If you are not educating your employees on cybersecurity best practices, you are missing the biggest opportunity for improvement in your entire cybersecurity profile. Your employees have business-need access to a lot of important data, and their ability to protect that data — or to inadvertently let it walk out the door of your organization — is strong.
Lack of education has been at the heart of several incidents of a major security breach. Consider the scenario about the new HR employee who got an email from the president of the organization asking for all the W2 information on every employee, so that person sent them exactly as instructed. The employee did not recognize the fact that the email came from a hacker impersonating the CEO, and a major security breach took place.
Entire business models are based on this kind of fraud. Let’s pretend that I am going to build a site with the world’s best collection of cute pet pictures. I’ll give you the first 10 for free (and those 10 are the most adorable pictures you have ever seen), but to see more, you need to set up a username and password. The access is still free, though.
No big deal, right? Wrong. In this scenario, I own this website, I am a criminal, and my business model is to try to use the username and password you just entered at every major banking website, on all major email providers, on your company’s VPN portal, and anywhere else that I think you might have used the same username and password. I will then extract any valuable information I can from those sites, sell the information for a profit, possibly ransom your own data from you to make even more money, and then move on to the next victim.
Need some numbers to illustrate why educating your employees about cybersecurity practices is important?
- The IDG 2018 Global State of Information Security Survey reported that during the past year, the top sources of security incidents were current employees (30%), former employees (27%), and unknown hackers (23%). The main impacts include customer and employee records being compromised, and the loss or damage of internal records.
- According to the Ponemon Institute, 60% of employees use the exact same password for everything they access. Meanwhile, 63% of confirmed data breaches leverage a weak, default or stolen password.
So where can your company start? Start with a training program. Your employees need to be educated on cybersecurity best practices.
Any cybersecurity awareness training program should address implementing real password policies. There’s no easy way to say this, so I’m just going to say it: Passwords stink. They are no fun to create, no fun to remember, and no fun to type in. But passwords are still the most common authentication method today. It is imperative to implement a password policy requiring complex passwords that can’t easily be guessed, and end-user training to go along with it. Microsoft’s Active Directory “require complex passwords” setting is a start, but end-user training is also mandatory.
Many users apply the same passwords for every online system in which a password is needed. This is a problem. If one site gets hacked, cybercriminals will try your credentials at all common websites, and possibly at your firm’s VPN. It is imperative that your cybersecurity awareness training program encourage your team members to use different passwords for different sites, and especially for any system that your company uses.
Most companies have some sort of safety guidelines that their employees must follow or be aware of and cybersecurity should be no different. There are a number of companies that specialize in this type of training and picking the right type of training is critical.
Today’s cybercriminals come at your company from many angles. Their motivations are often more practical than many law-abiding citizens would expect.
Profit. They want money, and you have information they can monetize.
Influence. They can use data to manipulate business or personal situations in their favor.
Power. If your company dominates an industry or owns critical trade secrets, others wish to take that power away from you and use it for their own advantage. Cybercrime is one way to accomplish that goal.
Motives such as these change the way cybercriminals operate. They are organized. They share information among each other. They are often well-funded. And these things make them more dangerous. Some cybercriminals are also your employees. This is a difficult topic. While it’s true that internal employees are responsible for a large number of cybersecurity breaches, it’s also true that most of these are unintentional. They are a result of good people doing something they shouldn’t, either out of ignorance or because a cybercriminal tricked them into doing it (if you saw the movie “Catch Me if You Can” this is Frank Abagnale’s social-engineering behavior). Statistics on the exact percentage of “insider” cyber breaches that are deliberate vs. inadvertent vary widely, but the opinion can be held that the vast majority of insider threats are not malicious. No matter which statistic you believe, everyone agrees that many insider threats would have been prevented if the insider had understood how his or her behavior allowed a breach to occur. It’s easy to see why a good cybersecurity awareness training program is so important to the success of your company.
There is a risk of an employee with malicious intent to breach your sensitive data. Whether it be to share sensitive details to a competitor, profit from your data, or a disgruntled employee looking to carry out revenge against your company. If your company falls victim of a malicious-intentioned employee, finding out what happened is even more difficult because they often have high level system privileges that allow them to erase their tracks.
