Government regulations

/in /by

Any business that stores customer payment information must comply with a number of state and federal regulations. The legal, healthcare, and financial sectors have a number of laws tailored specifically for them (such as HIPAA or CISPA). If you run almost any kind of professional practice or agency you probably have very specific data security requirements. Running afoul of these regulations puts you at risk for legal action and probably means that you have bad security in place.

As a professional, your focus needs to be on your clients and running your firm. Regulatory requirements to ensure data security can be complex and include rigorous testing requirements. Ensuring compliance with the regulations can be a serious distraction for you and take you into territory where your experience is limited.

One of the best solutions is to work with a third party who has strong credentials in the area of regulatory compliance and data security. When you are working with a third party to set up security or data storage, make sure that they have experience working in your industry. Finding a service provider with experience in your profession can give you peace of mind knowing that you can focus on running your business without the distraction of ongoing technology concerns.

Higher goals get dragged down by Tech: The NPO story

/in /by

If you are a smaller Not-for-Profit, it is likely that your organization has been driven from its inception by individuals strongly motivated with a passion for their cause or humanitarian goal. As a result, it is also possible that the leadership has little interest in developing the administrative technology infrastructure that is necessary for any organization to function in the internet age.

Failure to understand and focus on technology can damage an organization’s growth and success. However, NPO leadership has to be laser focused on the day-to-day struggles of the organization such as seeking funding, keeping the doors open, and pursuing the mission. As a consequence, technology infrastructure may be cobbled together as an afterthought; resource limitations may lead to short term tech decisions that can be wasteful and more expensive in the long term.

An NPO, with its tight budget margins, is an excellent example of an organization that could benefit from outsourcing its fundamental tech needs to a MSP. A MSP can determine short and long term needs, assess possible solutions, and propose the most cost effective tech solutions to ensure a stable, long-term tech infrastructure. Without the time or stomach for administrative distractions, NPOs may continue to use the break/fix model, making less informed tech decisions that may ultimately waste precious resources. Good and careful planning with a professional can mean a better strategic use of organizational resources far into the future.

Password basics people still ignore

/in /by

You can have all the locks on your data center and have all the network security available, but nothing will keep your data safe if your employees are careless with passwords.

  1. Change Passwords – Most security experts recommend that companies change out all passwords every 30 to 90 days.
  2. Require passwords that mix upper and lowercase, number, and a symbol.
  3. Teach employees NOT to use standard dictionary words ( in any language), or personal data that can be known, or can be stolen: addresses, telephone numbers, SSNs, etc.
  4. Emphasize that employees should not access anything using another employee’s login. To save time or for convenience, employees may leave systems and screens open and let others access them. This is usually done so one person doesn’t have to take the time to logout and the next take the effort to log back in. Make a policy regarding this and enforce it. If you see this happening, make sure they are aware of it.

These are just a few basic password hints, but they can make a difference.

Leveraging your business data to drive better business outcomes

/in /by

Leveraging your business data to drive better business outcomes

Smaller firms may hear about AI and how data is driving the big corporations of the world, but they often don’t realize that they can do the same. The size and age of your business doesn’t have to be a limiting factor in whether you use data. Today’s blog is a quick look at data management for the small firm.

The first lesson is: don’t take your data for granted. The basic business model for some large IT companies is monetizing the data that they collect. While this may not be your goal, you probably collect a great deal of data about your customers, prospects, and operations. An MSP can help you make better use of that data. Here are just three examples:

Marketing

Data tells you who is interested, when they’re interested, and in what they are interested. Data can tell you where each individual prospect sits in the sales funnel, so your marketing messages reach them exactly where they are. It can also track the performance of your online marketing initiatives.

Forecasting and Sales

Customer Relationship Management applications exist because of the data that can now be collected. They monitor sales efforts, nurture leads, and work to improve customer engagement.

In-house and Operations

Data can track all manner of things in your production of goods or services, identifying where resources are being spent in each step of the process. Data can also be used in scheduling and pricing, although these tools can have human resource and customer relations implications that need to be carefully considered.

