For far too long, CEOs have seen information technology as a sunken cost that needs to be absorbed and reluctantly accepted. New platforms, upgrades, platform conversions, hardware, software and other technologies are a financial pain point that needs to be endured.

However, for success today, company leaders need to take a completely different approach. Information technology should be viewed as essential for companies wanting to achieve their strategic goals. The premise that technology teams should just “keep the lights on,” upgrade the software and support the other business units is an outdated approach.

Who Is Responsible for Changing the CEO Mindset?

Some companies may have a CEO who profoundly understands the nuanced approach to technology that is imperative to achieve digital transformation. However, such leadership is rare today despite the growing reliance on disruptive technologies such as artificial intelligence, machine learning data analytics, automation and the Internet of Things.

That’s why the chief information officer’s role is increasingly critical. The CIO needs to be included in high-level strategic conversations to help shape the needs (for financial resources, technologies, systems and people), opportunities and desired outcomes. It’s also incumbent on the CIO to play an important role in educating, influencing and empowering the CEO.

According to a recent CIO.com article, CIOs need to help CEOs and other senior leaders in the following ways:

• Having a keen understanding of new technologies, innovation trends and strategic opportunities
• Working with leadership in tandem with vendors to co-create innovative solutions
• Educating C-suite executives and board members about disruptive industry trends and possibilities
• Introducing collaborative tools and self-service portals to reduce human capital costs.
• Building innovation hubs that benefit the business
• Championing digital business strategies at the industrial and organizational levels
• Promoting a lean approach a la a start-up for fostering new products, services and ideas

What Work Should the CIOs Focus On To Change a CEO’s Mindset about Technology?

One of the most important tasks the CIO should focus on is understanding customers. Learning more about their needs, challenges, interactions and preferences will inform the CIO’s insights shared with the CEO. The CIO has to spend more time with customer-facing units, such as sales and marketing, learning about their needs and how the most effective salespeople and campaigns are built.

The key is getting out of the office. Yes, a CIO, especially of a small company, may be pulled into the weeds more often than they want, but time needs to be made for this outreach,

Why is it so important? The next time the CIO is in a strategy meeting or 1:1 with the CEO, they can provide insights on what directly impacts customers, backed up by data and IT knowledge.

CIOs should champion teams focused on innovation, development of new products and services and leveraging collected data.

CEOs are paying attention too.

“The proliferation of digital technology has given IT the ability to directly impact an organization’s bottom line,” said GE Digital CEO Bill Ruh.

“Smart CEOs now see IT not as a cost center but as a differentiator, a source of innovation, and an enabler of revenue growth and market differentiation,” notes a recent article. “As CEOs increasingly turn their attention to digital innovation as a top priority, they are counting on CIOs to drive it.”

What Are CEOs Asking of their CIOs?

“CEOs need CIOs to be more than service-oriented order takers. They expect IT leaders to work with business leaders to co-develop technology-related capabilities that will enable the business to innovate and grow,” notes Gartner in its 2019 CEO survey. A look at key data from that report shows just how much CEOs are starting to recognize the importance of IT. Consider:

• A third of CEOs ranked IT-related priorities in their top 3
• 49 percent of CEOs believe the business and technology sides of the business are equally responsible for the performance and quality of digital products and services
• 47 percent of CEOs saw technology enablement as one of the top two ways to improve productivity

A Korn Ferry survey of corporate technology offices illustrates the shift of roles and how CEOs value CIOs differently today. Among the findings:

• 83 percent say their role is perceived as more strategic than it was 4 years ago
• 81 percent say they have more exposure and play a more significant role with customers, products and services
• 55 percent believe the CEO and board see the lead technology officer’s role as a revenue generator and not a cost center

The data are clear about the changing role. In a 2017 Harvey Nash/KPMG CIO survey, 62 percent of CIOs said they are a part of the executive team, compared to 38 percent in 2005. The likelihood that a CIO reports to the CEO rather than the CFO or someone else is increasing 10 percent annually.

CEOs today have an incredible opportunity to use ever-evolving technologies to change business models, introduce new products and services and deliver what customers crave. How? By understanding these technologies, elevating the CIO’s role and seeing IT as a revenue-generating part of the business.

If your organization is large enough to have a CFO, it surely has some kind of backup and business continuity plan in place. Do you understand how this system works? More importantly, is the system your business has in place actually sufficient to protect you in the event of a disaster? These are questions every business needs to ask, and you as the CFO need to be a part of that conversation. To get prepared, here are a few of the top questions CFOs have regarding backup and business continuity, answered.

 

Aren’t Backups Enough?

