How to Keep Your Business Safe From the Dark Web

Dark Web

Dark Web

Assassins for hire, drugs by mail order, and fake passports: What do all these things have in common?

You can find them all on the dark web.

“Okay …” you may be thinking, “Sounds like a blast — but how does this affect me and my business?”

Well, most likely, you’re not surfing the dark web for fake travel documents and drugs by mail. But as it turns out, the dark web can affect you and your business. Most notably, your information can end up there — and that’s exactly where you don’t to find it.

Below, we’ll learn more about what the dark web is, how it came into existence, and how you can protect your business from the trouble that lurks there.

First Thing’s First: What Is the Dark Web?

The dark web began much more innocently than one might assume. In fact, at its very beginning in the late 1990s, it was the brainchild of a government entity, the U.S. Naval Research Laboratory (NRL).

The NRL’s main goal was to cloak their online presence, effectively protecting their clandestine communications online while also anonymously monitoring the world market and getting access to hidden data without a trace. The software development stage went by the name The Onion Routing Project and resulted in the creation of Tor (The Onion Router).

Whether you’d call these beginnings “innocent” or not, to be sure, the NRL never anticipated their creation to morph into the toxic netherworld it is today. During the late 1990s and early 2000s, the software was for government use only, but in 2004, it was open-sourced and went public, effectively creating an anonymous web browser for anyone and everyone to use.

What Is Tor?

Tor or The Onion Router is the software program used by the dark web. Normally, when you surf the web, you can be traced wherever you go because you always have an IP address trailing your clicks and searches.

Tor facilitates an Internet browser that messes with your device’s IP address, effectively enabling you to travel around the Internet anonymously. It does this by bouncing your IP address to a multitude of diverse locations. As a result, if someone were to attempt to track your site visits when you were using Tor, it would be an impossible challenge to pinpoint your exact location. For Tor to work, individuals from around the world “donate” their Internet browsing devices (computers, tablets, etc.) so that the bouncing IP addresses have more places to land.

So, the Dark Web Provides Anonymity and Privacy – How Does That Put My Business at Risk?

While Tor and the dark web can be used for good (namely, identity protection, which is often beneficial to whistleblowers or journalists, for example), it can also protect criminals. And it does protect criminals — lots of them.

Cybercrime is the number one thing going on on the dark web, and unless you have good reason to require the benefits of The Onion Router, the dark web is definitely not a place you want to find your information. This is what we mean by being wary of your business getting mixed up with the dark web.

There are numerous threats that the dark web poses to businesses of various sizes, industries, and backgrounds. This is where cybercriminals can learn how to obtain information such as access codes and passwords, credit card information, gift card information, customer data, and more. It’s also where they can sell such information to third parties who can then do with it what they please.

In other words, you should want to know the moment your company name, address, or other company-related information is noticed on the dark web because what happens next is bound to be bad.

How Can Businesses Protect Themselves From the Dark Web?

Essentially, you can protect your business from the dark web by doing two things: Ensuring a strong setup of cyber privacy practices (hiring a cybersecurity-savvy IT company) and monitoring the dark web so that you’re notified the moment your information is found there.

The latter can be a part of the services you outsource to your IT company because actual dark web monitoring involves getting dark web access and knowing how to accumulate, parse, normalize, validate, refine, and enrich what you acquire. If you don’t know how to do that yourself, professionals can come to your aid.

While the dark web may be a place that helps good journalists and few others stay hidden and anonymous, it’s predominantly a place of crime and misdeeds. Keep your business safe from the dark web by knowing the risks and taking the appropriate precautions.

Top 6 Questions to Ask When Hiring a Managed Security Service Provider (MSSP)

Managed Security Services Provider

Managed Security Services Provider

It’s not surprising that many companies in a range of industries are hiring managed security service providers (MSSP) to manage their specific security initiatives or outsourcing their entire security program to an MSSP. An MSSP can take care of the routine and emergency security issues 24/7, issues which can easily overwhelm a small- or medium-sized company’s in-house IT department. Outsourcing a security program can be beneficial to companies with limited IT personnel, struggle to hire security staff, lack internal expertise in security, or plainly don’t have the number of IT employees necessary to implement a large security program. However, if you are going to hire an outside MSSP, it’s important to consider them carefully. Since your goal is to have them handle your sensitive data and file storage, a thorough evaluation following best practices will ensure your company’s continued growth and success as well as save your peace of mind.

