Staffing should address risk first and foremost

Staffing should address risk first and foremost

For any business, but especially a smaller one without deep pockets, the consequences of some disaster may mean the end of the business. As a result, risk evaluation becomes critical. There are an endless variety of events, from mishaps to major disasters that challenge your viability. Risk management inventories all of the possible risks that could befall the organization and places them in a hierarchy of significance. At the top are single points of failure disasters or extreme events that would shut down the business, at least temporarily. Risk management then works to channel limited resources toward mitigating the most serious risks. Here are some examples of risk in the IT area that could be especially damaging if left unprotected.

1. Data Security and Cybercrime –
a. Loss of data – Failed backups or human error can lead to lost data. Every business needs to have the IT expertise to ensure that quality backups are maintained, preferably in real-time
b. Data breaches – More significantly, data is constantly at risk from crime. From malware to ransomware, viruses and cyber-attacks can destroy a small business. Consequently, quality IT support is most critical in this area. It should be an issue of highest priority.

2. Hardware redundancy – Your entire physical IT infrastructure represents a vulnerability. Single points of failure could shut down your business. Proper design of your infrastructure and 24/7 monitoring of it is, again, a risk mitigation factor. How much evaluation has been done to determine your level of risk?

3. Natural and human-made disasters – How prepared is your IT infrastructure to continue operations in the event of a flood, fire, or natural disaster that prohibits access to your physical location? How would you handle a long-term power of broadband outage? IT professionals skilled in disaster recovery can help you mitigate the risk in the face of a major event.

The point here is not to list all the possible risks you face, but to recognize that IT support should be focused on the most critical areas. Whether you bring them in-house or use the services of an MSP, resources should be directed first at areas where the risk is greatest.

How can an MSP help support a risk-focused IT strategy?

1. Hiring individual in-house support can be expensive and slow – Given the tight labor market, finding ideal candidates can be exceptionally difficult, and as a consequence, too expensive. An MSP represents a faster way to bring on support and can be utilized only when and where the most critical services are needed.

2. Up-to-date support – Over-worked in-house IT staff in a small company may be too busy putting out fires to keep up with the latest developments in specific corners of their field. As a result, you may lack the knowledge depth needed on narrow but critical areas. IT is a very broad field, and only a diverse IT team has the depth to cover all of the different areas. With an MSP, you don’t have to worry about how technology is changing. A good MSP will not only be up-to-date with the latest in tech but also advise you on what tech changes you need to make to stay ahead.

3. Scalability – The size of your in-house IT support staff is, in the short term, static. If you experience peak demand times, resources can be stretched to the point of being overwhelmed. .Choosing a managed services provider, however, provides the flexibility to scale up or scale down your IT investment to suit your business needs.

4. 24/7 monitoring and availability – Until your organization gets big enough, an in-house IT staff cannot be available 24/7. Nor can it provide 24/7 monitoring for that part of your business that must be functional all the time. An MSP has the resources, because of economies of scale.

In the end, don’t think of IT support as “IT Hiring” instead, think of it as staffing. What is the best use of limited resources to meet your most immediate vulnerabilities? That is the best perspective to take on IT support when resources are limited.

 

/by

Thing to do this week to start protecting your customer data

Thing to do this week to start protecting your customer data

You have client or customer data in your possession. It is part of running your business in a digital marketplace. If that data is breached, it could permanently damage your reputation. We talked in an earlier blog about types of malware. There are many steps that you can take to protect your systems and data. Here are a few suggestions to protect your business from malware.

Consider a Managed Service Provider – Cybercriminals are very sophisticated and every day are releasing new, cutting-edge tools to attack businesses and individuals. Small- and medium-sized businesses do not have the resources to staff an IT department sufficiently to be aware of all the newest tools and technologies needed to protect a business. For example, a business owner cannot possibly keep up with the changes and details of tax laws. Doing it themselves, they would likely overlook important tax advantages or inadvertently break some IRS rule. As a result, tax preparation and accounting above the level of basic bookkeeping is outsourced to an outside accounting firm. You should consider looking at IT in the same way.

Updates – Always update your software. There will always be vulnerabilities in every bit of software that you use. Creators of software are constantly upgrading to close holes that could be exploited. Being attacked by malware because you are behind in upgrades is an avoidable error. That said, given the sheer volume of software applications accessing your network, you should consider outsourcing the administration and enforcement of this process.

