Do you budget for a system failure?

3d man director on stage, ACTION !System failures can happen anytime.   A system failure is something that happens with your technology that reduces your ability to do work.   When that happens it can be a costly exercise in both money and time.

The question is how you budget for something that may or may not happen and may or may not have a significant impact on your business.

A small inconvenience like an application hanging on a work station, the printer not functioning properly or a user receiving that email in one minute instead of 20 seconds is usually seen as an inconvenience.   The way of the modern world that inconvenience can expand into a full blown psychological tantrum.   If it happens enough times then your business can suffer.   Additionally there is always the hobby technician on staff who knows computers and then everyone stands around an watches while he

How often have you done business with someone who has said to you on the phone “the computers are slow today this may take a little time” and thought to yourself typical.   There are times when the computers are slow but it usually comes down to user error – doing too much, too many application open, clicking on the same icon numerous times – that is the problem.
Then there are the big system failures, hard drive failure, server failure, database failure and they will have a huge detrimental effect on your business both to rectify the problem and in lost productivity.   These problems and issues need to have a systematic approach to be rectified.

So how do you budget for these types of problems?   Most of the time, when it happens a small and medium business has to dig deep to find the financial resources and technological know how to rectify the problem.   This is not budgeting this is just hoping that it won’t happen to you.

One of the best solutions to how you budget for a system failure is to have a managed services provider manage your business infrastructure.   Why would this help?   Most managed service providers, the good ones at least, have an all you can eat policy on technical support.   This means that anyone in your business during working hours can call, email or fax the help desk and know that they will have the problem resolved.   The resolution may come from talking through the solution, remote management of the PC by a technical expert or having a technical person actually come to your office.

Furthermore a managed service provider will also monitor and manage your main systems.    With a decent monitoring system in place they will know when the system is having problems well before it has a significant impact on your business allowing your business to replace and upgrade systems when it has the least impact on your business.   In addition to the monitoring they would provide you with a monthly report showing whay your system is doing.

The budgeting component comes into play because for all of this work that a managed service provider is going to do will cost you X amount of dollars per month.

With a managed services provider you are budgeting for a failure by having a static monthly cost and professional services at your call.   This would improve your business bottom line.

Using managed IT services to transform your business (MSP)

EngineerThere has been a large amount of press and Internet Talk on what a managed service provider is and why you need one.

So a brief explanation, a managed service provider (MSP) is someone or a company that you outsource your ICT business components and they looks after it for you.   The two important components of an MSP contract is that it has a single base cost and you have a higher level of support for your infrastructure.   Some MSP have additional costs but these are usually covered in the shined contract called a service level agreement.

That is the basic idea behind the MSP business but if done correctly a good MSP can transform your business.   I know that sounds like marketing and sales hype but it is true if you enter into the correct contract with a good MSP.

How would a MSP do that?   At the most basic level a contract with an MSP allows you, as the business owner or manager, to concentrate on your core business.   You no longer need to balance core business with keeping the business running.  The MSP would keep you informed of what your infrastructure was doing and to act as help desk and monitoring and reporting component.   This removes these components from the worry of your normal business requirements.

The MSP should allow anyone in your business, no matter where they are, to call the help desk during working hours and you know that they will get the best available support.   It would also include a high level of proactive support so that little problems are rectified well before they become noticeable.

A spin off from the employment of a MSP is that because you know have experts managing your business systems the complicated business infrastructure now becomes a whole lot simpler.   It also allows for sound advice and information to flow between management /  owner and the MSP thus helping to move away from either the knee jerk reaction or the purchase the bright shinny new thing that seems to happen.

Your MSP should firstly implement and create an ICT strategy for your business and this would create innovation that allows your business to improve its business processes and systems.   Your MSP knows technology and how to use technology for your business it will also allow better and improved technology to improve your business.

The final point of an MSP is that you now remove the hobby technician that you have in your business allowing them to get on with the job that they were employed for.   This again allows your to improve the business.

A good MSP will cost significantly less than what you would pay for an on staff technician, it allows for better system management and  supplies onsite support within the definition of your service level agreement.

Business security is the beast that needs to be tamed otherwise it will eat you alive.

EngineerThe digital revolution is here and if you haven’t noticed you are either living under a rock or haven’t grasped the significance of what is happening around you.

By the year 2015 there will be more than 3 billion people connected to the World Wide Web and the Internet through mobile devices, business systems and normal computers.    It is something that has revolutionized the way we think, relate and work and who knows what else it will change in the future.

There are only two things that you need to take into consideration in this connected age, how you are going to use this new found wealth of information and connection availability and how are you going to protect yourself from those same people.

