Written by Carl Jones, Founder of Konquest

The 10 Commandments of Commission & Rewards schemes:

About Konquest

Having a great rewards programme in place can make a real impact on your business, but managing calculations, disputes and approvals can become a drain on resource if like the rest of the industry you're still using spreadsheets. As you've made it this far, please permit me just a few more seconds to outline why I think you should consider looking at Konquest:

• Autonomy - an industry buzzword for good reason. Konquest automates your calculations.

• Transparency - sharing comms pipeline's with your team will boost motivation and with it performance. Konquest provides all shareholders with their own login so they can track progress.

• Security - spreadsheets are centralised, corruptible and insecure. Konquest is securely encrypted in the cloud.

• Accuracy - where manual process exists, human error exists. Konquest calculates accurately without fail.

• Audibility - Konquest retains a digital audit trail against every claim. Giving you peace of mind should you ever need to manage a dispute.

I'd love to hear from you - Carl@konquest.io

Clients, candidates, closing deals. We hear it all the time. It's the background chorus to life in a recruitment company. While sales bring in vital revenue, running a successful business requires more. So we're taking a break from usual broadcasting, to focus on a specific position: the finance director.

Welcome to Paul Glynn, founder of Aristar Financial Consulting & Aspiring FDs. Aristar provides an outsourced finance function to a portfolio of SME recruiters with a cumulative turnover of c£120m. He also runs Aspiring FDs, a 6-month development programme for heads of finance in recruitment businesses. Having worked in high-growth recruitment businesses gives Paul unique insights into the role. Here we go:

OneUp Sales: What would you say are the most common challenges for finance directors in recruitment companies?

Paul Glynn: Finance directors need to bridge the gap between sales and finance. It's an age-old issue: sales teams concentrate on closing deals and building relationships. Finance teams ensure a proactive & timely flow of intuitive reporting to the business whilst ensuring everything behind the scenes runs smoothly.

Incomplete or inadequate data from sales teams can make this a constant challenge. And it doesn't make managing cashflow any easier.

OneUp: The data problem is something we hear about all the time. And the truth is, there is so much CRM systems can do to help - if they're used well.

PG: One of my biggest challenges as an FD was trying to embed KPIs. "Those KPIs are wrong as I don't use the CRM!" was something I heard often. Incentivising sales teams to submit accurate data is a good first step.

OneUp: No CRM equals no data, right? How would you deal with this now?

PG: The most successful sales teams I have worked with are the ones enjoying work. For me, OneUp enhances the sales culture by creating competition and fun on the sales floor. From an FD perspective, it drives consultants to use the CRM through gamification. The beautiful by-product is that we suddenly have great data to work from.

OneUp: That's right. We're on a mission to bring fun to the workplace. OneUp links KPIs to sales competitions, head-to-head games and collaborative team missions. Actions only count as completed once the CRM is up-to-date. In the heat of the battle, submitting your data becomes second nature.

More data should mean more visibility for Finance Directors. What do you think?

PG: Absolutely, the platform highlights trends in activity to show areas of downtime. You can pinpoint inefficiencies in the sales process and target them with training. Early stage activity can be used to forecast revenue more effectively. If there are early indications of poor billings, they can be addressed in real-time. It also allows us to help consultants who are underperforming in the short-term by highlighting to them where their activity has changed from when they were performing well – to me that is invaluable!

OneUp: That's great to hear. We've recently redesigned our dashboard to give even greater clarity. The system also features an analytics toolkit. Configure your own beautiful reports with a few clicks. Easily export your data to share it at any time.

Thank you to Paul for sharing his insights with us.

Do these challenges sound familiar? Our "blank canvas" development approach means we can track any metric in any environment.

Check out our testimonials and book your demo now.

OneUp Sales are all about building successful sales floors through data. Their recruitment analysis and gamification platform helps you to finally get rid of those creaky old whiteboards (not that you needed much nudging!) and spreadsheets, replacing them with a vibrant, real-time dashboard and management suite, drawing data from your CRM/VOIP systems; all projecting to sales TVs around the office.