Multi-factor authentication – Everyone is increasingly encountering MFA. This tool requires a second level of authentication in order to access an account or use a program. Generally, it involves entering a password then following up with a token you might be sent via text or email, or using a biometric measure, such as a fingerprint. An MSP can provide applications that can set up MFA to protect your data.
Access Control – You don’t give out keys to your house to everyone you know. Why allow all employees or vendors to access all of your databases or programs? Instead, follow the Principle of Least Privilege. That is, each individual only has the access to accounts, databases etc. that are absolutely necessary for them to do their assigned tasks.

Backups – Everyone knows they need to do backups, but handling these is more than just downloading data to a hard drive every evening. An MSP can provide you with the tools needed to handle backups appropriate to the needs of a business operation.

Employee education-This one cannot be emphasized enough. The individuals in your organization are your first and most critical line of defense against malware. As mentioned above, many types of malware need user action to get into your systems.

Here are some areas where training can help.

Phishing emails. These are mails that appear to come from legitimate sources, but are faked. Because the reader trusts the sender, they naively open a link that might be attacked which then downloads some forms of malware.

“Lost” USB. – Too often, individuals will find a USB drive left near a desk or dropped somewhere. The temptation to insert it into their computer to see what’s on it can be very hard to resist. ( This was part of what caused the Target data breach)

Password etiquette – Define standards within your organization about acceptable passwords. An MSP can help you set up programs that require employees to create passwords that meet your defined criteria. Also, consider fostering a culture that makes the sharing of passwords a performance issue that will be addressed by an individual’s supervisor.

Endpoint Detection and Response ( EDR): This is a solution an MSP can provide you with. At its basic level, EDR is a proactive approach to anti-malware software. EDR constantly looks at all of the endpoints in your network, tracks behaviors and identifies anything out of the ordinary. For an individual, anti-malware software may be sufficient. For a business that has multiple endpoints, this is not sufficient. ( Think dozens of employees connecting remotely via their own computer or smartphone). In a sophisticated business’s IT infrastructure, there are many endpoints which need to be evaluated.

In summary, there are many ways that an SMB can approach defending itself against malware. Some of these, such as employee training, can easily be done in-house. Others require a depth of experience that only your MSP can offer.

/by

Your business runs on data, but so do the cyber criminals

Your business runs on data, but so do the cyber criminals

Your business runs on data, but so do the cyber criminals who want to steal yours

One very painful truth about running a business is that you possess data that is attractive to criminals. There is no avoiding that reality. You have data. They want data. It is an ongoing challenge to maintain data security as cyber criminals’ efforts evolve and change on a daily basis. The wall that kept you safe last week may have holes in them today. Keeping up with the latest threats is a specialized field that in-house IT support likely doesn’t have. An MSP can provide the support you need in the face of ransomware threats and other malware. Also, an MSP can provide 24/7 monitoring.

Speaking of data security, brand damage isn’t the only issue with data security breaches. In many cases, there are data protection laws that regulate how you secure personal information. In specific industries there are federal, state, and even overseas regulations that set standards for data protection. How you choose to protect data may be out of your hands. MSPs have the experience and knowledge to address compliance management. For example, there are a number of data protection laws (HIPAA, FERPA, CA Privacy Act, GDPR, FTC Safeguards Rule) out there that not only provide penalties if a data breach occurs, but also mandate specific protocols to better ensure your data is protected. Avoiding a data breach isn’t enough. Some of these protocols can be quite demanding and some require periodic testing and are subject to audits. Samples of the types of requirements mandated by some of these laws may include.

  • Designating one individual to oversee data protection and security
  • Conducting a risk assessment – This means analyzing what data you possess , where it is stored, and in what ways it is vulnerable.
  • Creating safeguards to address all potential areas of vulnerability
  • Designing and documenting tools to secure your data and tracking access
  • Tracing the location and security of all data whether it is at rest or in transit.

Not only do you have to set up protocols, you may have to prove they are operative and be subject to audits. All of this can be extremely distracting to a small business.

Another area related to data security is the issue of backup and recovery. So much can go wrong. There is nefarious activity: criminals actively trying to break into your data and steal it. There is human error: individuals taking actions that accidently delete or damage data. And of course, hardware can fail and software can have bugs. And, if not done correctly, backups may be infected and be of little value.

An MSP can design backups that are continual and are protected at an offsite location.