What considerations should you pursue when looking to hire a managed security service provider? What standards set the best companies apart? Are there specific questions to ask potential MSSP candidates when interviewing them? Here are the questions that top security professionals recommend businesses ask when looking to partner with an MSSP.

1. What are They Going to Do for Your Organisation?

When looking to partner with a business, a good managed security service provider will examine the firewall, patching and anti-virus software, as well as have a holistic approach to protection. A good MSSP will talk about implementing security including:

  • Management – risk management, procedure, policy, auditing, process, training, reporting and education
  • Adaptability – culture, industry, backup, business continuity and resilience, and disaster recovery
  • Technology – firewall, wireless, UTM, best practices, VPN, and patch management
  • Compliance – additional standards or regulations such as GDPR, etc.

2. Do They Have the Right Expertise?

Not all MSSPs have the same training and certifications. Not all staff are trained or have experience on the same brands of hardware or software. It’s important that you hire an MSSP that has expertise in the specific make and model of PC that your company uses. They also need to have enough employees with the right education and training to work with your routine and emergency IT issues. Look for credentials including Premier Partner, Gold Certified Partner, Partner of the Year, Mid-Market Specialist from manufacturers they work with. Partner recognition awards are a good indication of a high level of competency.

Rely on references from recently deployed customers, who are of the same size, in the same vertical, and with similar challenges to what you currently have. Have in-depth conversations with the references. (Ken Baylor, PhD)

3. Do They Have the Capability?

Are they big enough with the number of support staff you need? Are their people trained and certified at every level of the organisation to service clients in the manner that you need? Do they understand your industry and any industry-specific issues you have? Can they support your business 24/7? An MSSP that specialises in health care services may not be a good fit for a manufacturing company. IT systems may be similar, but jargon, slang, abbreviations are different, and each industry may have specific regulations to comply with.

4. What Do They Recommend Changing to Improve Security?

Do they value the investment you’ve already made in your IT systems? Do they recommend logical changes or upgrades to improve your security? Or do they require changes because they can’t support your current system? It’s important to find a company that will mesh with yours, make your job easier and save you money and time.

5. What Benefits Does Your Company Receive from the Partnership?

Outsourcing digital security to an MSSP is a partnership. The MSSP is there to protect your data, and your infrastructure. They are helping you protect your clients and staff. Having a service level agreement (SLA) in place will clearly lay out the responsibilities of everyone involved.

6. How Much Will It Cost?

Costs vary depending on the level of security you need and scale of service you need. However, costs should be clearly listed upfront without any changes for a monthly contract. Any changes to your costs should be approved before the work is done and billed. Costs include management, monitoring and reporting which are all in the SLA.

Teams or Slack: Why Organisations Use One or Both

Slack or Teams

Slack or Teams

Microsoft Teams and Slack are both team collaboration applications with large percentages of the market. Both apps have their adherents, but what’s most interesting about them, is that many companies use both of them in tandem. Mio, an Austin, Texas-based startup that sells software to enable communication between different messaging tools, polled 200 IT decision-makers at organisations ranging in size from hundreds to hundreds of thousands of employees. What they found out was that 91 percent of businesses use at least two messaging apps; Slack and Microsoft Teams are present in 66 percent of the organisations surveyed.

Why Do Organisations Use Both Slack and Teams?

Mio found out that companies use team collaboration apps for different reasons. A business that acquires another company that uses Slack, may leave it in place. Another reason is that certain job roles prefer specific tools. In this case, Slack is more popular with tech-heavy roles.

IT decision-makers try to accommodate their engineering teams who love Slack, at the same time, standardising the majority of the company with usage of Microsoft Teams. This dynamic matches recent trends in enterprise messaging with specific tools used for varying needs. Developer teams often use Slack, but then select Teams for a company-wide rollout because it meshes with Office 365.

