Business thinking not ICT thinking should be driving your business.

capsuleIt is the old chestnut, an all inclusive chicken or egg scenario.

Is business driving ICT or is ICT driving business?

If you look around the business world there are combinations of both, there are groups who swear by one version over the other, but which is the better way to go.

From our perspective and experience, the most successful business are the ones who are driving their ICT investment and making sure that that investment has a decent return. A relatively short return on investment (ROI) will ensure better productivity, better revenue and higher profits.

There is a special breed of people in the work force who have been trained to understand both the business components required for business success and the ICT infrastructure that needs to be put in place to make it happen.

These people are the ones who can take a successful business from scratch and promote it into the stratosphere.   These people, whether they have been formally trained through degrees and diplomas, or have learned in the school of hard knocks on the street are worth their weight in gold.

They analyse the business requirements prior to implementing any ICT requirements.   These people are hard to find and from a small and medium business and not for profit organisation perspective can be exceedingly expensive and very had to justify.

We work heavily in the not for profit area within our managed services portfolio.   We understand that they have little money to spend, little expertise in the ICT requirements area, but they need a higher ROI than most businesses.

The mantra for most NFP is to bring money in and then spend as much of it as possible on the cause that they are passionate about.   We understand this mantra and work around it to bring in innovated ideas and support packages that are tailor made for their business.

Talking from experience, you can not put forward a managed services proposal to an NFP that has lots of zeroes without justifying their investment.   You cannot say that they need to replace everything with the newest, fastest, or shiniest because that is how YOU make your money.

You can however, justify a one monthly cost, all inclusive managed services contract that will benefit their business, but you have to prove it with testimonials.  A well thought out proposal that includes initial investment, monthly cost and quantifiable deliverables will ensure a CEO or director at least looks at it.

On the other side of the coin there are businesses out there who have invested heavily in technology but have not had a definitive direction to go in.   These business are the ones who jump into new technology because it is the newest bleeding edge system, it has the computing power of a low level data centre but when used in their business is probably only being used for basic calculations and email.   Yes it is faster at these processes, but why the significant investment.

These are businesses who invest in cloud computing without an decent ICT strategy, they spend money on technology without the benefit of a defined ROI and they wonder why they do not have the money to make payroll.

There is also a third group of companies, these are the ones who have invested heavily in technology because they are improving, programming and then on selling this improvement to their clients.   These businesses have a need to invest in the required technology because it is a part of their business.

They invest in it, hopefully, because it has been though through and they have a definitive ROI for the investment.   For them it is no use delivering the best database product if it has not been tested on the newest and best systems available just because their clients have made that investment.

So to refine what I am saying, yes, you need to invest in your business technology but that technology has to fit your business requirement, it has to have a definitive ROI and furthermore it has to be part of your business plan and your future.

Don’t let your ICT and technology drive your business otherwise it could drive it into the ground.

Roger Smith is the CEO of R & I ICT Consulting Services, Amazon #1 selling author on Cybercrime, author of the Digital Security Toolbox and author of the SME Digital Security Framework.   Rapid Restart Appliance Creator.   He is a Speaker, Author, Teacher and Educator on cybercrime and how to protect yourself from the digital world. 

Just relying on security technology can damage your business!

Man standing with laptop and wifi antennaNearly every day you hear about another security threat spreading across the internet. As a small or medium business, or a not for profit organisation (SME) how vulnerable are you to these threats?

SME’s are connecting to the internet in record numbers to support improved and greater market opportunities, to increase productivity and to strengthen communications with staff, management, customers and suppliers. The problem is, the more you open your network and business to the internet the more your confidential business information and data is at risk.

So you think you are too small to be a target?

Think again, if you use Microsoft software then you are a target by default. Microsoft is not bad but it has the largest market share, therefore any released virus, worm or application created by a hacker can achieve more with less. These programs spread rapidly and inflict damage on a global scale and you, as an SME can be caught in their net.

Security threats are constantly emerging and evolving, the job of securing your business information becomes all consuming. Little jobs take time – updating and checking anti-virus, patching and updating operating systems and applications, checking firewalls with renewed rules and policies are a critical requirement of your business risk analysis.

They still have to be done regularly.

The importance of checking these components in a timely manner cannot be underestimated. Consider the cost in lost productivity, reputation and non-compliance penalties that a breach could visit on your business. Effective security can be costly, time consuming and difficult for SME’s to implement successfully. Skilled security people are often difficult to find and cost prohibitive to have on staff. As a result the job often falls on the technologically savvy staff member who is already snowed under with other ICT matters or their own job to implement security features properly.