If your company is one of the unlucky ones where an insider deliberately caused a security breach, then you are automatically in the highest risk category of those susceptible to cybercrime. The keys to mitigate this risk are simple.
- Educate your employees.
Establish a strong mandatory and frequent cybersecurity awareness training program for your employees that clearly lays out the policy for cybersecurity and the consequences of violating the policy. Don’t allow employees to take home devices that contain sensitive files due to the risk of the device being stolen or sensitive data being transmitted over insecure networks at their home or other locations. Instruct your employees to never share their passwords.
- Know your people. Perform background checks on your employees to assist in identifying those that may take deliberate actions that would harm your company. Know which people have access to the most sensitive data.
- Guard your most sensitive data. Limit your employees’ ability to obtain access (intentional or unintentional) to sensitive information via a least-privileged approach to your data. Identify your most sensitive and valuable data. Then assign that data the highest safeguarding and most persistent monitoring.
Remove “local administrator privileges” from your users to their company-provided laptops or desktops. A local administrator is someone who can do anything he or she chooses to with a computer, such as install programs, delete files, change sensitive security settings, and so on. Turning on “egress filtering” on your network and limiting the use of USB thumb drives will make it harder for anyone to make copies of it and move them outside of your organization.
Ensure that you have forensics available to you. Tracking down an internal cybercriminal requires logging of network activity, especially for any access to sensitive information. Any logs need to be stored in an area that is limited to the fewest number of employees as possible.
In short, your employees are your most valuable asset, but can also be your greatest liability. They need to be trained on best practices to keep your data safe, and they also need to understand that you have forensic systems in place that will likely catch them if they attempt to access data they should not.
A “trust but verify” approach regarding employee access to your critical intellectual property is an important part of your company’s cybersecurity program.
Bryce Austin is the CEO of TCE Strategy, and actively advises companies across a wide variety of industries on effective methods to mitigate cyber threats.
At Mulhall’s Garden + Home, the goal isn’t more customers or bigger ticket sales, it’s fostering a passion for nature and encouraging growth. As the 60-year-old garden center sees an increase in new gardeners and an expanding interest in ecological health, they’re creating a space where customers and team members can continue that conversation.
In the single biggest re-investment of the garden center’s history, the Omaha, Nebraska, IGC is creating space for customers and employees alike to delve into a passion for plants. And in the process, they’re creating new ways for Nebraskans to come together to explore a shared interest.
“Omaha is a great town but it’s certainly not a big city,” says Mick Mulhall, president. “But the diversity that you see when you walk around the store, both in team members and the people shopping — I think that’s really encouraging.”
Just five years ago, there was concern about whether or not there would even be a next generation of gardeners. But now, Mulhall says the number of people who want to talk gardening is simply overwhelming.
“I think that plants and plant things are becoming increasingly important for a number of reasons,” he says. “This whole green movement, and it takes a lot of different names, but it has become a greater part of common conversation in the last few years than we ever thought possible. We always hoped for it, but we never thought it would happen this quickly.”
Mulhall’s mission is to drive that conversation and make the garden center a place where customers and employees can learn, grow and come together. Rather than focusing on specific ROI, it’s all about creating a community space where plant-lovers can feel welcome and inspired.
“What if the conversation became less about upselling and more about really thinking about our business in the context of climate change and in the context of this new sustainability movement?” Mulhall asks.
For example, Sarah Vanek, education and outreach manager, has been advocating for native plants since she started at Mulhall’s six years ago. In the time since she joined the team, she’s seen increased interest in the ecology of Nebraska’s backyards.
As part of the renovations, the garden center is installing native cultivars as part of its own landscape to provide a space to both show and tell customers about their options.
“We’re definitely seeing a lot more people trying to be a little more intentional about the plants that they’re choosing and how they contribute to the landscape in a bigger way,” she says. “I think also people are just wanting to engage and connect in the natural world generally.”
Since people have started spending more time at home during the pandemic, Mulhall’s is seeing more young people and young families take an interest in plants. From new gardeners to apartment dwellers wanting to green up their homes, there are a lot of different ways the garden center’s customers are finding an entryway into the world of horticulture.