More importantly, it isn’t enough to know your data is safe if something happens. Your business is dependent on using that data. Losing a day of access can cripple your business. That means planning for recovery in case something happens. How will you transition to another mode of data access? Your customers expect 24/7 availability. An MSP can develop recovery plans that work to ensure your operations see minimal disruption in the event of a failure.

 

/by

Like it or not, you business relies on technology

Like it or not, you business relies on technology

Like it or not, your business relies on technology

Technology isn’t just something used by Silicon valley firms and large corporations. Even the smallest start-up is now reliant on technology and the virtual marketplace. A business cannot function without operating in the digital world. At the very least, it means having a website, a social media presence and an online database of customers and prospects. Most likely it means conducting business online, which means you’re responsible for the security of client data: names, credit cards, addresses, and probably more information. Much of that information may be personal Information that you have an obligation to keep secure. That duty brings along many challenges because cyber criminals and even benign human error could mean that data is compromised. Data breaches can bring litigation, possible regulatory sanctions, and very importantly, damage to your brand and reputation. Because so much rides on the stability and security of your digital infrastructure, serious attention has to be paid to data security protocols. The problem is, tech is a complex and specialized field that most small businesses owners have little time to focus on. And spending time trying to understand and maintain an IT infrastructure means siphoning off attention to the operation of your business. That is why a Managed Service provider can be a lifesaver for a small business.

A Managed Service provider is an IT consultant that can provide some or all of the support you need for your IT infrastructure. They can provide help with specific issues–migrating data to the cloud, setting up new software and hardware, designing data security protocol, etc,. They can also become a strategic partner. That means they team with you and learn your business goals and plans and help you understand how new and existing technology can help your business expand. They can use their expertise to guide you to new technologies and digital applications you might not be aware of.

Also, you can sign a service contract with an MSP. At the most basic level, a service contract will mean that if you need emergency tech support, you have priority. Otherwise, you will be at the bottom of the list if something goes wrong.

Finally, let’s consider strategic planning. Your business isn’t static, It will grow in volume, it will expand its product and service lines, and it will move into entirely new, unfamiliar markets. There may be new technologies and applications out there that you are unaware of. If you overlook them and your competitors don’t, you can begin to lag behind. You need long-term strategic planning in terms of the technology you will deploy to remain competitive. New technology will offer new opportunities. An MSP who has experience in your industry can become a partner. FInd an MSP who will partner with your business and learn your operations and your future plans. In that way they don’t just support the IT you have now, they become a key voice in strategic planning for future growth.

 

/by

How Can an MSP Keep Your Business Safe?

How Can an MSP Keep Your Business Safe?

How Can an MSP Keep Your Business Safe?

Are you a small- or medium-sized business that is in need of a more complete, dependable IT solution to support your business than you presently have? When your main focus is running your business, everything else becomes an afterthought. Other support operations tend to take a backseat. However, your business depends upon a reliable, stable “always running” IT infrastructure and you probably find that isn’t always the case. Even if you have an in-house staff, it isn’t large enough to put out fires and handle strategic planning and provide 24/7 support when something goes wrong. That is why many businesses large and small rely fully or partially on the support of a Managed Service Provider (MSP).

So what are the typical services available from an MSP? There are many different types of support that can be provided to clients. In this e-guide we will break them down.

Managed IT Services

This is the overarching set of services that define the purpose of an MSP. Generally, a business will sign a service level contract with an MSP for a set of defined IT services for a period of time. One advantage typically derived from such an agreement is that the contract provides that you get 24/7 emergency support with priority. Typically, if you have a crisis and call a provider, the non-contract clients take a lower priority. This can mean longer down times and those mean revenue losses. Also, your contract with an MSP means that you can do a better job predicting your IT expenses into the future, and predictability is always a benefit for any enterprise.

Cyber Security Services

One specific area of expertise that everyone needs, no matter how small the business, is up-to-date, ongoing protection against data theft and cyber crimes. An MSP can bring a depth of knowledge that is difficult to create in-house. Ransomware and data theft are rampant. Cyber criminals attack businesses of any size ( in fact, small ones can be more vulnerable. And smaller businesses often don’t have the deep pockets to recover from the revenue losses of a cyber attack). This is a very specialized sector of IT management where businesses frequently choose to use the services of an MSP because of its complexity. Also, keeping up-to-date with the latest malware, and handling 24/7 monitoring can be very labor intensive if done in-house.