Visit the OneUp Sales partner page to view their exclusive Recruitment FDs' member offer 

SynergyGroup support your company’s IT, telecoms, security and 3rd party application requirements. They offer a menu of managed solutions; designed to suit you, your scale, complexity, operating hours, commercial risks and your internal capability. They work with you to advise which managed service level is the most appropriate to support your organisational goals and which products and services your business will benefit from. SynergyGroup understand that their clients value straightforward, easy to understand advice; alongside practical support to maintain their immediate business operations and enable their future plans.

Of course IT encompasses a lot of jargon that you may not know how to navigate. The following article, written by Chris Brunau, explains more about ransomware and how easily we can all fall victim to this.

Ransom malware, more commonly known as ransomware, is software designed to block users from accessing their computer system or personal files. While some types of ransomware can be easy to reverse, more advanced attacks will encrypt the victim’s files, making the data inaccessible without a decryption key. These advanced attacks are called cryptoviral extortion, which means the files will remain encrypted until the victim pays a ransom. Modern attacks often require victims to pay the ransom via cryptocurrency.

Who Does Ransomware Target?

Unlike kidnappings in the physical world, ransomware attacks are rarely directed to a specific user with deep pockets. Rather, they use a shotgun approach of trying many targets in the hopes that a small percentage are hit and charge a ransom that is not exorbitant to a single victim (yet totals prove quite profitable). They do, however, tend to target industries that are overtly vulnerable like higher education, healthcare, government, and law firms.

How Does Ransomware Gain Access?

In many cases, like the well-known Petya, WannaCry, or Locky, the malware enters by means of a phishing scam.

For example, a person inside a company receives an email from a job applicant with a file attached. The file’s name is some variant of “resume,” often with “pdf” within the filename, but it is actually an executable file. When the recipients of the email click the file, they must agree to the Windows User Account Control warning. For those who allow the control, the infection begins.

What Does Ransomware Do to Systems?

Different variants of ransomware, like CryptoWall or TeslaCrypt, work a little differently, but in general terms, Petya has been coined “the next step in ransomware evolution” due to its three-stage functionality.

Petya doesn’t encrypt specific files, unlike some ransomware. Instead, it overwrites the master boot record to encrypt the master file table. So while the files themselves aren’t harmed, the system doesn’t know how to find the files.

There is an in-depth resource about how different ransomware strains act by the Infosec Institute, but the general methodology is that they encrypt files or systems and then prompt the user to pay a ransom in order to decrypt.

Why Do Hackers Use Ransomware?

Ransomware is code that is relatively unsophisticated, so it isn’t hard to come by and generates huge returns. Statistically, a business falls victim to some form of ransomware every 14 seconds and in 2019, ransomware is expected to cost $11.5 billion. Most of the ransoms that are paid through an untraceable cryptocurrency.

“Ransomware is a game changer in the world of cybercrime,” says Marc Goodman, author of the New York Times best-selling book Future Crimes, founder of the Future Crimes Institute and the Chair for Policy, Law and Ethics at Silicon Valley’s Singularity University. “It allows criminals to fully automate their attacks. Automation of crime is driving exponential growth in both the pain felt by businesses and individuals around the world, as well as in the profits of international organized crime syndicates.”

Bottom Line: A Good Defense Is the Best Offense

Law enforcement suggests never to pay ransomware perpetrators as to not encourage them. TrendMicro’s research found that business people agree in principle: 66 percent said they would never pay a ransom. The same research, however, also found that when push comes to shove, 65 percent of companies attacked by ransomware actually do pay the ransom.

Experts agree that the best way to fight ransomware is by protecting your files and systems and preventing the ransomware from claiming your company as its victim. This is done with a multilayered approach:

• Use a good quality antivirus program, and patch and update operating systems regularly

• Educate your users about ransomware and how to detect phishing and social engineering schemes

• Back up files often -- and automatically. While the backup does not prevent infiltration, it does give you an out -- instead of paying the ransom, you can restore to your pre-attack status

Although ransomware attacks are continuing to increase, they can definitely be avoided with adequate protection. 