“They maybe don’t have any experience with it, but they’re excited to learn,” Vanek says.
Mulhall’s is taking a big-picture look at sales, thinking more in terms of the conversations they’re having with customers and less on individual transactions. Toward the end of 2020, the company took a five-year retrospective look and found a strong increase in not only membership, but also in new gardeners.
“In our experience, focusing more on the immeasurable, meaning the size and texture and depth of the conversation, rather than sales volume, we’ve actually ended up being more successful than we thought we even could have been by those more conventional retail metrics,” Mulhall says.
The IGC has more than doubled its membership, and on top of that, individual ticket sales have increased by nearly 50%. “We’re meeting tons of new people,” Mulhall says. “A lot of them don’t know much about gardening and we’re ready to invest in that aggressively. And that is not how it was five years ago.”
The garden center is working hard to meet customers where they are. Rather than focusing on what has been traditionally successful for established gardeners, Mulhall’s is listening to what customers want and finding the answers they need to be successful. For example, if a customer comes in after researching a houseplant online, are you excited that they’re interested in the plant or are you frustrated that they have misinformation?
As Mulhall says, it’s all about being inclusive and encouraging that excitement. “We don’t really want to be a part of conversations that require telling someone they don’t know about something. I think how our industry handles the new gardeners is an interesting question and we work really hard to try to make people feel comfortable and included.”
Not only is Mulhall’s seeing a surge of interest from customers and the community, they’re also seeing a wave of new and excited team members. And the same approach applies. A huge part of the company culture is inclusivity and passion, so rather than looking for plant experts, the hiring process focuses on attitude, purpose and interest.
A large of part the Mulhall’s mission is engaging the community, inspiring connections to the natural world and advocating for Great Plains native plants, all while celebrating what makes the store unique — its diverse staff of several hundred employees.
For a while, the IGC was having a hard time hiring the traditional way, which included questions about plant knowledge. Now, they’re looking for curiosity and making space for those without a strong background in horticulture. “We as a company are very interested in curiosity. We believe in momentum. We are not very interested in experience and we really don’t believe in legacy,” Mulhall says.
The hiring and retention strategy’s core pillar is being one of the best places to work in Omaha, which starts with being a purpose-driven company. In fact, interviews begin with details about the IGC and what makes it a place people love to work for.
“I always start at the top, but I’d say what we’re about here is we’re trying to make our community a more beautiful place,” says Mark Perley, director. “That can mean a lot of things to a lot of different people but at its core, it’s getting people in touch with those feelings they have when they’re in nature.”
The interview process now really delves into what potential employees want to achieve and whether or not they’ll fit into the company culture, pushing practical plant knowledge to the side.
And what they’ve found is a diverse array of team members whose purpose aligns with Mulhall’s. Whether it’s a member of the management team or a seasonal cashier, they’re hearing a lot of the same answers about purpose and passion during the interview process.
So the company is focusing on making the technical aspects of the job as simple as possible in order to hire the right, passionate people to share it with their customers.
“When you hear it and when you feel it from the right person, it’s really amazing that it doesn’t matter what their age or demographic or education or anything is. You can just kind of hear and see the type of purpose they have in their own minds and you feel that alignment,” Perley says.
To further empower their employees, Mulhall’s renovation has created collaborative spaces for the team to share knowledge and optimize their talents. With space for a typical break room, special focus areas, spots for coffee chats, and a more library-type setting for individual and collaborative work, the new employee offices have areas of all kinds of ways to work together, or separately.
BACK TO THE BEGINNING
Now in its third generation of ownership, the Mulhall’s management team has been long been pondering the best use of their land to serve their customers.
Mulhall’s grandparents, John and Maureen, immigrated to the U.S. from Ireland in the 1950s and opened Mulhall’s Landscaping & Lawn Service shortly after. In the early 1970s, they bought the land the garden center now sits on for their landscape company,
“He bought the land to serve his mission, making his new home a more beautiful place to live and work, and it was in that spirit that they built a store to help get more plants into people’s hands, particularly landscapers’ hands, and we’ve been trying to think about that ever since, imagining how we can do this a little bit better and what we might be able to move here or there and how we can welcome more gardeners to this intersection and this part of Omaha,” Mulhall says. “You know, honoring the spirit of the place and the people and what brought us together in the first place.”