Today’s security threats are business size neutral. They leave a SME with the same security challenges as large corporations. The trouble is that SME’s do not have the depth of resources to handle them. This is where a Managed Services Security Providers (MSSP) can be of benefit to your business.

What are the benefits to your business of outsourcing your security?

You can focus on your core business

Outsourcing allows all of your staff to concentrate on revenue generating business initiatives instead of computer, security and infrastructure issues. Having limited IT resources on staff takes business resources away from your core business.

Reduced Cost

Outsourcing security sources provides your business with access to “big business” security protection at an affordable price. The expense is more cost effective than hiring or contracting a security expert and the consistent monthly billing helps ensure security services that you need are available without unforseen hassles and expenses. An integrated and comprehensive solution that can help reduce the expenses of maintenance, upgrades and add on security solutions is a benefit to any business.

24 X 7 (always available) expert security staff.

You’re on staff, in house expert is normally available only during working hours. In most cases your outsourced Security Company can act as an always available security and ICT management department. They can also provide your business with access to an internet security expert without incurring the cost of hiring, training and retaining highly skilled staff.

Gain Customised Service

All MSSP’s have service plans and you can select the service plan that will fit your requirements.

Receive up-to-date protection

Technical security solutions such as firewalls, antivirus software, content filtering solutions, and virtual private networks (VPNs) are far more effective when they are maintained regularly with the latest system updates. Changes to your business resilience and regulatory requirements can also have a detrimental effect on your business stability.

Why R & I ICT Consulting Services is right for you!

How do you know you are getting what you paid for?

  1. Company reputation – see what our clients are saying about us. We have references and referees that you can ask.
  2. Plans and services – we have a comprehensive assortment of plans and services depending on your business requirements and size.
  3. Service Level Agreement – all of our plans and services have a service level agreement incorporated into them so that you know what will be delivered in protecting your business.
  4. Guarantee – We guarantee all of our technicians work with a 100% money back guarantee. We also stick to any pricing that we put forward to you. All projects are priced on a per project basis so that no matter how long it takes it will not cost you anymore. No more “time and materials” projects based on how long is a piece of string that have costs blowing out uncontrollably.
  5. Monthly Reports – we supply monthly reports that are delivered with your next month invoice. We like to prove how much we have done for your business in the last month.


Stop talking about “cloud computing strategy” there really is no such thing!

bigstock-Thinking-man-Detailed-vector--25171361For the third time in 2 weeks I have been privy to conversations concerning a businesses cloud computing strategy.

In all cases it has been an interesting conversation concerning the storage and movement of data to cloud computing, without an overriding reason for the process.

The problem I am seeing is that, in all cases, the businesses had lost the original focus of their requirements.

They should be looking at the complete ICT strategy for the business with a cloud computing component not just a single component of that strategy.

The cloud offers opportunity for the IT department to deliver better outcomes for a business, it offers a better price point for storage and in most cases delivers other cost effective business outcomes.   In itself the utilisation of cloud computing technology will make changes to how a business does business.

It usually moves the IT department away from the high usage, labour intensive and costly processes that are part and parcel of business IT to a more sustainable and cost effective system.

But it is not the only strategy that you should be looking at.   Just because you are moving some of your businesses processes to the cloud does not mean that you neglect the rest of the business ICT requirements.

Cloud computing and storage is still only one facet of the business ICT requirements and that should be remembered at all times.

Starbucks, free wifi and the bigger security picture!

Recently I had a holiday in Malaysia, the holiday was great but I realised that there is a severe problem with security and the attitude of people in regards to security when we were sitting down for coffee in Starbucks.

Like the rest of the world the Starbuck franchise in Malasia has free wifi, free in such a way that you do not even need to know a username or password to use it.   Now for most people this is great and don’t get me wrong I sometimes use it with a lot of restriction on myself because I know the dangers that can come from it.

While we were having coffee and I was thinking about the problems associated with this level of access these 2 characters walked in and sat down.   I was only taking limited notice of them, but my focused changed when they started to pull out some interesting equipment.   Apart from the laptops, high end HP systems, something that would set me back $4 or 5 K, they also added a couple of USB devices and started to run them up.

I ignored them for about 20 minutes as we were in a family discussion about what and where to eat (very important in our family for some reason) but I glanced over at the screen and all I saw was a graph that looked very similar to wire shark, not only that but it was also logging everything that was going through the WiFi.   I normally use wire shark to track rouge access points within client networks and what I was looking at was similar.