SynergyGroup advise clients on key support areas such as, enhancing the security of their 365 applications, how to provide instant retrieval of documents and emails (even those ‘’Permanently Deleted’’). BCDR in the event of data loss or hacking, agile and secure back-up solutions for laptop, and Early Warning systems that protect the business from malicious or accidental user behaviour. Alongside their internal / external threat audits and achieving Cyber Essentials accreditation for clients – SynergyGroup offer a wide range of solutions to a client’s Cybersecurity concerns.

 Visit SynergyGroup’s partner page to view their exclusive Recruitment FDs' member offer

Written by Andy Hinxman, Keybridge IT Solutions

In these modern times, data breaches are still a very real and tangible threat. For some, simply not paying back up costs or employing security measures may seem like a cost saving, but you will not realise its value once you experience data loss and breaches. 

So how can you avoid data loss and breaches?

There are two types of ways you can lose data or face a breach, deliberate and non-deliberate.

Deliberate attempts to breach data or data loss typically come from cyber criminals or disgruntled employees. Make sure you take every measure to prevent criminals from accessing your network, including permission maintenance, password security and restricting access.

• Have a firewall which can restrict user access outside your network and control traffic both inside and outside your network. It is a simple measure to take to mitigate against cyber criminals.

• Permissions and accessibility are key in maintaining security and preventing data loss and breaches. If an employee is always on the move, take additional measures to restrict data access or easily terminate access should the device be lost or stolen. Likewise, if an employee leaves (whether on good or bad terms), be sure to change ALL passwords and ensure they are secure.  A good example here is those utilising systems such as Microsoft 365; access can be blocked instantly and devices partially wiped If necessary.

• Passwords. We have said it before, but make them complicated and difficult to guess. The name of your loved one, favourite pet or favourite film are not good passwords, and things which make it easier for us, make it easier for the criminal as well. Something like Typsd5sd!gz$1 would be more secure than Mylovedonesname1. The more difficult it is to remember, the better to protect your network, and over time you will memorise your complicated passwords.  With the ability to have your phone and computer store your password whilst at the same time leveraging the security of Multi factor authentication (which is a must in our book), having to remember the passwords are not as necessary as they once were.

• Continue to train and educate your staff about cyber security, you may think they already know it, but always keep them up to date. Simply telling staff to not open attachments like ZIP files from people they do not know goes a long way to mitigating against cybercrime and data breaches. 

• Be vigilant and exercise caution! Be aware of spoofing and spear phishing which is when emails look as though they came from a senior member of staff, or in a response to an email chain, asking for money or to click on a dodgy link, like tracking information or to download an invoice. They can look fairly convincing, so can pass through spam filters, but do not come from the email user, rather from a similar email address. These are all rubbish and you should ignore them. If anyone ever asks for money, double and triple check with your Director before doing anything.

 Non-deliberate data loss or breaches can arise from hardware failures or lack of software, such as anti-virus and web protection. Hardware can fail, and so measures need to be taken to ensure that should they fail, your downtime is limited. Likewise, software needs to be kept up to date in order to protect terminals and alert to any failures.

• Always have up-to-date anti-virus to prevent against Trojans or other malicious software on your terminals. Always run scans and keep it up to date against the latest threats, which are increasingly evolving and becoming more convincing. Web protection offers an extra layer of security to your terminals, which can block certain websites or malicious websites (such as dodgy links in emails).

• Back up PCs and Servers with remote/ cloud back up out of the site. This is to ensure that any damage to the server/ PC does not implicate as well the backup HDD, tape or external backup. Backup regularly and ensuring it is actually backing up. Keybridge IT can supply secure remote backup, which, is monitored and maintained daily.

• Keep computers and servers in safe environments where they cannot be easily knocked over, gather dust or overheat. A gentle nudge can dislodge the hard drive or memory, which can cause further damage or data loss. Likewise, overheating can cause numerous issues for hardware and again can cause data loss and need for replacement, costing you more.   

• As mentioned above, ensure devices owned by employees are secure and protected, and if they leave the company or lose the device, you can lock down data easily. Microsoft Enterprise Mobility Suite is a software tool to accomplish this.