Planning and the Future

Technology is more than just something to run your business today. It can be a source of innovation for the future of the business, pushing it in new directions. You should be taking a proactive view of technology as a strategic tool for the long-term growth of the business. How can new technology help with in-house software development, infrastructure upgrades, digital transformation, and product innovation? Questions to ask in this context would be “can technology improve the delivery of products and services, or improve qualitatively the nature of the product or service itself?” As part of C-suite plans to stay competitive and thrive in the market, leadership needs to understand what new technologies are available for future innovation. However, that means you need technology support that is focussed on strategic planning; understanding new technologies that can move the business forward. For an SMB, Managed Service Provider can be the CIO/CTO that understands your business and helps plans for the future.

In summary, most SMBs are limited in how they can make use of technology in their strategic planning. As a result, this may compromise their capacity to remain competitive in the long-term. Consider using an MSP as a strategic partner in your long term planning.

Roadmaps for Data Security and for Strategic Planning

/in /by

Roadmaps for Data Security and for Strategic Planning

It is time you were encouraged to stop looking at the technology you use to run your business as just some reliable piece of invisible infrastructure that hums along in the background.

Instead, business owners should look at technology from a strategic perspective. What can technology do to support business in the future? How can new technology help your present business evolve and adapt to new market demands and customer expectations? For instance, AI is a new technology that may create serious disruption in many industries. Failure to think into the future could put a business at a disadvantage. Unfortunately, most small businesses face two challenges that make it difficult to incorporate new technology into their strategic plans.

  1. In-house staff focus more on maintaining existing technology – For many SMBs, in-house IT staff resources are limited. As a result, much of their time and attention must be focused on putting out fires and handling emergencies. Beyond that, day-to-day maintenance and support of your IT infrastructure is probably stretching them past the breaking point.

  2. Leadership expertise in SMBs is concentrated entirely on running the business and growing revenues. Very simply, SMB leadership’s skills are in their specific industry. Management needs to be focused on the product or service and driving revenues. The issues get back to “core competencies.” A business that gets distracted from its core competencies may damage its focus on quality and meeting customer expectations.

Because of these two challenges, SMBs tend to not integrate technology into long-term strategic planning. They simply don’t have the luxury of devoting resources to IT planning. There is a solution, however. An MSP has the depth and breadth of resources that you could never hope to build and manage internally. To do so would drain management focus and be financially unsupportable.

What can an MSP bring to a small business? Here are six areas where an MSP can help a small business act strategically and integrate technology into long-term growth plans.

Building a Technology Roadmap

At the heart of a technology roadmap is this question: “Can technology improve the delivery of products and services or improve qualitatively the nature of the product or service itself?” A technology roadmap works to develop a complete, concrete answer to this question. It is a long-term planning document that defines how and what technology should be incorporated into the growth of the business. Individual parts of a roadmap will address specific aspects of the company’s technology such as software development, infrastructure upgrades, digital transformation, and product innovation. A technology roadmap that includes product innovation is especially important. The roadmap may also include research and development initiatives.

Creating a Security Roadmap

A security roadmap is the result of a risk management analysis. By analyzing the vulnerabilities in your IT infrastructure, including cyber security threats, an MSP can create a security roadmap that identifies all the actions that need to be taken to fortify your IT infrastructure as much as possible. Like a technology roadmap, it is a specific plan for ensuring that your data, network hardware and software remains safe from cybercriminals. Data is critical to your business. It is proprietary and it is also very vulnerable to theft. A data breach can be a real threat to the viability of your business. The legal and reputational consequences can take down a small business. A security roadmap can include:

  • Determining what regulations govern your data (HIPAA, GDPR, FERPA, etc.)
  • Developing access protocols
  • Training employees about human vulnerabilities to cybercrimes, such a phishing
  • Creating effective backup procedures, which are a particularly important defense against ransomware attacks

An MSP can help you prepare your business for tomorrow’s market

/in /by

An MSP can help you prepare your business for tomorrow’s market

Many small businesses tend to view an MSP as the local fire truck. Available when an emergency happens, they rush in, put out whatever tech fires broke out, and then leave. This is also known as the “break-fix” approach to technical support. However, an MSP can bring many types of value to a small business. In particular, an MSP can function as a strategic partner for a small business. Technology needs to be part of your long-term strategic planning. MSPs have the ability to devote energy to understanding emerging trends that can help your organization develop a “technology roadmap.” This is a long-term strategy document that outlines how and what technology should be used going forward. The roadmap takes a proactive view of technology as a strategic tool for the long-term growth of the business. Individual parts of a technology road map will address specific aspects of the company’s “technology” such as software development, infrastructure upgrades, digital transformation, and product innovation. A technology roadmap that includes product innovation is especially important. Questions to ask in this context would be “can technology improve the delivery of products and services, or improve qualitatively the nature of the product or service itself?” The roadmap may also include research and development initiatives. As part of C-suite plans to stay competitive and thrive in the market, leadership needs to understand what new technologies are available for future innovation.

