support for all modern browsers and to do a better job of pasting formatted text. Also, you will be able to use 20+ additional HTML tags within the editor. Finally, the HTML Snippet tool has gotten an overhaul complete with syntax highlighting and automatic tag completion.

Accessibility

We heard repeatedly how important it was to ensure that your visitors can successfully interact with your sites, regardless of their physical abilities. As a result, we are reviewing every application and module in SE 2017 to ensure that they hold up to Section 508 accessibility standards. Additionally, we are providing controls that will assist you in enforcing attributes such as “alt text” across your site. As an added bonus, these changes can also have a positive influence on your site’s search engine optimization (SEO).

More robust reporting on usage

We’ve received lots of positive feedback on the extended usage report that was added to each item within SE 2015. We want to continue to provide more visualization regarding how objects are used within the system. In the next release, we will extend this visualization to any JS or CSS files used within the head sections or dynamic head sections of pages and templates. This should make site updates and redesigns significantly easier for any of you web developers out there!

Create your own Event Calendar tags

In addition to tagging events with locations and types, we are giving you the flexibility to add your own categories. Want your events to be tagged with specific schools or regions? Go for it!  We are also enhancing the layouts and viewlets to be more flexible by providing more control on the display.

Bug fixes and updates to the user interface

Along with the calendar updates, we have resolved many reported bugs and issues. Based on feedback, we are also cleaning up various sections of the interface to make it more usable. Our focus is to reduce unnecessary screen clutter while maintaining the familiar interface that many of us have become accustomed to. 

We hope that you’re as excited about these new features as we are. You can look forward to the new release of SiteExecutive this spring. Thanks for all the great feedback we have received, it really drives each iteration of SiteExecutive, keep it coming!

2016 has been a year of substantial results and great progress for our clients at SAI. We are very grateful for the opportunities that we’ve had to work with you this year and we look forward to another year of collaboration to serve your customers and improve your organization.

This has been an exciting year for SAI as well as we’ve worked on a series of continuous improvement initiatives during a period of rapid expansion. Not your typical technology company, we’ve always been obsessed with the idea of delivering world class software products and consulting services with a passionate team and doing it with reasonable, transparent pricing and predictable results. This recipe has worked well for us and resulted in high customer retention rates and lots of referrals.

Finding new opportunities to better serve and support our customers has always been at the top of our priority list and this year has yielded several new opportunities to do exactly that. With our recent growth, we’ve had an opportunity to “re-imagine” how we can improve the customer experience for every one of our customers. So now we’re going all in with a commitment of more resources to a larger Customer Success team, equipped with even better tools and an increased focus on ensuring the success of every SAI customer.

Customer Success

The charter for our expanded Customer Success team will be expanding in the weeks ahead to include a greater focus in three key areas:

1. We will be more proactive in the delivery of information that will support your business, hopefully just before or at the time that you need it. We see this as an opportunity to build upon our already high customer satisfaction rates for our support team with proactive industry knowledge and experience that helps our customers succeed with operational challenges. Connecting our customers with one another, sharing best practices, tips and suggestions, will accelerate your success.

2. We will be more intentional in collecting, organizing and reporting back to you about your suggestions for new product features, new consulting services and other opportunities for us to make your life easier and more productive.

3. We will be deploying new tools and processes to more accurately measure customer success and we’ll be sharing those results with you on a regular basis.

I often think about how our culture has evolved at SAI and the strong correlation between how we think about our customers and how we relate to the local community. November is our month of service at SAI. Watching our team fill up carloads of food for a local food bank or swarm over a local park and nature center with hammers and paint brushes exemplifies the deep compassion that SAI team members have for those in need.

We are enormously thankful for the relationships that we have with our clients and we wish you well this Thanksgiving season.

Lastly, If you’re looking for a way to help those in need this Thanksgiving, I strongly recommend checking out the folks at the Helping Up Mission in Baltimore (http://helpingupmission.org/). They do fantastic work with very limited resources.

How have I been working in marketing, communications, and web strategy for over five years without knowing about Confab? Not sure how this abundant wealth of knowledge existed outside my realm of awareness, but I am so glad to have discovered it this year, just in time to attend the 2016 Confab Higher Ed conference. Last week, I packed my bags, said farewell to the office for a few days and headed to Philly to take in two amazing workshops, three inspiring keynotes, and as many breakout sessions I could attend without cloning myself.