The short answer is no. The longer answer gets into the wide range of backup formats. On-site backups are a part of the solution, but they don’t protect against natural disasters or physical site breaches. Off-site backups have their limitations, too. The farther away the site, the more logistically challenging data transfer and physical storage can become. On the other hand, if the off-site backup is just down the street, it may be just as vulnerable to the natural disaster that hit your business.

Is the Cloud the Answer?

Cloud backups are a great new innovation in the industry, but they alone won’t save your business, either. Restoring from a cloud backup takes serious bandwidth, and bandwidth could be an issue following a catastrophe. Consider that not all business disasters are natural. If your business suffers a crippling cyber attack, cloud backups may complicate the restoration process.

What is Backup and Disaster Recovery?

Backup and disaster recovery, sometimes shortened to just backup disaster recovery or BDR, is the term for a comprehensive system that includes both data backup and a disaster recovery plan. These two components are designed to work in tandem, allowing a business to remain operational through or quickly restart operations following a disaster. Having a strong BDR plan is the real solution for backups and business continuity.

Backups in BDR

The backup component of your BDR plan should be multifaceted. Most companies benefit from having at least two forms of backup: on- or off-site as well as cloud backup. With backups, redundancy is a desirable feature, not a place to cut costs. Storage drives (whether at your location or in some server farm far away) can fail without warning.

Disaster Recovery in BDR

The disaster recovery component is just as crucial as the backup component. This is security planning, in a nutshell. If your physical office building gets wiped out by a natural disaster, you need more than your data. You need replacement computers, servers, and networks to use that data on, not to mention a place to do that work. Your disaster recovery plan finds the solution to these problems. Develop a recovery time objective, a measurement of the amount of time you’ll need to resume operations. From there, build out a plan for sourcing equipment and facilities.

Your disaster recovery plan is closely tied to your business continuity plan, which outlines how essential functions will keep running or be restored.

What Does a BDR System Accomplish for the Business?

Implementing an effective BDR system has many advantages for your business, including faster recovery time, lower risk, and lower costs.

Faster Recovery

Your business’s recovery time will be much shorter if you have both a detailed plan for what to do in the event of a disaster and a complete, usable backup of all critical systems. There’s no real way to put an exact figure on it, but working a plan is always going to turn out better than winging it, especially when in disaster mode.

Lower Risk

Every step you take toward a well-planned BDR system lowers your business risk. Having an on-site backup is safer than having none. Having on-site paired with off-site is safer still. Adding cloud backup to the mix does the same. Similarly, the more thorough your disaster recovery plan, the lower your risk.

It may sound overly simple, but “be prepared” is a pretty great motto. No business can completely mitigate all risk, but implementing a BDR system lowers your business’s risk profile greatly.

Lower Costs

Companies implementing BDR systems often contract with managed services firms to create and/or execute those systems. It’s worth taking a look at what’s available. You may find that your costs with a managed service provider are lower than the costs of building a BDR in-house.

Even if you determine monetary costs aren’t lower, there’s also an opportunity cost to consider. How confident are you in your in-house plan (or the team that built it)? Is that team made up of dedicated experts, or is everyone involved working just a bit outside their expertise? There is a real opportunity cost to not getting this right. Contracting with a quality MSP reduces the risk of missed opportunities due to an overly long outage or recovery.

Conclusion

If you haven’t yet implemented a BDR system, it’s time to do so. If you need help developing or implementing a BDR at your firm, contact us to get started.

It’s always been important for the C-suite to understand the cost benefits and value associated with technology projects, but today’s complex infrastructure needs are requiring greater levels of input from financial executives, in particular. Technology spends are increasing dramatically, and there’s a need to balance the shorter-term benefits of specific tactics with the long-term strategies that will help move the organization forward. The days of technology teams making do with the funding that they are allowed are over, as technology becomes more tightly intertwined with business strategy. It is crucial that the big dollars invested in technology and innovation are tied to true business value in a way that can be communicated throughout the organization — making the CFO an integral part of the decision-making when it comes to determining the IT spend.

Funding Sustainable Growth

Technology is advancing at an unbelievable rate, with new software applications and methods of reaching customers coming at breakneck speed. Making several poor decisions around technology can create a miasma of problems that can take years to resolve, but that risk is mitigated when financial leaders work closely with technology teams to ensure that there are adequate measures and milestones in place. CFOs must ensure that the organization has the funds available to budget for items that are critical for continued business operations that support corporate strategy and sustainable growth initiatives. This has to be balanced with the additional risk that can be assumed by waiting for “something better” (an application, a way of controlling data or reduced legislation) to come along. According to Gartner, worldwide IT spending is set to reach $3.8 trillion this year, with ongoing increases in spending attributed to IoT, shifting on-premise computing to the cloud, software applications and maintenance fees. With this shift comes a fundamental change in the way technology dollars are budgeted: from capital expenditures to a SaaS model that is billed as an operating expense.