Here are just a few examples of how an MSP’s specialized staff with expertise can help.

Software Development – Strategic IT should be evaluating the present software applications and addressing improvements and re-designs that will address potential customer demands.

Infrastructure Upgrades as the Business Grows – There are many examples, but a simple one is redundancy. As a business grows, it becomes increasingly important to address redundancy. The larger the business, the more complex the infrastructure becomes. It is important that businesses look throughout the infrastructure and identify the single points of failure that need to be addressed and developing real-time work arounds and disaster recovery plans is an increasingly complex task that requires significant resources and attention.

Digital Transformation – Digital transformation refers to taking tasks and using digital tools to improve efficiency and response. This can mean anything from moving from in-house servers to the cloud, using SaaS, creating online portals for sales and marketing, to just about anything you can imagine. A new example is the use of AI, especially machine learning which can be used to develop more effective inventory planning and offer more precise marketing responses to individual prospects.

Security Roadmaps – A security roadmap is similar to a technology roadmap, but with a very tight focus. Ensuring your data remains safe from cybercriminals, internal error, and software or hardware breakdowns is the goal of a security roadmap. Your data is critical to your business. It is proprietary and it is also very vulnerable to theft. A data breach can be a real threat to the viability of your business. The legal and reputational consequences can take down a small business. A security roadmap can include:

  • Determining what regulations govern your data (HIPAA, GDPR, FERPA, etc.)
  • Developing access protocols
  • Training employees about human vulnerabilities to cybercrimes, such a phishing
  • Creating effective backup procedures, which are particularly important defense against ransomware attacks

Data Management: Everyone knows that data is valuable. The basic business model of some of the largest IT companies hinges partly on the value of data for advertising. But for even the smallest business, significant amounts of data can now be collected. An MSP can help an SMB use that data to tighten inventory, for example. Three ways data helps your business succeed.

Marketing – Data tells you who is interested, when they’re interested, and in what they are interested. Data can tell you where each individual prospect sits in the sales funnel, so your marketing messages reach them exactly where they are. It can also track the performance of your online marketing initiatives.

Forecasting and Sales – Customer Relationship Management applications exist because of the data that can now be collected. They monitor sales efforts, nurture leads, and work to improve customer engagement.

In-house and Operations – Data can track all manner of things in your production of goods or services, identifying where resources are being spent in each step of the process. Data can also be used in scheduling and pricing, although these tools can have human resource and customer relations implications that need to be carefully considered.

In short, there are a lot of areas where technology can be used to not only run your business today but can propel your business forward. Technology that is viewed strategically, not just as a tool to get things done today, can drive revenues and help a SMB remain competitive as the market changes. An MSP has the deep experience and resources to understand your business and contribute to your strategic planning at the C-suite level without requiring the resources necessary to build it up from within.

Ransomware emails: How to identify

/in /by

Ransomware emails: How to identify and steer clear of them

Ransomware attacks have suddenly become more prevalent. Each year sees more of them. Hospitals, NPOs, shipping giants, etc., have all been victims of ransomware attacks. Your business could be too! Did you know that emails are one of the most common gateways for ransomware to get into your systems? In this blog, we tell you how you can stay safe by following a few tips.

If you think something is amiss, it probably is

Does that email seem unfamiliar? As though you weren’t meant to get it, or it doesn’t quite sound like your colleague wrote it? Perhaps it’s not. Malicious email senders often try to mask actual email IDs with something similar. For example: An email you believe to have come from billing@yourvendor.com might actually be from billing@yourvemdor.com. So take a good look at the email ID if you spot something ‘phishy’.

Attachments and form fills

Does the email contain an attachment that you are being asked to save to your computer? Or an executable file that you are asked to run? Perhaps you are asked to submit your personal details at an authentic looking website. Before you do any of these, check the authenticity of the email and the message. Were you supposed to receive it? Were you expecting an attachment? You might even want to call the sender and confirm if you are unsure.