Sometimes messaging apps are adopted without any corporate input. A work group may adopt Slack without checking with their IT department. In fact, there are companies that have more than four team collaboration tools being used simultaneously.

Which App is Used the Most Often?

Slack is the most widely used app, according to the results of Mio’s survey. 65 percent of companies surveyed use it. Skype for Business comes in second place with 61 percent, and Microsoft Teams is in third place right behind with 59 percent. Slack, which just went public on the NYSE, has over 10 million daily active users and 85,000 paid customers. The survey’s respondents cited Slack as being the most user-friendly with 31 percent, while Microsoft Teams came in third behind Cisco’s Webex Teams, cited at 21 percent by respondents.

Results from the survey also indicate that Slack is doing very well with large business, usually Microsoft’s core market. 75% of companies with more than 10,000 employees said they use Slack.

Which Companies Use Microsoft Teams?

Microsoft Teams came out in 2017 and it’s been distributed widely within Office 365 subscriptions. Over 500,000 organisations use Teams, although the company doesn’t break out active user figures. Microsoft Teams has grown quickly, beyond the experimental stages. Large-scale deployments of Teams have occurred in Microsoft’s large enterprise customer base.

What Issues Crop Up with Multiple-App Usage?

One of the biggest issues with multiple application usage within the same company is interoperability challenges. So far, there aren’t a lot of choices to communicate between apps. One company, 8×8, lets users communicate with different apps through their X-Series team chat platform. However, at this point there is no way to communicate with external chat applications natively. Without this, often employees can’t talk to each other.

Without global communication within a company, decision-making gets slowed down, productivity decreases, and inefficiencies occur. It’s important for IT to be aware of potential problems. As long as different apps are used for different use cases, the system will work. However, if every team has a unique way of communicating, chaos can ensue. More than one team can be working on the same project without knowing about each other.

How Difficult is it to Migrate Users to a New Messaging App?

Moving users from one messaging app to another can be a huge project. Consolidating apps requires best practices regarding content, because there is no way to pull up content from one app to another.

What Is Managed IT Services & Who Provides Services

Managed IT Services

As managed IT services have grown in popularity, you’ve probably heard the concept touted often as the answer to your business’s IT woes. Still, there can be plenty of mystery on the topic. What is managed IT services, exactly? How do organizations integrate managed IT services into their existing business and workflows? Also, who provides these services? In today’s business blog we’ll answer these questions and more.

What Is Managed IT Services Exactly?

Managed IT services is a broad term describing any scenario in which a company (that’s you) partners with a vendor, called a managed service provider (or MSP), to handle some or all IT responsibilities for the company.

The exact services that MPSs offer range pretty widely. Companies, too, vary widely in terms of their IT infrastructure and needs, as well as exactly which IT responsibilities they choose to outsource to an MSP. Some firms may contract with an MSP to handle absolutely everything about their IT infrastructure. More commonly, companies will outsource only certain portions of their IT workload.

It’s a little easier to understand the concept of managed IT services by looking at some examples of how they are currently being used in several types of organizations.

How Do Organizations Utilize Managed IT Services?

Businesses implement managed IT services in a whole host of ways. Here are a few examples.

Some companies look to a managed service provider to handle all or nearly all its IT needs. Growing small businesses, for example, may not have much (or any) in-house IT presence. They need capabilities that they don’t have, and they find it simpler and more affordable to contract with an MSP than to build out their own in-house IT team.

On the other end of the spectrum, a medium or large business with an established in-house IT team might look to a managed service provider to alleviate some stress on that team. A larger firm might outsource helpdesk-level support, for example. In doing so, the company would empower its in-house team. Free from the distractions of troubleshooting workstations and managing software installs, the in-house IT specialists can focus their attention on the higher-level tasks they were hired to do.

Businesses of any size can also look to an MSP to fill a specialized need. Some areas of IT have unpredictable costs, and others are simply cost-prohibitive for many smaller businesses to build on their own. Some areas can be difficult to hire for, too. Examples of specialized needs that can be met through managed IT services include cyber security, information security and compliance, and cloud services.

What Are Reasons to Choose a Managed Service Provider (MSP)?