Aligning Technology Spend with Strategic Initiatives

Starting with the strategic initiatives of the business and slotting in technology where needed may be the way CIOs and CTOs are familiar with budgeting, but the new paradigm requires additional work. The risk potential of having business systems vulnerable to a cyberattack is an ongoing concern and one that can require a significant amount of spending in any given year. Data silos are being broken down and consolidated as older legacy systems reach their sunset years. This tension between supporting an often-aging infrastructure and providing a stable base for the future creates a need for creative budgeting throughout the organization. Having the CFO work with technology executives can help bring greater visibility to the IT needs of the organization and how they align with specific strategic initiatives.

Constantly Examining Technology ROI

Part of the budgeting process involves being intentional about determining business ROI for the various technology initiatives and being unafraid to boldly cut or fund projects based on the changing needs of the business. New threats occur on a regular basis — as well as new opportunities to seize dominance in a particular market. Having the flexibility to pivot and create revenue may require a continual review of the various projects as well as a fundamentally different approach to what have traditionally been multi-year IT projects. Vigorously defending projects that no longer provide business ROI can put a major drain on limited organizational resources, especially in light of changing features and functionality for even the most stable business platforms.

Now more than ever, CFOs must have a solid understanding of the business value that IT projects plan to deliver and a solid review of milestones. This shared responsibility with CIOs and CTOs creates not only a greater accord in financial decisions but also a deeper understanding of the value that various projects have for the entire business.

The role of the CMO has been evolving at a rapid pace in recent years due to the constant addition of new marketing technologies or martech. You only have to compare the tech budgets of marketing departments today to those five years ago to see a drastic increase in spending.

Companies know that they need to embrace and leverage the right martech to remain competitive, and they are willing to invest substantial sums to do so. That leaves companies and key decision makers with a challenging question: What kind of role should the CMO play in tech decisions? The answer depends on the industry vertical, but there is an overall trend that is worth paying attention to. With each passing year, CMOs are becoming more and more involved in tech decisions.

How Involved Should CMOs Be in Tech Decisions?

To understand the answer to this question, we need to look at a few different factors. These include:

The Changing Role of CMOs

The traditional CMO role was already filled with important decisions. Chief Marketing Officers have always been responsible for things like brand management, communications, campaigns and advertising. But today, with the rise of data-driven decisions—which offer more predictability and accuracy than opinions ever could—the role of the CMO has had to evolve to encompass more and more tech.

Consider the options for understanding the customer experience available to marketing teams today:

• Artificial Intelligence (AI)
• Big Data
• Marketing Automation
• Internet of Things (IoT)
• And more…

Incorporating these tools into the company’s marketing mission requires a whole new skillset that includes customer service, data analysis, user experience (UX) and more. Of course, not all CMOs need to be experts in any one of these particular areas, but they do need to know how to manage and organize professionals who do understand these areas to fully realize the potential of their marketing efforts.

The Importance of Company Objectives

If you have recently found yourself feeling overwhelmed with the number of tech tools available, you have some idea of what it feels like to be a CMO in today’s tech-heavy environment. A visit to your favorite app store will give you the opportunity to pick from sometimes thousands of apps to accomplish the same goal, whatever that goal may be. And while the martech options available to CMOs are perhaps less numerous, they are also being pushed by sales people on a daily basis—so CMOs are being constantly bombarded with new “solutions” that are touted as the newest answer to common problems. Even more confusing, there are plenty of martech offerings that are more like solutions looking for problems than the other way around.

One of the key ways that CMOs can avoid overwhelm when it comes to martech is to always keep company objectives at the forefront of their minds. The company objectives can vary by organization, but most marketing organizations are focused on things like Market Presence, Revenue Growth and Efficiency. These goals can be more easily achieved using the right martech, but not all tech tools are going to offer significant benefit in the seeking of such goals.

Company objectives offer a guiding light in the complex world of martech. CMOs, above all others in the marketing organization, need to remain aware of company objectives and ensure that the tech budget is utilized as efficiently as possible—on technologies that will achieve measurable progress towards the achievement of the goals of the company.

CMOs Can Use Data to Drive Tech Decisions—Especially if They Ask Questions

One of the best ways CMOs can target the tech that is right for their organization is to utilize data in the decision making process. And that does not mean the CMO needs to be an expert in data analysis, either. They just need a team that can help them understand the data that they are looking at. Subjective decisions are not necessary—at least not in most cases—with the use of the right data.