Utilisation of the World Wide Web is no longer a problem anymore, buy a phone, tablet or computer and it is immediately available to you, the second consideration is slightly more complicated. Somewhere along the way you need a framework, blueprint or system that is going to help with the management and protection of your business information.

In most cases how you protect your business information, your staff, your client information and your intellectual property seems to be second to and not as important as cash flow, profit, marketing, sales and revenue.   The trouble is, that is incorrect.  The security of your business information and data is just not set and forget.    It is a beast that needs constant care and attention otherwise it could just bite you hand off.

This beast that is your business information has 3 components, the what (information that is critical to the wellbeing of your business), the where (location of that information) and the how (measures you use to protect it).   Protecting that information does not need to be a full time job but it can be time consuming.   It doesn’t need to be expensive but at times it can be.

You can separate your protection into these three focus areas – the technology you are using, the command and control processes that you incorporate into your business and the sustainability of your business.

These three components go a long way to creating a stable, well protected and resilient business that will support you, your business and your family for the foreseeable future.   With all of the turmoil that the future World Wide Web can deliver your business security needs to be able to handle any changes that are thrown at it.  The system needs to be able to adapt to future change as well as allow you to do the business that you want.

A decent system of business information protection does not necessarily have to cost large amounts of money, but it can if you are not careful.  It does not need to implement by an expert especially considering most of it is common sense and it can be incorporated into your normal business practice.    A classic example is password control.   Complicated passwords can be enforced through technology and training.  You no longer need to be able to make sure that all users have passwords that are hard to guess as the operating systems and website can enforce their creation.   You just have to teach your staff how to do it.

Are we the weakest link in the security of our business?

3D Helping HandIn a discussion this week I heard a rather interesting quote.    All computer systems can be compromised but it is vigilance and persistence that create a secure environment.    This is very true.   I was talking to someone that makes his living doing penetration tests on business systems using applications that he has developed and also his slant on social engineering.

One of the things that he did bring up was that hacking and gaining access to business systems has started to go full circle.   This means that social engineering is playing a larger part of the hacking repertoire.   Social engineering is a huge subject and a little larger that the space I have here but I will touch on it for now.

In the past the combination of a social engineering attack coordinated with a direct attack usual had the attacker gaining access at some level.    This had then been superseded by the script kiddies and so called hackers who use readily available programs and exploits from the internet (usually infecting themselves in the process) as a means to access business systems.    This has been augmented with virus, spyware and malware applications that have been broadly targeted on the internet and catching unsuspecting and insecure business in the net.

The newest component in the hacker’s ability to gain access to your business system is the use of social engineering and the use of social media to gain insight into a business’s  infrastructure.   In the old days they would get on the phone and ring the company and get as much information out of those people who were answering the phone.   This has changed  greatly with the introduction of social media.

For example – Joe is a payment receipt clerk for your business.   He has a very in-depth profile on a social media site which includes all of his information, where he works, what he does, who and what he like and dislikes and birthdays and family information.   This information he allows anyone to see.   A hacker can do some research and find out about Joe and he can do some further research on your business and who you do business with.   What “Mr Black” the hacker does is creates a carefully prepared infected invoice (infected PDF file) that he sends from one of your subcontractors and from an expected source.   Joe being an innocent worker doesn’t worry about the email because he believes it is coming from a legitimate source so he  clicks on the file.    If this sound familiar – this is how RSA (one of the most secure security systems on the internet) was compromised.

To have this happen, you have to have some serious legitimate information (Critical IP) that the hacker is after or some seriously available unsecure money to make it worth the hackers worth while.

Most high level Government workers and business CIO and CEO, although they have profiles on social media sites don’t have in-depth information concerning their everyday work environment and even that information is only available to friends or contacts that they know.

To protect yourself from a social engineering attack is relatively easy;    Keep critical business and personal information to only those people that you want to have that information, not the whole internet.  Furthermore access systems that need passwords need to have high level complexity and you should also have some level of auditing and reporting on the internal systems to track transactions within the business.

Help, My data is being attacked, what are they after?

Its not personal-its just businessAs a small and medium business and not for profit organisation why is my business data being attacked and what are the attackers after.   This question has many answers, it could be kids who want to see if they can access your data just for the sheer hell of it or it could be something a lot more sinister.   If an attacker gains access to your data and information then you could be in for a very hard time.

SME’s are easier targets for criminals, they lack the internal training and knowledge required to protect their sensitive data.   They have limited access to high end and costly security features and resources.   Most of the time, SME’s do not realise how vulnerable they are to both internal and external attacks.   When an SME is attacked or compromised, the repercussions and effects of that compromise are all mechanisms of having a decent security strategy.   The resilience of the business will ensure that if something does happen that the business is in a better position than previously thought.