Businesses who have embraced the managed IT services model do so for a wide variety of reasons. Some are unique to specific industries, but many are universal. Here are a few reasons it likely makes sense for your business to choose a managed service provider for your managed IT services needs.

Scaling for Growth

Scaling your IT infrastructure has real costs when you do it in house. You need additional equipment, additional floor space to house the equipment, and additional personnel to install, run, and monitor the equipment. Managed service providers, on the other hand, already have the equipment. They’re running servers for dozens of businesses, so they have automatic capacity when you need more. They can leverage the economy of scale in a way you can’t.

Growth isn’t just measured in headcount, either. Device count continues to increase, too. Employees expect to be able to interact with systems using their work computer, laptop, tablet, and phone—both on site and off. Your in-house team doesn’t have the time to support all these device issues. A managed service provider does.

The Talent Gap Is Real

If you have an in-house team, are you having trouble keeping it fully staffed with well qualified people? You’re not alone. One reason is that the US has reached full employment, making domestic hiring more difficult than ever before.

Another more serious reason is the digital talent gap. In 2017 (that’s before we reached full employment), 54% of companies were having difficulty finding workers with the right digital skills. It’s not gotten better.

Fill your business’s talent gap by partnering with an MSP. The right MSP will have the specialties you’re missing and will be able to work in harmony with your in-house team.

IT Managed Services

Who Provides Managed IT Services?

If your business is looking into working with a managed service provider, you may be asking who provides managed IT services. The good news is you have plenty of options. There are quite a few local providers offering managed IT services in every metropolitan area, and there are a few global players as well. We’ll get to that distinction, but first, a word on services offered and specialization.

Services Offered and Specialization

The first question businesses should ask is whether an MSP offers the services they need. Not every MSP has exactly the same offerings or experience, so don’t be afraid to ask pointed questions. Don’t just ask whether they offer a given service; ask how many clients they’ve served with it.

Some industries, like healthcare or finance, have developed specialized IT needs. Accordingly, some MSPs specialize in specific industries or technologies. In short, look for niche players if you’re in a niche industry.

Local vs. Global MSPs

Choosing a local firm means getting local, boots-on-the-ground support. The best local firms offer a wide spectrum of services, including extended hours, and have the infrastructure and personnel depth you need. You’ll get individualized attention and you’ll support your local economy.

Choosing a global firm like Amazon’s AWS gives you access to more raw power and, often, innovative technology others can’t match. Customer service, on the other hand, can be a bit impersonal, and fixing on-site problems can take time.

Conclusion

If you’re looking for a quality local managed services provider, we’re here for you. Contact us today to get started.

What Is NDB Scheme?

NBD Scheme

NBD Scheme

The NDB scheme, or Notifiable Data Breach scheme, is a requirement that was developed by the Australian government for all agencies and organisations regulated under the Privacy Act 1988. These entities are required to notify affected individuals and the Office of the Australian Information Commissioner (OAIC) when a data breach is likely to result in serious harm to individuals whose personal information is involved in the breach. First commenced on 22 February 2018, the NDB scheme outlines exactly how an organisation should proceed when a breach occurs.

Available Guides

The Australian government has created two guides for action in the occurrence of a breach.

History and Overview

The NDB scheme was established by the passage of the Privacy Amendment (Notifiable Data Breaches) Act 2017. The scheme applies from 22 February 2018 to all organisations and agencies with existing personal information security obligations under the Privacy Act. It obligates these entities to notify anyone whose personal information has been involved in a data breach that is likely to cause serious harm. The notification must include recommendations about the steps individuals should take in response to the data breach. The Australian Information Commissioner must also be notified.

In order to comply with the NDB scheme, agencies and organisations must prepare themselves for the possibility of a data breach, and how to respond quickly to reduce and contain the resulting harm. To notify the Commissioner, entities should use the Notifiable Data Breach form.

Section 6 of the Privacy Amendment (Notifiable Data Breaches) Act 2017 says that the scheme applies to incidents where personal information is subject to unauthorised access or disclosure, or is lost.

Who Must Comply?