Compliance Management

  • There are a number of data protection laws (HIPAA, FERPA, CA Privacy Act, GDPR, FTC Safeguards Rule) out there that not only provide penalties if a data breach occurs, many of them mandate specific protocols to better ensure your data is protected. Avoiding a data breach isn’t enough. Some of these protocols can be quite demanding and some require periodic testing and are subject to audits. Samples of the types of requirements mandated by some of these laws may include.
  • Designating one individual to oversee data protection and security
  • Conducting a risk assessment – This means analyzing what data you possess, where it is stored, and in what ways it is vulnerable.
  • Creating safeguards to address all potential areas of vulnerability
  • Designing and documenting tools to secure your data and tracking access
  • Tracing the location and security of all data whether it is at rest or in transit.

An MSP can be a critical resource in designing these safety measures and ensuring your company is in compliance and remains so. Handling compliance issues and audits can be a big distraction when you are trying to run your business and drive revenues.

 

/by

Seven things that pandemic taught us about data security

Seven things that pandemic taught us about data security

As workers fled home to handle everything remotely, organizations had to quickly address new threats and questions that were raised about maintaining the integrity and safety of their data.

From the IT perspective, the pandemic…

  • Reinforced the need to follow good password hygiene
  • Brought to light the need to engage in data security and access best practices through mechanisms like multi-factor authentication
  • Showed us how important staff training is in terms of data security. The ability of employees working remotely in a less secure environment to identify phishing scams or malicious attachments that could compromise the entire business data setup is really critical. Your data security’s first line of defense is your staff. And this is never more true when they are working remotely.
  • Proved that smooth, secure and timely access to data is a must-have for business continuity. This means technologies facilitating remote work, such as the cloud, VoIP and other collaboration tools are not a matter of choice anymore. They are a part of the core requirements for the smooth functioning of your business.
  • Taught us that agility is everything in today’s world. When the pandemic struck, businesses that did well or even survived were the ones that were quick to make the transition to the remote work environment. Agility requires IT support that can pivot quickly to meet new demands.
  • Has given root to the WFH culture, which likely won’t wither away even as the pandemic fades. WFH is here to stay and businesses and customers alike have to adapt to this ‘new normal’.

What role can MSPs play?
Managed service providers can make transitions smoother for businesses from the IT perspective even during unforeseen circumstances such as this pandemic. They can bring to the table the much needed agility factor, which can help the business cope with the demands of the newly created work environment. Even businesses with in-house IT teams can benefit tremendously from the expertise and experience that Managed Service Providers have to offer.

 

/by

Stars of the show: Cloud and VOIP

Stars of the show: Cloud and VOIP

Despite annoying challenges presented by the abrupt shift to the WFH model thanks to the pandemic, there were some tech heroes that saved the day. These two made WFH possible.

    The cloud
    The cloud is that platform whereby you outsource your data storage as well as many of your applications. With the cloud, your data and software applications are no longer physically located in a specific geographic location. Therefore, access is no longer tethered to a user’s physical location. The cloud was the biggest game changer during the pandemic because it allowed businesses to get anytime, anywhere access to their data as well as critical applications. It wouldn’t be wrong to say that if it weren’t for the cloud, a lot of businesses wouldn’t have been able to survive the pandemic at all.

    VoIP
    Along with the cloud, VOIP proved to be one of the most critical elements when it came to business continuity during this pandemic. It revolutionized business communications. An acronym for Voice over Internet Protocol, VoIP is a technology that allows you to communicate by sending voice as data packets using the internet. VoIP replaced the old PBX (the phone system which physically tied you to the office if you needed telephony services.) Because VoIP is internet based, it’s functions are accessible from anywhere. It also offers a wider range of services. Going beyond being just a telephone or voice system, VoIP offered organizations a single, unified communication solution that fulfilled all their business communication requirements such as voice calling, video and audio conferencing, and other collaboration requirements–a lifesaver for businesses during the COVID-19 pandemic.

    Because these two stars are so important to successful WFH, and because they can be difficult to manage with a small IT staff, using an MSP to manage these tools can be an excellent way to support an organization that relies even partly on remote work.

/by

Two reasons to pay attention to software

Two reasons to pay attention to software

Software matters. What your employees use can impact your firm and your customers. Pay attention. Make rules.

New software applications
In the pre-pandemic phase, even when companies had staff working from home they were fewer in number and a lot of them even came into the office a couple of times a week to ‘just catch up’ on work and with colleagues. So, no one really had paid any attention to collaborative software programs because engagement levels were pretty high with just a handful of staff working remotely and connecting on the phone or in-person anyway.