The message seems to instill fear or a sense of urgency

Often, malicious email messages urge you to take immediate action. You may be asked to log onto your ‘banking website’ ASAP to prevent your bank account from being frozen, or enter your ITR details onto a webpage to avoid being fined by the IRS. Real messages from your bank or the IRS will never force or hurry you to do something.

Other things you can do

Regular data backups

Conduct regular data backups so that in the eventuality of a ransomware attack, you don’t lose your data. Cybercriminals having access to your data is bad enough–it damages your brand and business reputation and can even attract lawsuits from parties whose personal information has been compromised, but, not being able to retrieve all that data in the aftermath of an attack is even worse. Regular backups help you in that regard, plus when you have a pretty recent data backup you are not reduced to the state of helplessness where you HAVE to pay the ransom to retrieve your data.

Install an anti-malware tool

Last, but not least, invest in anti-malware tools that can detect malware attacks and alert you before you fall prey to them. Such tools scan emails, links and attachments and alert you if they are found suspicious.

No matter how big or small a business you are, ransomware attack is a reality and applies to you. It is better to be prepared than having to cough up huge sums of money to free up your data later and even then there’s no guarantee your data will be restored by the cybercriminal.

MSPs can focus on issues you don’t have time for

/in /by

MSPs can focus on issues you don’t have time for

Every business relies on technology to function. From simple things like email, VoIP, and the internet, all the way to predictive analytics for inventory and sales, digital technology is at the root of every business. Unfortunately, no matter how much small- to medium-sized businesses may rely on their IT infrastructure to operate, they often try to “get by” with their in-house IT staff to keep things running. In this blog, we will discuss the value a Managed Service Provider brings to an SMB: a value that cannot be replicated in-house.

First, it is important for a business owner to realize that an IT infrastructure is not a static entity. Nothing is “plug-and-play” in today’s business environment. There is no “build it and forget it.” Because everyone relies on technology that must be running 24/7, businesses need to be proactively monitoring the performance and availability of critical infrastructure, such as servers and networks. There are just so many things a business has to worry about. Cyber criminals are always coming up with new threats, so anti-virus software isn’t enough. Consequently, active endpoint monitoring needs to be happening around the clock.

So, why is an SMB limited in its ability to meet all of its technology needs in-house? One reason is management focus. Business owners need to focus on core competencies. They need to focus on running the business and producing revenue-driving goods or services in their area of expertise. Diverting focus to managing an IT team in-house may not be an ideal use of their time. It may also not be an ideal use of their skills. Additionally, resources are limited, and an SMB loses the advantages of economies of scale when it tries to do everything in-house. In a smaller operation, IT staff often need to focus on day-to-day functions, including putting out fires. This limits their time to think strategically and determine ways that technology can innovate and keep the business competitive in the longer run.

So what can an MSP offer that the in-house IT staff cannot?

A Managed Service Provider is staffed by IT practitioners whose sole focus is technology. Many focus only on specific industries. This means that your MSP organization is composed of individuals who have specialized experience and training in one specific area of technology such as cyber security, cloud computing or network infrastructure. MSPs also have the resources to invest in continuous training and professional development. That means keeping up with the latest developments in technology and emerging trends. If focused on one industry, they analyze competitive changes in that industry and how technology can provide strategic advantages for their clients. MSPs also can set aside time for attending conferences, webinars, and networking events to share knowledge and stay ahead in their field. They are also more likely to have the resources to provide their consultants with access to professional publications and newsletters.

Why is this so important? First, analyzing present problems and performing routine maintenance tasks isn’t necessarily “routine.” New threats and changes can create disruption in existing configurations. (Anyone who has downloaded a new software upgrade is aware of that!) Secondly, in-house tech staff, except for those in the largest organizations, are more task focused than strategic. This isn’t due to a lack of awareness of the value of planning and development. It is primarily a resource problem that is inherent to SMBs. Unfortunately, the result is that in-house staff may not be able to contribute at a strategic level, thus limiting the ability of the organization’s leadership to incorporate new technology into long term plans.