The secret to utilizing data is to ask questions, as many questions as necessary to gain an understanding of what you are looking at. Over time, a CMO can come to understand quite complex concepts as he or she repeatedly comes into contact with them. But as with any new information, the fastest way to gain an understanding is to ask questions. It can be difficult at first for someone in a position of authority to admit that they do not know something right off the bat, but eventually asking questions becomes easy.

While it may not be apparent initially, employees will feel respect for the leader that is willing to admit a lack of understanding and ask for help. After all, the employee gains a sense of value when they can help higher-ups and the company as a whole with their knowledge.

CMOs Should Be an Integral Part of Tech Decisions

Ultimately, CMOs should strive to be an integral part of tech decisions in the company. They should work with their team, as well as with other key decision makers like the CIO and CTO, to guide the company in the right direction.

Cyber attackers are highly motivated to obtain or corrupt your company’s data. But whether their motivation is to steal your funds outright, hold your data for ransom, practice espionage, or simply disrupt your business, most hackers cannot access your network without an “in.”

In other words, they require a login, personal access codes, or network access through malware to initialize their breach. Unfortunately, a recent report released by Verizon has concluded that 93% of the time, a cyber attacker’s “in” comes to them in the form of a social engineering attack on your employees.

The only way to prevent such breaches in your security is with proper cybersecurity training.

What is a social engineering attack?

Social engineering attacks are frankly less high-tech than traditional cyber attacks by highly knowledgeable tech criminals. In other words, they don’t require the extensive knowledge and tools needed to directly hack a highly protected computer system out of nowhere.

Social engineering attacks are more like street scams — only they’re usually done online or sometimes, over the phone. These scams use human psychology to fool individuals into willingly giving up sensitive information. In the case of your business, the targets are your employees.

There are several types of these attacks, including “phishing” and “pretexting,” which are quite similar and often go hand-in-hand. Phishing emails, however, remain the most common type of social engineering scam.

What are phishing emails?

In short, a phishing scam might be an email sent to the employees of your company that looks legitimate. It might (appear to) be from the employee’s bank, for example. It might request that your employee “click here” and login to (what looks like) the bank website so that the bank can “update your information” or “confirm your identity.”

A phishing email might also promise something to the recipient: “Here’s your free 50% off coupon! Click here!” or use a so-called emergency to illicit fear: “Someone has hacked your account. Click here to get it back.”

If your employee does indeed click on the malicious link of a phishing email, they will likely be taken to a blank or uninteresting page. In the meantime, however, the link click will have initiated the installation of malware onto the employee’s computer. This malware then enables the hacker to obtain sensitive information or disrupt or damage your company’s data.

How can company’s prevent phishing scams?

The reputational implications of any type of security breach — even one that doesn’t actually corrupt or steal your data or funds — can be enormous. Of course, it goes without saying that if you are caught in the crosshairs of a data ransom or cyber theft, the financial implications will be equally devastating.

As we’ve learned from the Verizon report, most security breaches are linked with phishing. Therefore, cybersecurity training for your employees is the best preventive solution you have for stopping security breaches before they start.

Employee training is not expensive, yet it is highly effective. Your employees should learn the following throughout their ongoing training:

• How to identify a range of phishing and pretexting scams
• How to proceed should they find an email, phone call, or social request suspicious
• Your company’s strict policies and procedures for communication (for example, “We would never send emails requesting personal information from our employees as this would only be done in person.”)
• Notice of increased risks for phishing scams around the holidays
• Notice of the most recent and common scams currently trending

Cybersecurity training should be frequent and come at regular intervals throughout the year as attack strategies often come randomly in spurts and habitually change tactics.

While cybersecurity training is your best line of defense when it comes to phishing and security breaches, it’s also important to hire a reputable IT managed service provider (MSP) to handle your network and security. Your MSP should have experience and broad skill in protecting their clients from network breaches. Contact qualified MSPs in your area today to learn more about protecting your business from cyber attacks.

Moving from hardware solutions to software solutions isn’t a new concept for technology professionals, but network infrastructure has traditionally been a hardware-focused world even as applications move to the cloud. With the introduction of SD-WAN, or Software-Defined Wide Area Networks, IT professionals find themselves needing to retool their understanding of flexible networks and security. The MPLS (Multiprotocol Label Switching) has been in use for decades and is an extremely reliable — yet pricey — option for connectivity. Today’s SD-WAN provides the modern organization with the flexibility, scalability, security and efficiency needed to stay competitive in a fast-changing world.

The Basics of SD-WAN

At its most basic, you can think of SD-WAN as a way to tie together a variety of disparate networks as it is equally efficient with internal as well as external internet and even cloud-based applications. Instead of a more rigid WAN network, SD-WAN allows you to configure your network quickly from a centralized location, reducing the potential of human error that can bring your network to its knees and productivity to a screeching halt. Since all variables are driven by software that you configure, this structure can be quickly scaled and new remote locations added without requiring an intense investment in time and physical hardware or redesign.