What can be damaged?    In the event that your business is attacked there are 6 things that will create havoc if the attacker gains access to your data and information:

One of the most devastating repercussions of an internal or external attack is the Destruction and loss of Intellectual property or Trade Secrets.   Most SME’s have significant money and intellect tied up in what they do and how they do it.   This information is critical to the viability of the business.    If your competition had access to this information then your business could take a significant financial hit?

Another area of damage that an internal and external attacker can visit on your business is Vandalism.   This sounds pretty strange but one of the most psychologically damaging things that can happen to a business, the owners or management and also the staff is to have their web site changed, or even worse changed in such a way that it is infected with malware so all of their visitors become infected.    There is nothing worse than going to your web site and finding that the content has been changed.   It may be just a prank but the repercussions can be pretty overwhelming.

An internal or external attacker can do a great deal of damage to a business’s reputation.   This can be achieved in a number of ways.   The most prevalent is the fact that you have been compromised and you don’t inform your clients, or you have been compromised and the internet finds out about it.   What happens if an attacker gains access to your client file list and sends each of your clients an invoice.    In another situation is if your internal memos, where a comment about a client can be taken out of context or misconstrued were released to the outside world.   That would have a significant impact on your reputation, Think WikiLeaks.

Internal or external attackers can use information that they have gained for fraud and theft.    They can sell or give away the information on the internet to the highest bidder through notice boards and chat rooms and depending on the information – credit card details – they can gain access to your client’s money and steal it.

A security breach doesn’t always include the loss of information, if your data becomes unavailable through an internal or external attack then you will have the additional problem of Lost Revenue.   If the information and data for your business is off line due to an attack then your business will start to loose income.   Depending on the length of time that your data is unavailable will have a significant impact on your business.

All of the information that you have on your business system is your responsibility to protect.   If you fail to protect that information then you may be legally liable to your clients in regards to breaching their privacy and personal information.   This liability can take on many forms and could include compensating your clients for the loss of their personal information.

The responsibility to protect your business data and information falls squarely on the shoulders of management and owners when it comes to protecting the business.   Implementation
of a security strategy will allow the business to be in a better situation to protect the business, react if the business is attacked or recover when something does happen.

3 quick things you can do to secure your home computer?

Everyone knows that computers are the most influential piece of equipment for both the office and home to come around since the ball point pen.  An office environment has the benefit of having either a managed services or outsourcing company or onsite technical expert and expertise to protect their data but a home computer doesn’t.  The technical support usually comes from mum or dad or from the teenager.  This can be disastrous especially if the computer is used for other purposes like internet banking, internet purchases or keeping confidential personal data safe.

Most of the time the protection for a home computer is the installation of an antivirus software package and then the whole thing is forgotten in the euphoria of accessing the internet, doing the “Facebook thing” and playing games either on line or against the computer.   Don’t get me wrong I “LUV” playing games on my computer but I believe that I have a relatively secure laptop most of the time, but I have the luxury of having a little training and experience behind me.

So what can YOU do to protect not only your computer but also your personal data and your internet banking?   These are 3 of the most basic things that you can do in the never ending process of keeping yourself secure:

AntiVirus: There is no excuse for not having some level of antivirus installed on your computer.   There are a number of freely available packages – Security Essentials (Microsoft), Avast or Avira, that will stop most viruses in the wild but there are times where they will not pick up viruses that have not been discovered.  A more secure antivirus that does a lot more will have to be purchased.    If you are looking to purchase one of these packages then you should be looking at Kaspersky, Norton (Symantec), Trend or the like.   These packages do a lot more than just track your antivirus.   They will protect your computer from Malware (Scripts being run from a website), I had this experience just the other day when I was doing some research and went to a website that wanted to infect my computer.   My antivirus protected me.  Most of them also have a decent Anti-SPAM component as well as a fairly substantial firewall.   I can hear you from here – I have a MAC and it never gets a virus.  Sorry that is no longer true.    Some malware will infect a MAC and they are very painful to remove.

Firewall:  By having a firewall installed at all times especially when you are surfing the internet is not only a necessity but it can honestly save your wealth.   They can at times be problematic with false positives (incorrect readings) but as a first line of defence they are indispensable.   Although most firewalls are set and forget, if they detect something wrong they will pop up a warning – Please read it – so that you can make a decision on letting something in or not.  Again there are free variants available but good ones come packaged with the antivirus.