This bought this idea to me

One of the easiest ways for someone to steal all of your corporate information, personal information and client information is for you not to be thinking clearly in this type of environment.   Those two characters would have picked up any information that was transmitted to any website, share-point environment, mail server or CRM that was not SSL protected.   That information is in plain text.  Easy to track and even easier to use.

All information concerning Facebook, LinkedIn, even twitter would have been captured, that included the username and password to get onto the sites.   That information although may not seem important could be used very efficiently as a social engineering play to gain more information and create an in depth profile of you.

Yes free WiFi is great but if you do not have one that is locked down with a pass code then be very carefully with where you are going on your device.

The new Internet – how are we going to be safe?

Last week I did a blog on the new Internet and the direction that the Internet is going. ? I would like to take that a little further.

The internet will shortly morph into a completely different beast. I am not talking about how we use it, social media, blogging, web sites and email will all remain the same. The difference is the underlying infrastructure of the internet with the introduction of the IPv6.

The introduction of IPv6 was suppose to have happened in April 2011.  The challenge that has come to light is not that we have run out of addresses on IPv4 (April) but how the implementation of the new version is going to happen.

The number of internet addresses – think street addresses.  All systems that connect to the Internet need an address.  Every internet phone, laptop, business connection, website, cloud location there needs to have an address to function properly.  A number of telco’s and ISP’s have been very clever assigning addresses to their customers and they are getting more and more inventive to keep their customers connected, but you can only do so much with what is available.  The restrictions that IPv4 has, will start to have an impact on the Internet shortly and no amount of clever programming and ingenuity will help.

That is the underlying problem.  The management body for the Internet is trying to claw back some of the addresses that were issued in the late 90’s and early 2000’s and this will resolve some of the problems as long as companies like Symantec, Novell, Facebook, LinkedIn, google, amazon, Microsoft and or Cisco are “forced” to cooperate.

So here we are on the cusp of the introduction of IPv6 and not sure who will poke their toe in the pool first. ? Will it be some obscure ISP in Germany or will it be a large multinational like Cisco or Facebook.  How will they do it and what are the repercussions.

The Internet and security of both personal and business information is difficult at the best of times but throw in a change that is as complex as the one the Internet will go through shortly could be interesting to say the least.

Keeping the users of the Internet safe is going to take some interesting technological solutions, dare I say some more interesting regulation and control.? ?At the moment the only thing that I can say is watch this space.

Most businesses will need to implement a whole of business security system to make sure that they are safe and need to implement one that is not going to change with the implementation of IPv6.

Who is going to keep australia safe online?

Small and medium business and not for profit organizations (SMB) are becoming an easier target than previously understood when it comes to cybercrime. One of the largest problems for these businesses to understand is that they are a very easy target because of their size.

SMB’s do not have the resources or the financial support to spend large amounts of time and money on the protection of their business.   This lack of investment means that they have a “just enough is good enough” attitude to the security of their business, this I am afraid, is false economy.   No matter what the business, the theft of money, clients and / or Intellectual property will have a detrimental effect on the business if not actually putting it out of business.

The introduction of IPv6 in the near future will make the protection of SMB business that much harder.   IPv6 is the next transmission protocol for the Internet and although it is understood by most technical people the basic understanding of the protocol is lost on 99% of the Internet user population.

The introduction of IPv6 as a transmission protocol will make it so much harder to protect your business and your users from the Internet.   The introduction that HAS to be done, IPv4 has already run out of addresses, is being delayed partly because of the security implications of the new protocol.

I really hate it when i have to put calculations into a post, but the primary difference of the transmission protocols is the number of addresses IPv4 has 2 to the power of 32 ( 2 x 2 x 2 (32 times) where IPv6 has 2 to the power of 128 (number of stars in the galaxy plus a couple of billion).

The address pool is huge, but the management of that address pool is going to require some serious computing power and management.   Is that management going to fall on government, industry or someone who is neutral?

I am not going to go into all of the difference but some of them are profound and will have major implications for all users but it will have the biggest effect on Government Departments, defence systems and business infrastructure.   From a technical point of view it will be a vast improvement and some believe that it will speed up the Internet but the down side is also profound.

Security is going to be a major problem.  The proliferation of attack vectors, spyware, malware, viruses and SPAM will mean that SMB’s will be under constant attack.   Is that protection going to fall directly on the shoulders of business to find more expensive or prohibitive security systems, processes and compliance requirements or is there going to be some level of Government  intervention.

I am sorry but I do not have the answer to that question and at the moment, to tell you the truth, I don’t believe that anyone else has either.   Hopefully the powers that be will have an answer in the near future, definitely prior to the global switch, so that everyone is playing on the same field.