It was only after the pandemic forced organizations in their entirety began to operate –from CEO to intern–that businesses recognized the need for collaborative software programs such as Microsoft Teams, Zoom Meetings, Google Meet, etc. Similarly, from the productivity tracking perspective, software programs such as TimeDoctor, Roadmap, Tick, Timely, etc., became popular. The challenges of migrating to these tools were two-fold. First, investing in new technology was expensive especially for SMBs, and secondly, everyone had to be trained on how to use it.

Data security
With staff working remotely, data security became a serious concern. When you have staff operating in an office, it is easier to keep tabs on data security. You can have various mechanisms in place to ensure data security. These include firewalls, antivirus software applications, closed, secured, and tightly monitored networks, physical security measures, and monitoring systems such as CCTV cameras, biometric access controls, etc. But, with staff working remotely, a lot of these can’t be deployed, as the employees are mostly using their own personal devices for work purposes and also using their home’s internet connection to access work files. This makes monitoring and imposing restrictions almost impossible.

Timely, ongoing and consistent monitoring is a necessity. An MSP has the tools and experience to guide you toward solutions that will keep your datas secure.

/by

Outsourcing: an overview

Outsourcing: an overview

Outsourcing today simply involves using external entities to handle specific, specialized business functions so that organizations can focus on their core competencies. The idea of seeking outside support for areas that are not core to a business is many decades old. However, seeking support from external providers can make a lot of sense, especially in fields that involve considerable complexity. One example, as human resources becomes increasingly complex practice, especially in areas that involve often complex and arcane laws such as benefits and employment law, many smaller companies are increasingly outsourcing some or all of their HR tasks.

IT is another example. Like human resources, IT covers a wide range of specialties, for which no one or two individuals can possibly hope to be fully versed in.

As the CEO of a small- to medium-sized firm, or perhaps a line manager, why should you consider outsourcing all or part of the IT function?

One immediate reason is that IT is a complex field and it is likely top management has only broad knowledge of the issues at hand. As a result, it can be hard to manage an IT department. Setting priorities and guiding IT strategy can be difficult for a leader whose background and focus is on the specific mission of the company or organization. It speaks to the issues of core competencies–is IT yours and does trying to manage it distract? Limited management resources can be drained off, letting management lose some of its focus.

Another way to get the most out of any outsourcing of IT is to think carefully how you view their role in the broadest strategy of the organization. When you look for a Managed Services Provider to outsource your IT, you aren’t looking for someone to handle a task. MSP generally focus on specific industries, so they have knowledge of the needs and specific challenges faced by companies in that sector. Additionally, because of that industry sector knowledge, the best MSPs can work as strategic partners, helping you understand what technology can best support your present needs as well as what upcoming technologies might have a positive impact on your future growth and competitiveness. MSPs can help plan and guide at the C-suite level to drive growth.

/by

Can you do this at home?

Can you do this at home?

Outsourcing HR, real estate portfolio management, tax audits, etc is fairly common nowadays. This whitepaper discusses another function which, when outsourced, can bring greater efficiency and effectiveness to your business’s overall functioning–IT.

IT is one of the core functions of any business. There’s no aspect of a business that is untouched by IT. Outsourcing IT is a big decision and it is not surprising that many organizations choose to manage their IT in-house rather than relying on outsourcing. However, outsourcing your IT to a managed service provider offers numerous benefits.

Availability
Depending on your service level agreement with the MSP, you get access to an IT team 24/7 when you bring a managed service provider on board. With your in-house IT team there will be days when some of them may be on a vacation or an unexpected day off. You also probably cannot justify 24/7 internal IT support, even though your IT needs to run 24/7. All of these challenges can be avoided by signing up with an MSP, who will have a team that’s available when you need them, irrespective of what time or day of the week it is.

Agility
Having an MSP onboard helps make your business more agile and responsive to emergencies. For example, the COVID-19 pandemic brought about a world of change in how businesses operated. With lockdowns and shelter-in-place orders, WFH became the only option for many businesses. Organizations that had MSP partners were able to transition more quickly and do so smoothly, as MSPs were experts in enabling the remote workspace from the IT perspective.

Overall, when you have an MSP on your side, they will help you stay ahead of the curve. Irrespective of whether you have IT staff in-house or not, your managed services provider can add a lot of value to you on the IT front.

/by