Update: I cannot say this often enough update as often as possible and don’t put it off unless there is a good reason.   The update process is designed to patch holes in operating system software as well as application of all types.    A hole in software is where the virus writers target their programs because they know that people are lazy and don’t like to update their computers and even worse restart their computers after the update process.   All of the big software companies, including game writers, now have an update process and after you install an application it will check the website through the application or every time that you open it.

As an additional point if you are running Peer 2 Peer software on your computer, normally installed by the teenager to download music and movies for free, then I suggest that you remove it.   Peer 2 Peer software is designed to punch holes through firewall and disable antivirus so that they can be seen on the internet.  Peer 2 Peer software works on the principle that there are numerous sources or copies of the wanted download that you want.   The problem is that the available directories can be used by outside people to store child porn, pornography or pirated movies and music that you may not even know about.

So there you have it.   Home computer security is mostly common sense and thinking ahead.    These 3 points will ensure that your computer is well on its way to being protected when you use it.

Do you rely Just On Security Technology to protect your business information?

Nearly every day you hear about another security threat spreading across the internet. As a small or medium business, or a not for profit organisation (SME) how vulnerable are you to these threats?

SME’s are connecting to the internet in record numbers to support improved and greater market opportunities, to increase productivity and to strengthen communications with staff, management, customers and suppliers. The problem is, the more you open your network and business to the internet the more your confidential business information and data is at risk.

So you think you are too small to be a target?

Think again, if you use Microsoft software then you are a target by default. Microsoft is not bad but it has the largest market share, therefore any released virus, worm or application created by a hacker can achieve more with less. These programs spread rapidly and inflict damage on a global scale and you, as an SME can be caught in their net.

Security threats are constantly emerging and evolving, the job of securing your business information becomes all consuming. Little jobs take time – updating and checking anti-virus, patching and updating operating systems and applications, checking firewalls with renewed rules and policies are a critical requirement of your business risk analysis.

They still have to be done regularly.

The importance of checking these components in a timely manner cannot be underestimated. Consider the cost in lost productivity, reputation and non-compliance penalties that a breach could visit on your business. Effective security can be costly, time consuming and difficult for SME’s to implement successfully. Skilled security people are often difficult to find and cost prohibitive to have on staff. As a result the job often falls on the technologically savvy staff member who is already snowed under with other ICT matters or their own job to implement security features properly.

Today’s security threats are business size neutral. They leave a SME with the same security challenges as large corporations. The trouble is that SME’s do not have the depth of resources to handle them. This is where a Managed Services Security Providers (MSSP) can be of benefit to your business.

What are the benefits to your business of outsourcing your security?

You can focus on your core business

Outsourcing allows all of your staff to concentrate on revenue generating business initiatives instead of computer, security and infrastructure issues. Having limited IT resources on staff takes business resources away from your core business.

Reduced Cost

Outsourcing security sources provides your business with access to “big business” security protection at an affordable price.  The expense is more cost effective than hiring or contracting a security expert and the consistent monthly billing helps ensure security services that you need are available without unforseen hassles and expenses. An integrated and comprehensive solution that can help reduce the expenses of maintenance, upgrades and add on security solutions is a benefit to any business.

24 X 7 (always available) expert security staff.

You’re on staff, in house expert is normally available only during working hours. In most cases your outsourced Security Company can act as an always available security and ICT management department. They can also provide your business with access to an internet security expert without incurring the cost of hiring, training and retaining highly skilled staff.

Gain Customised Service

All MSSP’s have service plans and you can select the service plan that will fit your requirements.

Receive up-to-date protection

Technical security solutions such as firewalls, antivirus software, content filtering solutions, and virtual private networks (VPNs) are far more effective when they are maintained regularly with the latest system updates.  Changes to your business resilience and regulatory requirements can also have a detrimental effect on your business stability.

Why R & I ICT Consulting Services is right for you!

How do you know you are getting what you paid for?

  1. Company reputation – see what our clients are saying about us. We have references and referees that you can ask.
  2. Plans and services – we have a comprehensive assortment of plans and services depending on your business requirements and size.
  3. Service Level Agreement – all of our plans and services have a service level agreement incorporated into them so that you know what will be delivered in protecting your business.
  4. Guarantee – We guarantee all of our technicians work with a 100% money back guarantee. We also stick to any pricing that we put forward to you. All projects are priced on a per project basis so that no matter how long it takes it will not cost you anymore. No more “time and materials” projects based on how long is a piece of string that have costs blowing out uncontrollably.
  5. Monthly Reports – we supply monthly reports that are delivered with your next month invoice. We like to prove how much we have done for your business in the last month.