How Do You Manage a Software-Defined Network?

A key value that you gain when you shift to an SD-WAN is the ability to make shifts locally as well as globally from a centralized dashboard. This makes changes swifter, but also helps protect your network by ensuring that universal security standards are applied at all locations equally. Using an SD-WAN configuration gives you the added benefit of consolidated troubleshooting and error reporting so you can quickly identify any trouble spots or network hotspots and shift resources as needed to add speed and efficiency to your network — something that users are sure to appreciate, even if they never realize it is happening.

What Are the Business Benefits of SD-WAN?

Upgrading your network from a more restrictive model to SD-WAN has a variety of benefits for your organization. While some of these gains are realized upfront, others will continue to add value to your organization over time.

• The cost of connectivity using an SD-WAN is less expensive than traditional MPLS, an especially important point when you consider the bandwidth-heavy applications that business users require.
• While there is a high level of expertise required for upfront configuration of a software-defined network, ongoing changes are less intensive and can potentially save you consulting fees in the future.
• Your business users will appreciate that network availability is high because there is no need to take the network down to make configuration changes or upgrades.
• Your technology team is able to define networking rules in the language of business — SLAs, security restraints, apps and users — making the network easier to understand and maintain in the future.
• With Gartner noting that nearly 25% of businesses will utilize SD-WAN in 2019, there is a growing body of knowledge within the IT community that makes it easier to find resources to support your network infrastructure. The SD-WAN market is expected to grow to $1.3 billion by 2020.
• Cloud-based applications continue to emerge in all sectors of business, and it can be challenging to protect these applications without a consolidated hub of security rules. SD-WAN allows everything from SaaS to traditional connections to be covered under the same business rules.
• Branches and remote workers will appreciate having access to the same high quality of connection that they enjoy at the office, instead of having to deal with restrictive security procedures and application latency.

Instead of relying on the hardware to make decisions about connections speed and connections as with MPLS, SD-WAN makes agile decisions about the best way to connect users and the data or applications that they need to access.

What Type of Business Benefits from SD-WAN?

While there are many benefits of SD-WAN, there is one downside that can be a deal-breaker for certain organizations. Software-Defined WAN does provide extremely reliable uptime, but there can be more packet loss than you would see with a hardware-based network. In this case, you may want to consider a hybrid infrastructure that lets you gain the benefits of SD-WAN for the majority of your applications yet maintains any heavy applications that simply cannot abide packet loss on a more traditional MPLS. The majority of organizations are looking for ways to reduce their cost of connectivity and have very heavy use of their internet or intranet connections — making SD-WAN ideal. Businesses that are growing quickly or expanding into new regions are also likely to see gains from making the switch.

Many organizations are seeing that shifting to an SD-WAN model may help them future-proof their business by creating a flexible, scalable and secure model that can grow with their business. From the reduced cost of connections to the high availability environment, it’s clear that the conversation around SD-WAN will not be going away in technology groups around the world.

A healthy, growing business is almost always a good thing. Still, expansion brings with it certain responsibilities on your part.

If your business is growing quite quickly, it’s important to understand that large changes or adjustments may need to be made. This could mean hiring more employees, starting to provide employee health insurance, advertising more and spending more on marketing services, or obtaining more physical office space.

One area that you certainly won’t want to ignore as your business expands is your company’s information technology provider.

Many businesses who start small assume they can keep their IT provider as they grow. However, it’s important to realize that some providers aren’t equipped to handle larger businesses — those who often necessitate sprawling networks and extensive security needs.

To determine whether your company will soon require new IT services, consider the following questions about your current IT provider.

How familiar are they with your specific industry?

Often, when you’re just starting out, you’ll hire an IT provider who handles information technology services for a broad range of industries. Without a doubt, working with these types of providers will help your growing business by cutting costs. At the same time, you’ll still have your IT taken care of.

But as your business grows, you’ll want an IT provider with unique expertise in your industry. Niche IT providers who specialize in IT for hospitals, transportation services, or optometry offices, for example, are much more likely to provide you with better-quality service and improved security.

They are knowledgeable about and regularly brush-up on industry standards. They keep up with new and cutting edge technologies in your industry. And most of all, they are constantly aware of common security threats (and solutions) to businesses like yours.

Do they service other companies of similar size?

Take a look at who else your IT company serves. Are there any clients who match your company’s size? If so, do you believe those companies would also necessitate the same amount of attention and security as your company?

Even if your current provider services a company comparable to your size, if that company is a greeting card business and you own a chain of dental offices, you may have more to think about than just size. Namely, you’d have personal medical information within your network and a unique and crucial need to avoid breaches, scams, and possible liability catastrophes.