Agencies and organisations that the Privacy Act requires to secure specific categories of information are required to comply to the NDB scheme. This list includes the Australian Government agencies, not-for-profit organisations and businesses with an annual turnover of $3 million or more, health service providers, credit reporting bodies, and TFN recipients.

When is Compliance Required?

A data breach occurs when personal information stored by an organisation is lost or subjected to unauthorised access or disclosure. Not every data breach requires compliance. Only those data breaches involving personal information that are likely to cause serious harm require NDB scheme compliance. The NDB scheme calls them “eligible data breaches.”

Examples of a qualifying data breach include:

  • A database with personal information is hacked
  • Personal information is provided to the wrong person by mistake
  • A device containing customers’ personal information is stolen or lost

There are a few exceptions that don’t require notification outlined in the Data breach preparation and response guide. If a data breach is suspected, agencies and organisations are required to assess quickly if it is likely to cause serious harm.

How to Notify

If an eligible data breach has occurred, individuals at risk of serious harm must be promptly notified. The Commissioner must also be notified as soon as practical. Notification must include the following information:

  • Name and contact details of the organisation
  • Description of the data breach
  • Types of information affected
  • Recommendation of steps that individuals should take in response to the data breach

The Commission is notified using the Notifiable Data Breach form.

Role of the OAIC

The Commissioner has several roles under the NDB scheme.

  • Receiving notifications of data breaches
  • Encouraging compliance through handling complaints, taking regulatory action and conducting investigations
  • Offering guidance to organisations, and information to the public about the scheme

Healthcare Guide to the DTA’s New Secure Cloud Strategy

Australian Healthcare

Creating a secure, usable network of systems is top-of-mind for Australia’s Digital Transformation Agency (DTA). The recent growth of security challenges for organisations of all sizes has caused this government agency to closely examine how businesses are interacting through the cloud. The Australian government’s new Secure Cloud Strategy provides a framework for service providers to follow that is targeted to “improve resilience, life productivity and deliver better services” — lofty goals for any organisation. While the Secure Cloud Strategy is ostensibly to help the government take full advantage of the benefits of cloud computing, IT services providers will also need to adopt the more robust security measures if their systems interact with secure public information.

Ongoing Challenges with Healthcare Data Security

Moving towards compliance requires managed service providers and cloud support partners to fully embrace the enhanced security requirements of the Secure Cloud Strategy. Healthcare data breaches are at an all-time high according to the Office of the Australian Information Commissioner (OAIC), where 812 notifiable breaches occurred in 2018. Australia’s “My Health Record system” has come under attack lately, as cybercriminals seem to have discovered that this is a rich well of information simply waiting to be tapped. Healthcare leads the top sector for data breaches in Australia with 20%, while finance, professional services and education lag significantly behind. While some of these data breaches are determined to be a human error due to a variety of issues such as loss of storage devices and sending information to the incorrect individual, nearly half were caused by a malicious attack.

Key Points of the Secure Cloud Strategy

Protecting the security of your data and that of your clients is of the utmost importance to service providers, and DTA’s new Secure Cloud Strategy is targeted to do exactly that. These key points are considered crucial to protecting the security of data in the nation’s healthcare infrastructure:

  • Organisations will appreciate a shared understanding of requirements, including a common assessment framework
  • The Digital Transformation Agency will lead the way by developing a platform to share knowledge and expertise
  • A focus on reducing the duplication of effort by providing shared services that can be leveraged by multiple organisations
  • The responsibilities and accountability of cloud service providers will be clarified by a new contract model
  • Renewed energy towards creating sustainable change in the data security infrastructure of the government and interconnected entities

While these common-sense measures are aimed at revising the way the healthcare industry approaches data and security, industry analysts are concerned that the efforts may prove too expensive for IT service providers that are already struggling with detailed compliance requirements, increased complexity of requirements and rising costs. The talent shortfall is also a factor in the updates that the Australian government is requiring of their IT service providers, as local experts are struggling to maintain certifications and compliance requirements.

As Australia circles the same issues that are tormenting healthcare organisations throughout the world, it may be the cloud software providers that have the most work to do to maintain adequate levels of security. IT managed services providers are often able to step in and help understand how to implement broader security requirements and automate ongoing tasks to free up time with valuable technology professionals.