Keybridge IT  provide fully managed IT support services, which do encompass Anti-Virus, Web Protection and monitoring software to mitigate against cyber security threats, all for an affordable monthly cost.

Visit Keybridge’s partner page to view their exclusive Recruitment FDs' member offer

Written by Lauren Miller, Kyloe Partners

The term ‘Cyber Security’ is nothing new, but it’s a field that is constantly evolving and a topic which is becoming more prominent in businesses of all sizes. The chances are, if you’re working as part of a company that uses IT of any sort (and most do!), Cyber Risk is a very real threat that should be addressed. Despite its name, this risk extends beyond technology and requires having the correct processes in place and educating staff on adhering to these processes.

The discussions around Cyber Security are vast and overwhelming - a quick Google search on ‘Cyber Risk’ throws up over 140 million News results – for the purposes of this article, we’ll be focusing on the benefits of the Cloud when it comes to protecting your company.

The impact of Social Engineering

The Cloud is touted as a safer place to for your data data than a local server, so why do we still hear so many stories of high-profile data breaches? Security of the Cloud itself may be the obvious starting point for blame, but Proofpoint’s 2019 Human Factor report shows that more than 99% of the attacks observed required human interaction to succeed.

Social engineering (such as Phishing) influences human psychology and involves hackers accessing information by manipulating people into performing actions or disclosing sensitive data. By using social engineering, hackers can get hold of personal data without ever actually having to hack into the Cloud.

According to Security Boulevard, almost 75% of companies never equip people with minimal training, which means that organisations put themselves at risk.

Security benefits of the Cloud

There are many factors that influence Cyber Security so it’s important to remember that the Cloud isn’t a quick solution for eliminating risk, but there are various benefits which can help to reduce your vulnerability:

• Multi-factor authentication: as hacking techniques become increasingly sophisticated, a unique login and password aren’t always sufficient in protecting you. Staying on top of cyber threats can seem daunting and almost impossible for companies who don’t have large IT teams.

• Cloud-based solutions will take the hard work out of staying ahead and offer multi-factor authentication that verifies user identity via more than one method. For example, these verifications may combine something that the user knows (password), something that the user has (hard token), and something that the user is (fingerprint).

• Physical security: Cloud computing vendors are there to provide data safety – where small to medium-sized businesses may be restricted when it comes to physical security of their data and facilities, Cloud vendors have security as one of their main focuses, and therefore have the ability to employ stronger physical security measures at their facilities.

• There’s also no reason to worry about data being stolen as a result of misplacing storage devices or laptops and mobile phones. As data is stored on the cloud, the loss of a physical device does not affect the data.

• Security certificates: If you can’t afford to take chances with your data, compliance and security certifications are there to make it easier for you to trust cloud computing providers. Providers with certifications should be employing individuals who are qualified and experienced with configuring cloud servers and keeping client data secure.

Are you thinking of making a move to the Cloud?

In addition to the security aspects, the Cloud offers other benefits, from being able to work remotely, to lower IT costs. If you’re looking to make a move, beware of “Cloud pretenders” – vendors offering products that aren’t actually true cloud solutions. We’d recommend reading Bullhorn’s “Is It Really a True Cloud Solution?’ ebook, before committing to a specific vendor.

About Kyloe Partners

Kyloe Partners are recruitment industry, and Bullhorn, experts. We help recruiters get the right people into the right role as quickly as possible by offering clients of all sizes a real technology advantage in this fast-paced and ever-evolving industry.

Visit Kyloe’s partner page to view their exclusive Recruitment FDs' member offer

Written by Francis West, Westtek Solutions

Ever wonder what happens to your data if a company you’re doing business with has been hacked? Simply: it’s posted for sale on the Dark Web.

Let’s be clear about what we mean when we say ‘data’. We mean information, specifically, information about you. It will be anything the company that suffered breach held on you. So, it could be your name, address, email addresses, associated passwords, date of birth, bank details, credit card numbers, mobile and home phone numbers – in fact, a whole range of information that confirms your identity.

How Does It Matter?