How often do you require troubleshooting services?

Are you already in near-constant communication with your IT provider for recurrent outages, network errors, slow-downs, and other problems?

Certainly, troubleshooting is one of the reasons you have an IT provider in the first place. However, the best providers should be able to set-up a network that requires infrequent service.

Moreover, preventable errors that happen once should not happen again. The downtime that results from problems in your network will inevitably hinder your business’s success. Moreover, as a company that’s growing, things will only get worse if you do not improve your service now.

How have they handled network problems to date?

When you have needed to make a service request in the past, what’s been your current provider’s track record?

Consider how easy they are to get in touch with. Are you able to speak with your own account manager or at least a representative who’s knowledgeable about your business?

How fast is your request handled? If it’s an emergency, such as a security breach or a system failure, how fast do they respond? If it’s a routine question or small system error, how fast do they respond?

Larger businesses need IT providers who know their business and are at-the-ready when a problem occurs. In fact, you should have a direct line to call when problems arise — one that answers to a live person.

Furthermore, as a growing business, you’ll want to anticipate that future problems will inevitably be more calamitous, especially when left unhandled for even a day or two. As your business expands, your IT provider must be immediately responsive, fully capable of handling any problem, and prompt in their service calls.

Have they presented a plan for accommodating your company’s growth?

First of all, have they taken notice of your company’s growth? A quality IT company will come to you first, noting that your company has been expanding and ideally, presenting a plan for your extended IT needs.

However, even if it’s you who needs to take the knowledge of your company’s expansion to your IT company, you’ll want to look for signs that they have a plan in mind to accommodate your anticipated needs.

They may, for example, suggest that you move from an as-needed payment plan to a monthly or yearly management plan. Many of the best IT providers who handle a range of company sizes will have at least these two options for their clients. When moving to a managed plan, you’ll be able to request assistance whenever necessary, paying a flat rate for their on-call care.

Find an IT Company Who Will Help Your Business Flourish

If, by evaluating the questions above, you’ve determined that it may be time to hire a new IT company, this certainly doesn’t mean that your current provider is entirely insufficient. It simply means that you’ve outgrown them, which in turn means that it’s time to move on to a more capable provider.

Taking the time to assess and realize your business’s extent of growth and possible outgrowth of an IT provider is an important step in your business’s expansion. Hiring an IT provider with adequate resources and capabilities to handle your expansion will ensure you’re fully prepared when it comes to your information technology — a foundational element that is, today, an invaluable component to businesses of all kinds.

Are you willing to pay the piper when it comes to cyberattacks?

Despite the growing number of cyberattacks on small- and medium-sized businesses, there is still a lack of awareness or proactive defense of the networks, computer systems, applications and devices being used. This inattention means it’s even easier for criminals to attack your business by worming their way into your data, stealing it and threatening to expose it. Other cyberattacks target the business itself, making systems and websites inoperable, costing businesses millions in the process.

Freeing the data or access often means paying a ransom, usually in the form of Bitcoin or some other cryptocurrency that’s impossible to trace.

How Much of an Issue is Cybercrime?

When it comes to cyberattacks on small businesses, the reality is, if you haven’t already been attacked, you will be. What matters is that you have the security protocols in place to make sure your business withstands these attacks and is not victimized by intruders looking to do harm.

The scope of cyberattacks, especially on SMBs, is staggering.

According to the 2018 HISCOX Small Business Cyber Risk Report, almost half (47 percent) of small businesses suffered a cyberattack in the previous year. Of those attacked businesses, 44 percent encountered a second, third or fourth attack. Eight percent had five or more attacks.

Yet the report shows a paradox. Business executives surveyed identified cyberattacks as one of their top two concerns, along with fraud. Sixty-six percent said they were concerned or very concerned about cyberattacks.

However, among those executives, the majority haven’t taken even basic steps to protect their businesses.

What Does a Cyberattack Mean to My Business?

If you do not invest in cybersecurity measures, you are a sitting duck. That means you’ll have to pay a ransom when your business is attacked. You will incur costs as well, including steps to identify and eradicate the intrusion, notify customers and regulators and pay for deep web monitoring or credit monitoring.

What is that financial cost? According to HISCOX, it’s $34,600 for small businesses. The 2018 Cost of a Data Breach Study: Global Overview conducted by the Ponemon Institute shows that among SMBs and enterprises, the worldwide average total cost is $3.86 million. The costs are increasing each year, too.