From the time I got on the train Sunday evening, to the very last keynote, to all the discussions and sessions in between, I was learning. Unfortunately, my first lesson was not content-strategy related. Free tip: always sync your phone to iCloud prior to traveling, because you never know when your phone will surreptitiously freeze in the middle of a strange city. After a quick four-hour factory restore upon gaining access to Wi-Fi at the hotel, it was back in business. By Monday morning, I was ready for the conference and my phone was ready for my excessive tweeting throughout the event. (See: #ConfabEDU.)

I learned so much at this conference, from higher education-specific strategies to general writing and content-related tips. The best part is that I can start implementing most of my takeaways right away and improve my work for our clients. It will probably take our entire weekly meeting to share my learning in my obligatory recap presentation for my team. I know my coworkers are excited for the PowerPoint slides that await them! Don’t worry guys, I’ll be sure to incorporate a generous number of cat memes and GIFs as my esteemed Confab mentors did (See: Amanda Costello).

Confab 2016

As I sat in the workshop sessions on the first day, I felt an overwhelming sense of community as I met content strategists from other agencies and higher education institutions across the world.

Confab 2016

I heard more than one person remark that they enjoyed being surrounded by others who understood the unique challenges of working in higher education. I bonded with more than a few people over frustration with inconsistent comma usage. Furthermore, this is an event that embraces cake! Where else can you get that kind of camaraderie? 

Confab twitterConfab cake

Here’s why I think the conference was so successful: the keynotes, workshops, and talks not only provided heaps of inspiration to make me want to do better; they also delivered hundreds of tangible tips, tricks, and insights to help me improve right away. As a copywriter, there is the temptation to reuse the same tried-and-true strategies and approach projects the same way over and over because that’s “our process.” I was challenged to venture outside my comfort zone, think bigger, ask better questions, and seek to understand stakeholders’ points of view instead of making assumptions. I was challenged to take a step back and identify the inherent bias embedded within my writing and to consider all audiences when developing content. I was challenged to write and organize content more purposefully, and to communicate and collaborate more intentionally. 

Confab 16

I’ve been back for less than a week, and I’m already putting my learning to work across a range of topics, including structure and usability; brand strategy; voice, tone and inherent bias; communication with clients; and project management. I hope some of my takeaways help you as you navigate your higher education website strategy.

Every page is a homepage

One of the presentations that is sticking with me the most is Lisa Maria Martin’s “Better Strategy Through Structure.”  Lisa emphasized the need to look at content through the lens of structure, noting that structure helps us to understand organize and connect content. I could not agree more. Since I’m part of the User Experience (UX) team, this was extremely pertinent to the work that I do collaboratively with information architects and web/visual designers on our team. In his talk “Writing Content for Findability,” Rick Allen said one of my favorite quotes from the conference: “We shouldn’t be optimizing content for search engines; we should be optimizing content for people.” That caused me to take a step back and think about goal-setting and purpose-driven content.

The phrase “every page is a homepage” was thrown out a few times, highlighting the fact that we don’t know what page users will first land on, so we need to consider how the content fits in the site. When I’m writing content for a program page at a university, I need to first understand how the program fits into the website structure. Is this major part of a department? Part of a school? Are there other, similar majors? What key points need to be included in the content to help prospective students understand where this program falls within the university?

Collaboration is not just a buzzword

It’s not just about writing content that makes sense within the information architecture (IA), Lisa asserted. Structure also requires collaboration with developers, early and often. Ideally there should be collaboration among designers, developers, and content authors from the beginning of a website project to establish content types and the new IA. Once these frameworks are established, the content will answer the right questions, send users on the right paths, and ultimately help users reach the desired action (contact us to learn more, schedule a tour, apply, etc.). I loved this little nugget of wisdom from Bon Champion of the New York Times: if content strategy starts at the beginning of project, the last phase can be used for refinements instead of scrambling. While we as a team already collaborate at some level, this takeaway reinforced the need to collaborate even earlier during a project to improve our deliverables for our clients.

Show, don’t sell

Higher education websites are brimming with possibilities. The subject matter is constantly evolving and the opportunity to produce fresh, relevant content is a huge boon. Student-generated content, like photos, videos and blogs show the best qualities of your college or university’s far better than generic marketing claims. Words like “unique student experience” and “innovative learning” are tired. By conducting keyword exercises with stakeholders and doing the legwork to understand our subject matter, we can create better content that serves our website users in meaningful ways.