How Much Should A Small Business Spend On Information Technology?

Investing In Technology

Investing In Technology

For small businesses, information technology spending is always a balancing act. On the one hand, you need to keep to your budget to maintain financial stability and weather the unexpected. On the other hand, you are well aware of the constant tech advances happening all around you and the last thing you want is to be left behind by the competition. So, how do you determine your IT spending? The answer is, “It depends.”

Spending on IT technology needs to be based on your unique business needs. While it can be helpful to know what the average spending is for businesses, particularly businesses similar to yours in your industry, duplicating what another company does will not necessarily yield optimal results. You have a limited budget. You need to make it count. Doing so requires carefully examining your business, your options, and most importantly, your company objectives. Only when you know where you are and where you want to go can you determine exactly what you need to spend on IT.

What is Everyone Else Spending on IT?

Just because you need to define your own path does not mean you should ignore what everyone else is doing. It can be a helpful starting point to examine how much other small businesses are spending on technology. According to one study, the average spending on IT across all industries was 3.28 percent. The average came from considering a wide range of industries, with the lowest spender being construction at less than 2 percent and the biggest spender being banking and securities at 7 percent.

A study focusing on industry alone does not give a clear idea of what small businesses are spending, though. Other studies that looked at the size of the business found that small and mid-sized businesses actually spent more on IT as a percentage of their revenue than large businesses. Small businesses spend around 6.9% of their revenue on information technology, while midsized businesses spend around 4.1% of their revenue on IT. For large companies, the percentage drops to 3.2%. The smaller percentage spent by larger companies is often the result of scale—they put so much money into IT that they get better rates, perform the work in-house, etc.

How to Decide What You Should Spend on IT

The best way to choose how much to spend on IT is to ask targeted questions designed to paint a clearer picture of what your IT needs actually are. These questions should include:

What are you spending on IT right now?

Every business needs an IT budget, regardless of size. If you don’t have an IT budget, now is the time to make one. To see how much you have been spending on IT, add up your expenditures on information technology over the past year.

What are your business goals?

With so many options available, it is normal to feel a little overwhelmed when you consider information technology. Clarifying your business goals gives you perspective on your IT needs. Your IT expenditures should help you achieve specific business objectives. If the money you are spending on IT is not helping you achieve those objectives in a measurable way, it can likely be better spent elsewhere—either on different IT tools or on other areas of your business.

How is your current IT spending related to your business goals?

Each IT area that you invest money in, can and should be connected to your business objectives. Go through all of your information technology spending and verify that it is doing something for your business. If it is not working for you it is time to make some changes.

What specific IT spending can improve your ability to achieve your objectives?

There are specific areas in IT that offer leverage for your industry. You will need to identify what these are and determine how they fit into your overall strategy. Collaboration, security, data collection, marketing—what tech are you fairly certain will make a substantial impact if you add it to your business?

In what ways can you delegate or outsource the IT budgeting process?

If you are like most owners or managers, you have limited bandwidth that is already mostly consumed by running your business. Assessing your IT needs and embarking on a path to meet those needs will take time, energy and expertise. Consider who you can get to help with this process, whether internally or externally.

Are you interested in learning more about your IT options? If so, please contact our managed IT services team. We can help you clarify your IT needs.

How to Find the Right IT Services Company

IT Services Company

If your business has made the decision to contract with an IT services company for IT support, you’ve made the right choice. However, you’re not done yet. You still need to choose the IT services company that’s best for your business. In most markets, you’ll have choices — maybe too many choices. Use these criteria for how to find the right IT services company to narrow down your search.

IT Services Company

1. Size Matters

IT services firms come in all shapes and sizes, from boutique outfits with just a few employees to massive firms with multiple physical locations. Make sure you evaluate the size of an IT services company compared to the size and needs of your business. The right IT services company will be transparent about how many employees they have in various roles or departments, and it will have sufficient capacity to meet your needs.