The Ponemon study shows some of the other inherent threats and disruptions a data breach can bring upon your business. Among key factors influencing the cost of a data breach, according to the study, are:

• The unanticipated loss of customers after a data breach is reported. Organizations that have established institutional trust and offer identity protection to victims are more successful in retaining customers.
• The scope of the breach and the number of records lost or stolen. Ponemon calculates the per-record cost at $148.
• Time. The longer it takes to discover the data breach and contain it, the more costly it is to the affected business.
• Scope of remediation. When an attack is discovered, your business is going to incur expenses it didn’t plan for, including for independent investigators, forensic analysis, auditing services, crisis PR management and continuing brand and reputation repair initiatives.
• Service needs. These included the demands for help desk services, marketing and communication, distribution of new account information or credit cards, legal costs, regulatory investigations and fines, product and service discounts to retain customers and increased insurance premiums.

The costs, both real and impressionistic, can cripple a small business that does not have the resources to recover from a cyberattack.

What Should Our Business Do To Protect Itself?

Protection begins with a thorough assessment of your systems and procedures to determine where there are vulnerabilities that need to be addressed. Working with a qualified managed service provider, you can understand where the exposures are and plan to fix them.

Your managed service provider will want to look at several components, including:

• Network security that’s based in next-generation firewalls to identify and contain unwanted activity
• Automated solutions to update anti-malware applications and install updates and patches
• Policies regarding access, password protocols and authentication

With the proper security in place, you can avoid paying a ransom and putting your business at risk.

Impacted Systems:

• Windows Server 2003
• Windows XP
• Windows7
• Windows Server 2008

Nonimpacted Systems:

• Windows 10
• Windows Server 2016
• Windows Server 2019

If you are still using Windows Server 2003 or XP, Windows 7, Windows 2008 R2, or Windows 2008 you could be in trouble. A wormable virus may be coming your way. The virus is designated as CVE-2019-0708.

This means that the virus can get into your system without you doing anything like clicking a malicious link. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights without your knowledge.

What Should You Do?

Microsoft has released a critical update for their Remote Desktop Services that impacts multiple Windows versions. The patches are for devices and systems that are both in and out-of-support, which is rare for Microsoft to do. This shows the importance of these patches.

The update addresses the vulnerability by correcting how Remote Desktop Services handles connection requests. To apply the patches, go to the Microsoft Security Update Guide for in-support systems and KB4500705 for out-of-support systems.

Note: Clients & Customers on a valid managed services agreement are being taken care of and there is no immediate action for any computer, server or other devices under a valid managed services agreement.

Microsoft recommends that customers running one of these operating systems download and install the update as soon as possible.

Does This Mean Even Systems Without Support Can Get The Patch?

Yes, Microsoft is aware that some customers are running versions of Windows that no longer receive mainstream support. This means that you wouldn’t have received any security updates to protect your systems from the CVE-2019-0708 virus.

Given the potential impact on customers and their businesses, Microsoft decided to make security updates available for platforms that are no longer in mainstream support.

All Windows updates are available from the Microsoft Update Catalog.

What Should We Do Before We Apply The Update?

It’s recommended that you back up all of your important data first. If you have a reliable backup, if the patch creates problems you can still access your data. You should do this before you install any patches.

What If We Can’t Apply The Patches?

If you can’t apply the patch for your system there are other things that you can do:

• If you don’t need the Remote Desktop Services, you can disable it.
• Block the TCP port 3389 (this prevents unauthorized requests from the Internet).
• Enable NLA (Network Level Authentication) for Windows 7 and Windows Server 2008.

Of course, the best thing to do is to contact your local IT services company. They’ll know exactly what to do.

What Is A Wormable Virus?

This means that any future malware that uses this vulnerability could propagate from one vulnerable computer to another. This is how similar malware like WannaCry spread around the world. Experts are worried that this flaw could be used to fuel a fast-moving malware threat like the WannaCry ransomware attacks of 2017.

Here’s what Simon Pope, director of incident response for the Microsoft Security Response Center tells us:

“This vulnerability is pre-authentication and requires no user interaction,” Pope said. “In other words, the vulnerability is ‘wormable,’ meaning that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017. It is important that affected systems are patched as quickly as possible to prevent such a scenario from happening.”

Have There Been Any Attacks Yet?

Microsoft said they haven’t found evidence of attacks against this dangerous security flaw. But one could happen at any time. Right now they are trying to prevent a serious, imminent threat with these patches.

Simon Pope goes on to say:

“While we have observed no exploitation of this vulnerability, it is highly likely that malicious actors will write an exploit for this vulnerability and incorporate it into their malware.”

What Does The Microsoft Remote Desktop Do?

You use the Microsoft Remote Desktop application to connect to a remote PC or virtual apps and desktops made available by your admin. You can control your desktop computer and all of its contents from another computer.