In the spirit of showing instead of telling and/or selling, the topic of visual content came up more than once. Knowing what we know about Generation Zs and their affinity for video and images, paired with decreasing attention spans and limited interest in reading web content,  I thought it was really interesting to hear from renowned Philadelphia photographer Melissa Kelly. She shared several photography tips that were huge “aha!” moments for me, such as: Don't just show the dean standing there, staring at the camera with his arms folded. Get him in his element—talking with students at lunch or walking the campus. Words simply conjure up an image in the imagination; photographs capture the essence of an idea and support the message.

Visual Storytelling in Action:

Confab 16

Find your voice

One of my favorite topics in life, or at least within the workplace, is brand strategy. I believe it is the basis for strong writing, the foundation for an effective website and a crucial part of content strategy.  I was excited to learn a few ways we can improve brand messaging for our higher education clients, like keyword exercises, card-sorting, and stakeholder workshops.  During a great talk about using an organization’s mission statement as the basis for content strategy, Devin Asaro outlined several benefits for using an organization’s mission statement as the starting point for brand messaging. The key benefit? The political legwork is largely done; and when the goals of your message are already identified and approved by stakeholders, you can start writing sooner.

Devin identified some interesting questions to ask stakeholders when furthering brand messaging based on a mission statement: 1) How do we embody this as an organization? 2) How does our content embody this? 3) How does our content further this? I’m super inspired to start considering these questions early in the content strategy process!

Lastly, just for fun, I scrolled through my tweets from the conference and compiled a list of my favorite nuggets of wisdom.

Confab 16

Top 10 Confab Higher Ed Conference Takeaways.

1. Buy notecards. Start incorporating card-sorting exercises into content strategy efforts. Jot words and ideas on index cards, then sort, discuss, re-sort, discuss again and then label notecards to organize thoughts. You can even use them to record notes during meetings with stakeholders.

2. Keep a work journal. Make notes on what you're doing while you're doing it, day in and day out. Conversations about projects happen in Slack, over email, in the hallway, etc. This method helps to manage all the different communications in an ongoing log of all conversations around a given topic. 

3. Findability is crucial. If prospective student visits a college website and can have a fancy VR experience but can't find out how to apply, something is wrong. 

4. Create a spark file. Keep a single running collection of all miscellaneous ideas and unused concepts. Take some responsibility for the stewardship for unused ideas. 

5. Learn to COPE. “Create once, publish everywhere.” Can I get an amen for reusable content?

6. Teach faculty to get social. Many institutions are cultivating and elevating conversations through social media; take advantage of this! They teach and train faculty to use Twitter and Pinterest to show off what they're doing in the classroom. In doing so, they make engaging content and support admissions, advancement, and marketing efforts.   

7. Embrace different types of content audits. There isn’t just one all-encompassing content audit. Content audits can be focused on items like site structure, distribution data, or quality—think accessibility and messaging. There are even design content audits to take stock of visual patterns, button styles and module types.

8. Design with compassion. In higher education, our work is never neutral. When we make design and content choices, we need to think about all the ways that our work will fail. For example, are we writing using hetero-normative assumptions? Are we excluding certain racial identities in our forms? Inclusion is our responsibility.

9. Really look at analytics. If you’re not, start. If you already are, look even more than you have been. Words people type into a website's internal search are a goldmine that indicate what users can’t find.

10. Tell stories, visually. In 2014, 1.8 billion images were uploaded to the internet every single day. Visual storytelling will only continue to grow. On that note, in the spirit of visual storytelling, here are a couple photos as I said good bye to Philly at 30th Street Station.

Confab 16

Did you attend? Wished you had attended? Feel free to drop me a line (do people still say that?) with your thoughts or questions! 

When you’re trying to stand out from the competition in a crowded digital space, how do you capture—and keep—your audience’s attention? Attention spans are shorter than ever as more people have become fluent in technology and digital platforms are embedded into most daily routines.  When users are searching for answers, they want quality information, and they want it instantaneously. How do you differentiate your content and separate your brand from the competition—in about 8 seconds or less?  The answer: make your content more visually engaging.

This Fast Five infographic highlights a few ways to execute this tactic by finding a balance between text, imagery, animations and data. By finding the right blend of strong visuals, clear content hierarchy and engaging layouts, you can grab your audience’s attention and drive your message home. 

Infographic Visual Content

Are you interested in learning about a website evaluation and exploring a new approach to your digital strategy? Contact SAI Digital today!

Calendar
May 2017  
 123456
78910111213
14151617181920
21222324252627
28293031