2. The Right Competencies

IT services companies are generally quite competent. If not, they go out of business pretty fast. So “Are they competent?” is the wrong question. The right question to ask is whether they have the right competencies. Create a comprehensive list of your business’s hardware and software use. Don’t just ask whether the company can support what you’re using. Ask for proof that they have already successfully done so with other businesses.

3. Industry Familiarity

Along the same lines, ideally, you want an IT services company that already understands your industry. Throwing industry jargon at your IT vendor is unavoidable, so it’s important that they understand that jargon. Ask how many companies in your industry the firm has worked with previously. The more, the better.

4. Location, Location, Location

In general, we recommend giving preference to local firms. If you need on-site service, local firms can handle this directly. A distant IT support company has to find a local vendor and hope for good availability.

Finding a provider close by isn’t always possible, and it’s not feasible if you’re a multi-site organization. Still, smaller companies will benefit from choosing a local provider.

5. Service Providers Have Rules, Too

Many IT services companies have their own rules about which businesses they will take on. Before a company makes it onto your short list, make sure your business is actually qualified. For example, some service providers have upper or lower limits for the number of workstations supported, meaning if your business is too large or too small, they won’t serve you. Others may refuse to support specific hardware or software types, or they may narrow their field of clients to specific industries.

Conclusion

These are a handful of the areas you should consider when choosing the right IT services firm. If you want to ask us these or other questions, let’s get a conversation going.

3 Reasons to Regularly Test Business Systems

Business Computer Systems

Business Computer Systems

Protecting your business requires more time, effort and energy from your technology team than ever before. Business systems are increasingly complex, requiring staff members to continually learn and adapt to changing conditions and new threats as they emerge. It’s not unusual for a single ransomware incident to wreak havoc on carefully balanced systems, and this type of attack can be particularly damaging if you do not have the backup and disaster recovery procedures in place to regain critical operations quickly. From checking for system vulnerabilities to identifying weak points in your processes, here are some reasons why it is so important to regularly test your business systems.

1. Business System Testing Helps Find Vulnerabilities

The seismic shift in the way business systems work is still settling, making it especially challenging to find the ever-changing vulnerabilities in your systems. Cloud-based applications connect in a variety of different ways, causing additional steps for infrastructure teams as they review the data connectors and storage locations. Each of these connections is a potential point of failure and could represent a weakness where a cybercriminal could take advantage of to infiltrate your sensitive business and financial data. Regular business system testing allows your technology teams to determine where your defenses may need to be shored up. As the business continues to evolve through digital transformation, this regular testing and documentation of the results allow your teams to grow their comfort level with the interconnected nature of today’s systems — which is extremely valuable knowledge to share within the organization in the event of a system outage or failure. Experts note that system testing is being “shifted left”, or pushed earlier in the development cycle. This helps ensure that vulnerabilities are addressed before systems are fully launched, helping to protect business systems and data.

2. Business System Testing Provides Valuable Insight Into Process Improvement Needs

Business process improvement and automation are never-ending goals, as there are always new tools available that can help optimize the digital and physical operations of your business. Reviewing business systems in depth allows you to gain a higher-level understanding of the various processes that surround your business systems, allowing you to identify inefficiencies as well as processes that could leave holes in your cybersecurity net. Prioritizing these process improvements helps identify any crucial needs that can bring significant business value, too. This process of continuous improvement solidifies your business systems and hardens security over time by tightening security and allowing you to review user permissions and individual levels of authority within your business infrastructure and systems.

3. Business System Testing Allows You to Affirm Your Disaster Recovery Strategy

Your backup and disaster recovery strategy is an integral part of your business. Although you hope you never have to use it, no business is fully protected without a detailed disaster recovery plan of attack — complete with assigned accountabilities and deliverables. It’s no longer a matter of “if” your business is attacked but “when”, and your technology team must be prepared for that eventuality. Business testing allows you to review your backup and disaster recovery strategy with the parties that will be engaged to execute it, providing an opportunity for any necessary revisions or adjustments to the plans. Whether a business system outage comes from a user who is careless with a device or password, a cybercriminal manages to infiltrate your systems or your business systems are damaged in fire or flood, your IT team will be ready to bring your business back online quickly.