When you use a credit card online, the retailer checks information associated with that card, the information you filled out on the application form. If the details don’t match, the transaction is declined. If a hacker has your credit card information, address and associated email, phone number, etc., there’s a good chance the transaction will be approved and you’ll end up having to jump through hoops to get your money back.

That was a fairly benign example. With all your personal information, a hacker can literally steal your identity, take out loans and credit cards in your name, siphon money from your bank account – and your mortgage too if they’re linked. You begin to see why keeping your data safe matters and why you don’t want it on the Dark Web.

What is the Dark Web?

Like the ‘regular’ internet, the ‘Dark Web’ is a collection of websites. The difference is the Dark Web is an encrypted network. This ensures the sites it hosts can’t be found by the casual observer using standard search engines such as Google or Bing or using traditional browsers such as Chrome and Safari. Websites on the Dark Web are encrypted specifically so their location, owners and activity can remain hidden. Anyone can access websites on the Dark Web as long as they’re using the right tool. Many of these along with instructions on how to use them, can be found with the help of YouTube. Before however, you go in search, we strongly advise you to leave it alone. If you don't know what you're doing, you could upset a lot of unscrupulous people. For those with darker or criminal intent, the Dark Web is full of possibilities.

Perhaps the most well-known of the sites operating on the Dark Web was (possibly still is) Silk Road – a sort of Amazon for people looking to buy things that aren’t legal, such as drugs, weapons and other awful, disturbing products and services. The other key offering on the Dark Web is people’s data.

How Much is Your Data Worth?

Dark Web Prices for Personal Data:

Source: Dream, Point and Wall Street Market – Feb 2018

Let’s break that down. Were you affected by the LinkedIn breach where 164 million emails and passwords were compromised? That happened in 2012 but it wasn’t until FOUR YEARS LATER the data was offered for sale on the Dark Web. People will often use work email for LinkedIn so hackers have gained access to work email now too. Any sensitive data contained in your email conversations will be harvested and used against you and your clients!

Once your details have been posted on the Dark Web, they stay there. FOREVER. It’s not a question of one buyer attains the rights to your details and they get taken down from the Dark Web. Anyone who wants them can pay the fee and have a go at hacking you - multiple hackers all targeting you, trying to steal your money in various and increasingly creative ways. And they’re using details you used years ago. Which is why you should NEVER reuse a password.

Ever log in to a website using “Login With Facebook”? Or “Login with Google”? If these details have been compromised, a hacker can use them to access any other site you log into using your Facebook or Google credentials.

If hackers get your Gmail details, they can access all your correspondence, your calendar and all your contacts. Does it matter if they have your Twitter login? Imagine the damage they could do to your reputation! Also – do you use the same email and password for Twitter as you do for Facebook? Or your Amazon account? Do you see where we’re going with this?

Our top 5 recommendations for protecting yourself:

1. Check all your email domains on www.haveibeenpwned.com. If you’ve been pwned, change every password on every account associated with it (if you can remember them all!)

2. Choose your passwords wisely: use three unconnected words, such as ‘ComputerGlassBusiness’. These types of passwords are virtually impossible to crack. Use objects you can see from your desk – makes them easier to remember.

3. Use a password manager such as LastPass, 1Password or Roboform – then you only need to remember ONE password and the app does the rest for you.

4. Don’t use work email domains for personal accounts or on websites used for personal surfing – keep your work email domain for work only!

5. Regularly check your email domains to see if they’ve been compromised so you can react quickly if you need to!

Did you know, Westtek Solutions now offers Dark Web scanning and monitoring? If you would like to see whether your domain has been compromised, get in touch. Our Dark Web monitoring service will notify you quickly should your information appear on the Dark Web. This gives you the best opportunity of preventing further loss of information or breaches that could cause you serious harm.

About Westtek Solutions

Westtek Solutions is a proactive Technology Success Partner that specialises in delivering cybersecurity measures, strategic consulting and technical support services to help you stay secure whilst maximising productivity. We make sure your technology works for your business and not the other way around.

Visit Westtek's partner page to view their exclusive Recruitment FDs' member offer