This particular renovation was inspired by the swell of interest in the store. Mulhall says it inspired the team to start looking at how they could use their buildings as a physical space to grow conversation around land care in Nebraska.
“It’s been really exciting to join a few years ago and see the opportunity here to continue growing a lot of things that the previous generations started,” Perley says. “So it’s definitely been thought about for a long time and a really fast and furious 12 months putting it all together.”
Mulhall’s Garden + Home sits between two creeks and Mulhall says they’ve always thought the land could be used more efficiently. Mulhall’s uncle, father and grandfather focused heavily on stabilizing the business and making it more professional. Now in its third generation of leadership, they get to focus more on what they really want the business to look like.
“I think the gift to us is that we really get to come full circle with the foundation and a business system sophisticated enough that we can really plan, and we can really think about what we want this to look like,” Mulhall says. “I think we’ve just been super lucky that what we want to talk about increasingly happens to be what our customers want to talk about, and I don’t think it would have worked five years ago. The more we want to talk about native plants, the more people seem to want us to talk about it. And that’s new and really cool.”
The first phase of renovations, which was completed by four local companies, include new office and break room spaces to facilitate better collaboration between employees. The new space includes movable workstations, standing desks, outdoor meeting spaces, updated conference rooms, a personal wellness room and a brand-new break room. And, of course, there are plenty of plants throughout.
For retail customers, there’s a new entrance pavilion that Mulhall hopes will become the hub of not only the store, but a gathering place for the new gardening community he sees in the Omaha area.
On top of that, there will be a whole new set of native plantings to explore and enjoy as a natural oasis in the city. While supporting local pollinators, birds and biodiversity, the plantings are also designed to inspire customers to plant their own native gardens. It gives IGC employees the chance to point out particular native plants like goldenrod to customers who are looking for native options.
“The Great Plains native landscape isn’t necessarily obvious. The nuance of it is intensely beautiful and so I think making space for that and being able to show people that is exciting,” Mulhall says.
The new landscape, which is designed to mimic the natural ecosystems found in Nebraska, is also a point of collaboration for educational programs and workshops. From seed collecting to talks about the science behind the ecosystems, the IGC is ready to bring the community in to learn more about their own backyards.
“I’m really excited to have our landscapes kind of help inspire more connection with our local natural ecosystems and give inspiration for how people might do that in their own landscapes,” Vanek says.
And for landscapers, there are plans for new professional customer pickup. Mulhall’s is going to be adding parking stalls and a large loop for fast, efficient drive-through pickup. “We expect that to be significant,” Mulhall says. “We’ve grown that [segment of the business] a lot this year and we expect to grow that a lot in the future.”
As Mulhall says, landscapers want to get in and get out fast, and they want to know what Mulhall’s inventory is before they arrive. “And we’re on it,” he says.
While Mulhall’s has been growing its landscape division and growing the larger conversation about ecology, land care, gardening and connecting with nature, there are other segments that they’ve removed in recent years like indoor décor.
“We’ve walked away from a lot of businesses I think a lot of other garden centers might have,” Mulhall says. “We really keep it pretty focused on plants and plant things.”
By looking to the future and preparing for the next generation of gardeners, Mulhall’s renovations are not only an investment in the store, but an investment in the industry as a whole.
Workshops, talks and events have long been a key way that garden centers have attracted new customers and driven sales. But the ongoing pandemic has brought many of these programs to an abrupt halt and sent us scrambling for alternatives. Fortunately, other options for education, celebration and customer experiences exist, and these just might prove to be valuable once we get back to gathering in groups once again.
“Grab and go” projects
Although it might not be possible to have people group around tables to plant containers or make garden crafts, there are ways to keep creativity alive. Materials for a project can be assembled into kits that can be picked up at the garden center and put together at home.
This might require writing out instructions in advance and tucking those in with the supplies. But as an alternative to printed directions, you could film a short video about how to assemble the project and post it on YouTube. A link to the instructions would be included in with the supply kit, and/or emailed to your customer list. In fact, seeing the video might convince many to call and reserve the supplies that are conveniently gathered for their use.