Regularly testing your business policies and procedures and validating your disaster recovery plan puts your organization in a safer space when it comes to overcoming an incident that impacts your ability to conduct business. The complexity of dealing with multi-cloud environments can stymie even the most hardened technology teams, and the added comfort level that is gained by regular testing helps promote ongoing learning and system familiarity for your teams. No one wants to have to rebuild your infrastructure or business systems from the ground up, but running testing procedures over time can help promote a higher level of comfort within teams and vendor partners if the unthinkable does occur.

Are You Prepared? Your 9 Step Local Business Disaster Recovery Plan

Data Backup Plan

Data Backup Plan

Are you prepared for disaster to strike your business, whether natural or manmade? Many businesses aren’t. They either have no business disaster recovery plan, or the one they have is wholly insufficient.

Is this really a big deal for your local business? Yes, it is. Forbes reports FEMA statistics that over 40% of businesses affected by a disaster never reopen at all. Those that do reopen often deal with the aftermath of lost data, revenue, and stability for years (or until bankruptcy).

You can’t prevent all risk to your local business associated with disaster, but you can mitigate a lot of that risk. You need a comprehensive IT disaster recovery plan. We’ll get you started with x steps that should be part of your plan.

1. Know What Equipment You Need to Stay Operational

This step starts with creating an inventory of every piece of equipment that you can’t operate without. This isn’t a full inventory (though you should have one of those, too). This is a list of what’s mission critical.

2. Create a Timeline for Recovery

Now that you know what you need to remain operational, craft a timeline for recovery. This should be a realistic timeline, taking into account how long it will physically take to get the critical equipment as well as how long you can afford to be dark before your business’s existence is threatened.

Consider both how long it will take you to recover and what point in time you can recover to. The latter relates to your backups, which we’ll cover in step 4.

3. Communicate This Information Far and Wide

An inventory and timeline that only you know about will not be effective. Consider that you may be incapacitated in the disaster, or you may be unable to get to the disaster site. Do others know what to do if you’re not around? Communicate your mission-critical inventory and your recovery timeline to stakeholders throughout your organization.

4. Back Up Data (and Review Your Backup Providers)

Getting the equipment you need up and running is one aspect of recovery. The other is restoring the most recent data you have available. Backing up your data is an essential part of a disaster recovery plan.

If you’re already backing up your data, that’s good. Take time regularly to inventory your backups. Are they running on schedule? Are the backup files useable? Also, be aware that on-site backups have their purpose, but in the event of a disaster like flood or fire, your on-site backups are most likely destroyed. Consider adding cloud backups or off-site backups to your IT arsenal to better protect yourself against risk.

5. Procure a Generator

In the event of a natural disaster, power outages could be widespread. You may end up in a situation where your infrastructure is either undamaged or already rebuilt, but the city hasn’t restored power to you yet. Having a generator on site can allow you to resume critical functions sooner.

6. Evaluate Costs

Knowing where to procure replacement equipment is important, but so is having a plan for paying for that equipment. If that’s a daunting suggestion for your local business, you might consider looking into catastrophe insurance. Avoid the threat of a massive bill for replacing equipment by paying a lower and consistent amount for insurance.

7. Limit the Chance of Unnatural Disasters

You can’t control natural disasters, but you can limit the chance of an unnatural one. Take steps to lower your exposure to human threats like cyberattacks, data breaches, and equipment sabotage. One practical step is to audit who has access to what. Give employees and vendors access to only those files and systems they need to do their work. We also recommend regularly providing training on detecting scam emails and phishing schemes.

This step is a tough one to manage yourself. Consider partnering with a managed service provider (MSP) to help you step up your cybersecurity efforts and to train your staff accordingly.

8. Test Your Plan

Just like your backups, your plan as a whole can’t be good if it doesn’t actually work. Test your plan at regular intervals to make sure you’ve not left any gaps. If you discover problems you can’t solve, work with an MSP to find solutions.

9. Don’t Go It Alone

We’ll be blunt. All this is too much for most local businesses to handle alone. You need a quality MSP to help in the process. If you’re ready for help with your disaster recovery plan, contact us today.