Keeping your data safe: Access Control

/in /by

Keeping your data safe: Access Control

Cyberattacks are a commonplace today. Malwares such as viruses, worms and more recently ransomwares not only corrupt your data or hold it hostage, but also inflict irreversible damage on your brand and business. As a norm, most businesses these days do invest in anti-virus/cybersecurity systems. But, is that really enough? The answer is–NO. Because, they often overlook one important aspect–access. Ask yourself, how easy is your data to access? How can you strengthen the walls that keep your data safe? Read this blog to find out.

Role-based access

Always follow a role-based access permission model–meaning people in your organization have access to ONLY the data they REALLY need. Generally, the higher the designation, the deeper the data access permission and stronger the rights. For example, someone at the executive level may not be able to edit your MIS spreadsheet, but a manager should be able to.

Formal password controls

No matter how good your cybersecurity, you need to ensure the protocols are followed at the ground level. Enforce policies regarding passwords strictly and hold violators accountable. Examples include-

  • Password combinations – Ensure your staff follows the recommended best practices when selecting passwords so there are no ‘easy-to-crack’ passwords
  • Password sharing – Thoroughly discourage password sharing across your organization. No matter who asks for it, passwords shouldn’t be disclosed unless authorized as per the protocols.

Don’t ignore physical security

Virtual security is a must, but so is physical security. Though there is only so much physical access controls can do in keeping your data safe in the BYOD era of today, don’t overlook this aspect. Installation of CCTV cameras on-floor, biometrics/card based access to your workspace/server rooms, etc. also have a role to play in data safety from the access perspective.

Training & reinforcement

Finally, train…train…train. You need to train your employees on the protocols for data security and access so they don’t mess up accidentally. Conduct mock drills, refresher trainings, follow up with quarterly audits, and use positive and negative reinforcements to ensure everyone takes it seriously. Because, at the end of the day, no cybersecurity software is good enough, if the best practices related to data access are ignored.

IT isn’t just about filling seats

/in /by

IT isn’t just about filling seats

No matter the size of your business, no matter what the product or service, your company is at least partially reliant on technology to survive and function in today’s marketplace. It is just unavoidable. A significant portion of everyone’s business is online in some fashion or other. And internal operations and administration are dependent on databases, servers on-line access, etc. A large and diversified company has the depth of staffing to fully support all of its IT infrastructure needs. Unfortunately, this is not the case with small- to medium-sized businesses, and it is absolutely not the case for recent startups struggling to get a foothold in the market. SMBs are generally forced to focus all of their resources on the operations that drive revenues. For example, how many small firms have a trained human resource practitioner on board, even though the lack of one can leave them vulnerable to a number of legal and staffing issues? Very few. They just don’t have the resources to devote to anything that isn’t sales or a critical line operation. The same tends to be true for an IT infrastructure support staff and the personnel “required” to support it 24/7.

The question then arises, how does an SMB begin to bring on the necessary resources to support their IT needs? A common solution is to bring on a generalist who will act as the IT director/manager and then that person will bring on additional, more specialized staff as revenue growth permits.

This is a pretty standard model for addressing IT support needs for a growing SMB. But does that really make the most sense? The issue with this model is that it follows a typical, hierarchical company org chart, but doesn’t necessarily meet the needs of a SMB. The IT demands of a typical company are very diverse, and one individual doesn’t have the depth and breadth of experience to significantly support every corner of your IT infrastructure. When resources for IT staffing are limited, creating the IT department that covers everything can be unrealistic. Building out this traditional model takes time and resources to make sure you have the IT support that possesses all the diverse skills needed to meet the many requirements of a sound IT infrastructure. As a result, this model may not truly meet the immediate/urgent needs of a developing or transforming organization. The alternative IT support is not from an organizational chart approach but from a risk management one.

What do we mean by a risk management perspective? For any business, but especially a smaller one without deep pockets, the consequences of some disaster may mean the end of the business. As a result, risk evaluation becomes critical. There are an endless variety of events, from mishaps to major disasters that challenge your viability. Risk management inventories all of the possible risks that could befall the organization and places them in a hierarchy of significance. At the top are single points of failure disasters or extreme events that would shut down the business, at least temporarily. Risk management then works to channel limited resources toward mitigating the most serious risks. How does this reflect on how you bring on IT support in your business? You bring on the support, either through hiring or an MSP on the basis of where your IT infrastructure is most vulnerable, not on the basis on “positions’” to be filled. This is a different approach and more appropriate for a SMB that has limited resources.