Looking forward to 2012 – will the trends be big data, security and clouds?

Yep here we are, 2012, the end of the world is less than 12 months away, according to the mayan Callander, and we are looking at the trends that may start to appear this year. I have noticed that in the last 5 years these predictions usually come to nought.

So these are the predictions that I am putting forward:

Clouds – the better offering from Australian cloud suppliers are now starting to come through as the larger ICT companies start to realise that sales of hardware and software is no longer the best way to increase profits. The best way for business to leverage the cloud is to look at what your business requires and then see if it will come in as a better solution. Most of the time this does involve getting in an ICT consultant to report on what your business requirements are.

In some cases it will not be a better solution, in some cases the solution will come be more expensive but will deliver better results and in some cases a cloud solution will drastically improve your business without the expected overheads.

Security – in the next 12 months the security and how businesses secure their information is going to go through a major upheaval. It is no longer a viable solution to think that because you are small (up to 500 users) that you are not a target.

This is no longer true.

Just toward the end of last year, a small think tank in the states got hacked. 10 users, a server and some laptops, workstations and tablets but because of what they did they had upward of 300,000 individual personal records on their systems, as well as their corporate Intellectual Property (IP) and some defence department information. This business relied on its anaminity for its primary security solution, but because it was on the Internet it was visible to the robots trolling the web. Anaminity is great but you need something substantial backing it up.

Big data – this is a spin off from the cloud but the ramifications are huge for any size business presence on the Internet. The business who can analyse and react to the huge proliferation of information and data that is available will be the ones who will have a better business going forward. It will also,involve the analysis and management of the social media monolith that is a huge component of the Internet.

There are 2 other areas – social media will increase its footprint on the Internet exponentially and the proliferation and increased usage of smart “stuff” (phones, tables) will also increase and change the way we do business.

So 2012 is here, let’s embrace it and see where it can take us into the future.


3D Small People - AngryIn business the greatest threat to the information and data within your business is the speed to which you and your staff have access. Problems like everyone’s email not working are a big decision, but it is easy to delegate the repair to either internal teams or external companies. When things go wrong you want them fixed NOW and fixed FAST.

What about the niggly things?  Your user wants to print to the third tray on the printer and cannot, your receptionist wants to send out a letter but the mail merge database is no longer connected.

As a business owner or management level executive you don’t want to triage the problems.  Most of the time the management or staff does not have the time or the expertise to look at and resolve the problem, and often the person with the problem is told to “get over it”.   This is not a good state of affairs.   The problem then festers and grows till it does have a major impact on the business.

The best solution for these problems is to get them fixed.   How can you do that without additional cost to the business?   What you then have is a catch 22 situation.

Wouldn’t it be better just to contact your support company and know that it is all covered under the managed services agreement?
The business world is full of computer support and managed services companies that want your money, now don’t get me wrong we are a managed services company, and a good one at that, just ask our clients.   The difference between the other MSP’s and us is that we take ownership of any and all of your technical problems.

So what is the benefit of being one of our clients?

If you have signed up for out 5Nines support program, especially the platinum plan – trouble free technology – then all of your problems are our problems. Your problems are our problems, we take ownership of any problems or complaints that are generated by your staff during working hours that are related to computers, printers, internet, and email… practically anything.

Unfortunately we have no control over the coffee in the lunch room but for a taste of the problems we will fix:

• My mail is not working = our problem;   solution – remote in or send technician onsite;     Cost to you $0 (covered as part of the Service Level Agreement (SLA)).
• How do I create a mail merge document in word 2003 or 2007 = our problem;  Solution – remote in and talk user through problem and show what needs to be done;               Cost to you $0 (covered under the SLA)
• Helpdesk has noticed that one of the computers is reacting sluggishly = our problem; Solution – remote in and fix problem and then report to management;                  Cost to you $0
• System reports problem with a service on the server = our problem – Solution – dispatch technician;          Cost to you $0
• My computer is not working = our problem; Solution – dispatch a technician with a “loaner computer” then replace and repair;               Cost to you $0

The SLA dictates when they will be seen and response times to problems associated with your network.   They are an agreement between you and the MSP to ensure that you and your technology is protected 24/7.

Service levels should relate to items like these but they also depend on a triage process to ensure that a small problem is not related to a bigger unidentified problem .