The app lets you connect to your desktop from wherever you are. The access to the remote desktop happens over the Internet or via another network. It lets you interact as if you were physically working from your desktop.

The Remote Desktop application also gives the “master” computer access to all of the contents on the remote computer.

What Else Should We Know?

If you had updated from Windows 7 to Windows 10 or from Windows Servers 2008/2008 R2 to Windows Server 2016 or 2019, you wouldn’t need to worry. This is why it’s essential to keep your systems up to date.

Soon, on January 14, 2020, support will come to an end for all Windows Server 2008, 2008 R2 equipment and the Windows 7 operating system.

If you’re still using these servers or operating system, it’s crucial to replace them now so that there’s no disruption to your daily operations or loss of data.

Any hardware or software product that reaches its end of life is a potential gateway for hackers to enter through. In addition to the security hazard, there are other reasons why it isn’t a good idea to keep using old equipment such as unresolvable outages.

Where Can We Get Help?

Contact us to ensure your Microsoft desktops and servers are secure and protected from unauthorized intrusions.

Opportunities to spend on tech are endless these days. But your budget isn’t endless. Your company needs to invest in technology, but you need to do it in a way that’s smart and strategic. Check out our CFO’s guide to smart investing in information technology. We’ll show you how to prioritize your technology investment so that you can make smart decisions and stay on budget.

The Problem

The problem with smart investing in information technology is the sheer number of choices available. Hardly a day goes by without a new B2B information technology product hitting the market. You can’t possibly purchase them all, nor does your business need them all.

As the CFO you may or may not be involved in specific purchasing decisions, depending on the size of your business and the size of the purchase. You do, however, bear ultimate responsibility for setting your purchasing strategy. With so many IT investment options available, you may be overwhelmed trying to cut through the noise and decide what’s best for your organization. The lower your comfort level with technology, the worse the confusion gets.

Understand the Importance

The first step toward solving this problem is to engage with it. Understand that in many real ways technology is the future. You can’t afford to sit on the sidelines or to keep doing business as usual. Your competitors aren’t, and you’ll be left behind.

Simply put, picking the right new tech and integrating it successfully into your business can give you a competitive advantage over competitors. Therefore, in concert with your business’s technology team, you and the financial team must evaluate new IT developments, selecting and implementing the trends that will keep you competitive.

A Framework for Evaluating Emerging IT Innovations

Typically, companies receive far more internal requests for new software or hardware that can be approved within the current budget. To add to the problem, B2B sales efforts come from every direction. These promise to solve one problem or another or to give you that competitive advantage over your competitors. Never mind that the salesperson is trying to sell the exact same solution to those competitors.

What’s needed is a framework for evaluating emerging IT innovations. The questions below can help you decide which internal requests and outside sales pitches are worthy of your attention . . . and your money.

Question 1: How does the tech improve the group requesting it?

Many businesses receive countless technology requests from within. You and the finance team likely can’t approve every one of these, nor should you. The easy questions to ask are “does an employee want this software?” or “Will this software improve the employee’s situation?”, but those aren’t the right questions. Instead, ask “how will this piece of software improve this department or the whole company?”

This strategic question can help you prioritize your technology spend. Software A may very well improve life for that one person in sales, but if Software B realizes far more gains for a 30-person division, it ought to rank higher in the budget.

Question 2: Would this investment disrupt our existing IT deployments?

Sometimes blowing up the status quo is just what you need to succeed. Other times, though, wisdom is to leave well enough alone. If a new technology investment isn’t going to play well with your existing systems, you want to find this out before signing off on the purchase.

Neither internal requests nor external sales pitches are immune from this danger. Work with your technology teams to discover how a new investment will interface with your current system. Don’t spend the money until you’re convinced that the new tech will integrate into your current systems.

Question 3: Would this investment disrupt our workflow?

This is similar to question 2, but it focuses on the human component. A shiny new piece of software may well speed up Step 4 in a complex process in your business. Maybe it even cuts the time in half. Sometimes, though, there are trade-offs. You need to know if it’s going to make Steps 1 through 3 an absolute pain to complete, or whether it will add time to Steps 5 through 8.

Avoid facing an employee mutiny by fully vetting the impact the new technology will have on your current workflow. Be sure it’s a true net step forward before you commit.

Question 4: What are the returns on investment we will see by implementing?

With question 1 you’ve already established how the product will benefit one or more departments. Now, take it a step further and look at your ROI. How greatly will this investment increase sales? What estimate can you place on the productivity or quality-of-life gains? Is the cost worth the advantage you’ll gain over competitors? Answering questions like these gets you to a more specific understanding of the true worth of a proposed investment.

Conclusion

Navigating the new technologies available will always be a challenge for CFOs. By asking these 4 questions, you can prioritize your technology investments smartly.