Grab and go projects that parents can do with their children also offer opportunities for sales and for introducing young people to horticulture. Fairy gardens, seed starting, spring color bowls of annuals or a living Easter basket planted with grass seed are just a few projects that can be assembled into kit form.
Whether you want to educate your customers about how to prune their shrubs or plant a tree, Zoom or other virtual platforms might be your new venue of choice. Through the screen sharing feature you can either show a PowerPoint presentation or a video on the topic, and take customers’ questions in the chat window afterwards.
You’ll need a staff member who can provide the necessary photography, create the PowerPoint and speak about the subject. Secondly, you’ll need to sign up for a virtual presentation program such as Zoom. Initially a mid-level Zoom Meeting plan can meet most garden centers’ needs, but should your business decide to schedule many virtual events, a webinar plan will offer you additional advantages such as live streaming to social networks and PayPal integration.
Although some IGCs will need to invest time in becoming proficient with the creation of visuals and the mechanics of Zoom, these are skills that will pay off into the future. Virtual presentations often reach larger audiences because they can be presented after normal work hours. Parents, or those who would never dream of going back out once they’re home for the evening, can participate from their homes. Further advantages include no limitations on space, no need for staff to clear an area and set up chairs and no reason to keep employees in the store after normal business hours. Additionally, virtual presentations can be recorded and offered through your website or used for future marketing.
Virtual social connections
Human beings want to connect and a Zoom meeting is better than no face-to-face contact at all. Consider organizing special interest groups around topics your customers are interested in. Houseplant, vegetable gardening or flower garden clubs can meet occasionally or regularly online, with your staff expert leading the group. Members can share photos, ask questions and seek advice, and you have the opportunity to put your plants and products front and center during each gathering.
Even as we need to continue to distance and wear masks to prevent the spread of COVID-19, outdoor events are still possible. These also come with challenges, such as finding places where people can be spaced at least 6 feet apart and being understood when speaking to a group through a mask.
For these reasons, smaller groups might work better even for classes that are held outside. Consider scheduling walk-and-talk sessions where a set number of customers can be led through the nursery to learn about specific plants and garden practices. Advance sign-ups allow you to control the size of the crowd. Some may even want to charge for a walk-and-talk event, structuring the fee to accommodate each attendee receiving a plant or product at the end of the class.
At this point in the pandemic, we’re all getting tired of hearing the word “pivot.” Yet the reality is, we’re not just called to turn in different directions, we’re also seeing that in doing so we’re presented with new perspectives and valuable opportunities.
C.L. Fornari is a speaker, writer and radio/podcast host who has worked at Hyannis Country Garden, an IGC on Cape Cod, for more than 20 years. She has her audiences convinced that C.L. stands for “Compost Lover.” Learn more at www.GardenLady.com
As new gardeners made their foray into the backyard dirt or filled their homes with new plants in 2020, IGCs have been faced with the challenge of converting first-time gardeners into lifelong customers. While welcoming new gardeners and helping them succeed has been a topic of conversation for a while, the issue has really come to the forefront since COVID hit North America.
In this month’s issue, we take a look at what one independent garden center is doing to inspire and encourage a love of plants in Omaha, Nebraska. At Mulhall’s Garden + Home, the team is taking a holistic approach to connecting customers and employees with nature.
By undertaking an extensive renovation to create inspirational spaces both in the store and in the landscape, the company is investing in a myriad of ways to keep customers and employees engaged with and connected to nature.
But it’s not just the space, reaching out to them and making an effort to meet them where they are. The world of horticulture can be intimidating to new gardeners, or new garden center employees, but Mulhall’s is working to meet people where they are and provide them with the knowledge they need to succeed, both in the garden center and at home.
As Mick Mulhall said to me last year, it’s easy for knowledgeable groups like plant people to build up a sense of belonging or permission, and it takes a lot of work to break down those barriers. But that’s exactly what the IGC is striving to achieve. You can read more about their mission on page 20.
Building on the momentum of 2020 is a monumental task, and as we kick off 2021, welcoming new gardeners is top-of-mind for many. We’d love to hear what your operation is doing to include a new kind of customer.