• Server crash  = our problem – Technician onsite within 60 Minutes;           Cost to you $0
• Workstation Crash = our problem – Technician onsite within 60 Minutes;           Cost to you $0
• Service down = our problem – Technician working on the problem remotely within 30 Minutes;       Cost to you $0
• Printer problem = our problem – Within 4 hours;          Cost to you $0
• User problem = our problem – Next business day;        Cost to you $0

Finally, for any business there needs to be metrics that are measured and reported on. This is also true about your managed service provider. Daily, weekly and monthly reports on the condition of your infrastructure are important for decision making. To improve your business and ensure that the technology is correct and directed at your business, a quarterly report and meeting should also be included as a standard for your managed service.

As you can see not all managed service providers are the same and it is a case of choosing the right one for your business. R & I ICT Consulting Services can help manage and solve these important IT decisions and leave you with more time to get on with the day to day running of your business.

Do you budget for a system failure?

3d man director on stage, ACTION !System failures can happen anytime.   A system failure is something that happens with your technology that reduces your ability to do work.   When that happens it can be a costly exercise in both money and time.

The question is how you budget for something that may or may not happen and may or may not have a significant impact on your business.

A small inconvenience like an application hanging on a work station, the printer not functioning properly or a user receiving that email in one minute instead of 20 seconds is usually seen as an inconvenience.   The way of the modern world that inconvenience can expand into a full blown psychological tantrum.   If it happens enough times then your business can suffer.   Additionally there is always the hobby technician on staff who knows computers and then everyone stands around an watches while he

How often have you done business with someone who has said to you on the phone “the computers are slow today this may take a little time” and thought to yourself typical.   There are times when the computers are slow but it usually comes down to user error – doing too much, too many application open, clicking on the same icon numerous times – that is the problem.
Then there are the big system failures, hard drive failure, server failure, database failure and they will have a huge detrimental effect on your business both to rectify the problem and in lost productivity.   These problems and issues need to have a systematic approach to be rectified.

So how do you budget for these types of problems?   Most of the time, when it happens a small and medium business has to dig deep to find the financial resources and technological know how to rectify the problem.   This is not budgeting this is just hoping that it won’t happen to you.

One of the best solutions to how you budget for a system failure is to have a managed services provider manage your business infrastructure.   Why would this help?   Most managed service providers, the good ones at least, have an all you can eat policy on technical support.   This means that anyone in your business during working hours can call, email or fax the help desk and know that they will have the problem resolved.   The resolution may come from talking through the solution, remote management of the PC by a technical expert or having a technical person actually come to your office.

Furthermore a managed service provider will also monitor and manage your main systems.    With a decent monitoring system in place they will know when the system is having problems well before it has a significant impact on your business allowing your business to replace and upgrade systems when it has the least impact on your business.   In addition to the monitoring they would provide you with a monthly report showing whay your system is doing.

The budgeting component comes into play because for all of this work that a managed service provider is going to do will cost you X amount of dollars per month.

With a managed services provider you are budgeting for a failure by having a static monthly cost and professional services at your call.   This would improve your business bottom line.

Using data security as your Unique Selling Position (USP)

Turn The PageIn the business world your business now resides in its electronic and cyber location as ones and zeros.   All the information that you prize and is the digital embodiment of your business is stored in a nefarious location that is very hard to define and even harder to locate physically.

That data is the lifeblood of your business it allows you to buy and sell, pay your staff and keep your secrets but without a whole of business security system then you are vulnerable.
The problem is that most of the time your clients and customers do not know how you treat their information.   Is your business security lax and can anyone in the business access the information?   Does your business have more than token business protection?    Even worse is the prospect that you have no idea on how to protect their information.

Maybe you need to tell your clients how much their private information means to you as a business.   If you told them that the security of your clients information is paramount to your business and you will do all that is in your power to protect that information would that be a good thing, would it benefit your business against your competition?   In most businesses any edge against your competition is something that will be of benefit

The trouble with this idea is that you also have to put something forward that is true and real and will protect your business.  To lie at this point and on this position could have far reaching implications on your business in reputation alone never mind anything else but as a unique selling point (USP) for your business, is it possible that your clients would appreciate your endeavours to protect their information.   How do you tell them that?

So the next issue could be that you don’t want to say too much to compromise the security practices that you have put in place.   You need to explain the strategy of the protection not the tactics of how you will protect their information.   This can be a fine line but in the end it would be greatly beneficial to being better in another area against your competition.

So using business security as a USP would be greatly beneficial to your business as it gives you a greater depth and protection in your client and customers eyes.   Basic protection on personal information including credit card details can be achieved with minimal cost to your business but the increase in kudos would far out way that initial cost.

Just something else for a small and medium business and not for profit organisations to think about and to implement that makes them different from their rivals.