Lendmark Financial Services, a household credit provider based in Lawrenceville, Georgia, that offers personal loans, automobile loans and retail merchant sales finance services through more than 350 branches in 19 states, needs to be on top of customer data security. It’s one of CIO Mark Lawrence’s biggest concerns.
But digital transformation—a critical necessity, in Lawrence’s view—can create new security threats.
We talked with Lawrence about how he navigates these treacherous waters, a CIO’s role in the overall business and the most important aspects of IT strategy in 2021.
What are some of the biggest challenges for CIOs in leading the digital transformation of their companies?
Leading transformation of any sort is important, yet digital transformation is especially important, regardless of industry, for a company to keep pace with customer and market expectations. Digital transformation helps ensure a company remains competitive.
Digital transformation is also particularly challenging because it requires navigating a broad range of user expectations throughout the process. Most of today’s workforce has some level of digital skillset. On an individual level, while it is relatively easy to quickly adapt to a new smart device, laptop or a bank’s mobile app, preparing a company for digital advancement takes time and careful planning. “Tech savvy” employees can become frustrated waiting while plans come together to manage hundreds of devices or capabilities, all of which must be tested, implemented and supported.
Can that impact a company’s security?
Maintaining security is a key aspect of leading digital transformation. Protecting a company during digital transformation—whether securing employee and customer data, protecting the company’s brand or reputation or addressing regulatory considerations—requires selecting the right technology partners, and integrating planning, testing, roll-out and ongoing support and maintenance.
Some business departments choose to embark on their own digital initiatives to the exclusion of IT—a process sometimes referred to as “shadow IT.” Departments do this because they grow impatient with the process, not understanding the various layers required for enterprise implementations versus the relative simplicity of what it takes to upgrade one’s personal device.
Keeping affected departments involved and executives informed and on the same page during digital transformation is crucial. Bottom line: transformation must be led.
As CIO, how do you assess risk and address cybersecurity?
Volumes of regulations address the various aspects of cybersecurity, from industry regulations such as the Payment Card Industry Data Security Standard, to state regulations like the California Consumer Privacy Act, to federal government regulations like Gramm-Leach-Bliley.
I’ve found it helpful to start conversations on this topic with a simple question: “How would you want Lendmark to handle your personal information?” Until risk and cybersecurity become personal, risks always seem to happen to someone else. Given our extensive use of partners for critical aspects of our business, we are dependent on those partners to maintain a rigorous cybersecurity practice to secure their infrastructure.
To assist in that regard, we have a robust vendor risk process to review our partners’ standing relative to cybersecurity. Internally, we start from a zero-trust point and only grant access necessary to perform a job function. Routine scans of any entry point into our company network are conducted periodically to probe for vulnerabilities. We also enlist services from subject matter expert providers to help minimize our risk profile and run cybersecurity tabletop exercises to rehearse our incident response plans and procedures.
Explain how you use technology to support business objectives.
In my experience, the business of IT is the business. Apart from Lendmark’s field staff and its ability to make loans and service our customers, IT doesn’t generate revenue. Our technology must support the needs of the business and enable them to be as efficient as possible. More important than any technology is maintaining relationships with the business leaders to appreciate their challenges and find the right technology to support them.
IT must be managed like a business, knowing where and when to spend and, as importantly, when to stop spending on any technology that’s not meeting the business objective or has become obsolete. Technology for technology’s sake isn’t always the best fit for the business or the budget.
Tell me what comes next in business through the lens of the CIO.
If you’d asked me that question at the start of 2020—i.e., pre-COVID—I wouldn’t have forecasted a pandemic response would be what we would focus on for the next year! Now, I will say that designing and maintaining an IT strategy that can respond quickly to changes in the business environment will be a huge differentiator going forward. As rapidly as technology changes, not being saddled with a one-trick pony solution or provider is critical.
Above everything, the right people on the team—people who are committed to the strategy, are experts in their respective areas and can work cohesively as a team and not worry about who gets the credit—is a must-have to be successful at addressing what comes next.